The electric grid is critical to the economic and physical well-being of the nation, and emerging cyber threats targeting the grid highlight the need to integrate advanced cybersecurity to protect these critical assets.
The major elements of the Smart Grid, in addition to the electric grid, are information technology, industrial control systems, and the communications infrastructure used to send command information from generation to the distribution systems. These elements are also used to exchange usage and billing information between utilities and their consumers.
Key to the successful deployment of the Grid infrastructure is the development of a cybersecurity strategy. Cybersecurity needs to be designed into the new systems supporting the Smart Grid, and added into existing systems without extensively impacting operations.
For successful development and implementation of a secure Grid infrastructure, two key actions must occur – designing cybersecurity functionality into emerging interoperability standards that support the Smart Grid and adding cybersecurity into existing interoperability standards.
A key working group of SGIP, SGCC volunteer members are involved with:
- Providing recommended security requirements that may be used by strategists, designers, implementers, and operators of the Grid, in their job functions at, utilities, equipment manufacturers and for guidance to regulators).
- Creating and maintaining a logical reference model of the Smart Grid, which enables the creation and maintenance of a logical security architecture.
- Identifying and clearly describing privacy risks and concerns with developed or emerging interoperability standards for the Grid, and then determining the most appropriate and feasible practices for mitigating the risks.
- Identifying Grid cybersecurity-specific gaps and challenges. Where possible, SGCC will collaborate with SGIP Priority Action Plans (PAPs) or other groups (e.g., National Electric Sector Cybersecurity Organization Resource (NESCOR), EPRI, etc.) to help address the identified gaps.
- Assessing proposed standards and requirements for adoption into the SGIP Catalog of Standards.
- Developing cybersecurity and privacy resources that can benefit stakeholders.