The Smart Grid Security Profile Blueprint provides the electric utility industry along with supporting vendor communities and other stakeholders a framework, set of tools, and method to create and customize Smart Grid domain-specific security profiles. These security profiles specify security requirements that should be applied to the procurement, implemention, and configuration of Smart Grid systems. These requirements will ensure the high level of information assurance, availability and security necessary to operate a reliable system and maintain consumer confidence. The security profiles created by using this Blueprint will augment and clarify more general established standards and best practices for cyber security through the specification of usable, actionable, and traceable security requirements tailored to specific Smart Grid applications.
The primary audience of the Blueprint is any organization attempting to create a new security profile or customize an existing security profile; therefore the document is written for security architects from utilities, vendors, and system integrators that have experience with utility security. Other stakeholders, such as vendors, can use this document to understand how a particular set of security controls was selected as part of a particular security profile. The Blueprint is intended to produce requirements that are technology-specific but vendor-agnostic, and does this by defining a process for creating a security profile. This process includes the delineation of profile scope, creation of a logical reference architecture, definition of objectives for secure operation, performance of a failure analysis, recommendation of security controls, and validation of criteria for satisfaction of requirements.