Welcome. Back we go on our quest to overview and understand Special NIST Document 1108, the NIST Framework and Roadmap for Smart Grid Interoperability Standards. This week, YHA (your humble author) will walk the ISGO (interested Smart Grid observer) through Chapt 6, Cyber Security Strategy. By the way, I apologize, Loyal Reader, for the tardiness of this post. I can't exactly account for my whereabouts over the past few weeks; you'll just have to trust me when I say that I have been busy. What did I accomplish? I really couldn't say.
But back to the topic at hand. Any ISGO would probably think that cybersec is a topic worthy of its own document. And they'd be right. In fact, Chapt 6 acknowledges right at the outset that it was taken from the companion NISTIR document dedicated to cybersec, which is No. 7628. Since the Roadmap (1108) was published, NISTIR 7628 has gone thru another draft, so the language on cybersec strategy has expanded somewhat. That leaves us in something of a quandary: Do we continue to review the language in the original Roadmap, or look at the more current language of 7628?
But in the end, whilst it is tempting to offer the briefest of brief overviews of the 7628, instead, we stick to the path set before us, working our way thru Chapt 6, hoping in the end to put the weighty subject of cybersec in context of the rest of the Roadmap. It will come as no surprise to you that we intend to dive deeper into the security topic, providing an overview and some thoughts on the 7628 in a later series. If that leaves you with bated breath (or, if you are a fisherperson, with baited breath), so be it. On to the Roadmap.
Chapt 6 is intended to give us a high-level view of Smart Grid strategy for cyber security. Of course, the grid has always had its vulnerabilities, and those who operate the system, especially at the power plant and transmission levels, are accustomed to thinking about and trying their best to limit the risk from deliberate attack, as well as inadvertent incidents. But the advent of smarter grid technology does increase vulnerability, from a variety of sources as documented in the introduction to Chapt 6. Things such as "increasing complexity ... interconnected networks ... communication disruptions ... increased number of entry points ... potential for compromise of data confidentiality ... " are the most common issues ISGOs normally consider.
Chapt 6 goes on to explain the process by which the cybersec topic was introduced into the Roadmap, and eventually targeted for an entirely separate Interagency Report. The main point about that was the formation of the Cyber Security Coordination Task Group (CSCTG), led by NIST, and composed of a bunch of interested contributors from all over. That group helped to put together the preliminary report that identified cybersec requirements and eventually became the 7628.
Chapt 6 then continues by explaining how important cybersec is, which we'll skip, given that if you're reading this, you're either having trouble sleeping, or you already have some acceptance of that part of the problem. But in the next section (that would be 6.2), Chapt 6 does make the very important point that cybersec for smart grid includes both IT and TO (operational technology), which is something that people may have already thought about, but bears repeating. It isn't enough to simply build a better firewall or put a lock on the server room door; in fact, even executing a strategy on all IT won't secure the grid. There are all sorts of levels of risks and mitigation strategies that are required to minimize risks to the grid in the new world.
Which is a pretty good segue into section 6.3, providing an overview of the cyber security strategy as detailed in the 7628. Sec 6.3 provides some background on the source documents, NIST and NERC guidelines on security risk assessment (if you'd like the complete bibliography, go to pg 109 of Roadmap.) Then, it pretty much gets right to the heart of the matter, which is a 5 step process used to develop the strategy. Come to think of it, there are 6 steps, because Step 4 has 2 parts. But maybe that's quibbling. Here they are, in overview:
1. Use Case Analysis
2. Risk Assessment
3. High Level Security Requirements
4a. Security Architecture
4b. Smart Grid (Existing) Standards Assessment
5. Conformity Assessment
The interesting thing about this approach is that it could in fact be adopted by any utility as an approach to building a security strategy. Altho that would be a fair bit of work, wouldn't it? Fortunately, though, the CSCTG used this outline in the development of the NISTIR 7628, which provides a very in-depth reference that will eventually take some of the pain out of building your own cybersec strategy and execution plan.
So, since we will in future, fun-filled blogs cover the process in detail, YHA thought he would limit his comments here to just a couple. First, 'Use Cases'. These are exercises in thinking thru ways that cyber sec might need to be applied at your utility. The phrase often conjures up fear and trepidation in the hearts of utility execs, since use case development can be time consuming, and runs the risk of covering ground that has already be plowed, so to speak. Thus, the 7628 brings good news to trembling execs: the use case data in that document is very comprehensive, and each utility should be able to stand on the shoulders of that work with very little additional effort.
Second, I would just like to add a little flesh to the bones of 'Risk Assessment'. This is, IMHO, the all-important step in cybersec planning. It is here that the ISGO can simply close his/her eyes to reality of menacing power system vulnerabilities, or go completely off the reservation and imagine/see/plan for threats that have no basis in actuality but do make for a pretty good scare. The first thing can leave any grid open to the very real perils, intentional and accidental, that exist out there. But second is equally dangerous, in that it can paralyze the power system, making it impossible for the people who need to to operate and even respond to emergencies. (A subclass of 'cybersec paralysis' is 'privacy paralysis', in which an obsessive need to keep all data away from everyone could result in nobody knowing something important at a time when safe and reliable grid operations depend on certain people knowing that important something.) The answer to this dilemma, as in many aspects of life, is balance. When constructing the assessment of vulnerabilities, threats, and impacts that make up a serious risk assessment, let's be sure to think of everything that we can, and then focus in on the most important things. What is important? Those things that, when carefully considered, have either the greatest chance of occurrence, or the greatest impact when they do occur. And, let us not just use our imagination to think of the many things that could go wrong, but also use it to think of the ways that we might mitigate such jeopardy.
I hate to sound like a broken record, but the ISGO will find that the 7628 can help the individual utility to work thru this problem. It won't be easy, but it shouldn't be. Each responsible grid operator or participant will have a part to play, and it will take time and serious effort to make the grid secure.
But for now, we are nearing the finish line in our overview of the NIST Roadmap for Smart Grid Interoperability. Next week, we will tackle the Next Steps as outlined in Chapt 7. Please join us.
Recent Comments