Smart Grid cybersecurity must address not only deliberate attacks, such as from disgruntled employees, industrial espionage, and terrorists, but also inadvertent compromises of the information infrastructure due to user errors, equipment failures, and natural disasters. The Smart Grid Interoperability Panel (SGIP) Cyber Security Working Group (CSWG), which is led and managed by the NIST Information Technology Laboratory (ITL), Computer Security Division, is moving forward in FY 13 to address the critical cybersecurity needs in the areas of: Advanced Metering Infrastructure (AMI), encryption key management, AMI security requirements, testing criteria for remote AMI upgrades, and privacy recommendations for third party data usage. We will to continue to provide foundational cybersecurity guidance, outreach, and foster collaborations in the cross-cutting issue of cybersecurity in the Smart Grid.
What is the new technical idea? As a result of deployment of new Smart Grid technologies, the electric power industry is faced with new and changing threats, vulnerabilities, and requirements for the Smart Grid in general and in specific areas such as privacy, smart grid architecture, and AMI. Efforts to address similar issues have been underway in other sectors, such as banking, federal systems, defense networks, and industrial control systems. The new technical idea is to adapt existing cybersecurity best practice methodologies and tools and to understand how to apply them to the electric sector, while identifying gaps and unique requirements for the grid that require new methodologies and tools. The Cyber Security Working Group (CSWG) will address these challenges through collaborations with federal agencies, academia, and industry, and through the development of guidance documents.
What is the research plan? To conduct research that will enable the development of industry standards and guidance in order to successfully implement secure Smart Grid technologies.
Additionally, areas of potential new work for FY14 through FY17 include:
 The National Institute of Standards and Technology (NIST) established the Smart Grid Interoperability Panel (SGIP) CSWG in support of the Energy Independence and Security Act of 2007 to address the cross-cutting issue of cybersecurity. The primary goal of the CSWG is to develop a cybersecurity risk management strategy for the Smart Grid to enable secure interoperability of solutions across different domains and components.
 NESCOR Is intended to strengthen the cybersecurity posture of the electric sector by establishing a broad-based public-private partnership with the Department of Energy (DOE) for collaboration and cooperation.
 EPRI is an independent, non-profit company performing research, development and demonstration in the electricity sector for the benefit of the public.
Recent Results: Recent accomplishments of the NIST Smart Grid Cybersecurity Program and CSWG include:
Output: Formal liaisons identified for each of the 14 Smart Grid Interoperability Panel (SGIP) Priority Action Plans (PAPs).
Outcome: Work products that include cybersecurity "baked in" during the development process rather than "bolted on" after.
Output: NISTIR 7823, Draft Advanced Metering Infrastructure Smart Meter Upgradeability Test Framework.
Output: Outreach initiatives.
Outcome: Cybersecurity workshops in 8 states, including 4 Public Utility Commissions (PUCs), reaching over 1,000 participants across a variety of Smart Grid stakeholder groups. Brochure about the CSWG, its efforts, and how to get involved. "Train the Trainer" privacy briefings for utilities, consumers, and PUCs.
Output: Electricity Sector Risk Management Process Guideline (May 2012) developed in collaboration with DOE and the North American Electric Reliability Corporation (NERC).
Outcome: Provides utilities a flexible, fundamental approach to managing cybersecurity risks through a three-tiered approach, addressing risks at the: (i) organization level; (ii) mission/ business process level; and (iii) information system level. This process will allow a utility to better understand its risks, assess the severity, and allocate resources more efficiently to manage them.
Output: Technical white papers: 1) Smart Energy Profile (SEP) 1.x Summary and Analysis developed with the National Electric Sector Cybersecurity Organization Resource (NESCOR); 2) Automating Smart Grid Security.
Outcome: Help stakeholders understand the vulnerabilities in SEP 1.x and provide them with actionable advice on how to mitigate or minimize these vulnerabilities and extending the Security Content Automation Protocol (SCAP) to the Smart Grid.
Output: Cybersecurity reviews completed.
Outcome: Recommendations provided on over 60 standards or PAP deliverable requirements.
Standards and Codes: Each standard listed in the SGIP Catalog of Standards will contain a cybersecurity assessment performed by the CSWG Standards subgroup supported by this project.
Start Date:September 1, 2012
Lead Organizational Unit:el
Related Programs and Projects:
Smart Grid Program