Discussion of the Smart Grid usually focuses on efficiencies that may be achieved by a system that responds to real time information about energy production, distribution and consumption. But the development of this advanced digital infrastructure, with two-way capabilities for communicating information, controlling equipment, and distributing energy, also presents some legitimate information security and privacy concerns. For example, a disgruntled employee or a terrorist with the right computer skills could penetrate a network and alter load conditions to destabilize the grid in unpredictable ways. The grid may also be compromised by inadvertent events such as equipment failures and natural disasters.
On the privacy side, the Smart Grid will greatly expand the amount of data that can be monitored, collected, aggregated and analyzed. For example, information about specific appliances and generators used by consumers can be tracked from the electric information “signatures” they produce. The driver of an electric vehicle will also leave an electrical roadmap of her travels.
In response to these concerns, the National Institute of Standards and Technology (NIST) released guidance earlier this month entitled Smart Grid Cyber Security Strategy and Requirements. The three-volume guidance document is intended for “Smart Grid stakeholders” including vendors of energy information and management services, equipment manufacturers, utilities, system operators, network specialists and regulators.
- Volume 1 presents a risk assessment framework and describes high-level security requirements;
- Volume 2 focuses on privacy issues in personal dwellings and recommends how entities that participate in the Smart Grid might address these issues; and
- Volume 3 is a compilation of supporting analyses and references.
Kudos to anyone who can decipher the NIST’s “Logical Reference Model” pictured below. Nevertheless, the guidance provides a useful framework for addressing these complex issues.