Cyber Security

Integration of information technology (IT) and telecommunications infrastructures into the traditional electric power system have transformed the historical electricity network into a smarter electricity grid that enables real-time sensing, measurement, control, and two-way energy and information flow among various devices. As cyber infrastructure has become a critical component to the energy sector infrastructure, management and protections of cyber systems and IT components at all levels are required to prevent access to unauthorized functions, especially as they relate to grid operations. Cyber infrastructure and cyber security are terms defined by the National Infrastructure Protection Plan (NIPP) as:

Cyber Infrastructure: Includes electronic information and communications systems and services and the information contained in these systems and services. Information and communications systems and services are composed of all hardware and software that process, store, and communicate information, or any combination of all of these elements. Processing includes the creation, access, modification, and destruction of information. Storage includes paper, magnetic, electronic, and all other media types. Communications include sharing and distribution of information. For example: computer systems; control systems (e.g., SCADA); networks, such as the Internet; and cyber services (e.g., managed security services) are part of cyber infrastructure.

Cyber Security: The protection required to ensure confidentiality, integrity and availability of the electronic information communication system. With the adoption and implementation of the Smart Grid, the IT and telecommunication sectors will be more directly involved. These sectors have existing cyber security standards to address vulnerabilities and assessment programs to identify known vulnerabilities in these systems. These same vulnerabilities need to be assessed in the context of the Smart Grid. In addition, the Smart Grid has additional vulnerabilities due to its complexity, large number of stakeholders, and highly time-sensitive operational requirements.

Selected cyber security documents are listed below:

• NISTR 7628 - Guidelines for Smart Grid Cyber Security: Vol. 1, Smart Grid Cyber Security Strategy, Architecture, and High-Level Requirements, August 2010.

• NISTIR 7628 - Guidelines for Smart Grid Cyber Security: Vol. 2, Privacy and the Smart Grid, August 2010.

• NISTIR 7628 - Guidelines for Smart Grid Cyber Security: Vol. 3, Supportive Analyses and References, August 2010.

• Draft NISTIR 7628 Draft 1: Smart Grid Cyber Security Strategy and Requirements, September 2009.

• Draft NISTIR 7628 Draft 2: Smart Grid Cyber Security Strategy and Requirements, February 2010.

• Advanced Metering Infrastructure (AMI) System Security Requirement, 2008.

• The National Infrastructure Protection Plan, 2009.

• National Institute of Standards and Technology (NIST) Special Publication (SP), 800-39, DRAFT Managing Risk from Information Systems: An Organizational Perspective, April 2008.

• Federal Information Processing Standard (FIPS) 200, Minimum Security Requirements for Federal Information and Information Systems, March 2006.