Smart grid security alert: Singapore scientists find gaps in NIST standards


By: SGN Staff

The U.S. National Institute of Standards and Technology has produced a set of cybersecurity guidelines, called NISTIR 7628. It's a good start, but still has weaknesses, as reported by Recently, Aldar Chan and Jianying Zhou of Singapore's A*STAR Institute for Infocomm Research have identified two key gaps.


The two applied the standard to electric vehicle charging. Under that scenario, both the driver and the vehicle must be authenticated. But the NIST guidelines have some holes that hackers could use.


For one thing, the NIST standards "separate cybersecurity from physical security without proper guidelines on how the two should be blended." For another, it allows systems to store too much information - information that could be extracted by criminals. The NIST approach "takes a utility company-centric perspective here," say the researchers. "Little attention is paid to driver privacy." The utility system would store personal and banking details along with the physical location of the vehicle and how long it had been there - the perfect combination for criminals to exploit.


Chan and Zhou are developing a cyber - physical authentication protocol as well as privacy protocols to improve the system. Their full paper is available from IEEE.


You might also want to see ...

EPRI update: standardizing security alarms and events