NIST releases more development standards for smart electric grid

The National Institute of Standards and Technology released a report on Thursday that identified 15 new standards that will guide the development of the smart electric grid, which will use two-way communication systems to better monitor energy use to lower consumption.

NIST pulled the standards from the Internet and telecommunications sectors to address the security of the smart grid and to ensure interoperability of software and hardware, which different vendors will provide. The standards are aimed at improving technical capabilities, energy management, data exchange, and interoperability of vendor products and networks.

President Obama spoke about building a smart electric grid to deliver energy more efficiently in a May speech about securing the nation's cyber infrastructure. Much like the Internet, the smart grid would rely on real-time, two-way communication to allow customers to connect directly to electricity suppliers. The government will offer nearly $3.3 billion in grants to develop smart grid technology and $615 million to test the technology as part of the stimulus spending package.

Releasing the report is part of Phase 1 of a three-phase plan NIST developed to accelerate the identification of standards and establish a framework for development of the smart grid. In prepared remarks, Commerce Department Secretary Gary Locke compared the plan to "a designer's first detailed drawing of a complex structure. It presents a high-level conceptual model to ensure that everyone is on the same page before moving forward to develop more detailed, formal smart grid architectures."

The 15 new standards were developed from public comments that were submitted on the 16 initial standards that NIST released in April. Many of the standards require revision, according to the draft release of the framework and roadmap for smart grid interoperability standards, and NIST will release an additional 46 standards for public comment to decide if they should be included on the list as well.

The report also included 70 gaps and issues that require standards to find solutions to be developed. Among those NIST identified are 14 it categorized as needing urgent attention, including guidelines for the use of wireless communications in the smart grid and interoperability standards to support plug-in electric vehicles.

The smart grid ultimately will require hundreds of standards, according to the report, with some more urgently needed than others. NIST chose to focus on standards in eight areas: Demand response and consumer energy efficiency; wide-area situational awareness; electric storage; electric transportation; advanced metering infrastructure; distribution grid management; cybersecurity; and network communications.

The plan is a good first step, but it lacks specifics on how security will be incorporated into early development of the smart grid, said Greg Garcia, who served as assistant secretary of cybersecurity and telecommunications at the Homeland Security Department during the Bush administration and now runs his own information security consulting firm, Garcia Strategies.

"The NIST document is a good, process-oriented conceptual start, and it rightly attempts to point to existing standards or those under way. But I didn't see it give enough attention to the requirement for the secure development of smart grid and control systems devices," he said. "This isn't just a network management or IT over IP problem. We need a market shift in the guts and brains of the smart grid and other critical infrastructures."

According to the report, NIST will provide more information on security. As part of the plan, a NIST-led cybersecurity coordination task group consisting of more than 200 participants from the private and public sectors is developing a strategy and requirements for the smart grid, according to the report. The group will identify specific cases where cybersecurity must be addressed, perform a risk assessment to identify vulnerabilities, threats and impacts, develop a security architecture linked to the smart grid, and document and tailor security requirements to ensure adequate protection. NIST will release results of the group's work to date in a companion document soon.