12 October 2009
Two notices.
[Federal Register: October 9, 2009 (Volume 74, Number 195)]
[Notices]
[Page 52183-52184]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]
[DOCID:fr09oc09-33]
-----------------------------------------------------------------------
DEPARTMENT OF COMMERCE
National Institute of Standards and Technology
[Docket No. 0909301329-91332-01]
Draft NIST Interagency Report (NISTIR) 7628, Smart Grid Cyber
Security Strategy and Requirements; Request for Comments
AGENCY: National Institute of Standards and Technology (NIST),
Department of Commerce.
ACTION: Notice; request for comments.
-----------------------------------------------------------------------
SUMMARY: The National Institute of Standards and Technology (NIST)
seeks comments on draft NISTIR 7628, Smart Grid Cyber Security Strategy
and Requirements. This initial draft of the document contains the
overall security strategy for the Smart Grid. Contents include:
Development of vulnerability classes, identification of well-understood
security problems that need to be addressed, selection and development
of security-relevant use cases, initial privacy impact assessment,
identification and analysis of interfaces identified in six functional
priority areas, advanced metering infrastructure (AMI) security
requirements, and selection of a suite of security documents that will
be used as the base for determining and tailoring security
requirements. This is the first draft of NISTIR 7628; NIST plans to
post a subsequent draft of this report for additional public comments.
DATES: Comments must be received on or before December 1, 2009.
ADDRESSES: Written comments may be sent to: Annabelle Lee, National
Institute of Standards and Technology, 100 Bureau Dr., Stop 8930,
Gaithersburg, MD 20899-8930. Electronic comments may be sent to:
csctgdraftcomments@nist.gov.
The report is available at: http://csrc.nist.gov/publications/
PubsDrafts.html#NIST-IR-7628.
FOR FURTHER INFORMATION CONTACT: Annabelle Lee, National Institute of
Standards and Technology, 100 Bureau Dr., Stop 8930, Gaithersburg, MD
20899-8930, telephone (301) 975-8897.
SUPPLEMENTARY INFORMATION: Section 1305 of the Energy Independence and
Security Act (EISA) of 2007 (Pub. L. 110-140) requires the Director of
the National Institute of Standards and Technology (NIST) ``to
coordinate the development of a framework that includes protocols and
model standards for information management to achieve interoperability
of smart grid devices and systems.'' EISA also specifies that, ``It is
the policy of the United States to support the modernization of the
Nation's electricity transmission and distribution system to maintain a
reliable and secure electricity infrastructure that can meet future
demand growth and to achieve each of the following, which together
characterize a Smart Grid: * * *
(1) Increased use of digital information and controls technology to
improve reliability, security, and efficiency of the electric grid.
(2) Dynamic optimization of grid operations and resources, with
full cyber-security.''
With the transition to the Smart Grid--the ongoing transformation
of the nation's electric system to a two-way flow of electricity and
information--the information technology (IT) and telecommunications
infrastructures have become critical to the energy sector
infrastructure.
NIST recently issued the NIST Framework and Roadmap for Smart Grid
Interoperability Standards, Release 1.0 (draft for public review and
comment). The report is an output of NIST's approach to expediting
development of key standards and requirements necessary for Smart Grid
interoperability and cyber security.
The report includes a high-level summary (Chapter 6) of draft
NISTIR 7628, Smart Grid Cyber Security Strategy and Requirements. The
report on the interoperability framework and standards roadmap, as well
as the Federal Register notice soliciting public comments on the
report, advised that NIST also was submitting this companion draft
document on cyber security for public review and comment.
NIST has established a Smart Grid Cyber Security Coordination Task
Group (CSCTG) which includes members from the public and private
sectors, academia, regulatory organizations, and federal agencies. The
CSCTG is identifying a comprehensive set of cyber security
requirements. These requirements are being identified using a high-
level risk assessment process that is defined in the cyber security
strategy for the Smart Grid.
The DRAFT NIST Interagency Report (NISTIR) 7628, Smart Grid Cyber
Security Strategy and Requirements includes the initial risk assessment
documents (vulnerability classes and bottom-up analysis); security-
relevant use cases; a base set of security requirements with cross-
referenced security standards; diagrams of a set of functional priority
areas and interfaces, including interface categories with constraints
and issues and impacts; initial privacy impact assessment; and AMI
security requirements.
Request for Comments: NIST seeks public comments on the report. The
document will be revised on the basis of comments received, and a
second draft will be published for public comment. In addition, the
second draft will include the overall Smart Grid security architecture
and the security requirements.
