Cyber security and interoperability concerns with Smart Grid standards

NIST submitted five IEC Smart Grid security and interoperability standards to FERC for rulemaking. The following observations can be made:
- No IEEE, ISA, or even NIST standards were provided to FERC.
- Each of the five IEC standards has existing interoperability concerns. For example, two vendors can both conform to the standards and yet neither be interoperable with the other- that is not “plug and play”.
- Standards extensively used throughout North America (eg, DNP-3) were not included but standards extensively used throughout Europe were included (eg, IEC-61850).
- Each of the five standards has cyber security issues. According to FERC Commissioner Philip Moeller, a number of Smart Grid stakeholders are expressing concern that cyber security aspects of the five sets of interoperability standards under review at FERC may not be “robust” enough.
- At least two Smart Grid power systems IEEE standards did not address cyber security.
- Last week on the NERC Control Systems Security Working Group (CSSWG) call, it was noted there are cyber security efforts on-going with NERC and Smart Grid with minimal coordination.

These issues and observations raise the following questions:
- What needs to be done with the NIST process to ensure the appropriate standards are provided for the rulemaking process?
- What needs to be done to ensure that interoperability standards actually result in interoperable systems?
- What needs to be done to ensure that cyber security standards actually secure systems from end-to-end?
- What needs to be done to ensure appropriate standards coordination is being provided?
 
Joe Weiss