FERC and Smart Grid Rulemaking

FERC took the first step in starting a formal rulemaking proceeding involving the five groups of smart grid standards identified by NIST as ready for consideration. The NIST standards are the first of what may be several hundred more to be identified for FERC consideration in the coming years. The Energy Independence and Security Act of 2007 (EISA) requires FERC to adopt in a formal rulemaking proceeding standards and protocols necessary to ensure smart grid functionality and interoperability in interstate transmission of electric power, and regional and wholesale electricity markets.
 
According to NIST, the suites of smart grid standards will:
• Provide a Common Information Model necessary for exchanges of data between devices and networks, primarily in the transmission (IEC 61970) and distribution (IEC 61968) domains (the IEC numbers reference two related groups of standards);
• Facilitate substation automation, communication and interoperability through a common data format (IEC 61850);
• Facilitate exchanges of information between control centers (IEC 60870-6); and
• Address the cyber security of the communication protocols defined by the preceding IEC standards (IEC 62351).
Based on my experience, I find the following of interest:
1) The Standards identified are IEC not IEEE or ISA standards.
2) IEC 60870-6 is ICCP. The secure version is so resource intensive many legacy SCADA workstations cannot use it.
3) IEC 62351 claims to be end-to-end security but it only addresses the protocols not the actual field devices.
4) IEC 61850 has both cyber security and interoperability issues. There have been a number of case history articles written about the changes necessary to make IEC 61850 “interoperable”. Additionally, IEC 61850 is not heavily used in North America. The most popular North American standard for substation protocols, DNP3, is not even mentioned.
5) Considering the standards list is coming from NIST, the most glaring omission is NIST’s own cyber security standards - NIST SP800-53, etc. Additionally, where is the NIST Risk Management framework?
FERC has created a docket, RM11-2-000, for this rulemaking, and in the near future will issue a Notice of Proposed Rulemaking (NOPR) for public comment. Please consider responding.
Joe Weiss