The NIST Smart Grid Interoperability Panel (SGIP)has released version two of its Interoperability Process Reference Manual, with a guide to the process by which test laboratories and certifying organizations are accredited for evaluation of Smart Grid products. Utilities that are interested in smart grid interoperability testing, and the procedures recommended by NIST, should download the document as a reference.

Read more »

The UCA International Users Group is considering the creation of a community to support the "green button" initiative that is supported by the White House (see related Insight article). According to Erich Gunther, UCA International chairman, the White House Office of Science and Technology Policy Green Button initiative is moving forward very quickly.

Gunther stated that the Green Button is at once a concept, a policy, a brand and a collection of technologies and creates both opportunities and challenges for utilities and their customers. UCA will likely vote next week to move forward with the creation of a Green Button support mechanism. Those utilities interested in participating should contact UCA International or Klaus Bender at UTC. You will be provided relevant information when it is available.

The Department of Homeland Security (DHS) Control Systems Security Program (CSSP) has released an interim Version 4.0.1 of the Cyber Security Evaluation Tool (CSET). This new version of the tool can be downloaded from the CSSP website:

http://us-cert.gov/control_systems/satool.html 

This interim Version 4.0.1 release addresses some minor issues identified in report formatting and corrects a problem with Zone Security Assurance Level (SAL) calculations. In addition, this release incorporates a new sub-report to isolate and show user comments in a single location, includes modifications to clarify how firewall analysis is performed, and improves the gap analysis for pass/fail standards.

In an email to the National Institute of Standards and Technology's (NIST) Smart Grid Cybersecurity Working Group (CSWG), it was announced that the CSWG Testing and Certification subgroup has completed the draft SGIP document, “Guide for Assessing the High-Level Security Requirements in NISTIR 7628, Guidelines for Smart Grid Cyber Security.” The document provides a foundation to facilitate a security assessment based on the NISTIR 7628 high-level security requirements. The agency released the smart grid security guidelines in the NISTIR 7628 document in 2010, but some utilities have struggled with using the document in order to create real world security policies. This guide is written to provide a foundation to facilitate a security assessment based on the NISTIR 7628 high-level security requirements implemented within an effective risk management program. Read more »

The Industrial Control Systems Joint Working Group (ICSJWG) has created a consolidated document; a sector independent roadmap. This Cross-Sector Roadmap was conceived and developed over the last two years by industry and government thought leaders that saw the need for a unifying Roadmap to secure control systems across all critical sectors. Version 3 of the consolidated roadmaps is available for download. The document aids entities in creating a cybersecurity plan that incorporates the unique environment of control systems. The document is an excellent addition to a utility’s cybersecurity reference library and is available here.
  Read more »

In a recent announcement, the North American Electric Reliability Corporation (NERC) has published ten CIP standards (CIP-002-5 through CIP-009-5, CIP-010-1, and CIP-011-1), a set of new and revised NERC Glossary definitions, and a proposed implementation plan. The documents have been posted on the NERC website for a formal 60-day comment period through Friday, January 6, 2012, which will be accepted via an electronic form. The implementation plan, also called the mapping document, identifies each requirement in the already-approved Version 4 CIP standards and identifies how the requirement has been treated in the Version 5 CIP standards. For more information, click here.

The National Electric Sector Cybersecurity Organization Resource (NESCOR) technical working group (TWG) has created a sub-group to specifically address the first two versions of the ZigBee Smart Energy Profiles (SEP) - SEP 1.0 and 1.1. The Zigbee Smart Energy Profile (SEP) allows smart utility meters to communicate with home areas network (HAN) devices in order to provide price signals and other information that allows consumers to control their energy expenditures.

The SEP is being updated to version 2.0 to allow power line carrier, WiFi and other communications architectures. However, there is a large deployed base of version 1.0-era devices. There have been industry concerns about cybersecurity vulnerabilities of the 1.0-era devices. To assist utilities, regulators, and integrators who are deploying and configuring SEP 1.x in field devices and to address these concerns, NESCOR, the Cyber Security Working Group (CSWG), and other experts have developed a technical white paper to provide guidance on the use of both profiles. That white paper is available here.

Gregory Schaeffer, Acting Deputy Under Secretary, National Protection and Program Directorate, DHS, was one of the keynote speakers at the Industrial Control System Joint Working Group (ICSJWG) meeting held October 24th through the 26th in Long Beach, CA. He noted that ICSJWG offers an opportunity for the control system industry to catch up with security. Control system technology has “outrun its headlights” with respect to cybersecurity. He remarked that cybersecurity today touches everything and we need to treat it holistically. Further, the environment has changed since the 1990’s when the issue first arose. He said, "We are now worried about cybercrime. This problem evolved so rapidly and thoroughly, this area of crime is now far more lucrative than even the narcotics trade. In the last several years, hacking to get information and money has evolved into hacking for intellectual property. Vast amounts of information, both in the private and public sector, is being syphoned into the wrong hands. Identity theft is still a problem."
  Read more »

The request for public comments on the draft NIST Framework and Roadmap for Smart Grid Interoperability Standards, Release 2.0 was published in the Federal Register on October 25, 2011. The Federal Register version of the document is available for download here. A draft is also available at the NIST WIKI site here.

The deadline for public comments is November 25, 2011 at 5:00 PM Eastern Time.

You may send written comments to the Office of the National Coordinator for Smart Grid Interoperability, National Institute of Standards and Technology, 100 Bureau Drive, Mail Stop 8100, Gaithersburg, MD 20899-8100, or by email at nistsgfwcmts@nist.gov.

Comments may also be posted on the wiki Website above, which contains earlier versions of the document as well. In particular, it is requested that comments be categorized as 1) technical; 2) editorial; or 3) general. If a comment is not a general comment, please identify the relevant page, line number, and section the comment addresses. NIST is also requesting that commenters include a proposal on how to address the comment. This continues the process of evolution of the framework for interoperability standards for the Smart Grid, and further input from the SGIP will be sought to help resolve the comments as they are received.

 On October 12, 2011, a California administrative law judge ordered Pacific Gas and Electric (PG&E) to file additional information concerning the costs and technological feasibility associated with alternatives for customers who wish to opt-out of a wireless smart meter. On March 24, 2011, PG&E filed an applications with the California Public Utility Commission (CPUC) seeking approval of modifications to its Smart Meter program, and an increase in revenue requirements to recover the costs of the modifications.

The application was filed at the request of CPUC, seeking information on how the utility will handle customers who wish to “opt out” of having a smart meter mounted on their property.  PG&E proposed that the Smart Meter program be modified to provide customers the choice to request that PG&E “turn-off” or disable the radio inside their gas and/or electric Smart Meters, thus eliminating the radio frequency (RF) communications from the Smart Meters. This has been referred to as the “radio off” option. PG&E determine the “radio off” option was the best, most economical solution. The utility said they also considered using older style, analog meters, or smart meters communicating via “wired” methods. The law judge order PG&E to answers specific questions about opt out solutions rather than force proponents of these solutions to gather the information from PG&E themselves. This additional information must be filed by October 28, 2011.

  Read more »