Cyber security and interoperability concerns with Smart Grid standards

NIST submitted five IEC Smart Grid security and interoperability standards to FERC for rulemaking. The following observations can be made:
- No IEEE, ISA, or even NIST standards were provided to FERC.
- Each of the five IEC standards has existing interoperability concerns. For example, two vendors can both conform to the standards and yet neither be interoperable with the other- that is not “plug and play”.
- Standards extensively used throughout North America (eg, DNP-3) were not included but standards extensively used throughout Europe were included (eg, IEC-61850).
- Each of the five standards has cyber security issues. According to FERC Commissioner Philip Moeller, a number of Smart Grid stakeholders are expressing concern that cyber security aspects of the five sets of interoperability standards under review at FERC may not be “robust” enough.
- At least two Smart Grid power systems IEEE standards did not address cyber security.
- Last week on the NERC Control Systems Security Working Group (CSSWG) call, it was noted there are cyber security efforts on-going with NERC and Smart Grid with minimal coordination.

These issues and observations raise the following questions:
- What needs to be done with the NIST process to ensure the appropriate standards are provided for the rulemaking process?
- What needs to be done to ensure that interoperability standards actually result in interoperable systems?
- What needs to be done to ensure that cyber security standards actually secure systems from end-to-end?
- What needs to be done to ensure appropriate standards coordination is being provided?
Joe Weiss


Show Comments
Hide Comments

Join the discussion

We welcome your thoughtful comments.
All comments will display your user name.

Want to participate in the discussion?

Register for free

Log in for complete access.


  • <p> The UCA2 protocol (IEC-61850) is an amalgam of ideas, concepts, objects, and yes, there is a protocol in there somewhere as well.  It is used in North America, but not as much as DNP.  </p> <p> The UCA2 stuff promises to use IEC-62351 standard for secure authentication, but it hasn't been implemented yet. Good Luck with that.  DNP, on the other hand, has a viable implementation and it is on the market now.   </p> <p> What's that old saying about a bird in hand is worth two in the bush? Apparently not if you're in Smart Grid... </p>


RSS feed for comments on this page | RSS feed for all comments