Search:  
  Contact  |   Advertise  |   Advanced Search
   Get SGN's free email newsletter
    What's in the SGN email?  |  Twitter |   Facebook |   Linkedin |   RSS

Smart Grid News

Blogging the Grid

What’s on First? New Insights in NIST’s First Draft

Sep 28, 2009    Bookmark and Share

Never will one mistake the complexities of the Smart Grid, and of undertaking the improvement of its protections, for a straightforward task in security and engineering. It presents an Augean stable of issues, and NIST has waded in with a legion of contributors, first to make sense of it all and then to start handing out shovels.

In the first draft of their analysis, announced during the recent GridWeek conference, Annabelle Lee and team have created a dense, but readable tome, numbering some 236 pages at present, entitled Smart Grid Cyber Security Strategy and Requirements. It serves as an adjunct to the more general draft of NIST's Smart Grid guidance on interoperability (links below). For those interested in the higher level issues of focus and risk, I did a bit of data reduction and reached some pretty interesting, if unintended (and definitely scientifically questionable) conclusions.

The draft document categorizes 15 areas of likely risk; their impacts on Confidentiality, Integrity, and Availability; and their levels (high, medium, and low). This hierarchy and its accompanying tables permit a reader with a spreadsheet (me) to draw two conclusions about priorities in Smart Grid Security.

Conclusion 1: Integrity Is the Most Important Attribute

Impacts on integrity were rated as "High" in every single instance. Categories 10-12 show a range of impact levels, but each include "High" for Integrity.  Whether because corrupted data could degrade the operation of the grid, or because it could be used to defraud customers, suppliers, or the market, integrity showed up as the Number 1 concern, with no exceptions, according to the NIST results.

Conclusion 2: B2B and Control System Connections Have the Highest Risk

There were only two categories which ranked with "Highs" across the board, for Confidentiality, Integrity, and Availability, and both could be described as connections between different kinds of systems. The categories are numbers 6 and 7, relating to B2B and control/non-control systems respectively. This feels right intuitively, but it also represents a potential area of rapid growth in both members and risk for the Smart Grid. It describes the connections that are both most likely to be leveraged by new entrants and which are most likely to use either IP, or actual Internet-based, networking. As we have written about before, the Soft Grid is probably the next big area of investment and expansion, as organizations form to leverage the new infrastructure and public enthusiasm to deliver more interesting and likely complicated applications.

In the remarkable depth and detail of the NIST report, it is very possible to become discouraged by the references to "hundreds of standards" and by the complexity of the diagrams it contains. It is important to have a sense for where to begin, as the NIST process will necessarily be a lengthy one, and time (and Smart Grid Investment Grants) are waiting for no one. Focusing on these few issues from the start may be the best preparation for the new documents, threats, and requirements that are certain to follow.

 

Jack Danahy and Andy Bochman are authors of the Smart Grid Security Blog.

 

   Email Jack Danahy

   Smart Grid Cyber Security Strategy and Requirements Draft (PDF)

   NIST's Smart Grid guidance on interoperability (PDF)


Talk Back to the AuthorCurrent Comments (1)Leave a Comment
ELMS NTCIP1213 Roadway Lighting & Infrastructure Mgnt
Some standards may already be in place as with the reference to the US Federal Highway Administration's Intelligent Transportation System standard NTCIP1213 ELMS - which support control and monitoring of all the electrical assets on federally funded roads.

www.ntcip.org/library/documents/pdf/1213v0219d.pdf

John Gunderson - 09/30/2009 - 07:44

Leave a Comment New to this Blog? Need some help?
Email:[?]
We will not post or give your email address to anyone.
Full Real Name:[?]
Real comments need a real name.
Subject:
[?]
Please provide a short subject for your comment.
Comment:[?]

Do not post commercial/sales messages here. They will be deleted. Try: pr@smartgridnews.com
PLEASE NOTE:  All HTML codes will be removed from your comment.

CAPTCHA Security Code

The numbers (0) and (1) are not used.
[?]
Please type the characters you see into the box.

Remember my name? (Uncheck to forget.)

You can not edit or delete your comment once it is posted. Please check for spelling now.
Your IP Address is: 38.107.191.117

Get the latest from Smart Grid News anytime, anywhere

 SMART GRID NEWS TALK BACK BUZZ
Cooperation
Dear Sir or Madam,

This is David from Zhejiang ieping Technology CO., LTD in China. We learn you from ERPI that you did great research on distribution automation in the past several years. We would like to take this opportunity to introduce our company and products, with the hope that you can help us with some suggestions.

Zhejiang ieping Technology CO., LTD ...

Talk Back right now to David Zhu

 © 2010 SmartGridNews