Kate Rowland | Nov 03, 2010

The National Institute of Standards and Technology's long-awaited report, Guidelines for Smart Grid Cyber Security is out. The recommendations contained within will take some time to digest, but will still offer concise steps for both utilities and smart grid technology manufacturers to follow so that they can address both cyber security and consumer privacy issues. A work in progress, to be sure, but a good one.

These initial guidelines, produced by a 450-member working group, are intended to facilitate organization-specific smart grid cyber security strategies focused on prevention, detection, response and recovery.  As well, they are "intended primarily for individuals and organizations responsible for addressing cyber security for Smart Grid systems and the constituent subsystems of hardware and software components," according the first volume's executive summary notes.

"Given the widespread and growing importance of the electric infrastructure in the U.S. economy, these individuals and organizations comprise a large and diverse group. It includes vendors of energy information and management services, equipment manufacturers, utilities, system operators, regulators, researchers, and network specialists.

"In addition, the guidelines have been drafted to incorporate the perspectives of three primary industries converging on opportunities enabled by the emerging Smart Grid-utilities and other businesses in the electric power sector, the information technology industry, and the telecommunications sector."

George Arnold, NIST's national coordinator for smart grid interoperability, calls them "a starting point for the sustained national effort that will be required to build a safe, secure and reliable smart grid."

The report advocates a layered, or "defense in depth," approach to security, echoing discussions by industry and cyber security analysts that multiple levels of security are essential. In all, there are 189 high-level security requirements detailed that are applicable either to the entire smart grid or to particular parts of the grid and associated interface categories.

It's a lot to digest but let’s focus on the report's second volume, which deals with privacy issues within personal dwellings, exploring privacy concerns and providing associated recommendations for addressing them.

The report identifies four dimensions of privacy: personal information, personal privacy, behavioral privacy and personal communications privacy. "Most Smart Grid entities directly address the first dimension, because privacy of personal information is what most data protection laws and regulations cover," it states. "However, the other three dimensions are important privacy considerations as well and should be considered by Smart Grid entities."

Most consumers probably do not understand their privacy exposures or their options for mitigating those exposures within the smart grid, the report notes. In light of smart meter installation hiccups with a couple of utilities highlighted this summer, one of the report's recommendations in particular rings out clearly: "Conduct pre-installation processes and activities for using Smart Grid technologies with utmost transparency."

Here's another note in the report worth mentioning: "Additionally, manufacturers and vendors of smart meters, smart appliances, and other types of smart devices should engineer these devices to collect only the data necessary for the purposes of the smart devices operations. The defaults for the collected data should be established to use and share the data only as necessary to allow the device to function as advertised and for the purpose(s) agreed to by Smart Grid consumers."

This hands-across-the-water approach suggested, while a no-brainer understanding on the part of electric utilities and smart devices manufacturers, isn't always properly and completely communicated to consumers. Many of today's electricity consumers don't go much beyond expecting electricity to be there when they want to use it. Many aren't even computer-savvy, and consider the smart grid (and, in particular, a smart meter attached to their own house) an Orwellian invasion of their privacy. That is a big hoop through which the industry needs to jump successfully to reach a smart grid future.

Canadian communications theorist Marshall McLuhan once wrote: "The past went that-a-way. When faced with a totally new situation, we tend always to attach ourselves to the objects, to the flavor of the most recent past. We look at the present through a rear-view mirror. We march backwards into the future." We ignore this advice at our collective peril, and that of the ultimate success of the smart grid.

There is a wide range of privacy concerns to address within the smart grid, the SGIP-CSWG report points out. "These may impact the implementation of Smart Grid systems or their effectiveness," it says. "For example, a lack of consumer confidence in the security and privacy of their energy consumption data may result in a lack of consumer acceptance and participation, if not outright litigation."

The challenge ahead, the report goes on to note, "is to create a Smart Grid Privacy Principles program that individuals accept. The goal is to have individuals participate in the Smart Grid, allowing the electric sector to thrive and innovation to occur. This will only happen when effective and transparent privacy practices are consistently implemented, followed, and enforced within the Smart Grid."

The following story, which appeared in Intelligent Utility Daily, was written by Kate Rowland who is the editor-in-chief of Intelligent Utility magazine.

Smart grid cyber security, as well as other issues focused on optimizing the convergence of IT, operations and customer service, will be on the agenda for Energy Central's upcoming Knowledge Executive Summit, Nov. 8-10, in Scottsdale, AZ

Copyright © 1996-2010 by CyberTech, Inc. All rights reserved.

To subscribe or visit go to:  http://www.energycentral.com

To subscribe or visit go to:  http://www.energybiz.com