Click to Print This Page

Back to Article


SmartGridNews.com
The insider's guide to the modernization and automation of electric power

What’s on First? New Insights in NIST’s First Draft
By Jack Danahy
Sep 28, 2009 - 6:35:48 PM

Never will one mistake the complexities of the Smart Grid, and of undertaking the improvement of its protections, for a straightforward task in security and engineering. It presents an Augean stable of issues, and NIST has waded in with a legion of contributors, first to make sense of it all and then to start handing out shovels.

In the first draft of their analysis, announced during the recent GridWeek conference, Annabelle Lee and team have created a dense, but readable tome, numbering some 236 pages at present, entitled Smart Grid Cyber Security Strategy and Requirements. It serves as an adjunct to the more general draft of NIST's Smart Grid guidance on interoperability (links below). For those interested in the higher level issues of focus and risk, I did a bit of data reduction and reached some pretty interesting, if unintended (and definitely scientifically questionable) conclusions.

The draft document categorizes 15 areas of likely risk; their impacts on Confidentiality, Integrity, and Availability; and their levels (high, medium, and low). This hierarchy and its accompanying tables permit a reader with a spreadsheet (me) to draw two conclusions about priorities in Smart Grid Security.

Conclusion 1: Integrity Is the Most Important Attribute

Impacts on integrity were rated as "High" in every single instance. Categories 10-12 show a range of impact levels, but each include "High" for Integrity.  Whether because corrupted data could degrade the operation of the grid, or because it could be used to defraud customers, suppliers, or the market, integrity showed up as the Number 1 concern, with no exceptions, according to the NIST results.

Conclusion 2: B2B and Control System Connections Have the Highest Risk

There were only two categories which ranked with "Highs" across the board, for Confidentiality, Integrity, and Availability, and both could be described as connections between different kinds of systems. The categories are numbers 6 and 7, relating to B2B and control/non-control systems respectively. This feels right intuitively, but it also represents a potential area of rapid growth in both members and risk for the Smart Grid. It describes the connections that are both most likely to be leveraged by new entrants and which are most likely to use either IP, or actual Internet-based, networking. As we have written about before, the Soft Grid is probably the next big area of investment and expansion, as organizations form to leverage the new infrastructure and public enthusiasm to deliver more interesting and likely complicated applications.

In the remarkable depth and detail of the NIST report, it is very possible to become discouraged by the references to "hundreds of standards" and by the complexity of the diagrams it contains. It is important to have a sense for where to begin, as the NIST process will necessarily be a lengthy one, and time (and Smart Grid Investment Grants) are waiting for no one. Focusing on these few issues from the start may be the best preparation for the new documents, threats, and requirements that are certain to follow.

 

Jack Danahy and Andy Bochman are authors of the Smart Grid Security Blog.

 

   Email Jack Danahy

   Smart Grid Cyber Security Strategy and Requirements Draft (PDF)

   NIST's Smart Grid guidance on interoperability (PDF)

Subscribe to our FREE eMail News Alert!
Smart Grid Newsletter (SGN) is the insider's guide to the Smart Grid revolution. It consists of a FREE bi-monthly email summary, along with a companion Web site that contains the full stories and other helpful materials.

Benefits of subscribing: SGN is the only central source for all of the news, trends, research and marketplace information relevant to grid automation. In it, you will read about cutting edge technologies; successful pioneers and how they got ahead; regulatory changes that could unleash new markets; the latest research; and new opportunities for sales of grid-related products and services.


© Copyright 2009 SmartGridNews.com