[Federal Register Volume 74, Number 195 (Friday, October 9, 2009)]
[Notices]
[Pages 52183-52184]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: E9-24430]
-----------------------------------------------------------------------
DEPARTMENT OF COMMERCE
National Institute of Standards and Technology
[Docket No. 0909301329-91332-01]
Draft NIST Interagency Report (NISTIR) 7628, Smart Grid Cyber
Security Strategy and Requirements; Request for Comments
AGENCY: National Institute of Standards and Technology (NIST),
Department of Commerce.
ACTION: Notice; request for comments.
-----------------------------------------------------------------------
SUMMARY: The National Institute of Standards and Technology (NIST)
seeks comments on draft NISTIR 7628, Smart Grid Cyber Security Strategy
and Requirements. This initial draft of the document contains the
overall security strategy for the Smart Grid. Contents include:
Development of vulnerability classes, identification of well-understood
security problems that need to be addressed, selection and development
of security-relevant use cases, initial privacy impact assessment,
identification and analysis of interfaces identified in six functional
priority areas, advanced metering infrastructure (AMI) security
requirements, and selection of a suite of security documents that will
be used as the base for determining and tailoring security
requirements. This is the first draft of NISTIR 7628; NIST plans to
post a subsequent draft of this report for additional public comments.
DATES: Comments must be received on or before December 1, 2009.
ADDRESSES: Written comments may be sent to: Annabelle Lee, National
Institute of Standards and Technology, 100 Bureau Dr., Stop 8930,
Gaithersburg, MD 20899-8930. Electronic comments may be sent to:
[email protected].
The report is available at: http://csrc.nist.gov/publications/PubsDrafts.html#NIST-IR-7628.
FOR FURTHER INFORMATION CONTACT: Annabelle Lee, National Institute of
Standards and Technology, 100 Bureau Dr., Stop 8930, Gaithersburg, MD
20899-8930, telephone (301) 975-8897.
SUPPLEMENTARY INFORMATION: Section 1305 of the Energy Independence and
Security Act (EISA) of 2007 (Pub. L. 110-140) requires the Director of
the National Institute of Standards and Technology (NIST) ``to
coordinate the development of a framework that includes protocols and
model standards for information management to achieve interoperability
of smart grid devices and systems.'' EISA also specifies that, ``It is
the policy of the United States to support the modernization of the
Nation's electricity transmission and distribution system to maintain a
reliable and secure electricity infrastructure that can meet future
demand growth and to achieve each of the following, which together
characterize a Smart Grid: * * *
(1) Increased use of digital information and controls technology to
improve reliability, security, and efficiency of the electric grid.
(2) Dynamic optimization of grid operations and resources, with
full cyber-security.''
With the transition to the Smart Grid--the ongoing transformation
of the nation's electric system to a two-way flow of electricity and
information--the information technology (IT) and telecommunications
infrastructures have become critical to the energy sector
infrastructure.
NIST recently issued the NIST Framework and Roadmap for Smart Grid
Interoperability Standards, Release 1.0 (draft for public review and
comment). The report is an output of NIST's approach to expediting
development of key standards and requirements necessary for Smart Grid
interoperability and cyber security.
The report includes a high-level summary (Chapter 6) of draft
NISTIR 7628, Smart Grid Cyber Security Strategy and Requirements. The
report on the interoperability framework and standards roadmap, as well
as the Federal Register notice soliciting public comments on the
report, advised that NIST also was submitting this companion draft
document on cyber security for public review and comment.
NIST has established a Smart Grid Cyber Security Coordination Task
Group (CSCTG) which includes members from the public and private
sectors, academia, regulatory organizations, and federal agencies. The
CSCTG is identifying a comprehensive set of cyber security
requirements. These requirements are being identified using a high-
level risk assessment process that is defined in the cyber security
strategy for the Smart Grid.
The DRAFT NIST Interagency Report (NISTIR) 7628, Smart Grid Cyber
Security Strategy and Requirements includes the initial risk assessment
documents (vulnerability classes and bottom-up analysis); security-
relevant use cases; a base set of security requirements with cross-
referenced security standards; diagrams of a set of functional priority
areas and interfaces, including interface categories with constraints
and issues and impacts; initial privacy impact assessment; and AMI
security requirements.
Request for Comments: NIST seeks public comments on the report. The
document will be revised on the basis of comments received, and a
second draft will be published for public comment. In addition, the
second draft will include the overall Smart Grid security architecture
and the security requirements.
The final version of NISTIR 7628 will address all comments received
to date. The document will have the final set of security controls and
the final security architecture.
Comments on draft NISTIR 7628, Smart Grid Cyber Security Strategy
and Requirements should be submitted in accordance with the DATES and
ADDRESSES sections of this notice.
[[Page 52184]]
Dated: October 6, 2009.
Patrick Gallagher,
Deputy Director.
[FR Doc. E9-24430 Filed 10-8-09; 8:45 am]
BILLING CODE 3510-13-P