NIST Revising Smart-Grid Guidance

Updates to Address New Vulnerabilities, Privacy Threats

By , November 4, 2013.
  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
NIST Revising Smart-Grid Guidance
 

The National Institute of Standards and Technology is revising its smart-grid guidance to address technological and policy changes over the past three years that have made the grid more susceptible to vulnerabilities and threatened utility customers' privacy.

See Also: 5 Must-Haves for an Enterprise Mobility Management (EMM) Solution

NIST published Interagency Report 7628, Guidelines for Smart Grid Cybersecurity, in September 2010. Late last month, it issued a draft of its first revisions to the cybersecurity guidance.

The nation's power grid remains years away from becoming a true smart grid, which NIST defines as an advanced, digital infrastructure with two-way capabilities for communicating information, controlling equipment and distributing energy.

Still, NIST says, utilities now need to devise effective strategies for protecting the privacy of smart grid-related data and for securing the computing and communication networks that will be central to the performance and availability of the envisioned electric power infrastructure.

"While integrating information technologies is essential to building the smart grid and realizing its benefits, the same networked technologies add complexity and also introduce new interdependencies and vulnerabilities," NIST says in the introduction to the draft of its updated smart-grid guidance. "Approaches to secure these technologies and to protect privacy must be designed and implemented early in the transition to the smart grid."

Smart Meter Use Rising

Victoria Pillitterri, NIST's smart-grid cybersecurity engineer, says the IR 7628 Revision 1 draft reflects the basic principles of the original report but provides guidance to address advances over the past three years in technologies and processes. Those include the increased use of smart meters that continuously record power use in utility customers' homes and businesses as well as charging stations for electrically powered vehicles.

The percentage of U.S. customers using smart meters soared to nearly 23 percent in 2012 from 0.7 percent in 2006, according to a report from the Federal Energy Regulatory Commission.

Pillitterri points out that utilities pull information dozens of times a day from smart meters, a sharp contrast from the once-a-month readings culled by meter readers showing up at homes and businesses to manually record electrical use. In this era of big data, smart meter readings, when combined with information from other sources, could disclose information heretofore unknown, such as the number of people inside a residence at a given time or the types of medical devices being used. "Because of that," Pillitterri says, "there are a lot of potential privacy concerns."

Similarly, she says, the smart grid could track the travel habits of drivers, collecting real-time data from charging stations that not only includes location of a specific vehicle but billing information of customers paying for the charge.

A report on AutoBlogGreen, a blog affiliated with the news site Autoblog, says the number of U.S. public charging stations increased by 9 percent in the first quarter of this year. The website Green Car Reports says the number of public charging stations in the United States could rise to 50,000 within a year, a five-fold increase from the beginning of 2013.

Unlike Other Digital Networks

The smart grid is unlike other critical information infrastructures in that millions of nodes located in businesses, government installations and residences connect to the grid - a collection of networks that use technology to analyze supplier and consumer behaviors to efficiently distribute electricity. And each node introduces a point for hackers to exploit to attack the grid.

Follow Eric Chabrow on Twitter: @GovInfoSecurity

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE IRS: 2 Audits, 2 Conclusions on Risk Management

Put together, two IRS audits illustrate a major concern many security pros have about FISMA...

Latest Tweets and Mentions

ARTICLE IRS: 2 Audits, 2 Conclusions on Risk Management

Put together, two IRS audits illustrate a major concern many security pros have about FISMA...

The ISMG Network