The NIST Smart Grid Interoperability Panel (SGIP)has released version two of its Interoperability Process Reference Manual, with a guide to the process by which test laboratories and certifying organizations are accredited for evaluation of Smart Grid products. Utilities that are interested in smart grid interoperability testing, and the procedures recommended by NIST, should download the document as a reference.

Read more »

The Michigan Public Service Commission has launched an investigation into Michigan utility companies that install smart meters after concerns were raised by electric customers and municipalities over the practice. The Commission noted that "at least nine local communities across Michigan" have called for such an action by the state agency.
  Read more »

In an email to the National Institute of Standards and Technology's (NIST) Smart Grid Cybersecurity Working Group (CSWG), it was announced that the CSWG Testing and Certification subgroup has completed the draft SGIP document, “Guide for Assessing the High-Level Security Requirements in NISTIR 7628, Guidelines for Smart Grid Cyber Security.” The document provides a foundation to facilitate a security assessment based on the NISTIR 7628 high-level security requirements. The agency released the smart grid security guidelines in the NISTIR 7628 document in 2010, but some utilities have struggled with using the document in order to create real world security policies. This guide is written to provide a foundation to facilitate a security assessment based on the NISTIR 7628 high-level security requirements implemented within an effective risk management program. Read more »

The Utilities Telecom Council (UTC) hosted 25 delegates from the Chinese Ministry of Industry and Information Technology (MIIT) seeking information on the development and application of Smart Grid technologies. The Chinese delegates hold positions within the telecommunications administration at central, provincial and municipal levels of Chinese industry. Read more »

U.S. utilities are structuring intelligence into their networks with the aim to make power distribution more efficient; however these efforts are getting caught in the myriad of regulations that leave their security efforts incomplete, inadequate and uncoordinated. According to a new report released by researchers at the Massachusetts Institute of Technology (MIT), a single federal agency should be in charge of the nation’s critical infrastructure security, instead of being spread across a group of organizations, as it currently is. The findings also stated that this greater reliance on data communications in the grid increases the importance of standardization for interoperability and of cybersecurity and raises serious issues of privacy. Additionally, the report also discussed the potential risk factors to the grid from the impact of federal regulations, rising prices for fossil fuels and competition from sources of renewable energy. It largely stated that with the right policy measures, the grid would be able to handle the influx of electric vehicles as well as renewable generation sources including wind and solar. Read more »

Integration of smart grid devices, and other new and emerging technologies reliant on communications to control operations of the device pose a threat to the reliability of the electric grid, according to a new report released by the North American Electric Reliability Corporation (NERC). Providing a 10-year outlook on the North American electric industry, the new '2011 Long Term Reliability Assessment' report released by NERC evaluates key reliability indicators and dives into the impact of regulations and other issues on bulk power system reliability. The key issues discussed in the report were: the decrease in projected generation resources; the growing dependence on natural gas as a primary fuel source of on-peak capacity; the increased demand for integrating and delivering new resources and the subsequent growth of transmission; and the cumulative effect from environmental regulations may reduce reserve margins in ways that could affect bulk power system reliability, depending on the scope and timing of final regulation implementation. Read more »

Information about a worm very similar to Stuxnet has been released by the Industrial Control System - Cyber Emergency Response Team (ICS-CERT) in an Industry Alert. This threat has been named "Duqu" because it creates files with the file name prefix "~DQ".

Initial findings suggest that Duqu's purpose is to gather intelligence data and assets from entities, such as industrial control system manufacturers, with the intention to easily conduct a future attack against another third party. The creators of the code are looking for information such as design documents that could help them mount a future attack on an industrial control facility. Symantec has labelled this threat the “Precursor to the Next Stuxnet” based on some similarities between the two, and also released a Mitigation Fact Sheet.

Utilities and other critical infrastructure industries (CII) continue to have concerns about using commercial service providers to support their mission-critical, smart grid and other communications applications. In reply comments filed in the Federal Communications Commission (FCC) proceeding on the reliability of communications networks, UTC re-iterated that the Commission should not force utilities to use commercial service providers; instead it should allow utilities the ability to choose between private internal networks and commercial service providers as appropriate. Moreover, UTC recommended that the FCC provide utilities with access to suitable auction-exempt spectrum to ensure the safe, efficient and reliable delivery of essential electric, gas and water services to the public at large. Read more »

The Colorado Public Utilities Commission has issued a list of recommended smart grid data privacy rules that subject utilities to a whole range of requirements, and penalties up to $2000 per violation. The document also gives utilities up to 20 days to file their objections, and if no exceptions are received, the rules will become law. The rules would require utilities to explain their data collection processes, the frequency of data collection and the security measures that will be taken to ensure privacy of customers. Additionally, the utilities would be expected to provide this data to anyone authorized by the customers, with no charge to the customers or recipients.

There is "no silver bullet to address the communication needs of utilities," and utilities need to "use all tools in the toolkit," noted David Masters, Manager, Technology Development at Duke Energy. Masters spoke on Wednesday's highly attended UTC webinar that looked into the challenges of utility communications network modernization. He discussed how Duke confronted the task of integrating millions of discrete points and devices that are part of its envisioned digital grid architecture. Commercial service providers' cellular networks were used to create connectivity within the utility's Wide Area Network (WAN) that enables communications between the enterprise data center and back office. At the same time, he explained that other portions of the network will use other types of communications technology. It was noted that gaps or limited availability in the cellular network are addressed by building in redundancies via a separate, Node-to-Node (N2N) communications system that the utility hold full control over. Masters reported that this N2N network leverages a Wi-Fi with mesh capability (802.11s), and a low frequency, lower bandwidth power line communication solution providing circuit level capabilities was also being considered. Masters noted that there is no one solution to creating an effective utility communications network, and each utility needs to take this effort on a case-by-case basis looking at its own demographic and geographical needs. These points were also made by LightRiver Technologies' Chief Technology Officer Dean Campbell, who provided an overview of the technology options for utilities who need to modernize their infrastructure communications models. He discussed the economics of using packet services, especially the challenges of transporting TDM over packet, and how options such as Ethernet tag switching, PBB-TE, MPLS and the use of carrier Ethernet can support utilities' overall needs to ensure reliability and performance.