CybersecurityNIST seeks public comments on updated smart-grid cybersecurity guidelines

Published 29 October 2013

The National Institute of Standards and Technology (NIST) is requesting public comments on the first revision to its guidelines for secure implementation of “smart grid” technology. The draft document, NIST Interagency Report (IR) 7628 Revision 1: Guidelines for Smart Grid Cybersecurity, is the first update to NISTIR 7628 since its initial publication in September 2010.

The National Institute of Standards and Technology (NIST) is requesting public comments on the first revision to its guidelines for secure implementation of “smart grid” technology.

The draft document, NIST Interagency Report (IR) 7628 Revision 1: Guidelines for Smart Grid Cybersecurity, is the first update to NISTIR 7628 since its initial publication in September 2010. During the past three years, use of smart grid technology has expanded dramatically, particularly the number of smart energy meters on homes, and technology and laws have progressed as well. These changes prompted NIST to update its document.

Millions of smart meters are in use around the country now, and as the smart grid is implemented we have gained more knowledge that required minor tweaks to the existing document,” says NIST computer scientist Tanya Brewer. “There also have been legislative changes in states such as California and Colorado concerning customer energy usage data, and we have made revisions to the volume on privacy based on the changing regulatory framework.” 

A NIST release reports that NISTIR 7628 remains a three-volume document geared mainly toward cybersecurity specialists.

Volume 1 contains mostly technical material for maintaining the security of the grid, including a reference architecture and high-level security requirements. Vol. 2 addresses privacy issues, containing a discussion of potential privacy issues in smart grid compared to other networked systems. Vol. 3 contains analyses and references that support the document’s contents.

Brewer says most of the changes are minor additions to existing sections of NISTIR 7628, though there is a newly added section in Vol. 2 regarding privacy. While cybersecurity practitioners will most likely be its primary audience, Brewer says public utility commissioners, vendors and researchers also will find the changes of interest. 

The draft version of NISTIR 7628 Revision 1 can be found here. Comments will be accepted until 24 December 2013, and can be submitted to NISTIR.7628.Rev1@nist.gov using the Excel template available at the site. A Federal Register notice announcing the request for comments is available here.