that didnt turn out right...Section 1305 of the Energy Independence and
Security Act (EISA) of 2007 (Pub. L. 110-140) requires the Director of
the National Institute of Standards and Technology (NIST) ``to
coordinate the development of a framework that includes protocols and
model standards for information management to achieve interoperability
of smart grid devices and systems.'' EISA also specifies that, ``It is
the policy of the United States to support the modernization of the
Nation's electricity transmission and distribution system to maintain a
reliable and secure electricity infrastructure that can meet future
demand growth and to achieve each of the following, which together
characterize a Smart Grid: * * *
(1) Increased use of digital information and controls technology to
improve reliability, security, and efficiency of the electric grid.
(2) Dynamic optimization of grid operations and resources, with
full cyber-security * * *''
With the Smart Grid's transformation of the electric system to a
two-way flow of electricity and information, the information technology
(IT) and telecommunications infrastructures have become critical to the
energy sector infrastructure.
NIST has established a Smart Grid Interoperability Panel. The
Panel's Cyber Security Working Group (SGIP-CSWG) now has more than 375
volunteer members from the public and private sectors, academia,
regulatory organizations, and Federal agencies. Cyber security is being
addressed in a process that will result in a comprehensive set of cyber
security requirements. These requirements are being developed using a
high-level risk assessment process that is defined in the cyber
security strategy for the Smart Grid.
NIST published a request for public comments in the Federal
Register on October 9, 2009 (74 FR 152183) to seek public comment on
the first draft of NIST Interagency Report (NISTIR) 7628, Smart Grid
Cyber Security Strategy and Requirements.
The comment period closed on December 1, 2009. The second draft of
NISTIR 7628 incorporates changes based on the comments received, which
are summarized below. The complete set of comments and NIST's analysis
are posted at: csrc.nist.gov...
Summary of Public Comments Received by NIST in Response to the Draft
NISTIR 7628, Cyber Security Strategy and Requirements, and NIST's
Response to Those Comments
NIST received comments from sixty-three (63) organizations and
individuals. The commenters consisted of twenty-three (23) private
companies, five (5) Federal agencies, nine (9) individuals, twelve (12)
non-profit organizations, twelve (12) industry associations and two (2)
universities. A detailed analysis of the comments follows.
Comment: Fifteen (15) commenters identified inconsistencies between
the text and logical interface diagrams and suggested additions or
deletions to the logical interface diagrams and associated text.
Response: In the second draft of NISTIR 7628, the logical interface
diagrams and text have been updated and an overall functional logical
architecture has been added.
Comment: Fifty-one (51) commenters suggested grammatical,
editorial, and language changes and correcting cited information and
Response: The relevant sections were updated to reflect suggested
changes. Some suggested changes were not accepted because they are not
consistent with Government Printing Office (GPO) style.
Comment: One (1) commenter suggested integration of
cryptographically strong identity management mechanisms.
Response: Strong authentication is an important aspect of the Smart
Grid. This will be addressed in the next version of the NISTIR. There
were several topics that were not addressed in the second draft of the
NISTIR. The schedule for completing the second draft was extremely