Mariana Hentea - Building an Effective Security Program for Distributed Energy Resources and Systems

ZigBee Alliance – Low‐power radio inside buildings.

Wi‐Fi – Interoperability of wireless products.

IEEE P2030 – Standards and guidelines for Smart Grid applications.

IRENA – International renewable integration.

ISO – International standards; technology standards.

IEC – Active in many areas of the Smart Grid.

IETF – Internet standards in many areas of the Smart Grid.

ITU‐T – Active in many areas of the telecommunications and Smart Grid.

ANSI – Working on meters.

NAESB – North America industry interoperability standards for gas and electricity.

NEMA – Electrical equipment manufacturers.

NRECA – Electric cooperative utilities.

State legislatures.

Federal/state regulators.

FERC – US Federal Energy Regulatory Commission.

NERC – Reliability of US interconnected systems including portions of Canada and Mexico.

ITU‐T – Communications and many Smart Grid applications.

OASIS – Cross‐domain standards for services to enable machine‐based scheduling of human‐centric activities.

ASHRAE – HVAC and refrigeration standards.

IETF – Internet standards for the Smart Grid.

SAE – Communication between PEV and the electric power grid.

OpenADR Alliance – Standards for DR implementations.

Bacnet – Standards for commercial buildings and integration with the Smart Grid.

OPC – Standards for open connectivity of ICSs and process control.

One of the most important side benefits of the Smart Grid is the work being performed by government and industry groups in collaboration. Developing interoperability standards plays a key role in supporting grid modernization.

The work of the National Institute of Standards and Technology (NIST) and industry associations such as the International Electrotechnical Commission (IEC), the Electric Power Research Institute (EPRI), and the Smart Grid Interoperability Panel (SGIP) and trade groups like the GridWise Alliance (GWA) and GridWise Architecture Council (GWAC) all contribute to establishing the definitions and specifications for connecting grid devices. These groups have enabled rapid progress forward in the development of the Smart Grid. Processes are already in place to close the gaps in current standards. Most grid‐focused interoperability projects that adhere to the current standards can now move forward with a high degree of confidence. The most active of these groups include the GridWise Architecture Council and NIST’s SGIP.

The GridWise Architecture Council includes members from different domains of Smart Grid technology that is sponsored by DOE. Although NIST has been assigned the primary responsibility to coordinate development of a standards framework for information management to achieve interoperability of Smart Grid devices and systems, the Energy Independence and Security Act of 2007 (EISA) requires that NIST consult with GWAC to define the standards and set up investment grants.

The GridWise Architecture Council has enormous influence in the development of the Smart Grid framework and the GWAC stack, adapted from the OSI layered stack, which helped to stimulate innovation in the computer industry.

The NIST initiated the SGIP in 2009 to support NIST in fulfilling its responsibility, under the EISA, to coordinate standard development for the Smart Grid. Since January 2013, SGIP ( http://sgip.org) entered a new phase – self‐sustaining entity with the majority of funding to come from industry stakeholders. The NIST SGIP is the way NIST interacts with the electricity industry and other stakeholders. They are working on Smart Grid standards, developing priority action plans, and designing the testing and certification standards. SGIP developed the Smart Grid conceptual model and cybersecurity requirements [NISTIR 7628r1] including recommendations for security solutions. Specific NIST activities include:

Identifying existing applicable standards.

Addressing and solving gaps where a standard extension or new standard is needed.

Identifying overlaps where multiple standards address some common information.

NIST maintains an active role and continues to support SGIP’s mission to provide a framework for coordinating all Smart Grid stakeholders in an effort to accelerate standard harmonization and advance the interoperability of Smart Grid devices and systems. The catalog of standards ( http://sgip.org/Catalog‐of‐Standards) is a compendium of standards and practices considered to be relevant for the development and deployment of a robust and interoperable Smart Grid. The catalog is expected to be a larger compilation that can support the FERC, but it is independent of FERC decision making.

The SGIP has several priority‐specific committees and working groups. NIST maintains an active presence in these groups. Among these groups, we mention the cybersecurity (SGCC) group and domain expert working groups (DEWGs). The SGCC working group identifies and analyzes security requirements and develops a risk mitigation strategy to ensure the security and integrity of the Smart Grid. DEWGs perform analyses and provide expertise in specific application domains including distributed renewables, generation, and storage.

Once there is, in the judgment of the FERC, sufficient consensus concerning the standards developed under NIST’s oversight, FERC is directed to adopt such standards and protocols as may be necessary to ensure Smart Grid functionality and interoperability in interstate transmission of electric power and regional and wholesale electricity markets [EISA 2007]. The law delegates to the FERC the responsibility of defining what sufficient consensus and adopts means in the context of the standards.

Recognizing the needs of the energy sector, FERC identified four functional priorities for the development of key interoperability standards for the following areas:

Demand and response.

Wide area situational awareness.

Energy storage.

Electric transportation.

Also, FERC identifies two crosscutting priorities, system security (cybersecurity and physical security) and intersystem communication, a common semantic framework (e.g. agreement as to meaning and software models) for enabling effective communication and coordination across inter‐system interfaces.

On 22 November 2013, FERC approved Version 5 of the critical infrastructure protection standards (CIP Version 5), which represents significant progress in mitigating cyber risks to the bulk power system. In 2014, NERC initiated a program to help industry transition directly from the currently enforceable CIP Version 3 standards to CIP Version 5. The goal of the transition program is to improve industry’s understanding of the technical security requirements for CIP Version 5, as well as the expectations for compliance and enforcement.

While NERC‐CIP Version 5 of standards was released on 22 November 2013, organizations must transition all high‐ and medium‐impact BES to NERC‐CIP v5 on 1 April 2016. Low‐impact BES systems can wait until 1 April 2017. However, there is no clear cybersecurity strategy as many CIP standards were made inactive and many standards are pending enforcement. It is recommended to visit [NERC CIP] portal for the most current standards and recent activities.

One of the predominant topics of the emerging Smart Grid is standardization [Uslar 2013]. Education on how to use standards is rarely the focus of curricula in colleges and universities. Guidelines and books may be useful in getting help for using the standards. A comprehensive introduction to Smart Grid standards and their applications for developers, consumers, and service providers is provided in [Sato 2015]. The authors consider the need for standards interoperability and integration in the Smart Grid. The authors claim a methodology for understanding and identification of the fundamental standards needed by developers for DER, electric storage, and E‐mobility/plug‐in vehicles. However, many standards may not be applicable forever, but they could become obsolete in a short period of time or could change continuously, or new standards could emerge. Therefore, the methodology to select a new standard is needed.