The final version of NISTIR 7628 will address all comments received
to date. The document will have the final set of security controls and
the final security architecture.
Comments on draft NISTIR 7628, Smart Grid Cyber Security Strategy
and Requirements should be submitted in accordance with the DATES and
ADDRESSES sections of this notice.
[[Page 52184]]
Dated: October 6, 2009.
Patrick Gallagher,
Deputy Director.
[FR Doc. E9-24430 Filed 10-8-09; 8:45 am]
BILLING CODE 3510-13-P
[Federal Register: October 9, 2009 (Volume 74, Number 195)]
[Notices]
[Page 52181-52183]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]
[DOCID:fr09oc09-32]
-----------------------------------------------------------------------
DEPARTMENT OF COMMERCE
National Institute of Standards and Technology
[Docket Number 0909291327-91328-01]
Draft NIST Framework and Roadmap for Smart Grid Interoperability
Standards, Release 1.0; Request for Comments
AGENCY: National Institute of Standards and Technology (NIST),
Department of Commerce.
ACTION: Notice; request for comments.
-----------------------------------------------------------------------
SUMMARY: The National Institute of Standards and Technology (NIST)
seeks two categories of comments on the draft NIST Framework and
Roadmap for Smart Grid Interoperability Standards, Release 1.0:
(1) Comments on the overall document and the contents of all
[[Page 52182]]
chapters, except Chapter 4, Standards Identified for Implementation;
and
(2) Comments on the 15 additional ``Standards Identified for
Implementation'' (Chapter 4); the NIST-proposed ``Guidance for
Identifying Standards for Implementation''; and recommendations for
adding or removing standards and specifications on the list of
standards identified for implementation (Table 2), referencing relevant
guidance criteria. In addition, NIST requests comments on the standards
in Table 3--additional standards NIST has identified for further
review.
DATES: Comments must be received on or before November 9, 2009.
ADDRESSES: Written comments may be sent to: George Arnold, 100 Bureau
Drive, Stop 8100, National Institute of Standards and Technology,
Gaithersburg, MD 20899-8100.
Electronic comments on the overall draft and the contents of
chapters 1-3 and 5-7 may be sent to: nistsgframeworkcomments@nist.gov.
Comments on the 15 additional ``Standards Identified for
Implementation'' (Chapter 4); the NIST-proposed ``Guidance for
Identifying Standards for Implementation;'' recommendations for adding
or removing standards and specifications on the list of standards
identified for implementation (Table 2), referencing relevant guidance
criteria; and comments on the standards in Table 3--additional
standards NIST has identified for further review--may be sent to:
nistsgstandardscomments@nist.gov. Comments on the standards in Table 3
should reference relevant guidance criteria.
The entire draft version of the NIST Framework and Roadmap for
Smart Grid Interoperability Standards, Release 1.0 (Draft), is
available at: http://www.nist.gov/public_affairs/releases/smartgrid_
interoperability.pdf.
FOR FURTHER INFORMATION CONTACT: George Arnold, 100 Bureau Drive, Stop
8100, National Institute of Standards and Technology, Gaithersburg, MD
20899-8100, telephone (301) 975-5627.
SUPPLEMENTARY INFORMATION: Section 1305 of the Energy Independence and
Security Act (EISA) of 2007 (Pub. L. 110-140, 121 Stat. 1492) requires
the Director of NIST ``to coordinate the development of a framework
that includes protocols and model standards for information management
to achieve interoperability of smart grid devices and systems.''
NIST recently issued the NIST Framework and Roadmap for Smart Grid
Interoperability Standards, Release 1.0 (draft for public review and
comment). The report is a result of NIST's approach to expediting
development of key standards and requirements necessary for Smart Grid
interoperability.
It proposes:
A conceptual reference model to facilitate design of an
architecture for the Smart Grid overall and for each of its networked
domains;
An initial set of standards for the Smart Grid;
Priorities for additional standards necessary to resolve
important gaps and to assure the interoperability, reliability, and
security of Smart Grid components;
Initial steps toward a Smart Grid cyber security and
requirements document; and
Action plans and timetables for designated standards
development organizations (SDOs) tasked to fill identified gaps.
The document is a draft release, and is an initial step in a
standards development and harmonization process that ultimately will
deliver the hundreds of communication protocols, standard interfaces,
and other widely accepted and adopted technical specifications
necessary to build an advanced, secure, and interoperable electric
power grid. The final version of Release 1.0, which will be issued
later in 2009, also will serve to guide the work of a Smart Grid
Interoperability Panel that is being established as part of the NIST
framework for achieving end-to-end interoperability.
