TMCNet:  Request for Comments on Draft NIST Interagency Report (NISTIR) 7628 Rev. 1, Guidelines for Smart Grid Cyber Security Notice Posted in Federal Register

[October 25, 2013]

Request for Comments on Draft NIST Interagency Report (NISTIR) 7628 Rev. 1, Guidelines for Smart Grid Cyber Security Notice Posted in Federal Register

(Targeted News Service Via Acquire Media NewsEdge) WASHINGTON, Oct. 25 -- The U.S. Department of Commerce published the following notice in the Federal Register from the National Institute of Standards and Technology: Request for Comments on Draft NIST Interagency Report (NISTIR) 7628 Rev. 1, Guidelines for Smart Grid Cyber Security A Notice by the National Institute of Standards and Technology on 10/25/2013 Action Notice; Request For Comments.


Summary The National Institute of Standards and Technology (NIST) seeks comments on draft NISTIR 7628 Rev. 1, Guidelines for Smart Grid Cyber Security. Draft NISTIR 7628 Rev. 1 was completed by the NIST-led Smart Grid Cybersecurity Committee (formerly the Cyber Security Working Group) of the Smart Grid Interoperability Panel. The document has been updated to address changes in technologies and implementations since the release of NISTIR 7628 in September 2010. In addition, the document development strategy, cryptography and key management, privacy, vulnerability classes, research and development topics, standards review, and key power system use cases have been updated and expanded to reflect changes in the Smart Grid environment since 2010. The final version is expected to be posted in the fall of 2013.

DATES: Comments must be received by December 24, 2013.

ADDRESSES: Please submit your comments, using the comment template forms available electronically from the NIST Web site at: http://csrc.nist.gov/publications/PubsDrafts.html. Written comments concerning the document may be sent to: Information Technology Laboratory, ATTN: Tanya Brewer, National Institute of Standards and Technology, 100 Bureau Drive, Stop 8930, Gaithersburg, MD 20899-8930.

Electronic comments should be sent to: NISTIR.7628.Rev1@nist.gov, with the Subject line: Draft NISTIR 7628 Rev. 1 Comments.

Draft NISTIR 7628 Rev. 1, Guidelines for Smart Grid Cyber Security, is available electronically from the NIST Web site at: http://csrc.nist.gov/publications/PubsDrafts.html. The comment templates are available at the same address.

FOR FURTHER INFORMATION CONTACT: Tanya Brewer, telephone: 301-975-4534, National Institute of Standards and Technology, 100 Bureau Drive, Stop 8930, Gaithersburg, MD 20899-8930 or via email: tanya.brewer@nist.gov.

SUPPLEMENTARY INFORMATION: Background Section 1305 of the Energy Independence and Security Act of 2007 (EISA) (Pub. L. 110-140) requires the Director of the National Institute of Standards and Technology (NIST) "to coordinate the development of a framework that includes protocols and model standards for information management to achieve interoperability of smart grid devices and systems." EISA also specifies in Section 1301 that, "It is the policy of the United States to support the modernization of the Nation's electricity transmission and distribution system to maintain a reliable and secure electricity infrastructure that can meet future demand growth and to achieve each of the following, which together characterize a Smart Grid: (1) Increased use of digital information and controls technology to improve reliability, security, and efficiency of the electric grid.

(2) Dynamic optimization of grid operations and resources, with full cyber-security. . . ." With the transition to the Smart Grid--the ongoing transformation of the nation's electric system to a two-way flow of electricity and information--the information technology (IT) and telecommunications infrastructures have become critical to the energy sector infrastructure.

NISTIR 7628 was first drafted in 2009 by NIST staff and industry technical experts. NIST published a Request for Comments in the Federal Register on October 9, 2009 (74 FR 52183) soliciting comments on the working draft. NIST issued a second Request for Comments on April 13, 2010 (75 FR 18819), which also included a summary disposition of comments received in response to the October 9, 2009 Request for Comments. Comments from both Requests for Comments informed the final version of NISTIR 7628, which was released on September 1, 2010, at http://csrc.nist.gov/publications/PubsNISTIRs.html#NIST-IR-7628.

NISTIR 7628 has been utilized by a variety of stakeholders including utilities, Smart Grid vendors and service providers, and regulatory organizations since its initial publication. Additionally, emerging Smart Grid technologies have matured since the initial publication and are being considered in this revision.

Draft NISTIR 7628 Rev. 1 Draft NISTIR 7628 Rev. 1 was completed by the NIST-led Smart Grid Cybersecurity Committee (formerly the Cyber Security Working Group) of the Smart Grid Interoperability Panel. This document incorporates updates to address changes in technologies and implementations since the release of NISTIR 7628 in September 2010. In addition, this document updates and expands the development strategy, cryptography and key management, privacy, vulnerability classes, research and development topics, standards review, and key power system use cases to reflect changes in the Smart Grid environment since 2010. The final version is expected to be posted in the fall of 2013.

Summary of Changes to Draft NISTIR 7628 Rev. 1 - Chapter 1, Document Development Strategy, was updated to reflect progress and completion of previously outstanding issues and remaining tasks, including a new section addressing cyber-physical attacks.

- Chapter 2, Logical Architecture and Interfaces of the Smart Grid, was updated to address feedback from the SGIP Smart Grid Architecture Committee and includes an expanded section on defense-in-depth security.

- Chapter 3, High-Level Security Requirements, was updated to include additional background information on selection of security requirements, and includes a revised Crosswalk of Cyber Security Documents.

- Chapter 4, Cryptography and Key Management, was updated to reflect the recommended transition lifetimes for cryptographic algorithms and key lengths in NIST Special Publication 800-131 A, Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths.

- Chapter 5, Privacy and the Smart Grid, has been updated to reflect changes in the regulatory and legislative areas regarding Smart Grid. The update also addresses emerging Plug-In Electric Vehicle (PEV) technologies and associated privacy concerns, an expanded Appendix of privacy use cases, a new Appendix summarizing how two states (California and Colorado) arrived at their respective privacy-related regulations, and a new Appendix containing recommendations for how third parties should handle consumer energy usage data.

- Chapter 6, Vulnerability Classes, has been updated to incorporate changes in technologies since the original publication.

- Chapter 8, Research and Development Themes for Cyber Security in the Smart Grid, has been updated to incorporate changes in technologies since the original publication.

- Chapter 9, Overview of the Standards Review, has been updated to reflect the SGCC review and analysis methodology of Smart Grid standards against the high-level security requirements of NISTIR 7628.

- Chapter 10, Key Power System Use Cases for Security Requirements has been updated to include more granular use case scenarios in the area of the Advanced Metering Infrastructure.

- A number of editorial changes that do not have substantive impact on the document to improve readability, update references, and standardize writing style.

Request for Comments NIST seeks public comments on draft NISTIR 7628, Rev. 1, Guidelines for Smart Grid Cyber Security; particularly on the changes made since the originally published version. The draft report is available electronically from the NIST Web site at: http://csrc.nist.gov/publications/PubsDrafts.html. The comment templates are available at the same address, and are required for both written and electronic comments.

Interested parties should submit comments in accordance with the DATES and ADDRESSES sections of this notice.

Dated: October 1, 2013.

Willie E. May, Associate Director for Laboratory Programs.

[FR Doc. 2013-25168 Filed 10-24-13; 8:45 am] BILLING CODE 3510-13-P 18DejucosGrace-131025-30FurigayJane-4528444 30FurigayJane (c) 2013 Targeted News Service

[ Back To Cloud Computing 's Homepage ]