Draft Interagency Report (NISTIR) 7628: Smart Grid Cyber Security Strategy and Requirements

Federal Register: October 9, 2009 (Volume 74, Number 195)

Notices

Page 52183-52184

From the Federal Register Online via GPO Access [wais.access.gpo.gov]

DOCID:fr09oc09-33

DEPARTMENT OF COMMERCE

National Institute of Standards and Technology

Docket No. 0909301329-91332-01

Draft NIST Interagency Report (NISTIR) 7628, Smart Grid Cyber

Security Strategy and Requirements; Request for Comments

AGENCY: National Institute of Standards and Technology (NIST),

Department of Commerce.

ACTION: Notice; request for comments.

SUMMARY: The National Institute of Standards and Technology (NIST) seeks comments on draft NISTIR 7628, Smart Grid Cyber Security Strategy and Requirements. This initial draft of the document contains the overall security strategy for the Smart Grid. Contents include:

Development of vulnerability classes, identification of well-understood security problems that need to be addressed, selection and development of security-relevant use cases, initial privacy impact assessment, identification and analysis of interfaces identified in six functional priority areas, advanced metering infrastructure (AMI) security requirements, and selection of a suite of security documents that will be used as the base for determining and tailoring security requirements. This is the first draft of NISTIR 7628; NIST plans to post a subsequent draft of this report for additional public comments.

DATES: Comments must be received on or before December 1, 2009.

ADDRESSES: Written comments may be sent to: Annabelle Lee, National

Institute of Standards and Technology, 100 Bureau Dr., Stop 8930,

Gaithersburg, MD 20899-8930. Electronic comments may be sent to: csctgdraftcomments@nist.gov.

The report is available at: http://csrc.nist.gov/publications/

PubsDrafts.html#NIST-IR-7628.

FOR FURTHER INFORMATION CONTACT: Annabelle Lee, National Institute of

Standards and Technology, 100 Bureau Dr., Stop 8930, Gaithersburg, MD 20899-8930, telephone (301) 975-8897.

SUPPLEMENTARY INFORMATION: Section 1305 of the Energy Independence and

Security Act (EISA) of 2007 (Pub. L. 110-140) requires the Director of the National Institute of Standards and Technology (NIST) ``to coordinate the development of a framework that includes protocols and model standards for information management to achieve interoperability of smart grid devices and systems.'' EISA also specifies that, ``It is the policy of the United States to support the modernization of the

Nation's electricity transmission and distribution system to maintain a reliable and secure electricity infrastructure that can meet future demand growth and to achieve each of the following, which together characterize a Smart Grid: * * *

(1) Increased use of digital information and controls technology to improve reliability, security, and efficiency of the electric grid.

(2) Dynamic optimization of grid operations and resources, with full cyber-security.''

With the transition to the Smart Grid--the ongoing transformation of the nation's electric system to a two-way flow of electricity and information--the information technology (IT) and telecommunications infrastructures have become critical to the energy sector infrastructure.

NIST recently issued the NIST Framework and Roadmap for Smart Grid

Interoperability Standards, Release 1.0 (draft for public review and comment). The report is an output of NIST's approach to expediting development of key standards and requirements necessary for Smart Grid interoperability and cyber security.

The report includes a high-level summary (Chapter 6) of draft

NISTIR 7628, Smart Grid Cyber Security Strategy and Requirements. The report on the interoperability framework and standards roadmap, as well as the Federal Register notice soliciting public comments on the report, advised that NIST also was submitting this companion draft document on cyber security for public review and comment.

NIST has established a Smart Grid Cyber Security Coordination Task

Group (CSCTG) which includes members from the public and private sectors, academia, regulatory organizations, and federal agencies. The

CSCTG is identifying a comprehensive set of cyber security requirements. These requirements are being identified using a high- level risk assessment process that is defined in the cyber security strategy for the Smart Grid.

The DRAFT NIST Interagency Report (NISTIR) 7628, Smart Grid Cyber

Security Strategy and Requirements includes the initial risk assessment documents (vulnerability classes and bottom-up analysis); security- relevant use cases; a base set of security requirements with cross- referenced security standards; diagrams of a set of functional priority areas and interfaces, including interface categories with constraints and issues and impacts; initial privacy impact assessment; and AMI security requirements.

Request for Comments: NIST seeks public comments on the report. The document will be revised on the basis of comments received, and a second draft will be published for public comment. In addition, the second draft will include the overall Smart Grid security architecture and the security requirements.

The final version of NISTIR 7628 will address all comments received to date. The document will have the final set of security controls and the final security architecture.

Comments on draft NISTIR 7628, Smart Grid Cyber Security Strategy and Requirements should be submitted in accordance with the DATES and

ADDRESSES sections of this notice.

Page 52184

Dated: October 6, 2009.

Patrick Gallagher,

Deputy Director.

FR Doc. E9-24430 Filed 10-8-09; 8:45 am

BILLING CODE 3510-13-P