September 16, 2010

As Smart Grid Approaches, Security Concerns Follow

As Smart Grid Approaches, Security Concerns Follow

NIST releases guidelines for securing the grid infrastructure

September 7, 2010

Federal Computer Week - A final set of guidelines for a smart-grid security architecture has been released by the National Institute of Standards and Technology, outlining how security requirements will be incorporated into the design of the nation’s next-generation power distribution system.
“The United States has embarked on a major transformation of its electric power infrastructure,” the interagency report states. “This vast infrastructure upgrade — extending from homes and businesses to fossil-fuel-powered generating plants and wind farms, affecting nearly everyone and everything in between — is central to national efforts to increase energy efficiency, reliability, and security; to transition to renewable sources of energy; to reduce greenhouse gas emissions; and to build a sustainable economy that ensures future prosperity.”
But security challenges will come with the new intelligent infrastructure.
“While integrating information technologies is essential to building the smart grid and realizing its benefits, the same networked technologies add complexity and also introduce new interdependencies and vulnerabilities,” the report states. “Approaches to secure these technologies and to protect privacy must be designed and implemented early in the transition to the smart grid.”
The three-volume Interagency Report 7628, “Guidelines for Smart Grid Cyber Security,” builds on an architecture for security and interoperability released by NIST in January. The guidelines provide a framework for developing effective cybersecurity strategies to address smart grid-related characteristics, risks and vulnerabilities. The methods and supporting information can be used to assess risk and identify appropriate security requirements.
“This approach recognizes that the electric grid is changing from a relatively closed system to a complex, highly interconnected environment,” the report states. “Each organization’s cybersecurity requirements should evolve as technology advances and as threats to grid security inevitably multiply and diversify.”
The report was prepared by the Cyber Security Working Group of the smart grid's Interoperability Panel, a public-private partnership launched by NIST with American Recovery and Reinvestment Act funding from the Energy Department. The guidelines are the second major output of NIST-coordinated efforts to identify and develop standards needed to convert the nation's aging electric grid into an advanced, digital infrastructure with two-way capabilities for communicating information, controlling equipment and distributing energy.

The smart-grid program was established in the Energy Independence and Security Act of 2007, which mandated that security be built into the system that would use intelligent networking and automation to better control the flow and delivery of electricity to consumers. This would require a two-way flow of electricity and information between the power plant and the end user, and to points in between. Security requirements are being developed using a high-level risk assessment process and are recognized as critical in all of the priority action plans discussed in the “Framework and Roadmap for smart-grid Interoperability Standards, Release 1.0,” (NIST Special Publication 1108) released in January.
“Given the transcending importance of cybersecurity to smart grid performance and reliability, this document ‘drills down’ from the initial release of the NIST Framework and Roadmap, providing the technical background and additional details that can inform organizations in their risk management efforts to securely implement smart grid technologies,” the report says.
Smart-grid security requirements will be developed for specific domains, business and mission functions and interfaces, as well as for the overall grid. But they are being developed at a high level and will not be spelled out for specific systems or components because of the impossible complexity of that job. The security requirements and architecture will address not only deliberate attacks but errors, failures and natural disasters that also could destabilize the grid...

Smarter Cities and Smarter Buildings for a Smarter Planet

Federal Computer Week - The digital and physical infrastructures of cities and government agencies are converging – resulting in unprecedented opportunities, risks and challenges. To meet these challenges and government mandates, these systems must come together and interact with one another to sense and respond to opportunities and risks – become smarter.

Smarter Buildings and Smarter Cities focus on integrating and optimizing physical and digital infrastructure in individual buildings, groups of buildings and infrastructures; and creating facilities that are more cost effective, operationally efficient, productive, safe, secure and environmentally responsible. This results in cities and bases that have increased sustainability, an improved quality of life and economic well-being of citizens and business.

Date: June 29, 2010
Time: 2:00 pm ET
Duration: 1 hour
Sponsored By IBM

No comments:

Post a Comment