Results of NIST's ongoing work on interoperability and cyber
security standards for the Smart Grid provide input to the Federal
Energy Regulatory Commission (FERC). Under EISA, FERC is charged with
instituting, once sufficient consensus is achieved, rulemaking
proceedings to adopt the standards and protocols necessary to ensure
Smart Grid functionality and interoperability in interstate
transmission of electric power, and in regional and wholesale
electricity markets.
On June 9, 2009, NIST issued a Federal Register notice (74 FR
27288), requesting comments on a preliminary set of 16 smart grid
interoperability standards and specifications identified as applicable
to Smart Grid interoperability and cyber security needs. After
reviewing and evaluating the input it received, NIST increased this
initial list to 31 standards and other specifications. The additional
15 standards and specifications are shaded in Table 2, Chapter 4,
beginning with item 17 on page 34 of the report. In addition, Table 3
lists additional standards NIST has identified for further review.
On May 19-20, 2009, NIST and its contractor, the Electric Power
Research Institute (EPRI), convened a workshop, where more than 600
people engaged in sessions focused on developing and analyzing use
cases, determining Smart Grid interoperability requirements, locating
key interfaces, and identifying additional standards for consideration.
The sessions yielded more than 70 candidate standards and emerging
specifications, which were compiled in EPRI's Report to NIST on the
Smart Grid Interoperability Standards Roadmap (EPRI Report) ((Contract
No. SB1341-09-CN-0031--Deliverable 7) Prepared by EPRI, June 17, 2009).
The EPRI Report also was submitted for public review and comment.
However, the additional standards constituted a small part of the
lengthy report.
Excluding those already listed in Table 2, the standards compiled
in the EPRI Report are listed in Table 3, Chapter 4 of the draft NIST
Framework and Roadmap for Smart Grid Interoperability Standards,
Release 1.0.
NIST solicits public comments on the 15 standards and other
specifications added to the list of NIST-identified standards for
implementation, as presented in Table 2, Chapter 4. Comments may
include recommendations for removing specific items, or for adding new
specifications, which may or may not be among those listed in Table 3,
Chapter 4 of the NIST Framework and Roadmap for Smart Grid
Interoperability Standards, Release 1.0 (Draft). All recommendations
should reference specific criteria in the supporting explanation, as
described below.
NIST has developed a core set of criteria to provide initial
guidance when evaluating prospective Smart Grid standards. This
guidance also is presented in Chapter 4 of NIST Framework and Roadmap
for Smart Grid Interoperability Standards, Release 1.0 (Draft). NIST
seeks public comments on the usefulness of the criteria as well as
suggestions for improving the guidance for future evaluations of
standards. Additionally, NIST asks that recommendations for adding or
removing specifications from the list of standards identified for Smart
Grid implementation cite guidance criteria relevant to specific
recommendations.
Request for Comments: NIST seeks two sets of comments on the draft
framework and roadmap report. The agency requests:
1. Comments on the overall draft and the contents of chapters 1-3
(``Purpose
[[Page 52183]]
and Scope,'' ``Smart Grid Vision,'' and ``Conceptual Reference Model'')
and chapters 5-7 (``Priority Action Plans,'' ``Cyber Security Risk
Management Framework and Strategy,'' and ``Next Steps'') of the draft
NIST Framework and Roadmap for Smart Grid Interoperability Standards,
Release 1.0.
2. Comments on the 15 additional ``Standards Identified for
Implementation'' (Chapter 4); comments on the NIST-proposed ``Guidance
for Identifying Standards for Implementation;'' and recommendations for
adding or removing specifications on the list of standards identified
for implementation (Table 2), which should reference relevant guidance
criteria. In addition, comments on the standards in Table 3--additional
standards NIST has identified for further review--are requested, and
comments should reference relevant guidance criteria.
Comments should be submitted in accordance with instructions in the
ADDRESSES section of this notice.
NIST advises that it also is seeking public review and comment on a
companion draft document, NIST Interagency Report (NISTIR) 7628 Smart
Grid Cyber Security Strategy and Requirements. (More than 200 pages
long, this document is summarized in Chapter 6 of draft NIST Framework
and Roadmap for Smart Grid Interoperability Standards, Release 1.0.)
The request for comments on draft NISTIR 7628 will be published
separately in the Federal Register.
Dated: October 5, 2009.
Patrick Gallagher,
Deputy Director.
[FR Doc. E9-24429 Filed 10-8-09; 8:45 am]
BILLING CODE 3510-13-P
|