NIST body backs beefing up cybersecurity in smart grid standards

The SGIP, set up by the National Institute of Standards and Technology (NIST), recently approved standards for smart meters and wireless devices designed to improve interoperability and security of the smart grid electricity system.

Almost every house has an electricity meter, and the Meter Upgradeability Standard (PAP 0) is designed to ensure that the new generation of smart electricity meters does not become obsolete, NIST said in a release.

In addition, the Guidelines for Assessing Wireless Communications for Smart Grid Applications (PAP 2) cover standards necessary for wireless communications between all devices connected to the smart grid, including a range of components in generation plants, substations, and transmission systems, NIST said.

In addition to interoperability standards, PAP 0 and PAP 2 contain general cybersecurity provisions designed to protect the grid from sabotage or data theft. Swanson told Infosecurity that the CSWG reviewed PAP 0 and PAP 2 and made recommendations for improvements in cybersecurity for future revisions.

In its review, the working group said that “these standards as they stand are good [from a cybersecurity perspective], but when you go to revise them, you should include these other things. From a security perspective, we will always find something that needs to be tweaked”, Swanson explained.

On the smart meter standard, the CSWG recommended that physical access and environmental security for meter upgrades be handled by local access methods; maintenance of a secure, intact audit log (i.e., not modified or erased) be carried out during an upgrade; and protection of timestamps and time synchronization be instituted during upgrades.

On the wireless communications guidelines, the group recommended future guidelines require a risk assessment to determine applicable security requirements; assess the various cybersecurity techniques used with wireless systems, as well as assess the impact of these cybersecurity techniques on complete wireless systems; and develop additional use cases that cover wireless-specific cybersecurity requirements.

The CSWG is chaired by NIST and includes 600 members from government and private industry from around the world, Swanson said. The group provides cybersecurity feedback to the SGIP on the standards it develops for the smart grid based on the NIST Interagency Report 7628, Guidelines for Smart Grid Cybersecurity. The CSWG recently issued a roadmap, which provides an overview of its work, as well as its plan for the next three years.

What’s hot on Infosecurity Magazine?