This document [NISTIR 7628r1] provides definitions, requirements, safeguards, and use case impacts of privacy breaches. Privacy considerations with respect to the Smart Grid include four aspects: privacy of personal information, privacy of the person, privacy of personal behavior, and privacy of personal communications.
A privacy policy framework for the Smart Grid and for smart homes is suggested in [GridWise 2011]. This framework is limited and addresses only consumer privacy issues that arise from the collection, use, and retention of such data no matter from what source it is collected.
In this book, we do not focus on engineering a privacy program, although some approaches used in engineering the security program could be used for building a privacy program.
2.8 Standards, Guidelines, and Recommendations
A revised NIST document [NISTIR 7628r1] promotes a new cybersecurity framework to protect the Smart Grid. A current list of standards is available. Many accelerated standards and guidelines are focused on topics such as:
Metering
Data usage information
Electric vehicles
Pricing
Demand response
Substation communication
Energy storage
Renewables.
2.8.1 Electricity Sector Guidance
In the United States, the DOE envisions a robust, resilient energy infrastructure in which continuity of business and services is maintained through secure and reliable information sharing, effective risk management programs, coordinated response capabilities, and trusted relationships between public and private security partners at all levels of industry and government [DOE 2015c].
Within the electricity subsector, the FERC is focused on the development of key standards to achieve interoperability and functionality of Smart Grid systems and devices [FERC 2009]. FERC certified the North American Electric Reliability Corporation (NERC) as the Electric Reliability Organization that is responsible for developing reliability standards, subject to FERC oversight, review, and approval.
NERC developed the critical infrastructure protection (CIP) standards [NERC CIP], which FERC approved in 2008. The NERC CIP standards suite is composed of a whole family of standards that are continuously revised and changed. These standards were originally devised and implemented to prevent big blackouts – so they are considered both rigorous and heavily enforced only for bulk power systems (generation and transmission).
However, NERC cybersecurity standards and supplementary documents are often similar to guidance applicable to federal agencies [GAO 2011] and do not apply to all power grid functions. In addition, the standards adoption by the electric power industry is lacking coordination and a consistent approach in monitoring industry compliance with voluntary standards. FERC is responsible for regulating aspects of the electric power industry, which includes adopting cybersecurity and other standards it deems necessary to ensure Smart Grid functionality and interoperability.
2.8.2 International Collaboration
An essential element of Smart Grid developments around the globe is coordination for the development of international standards. As the United States and other nations construct their Smart Grids, use of international standards ensures the broadest possible market for Smart Grid suppliers.
NIST is devoting considerable resources and multilateral engagement with other countries to cooperate in the development of international standards for the Smart Grid. In addition, NIST and the International Trade Administration (ITA) have partnered with the DOE to establish the International Smart Grid Action Network (ISGAN), a multinational collaboration of 23 countries and the European Union.
ISGAN complements the Global Smart Grid Federation, a global stakeholder organization, which serves as an association of associations to bring together leaders from Smart Grid stakeholder organizations around the world. This organization supports Smart Grid solutions emerging to address the economic, policy, and regulatory challenges of variable renewables. Similarly, the Clean Energy Solutions Foundation (https://cleanenergysolutions.org) helps governments design and adopt policies and programs that support the deployment of clean energy technologies. Regulatory policies around the globe promote renewable electricity standards (recommendations, good practices, design considerations) to accelerate renewable energy deployment.
However, cybersecurity for the IT/OT systems for the Smart Grid continues to be a significant topic and has been made even more critical by the convergence of IT/OT [Meyers 2013]. This convergence has enabled a new range of consumer‐based OT, most of which is beyond the reach or control in the traditional utility. Therefore, an IT/OT‐converged approach allows utility personnel to deploy each grid modernization application as a part of a connected whole.
In addition, diverse IoT‐based applications call for different deployment scenarios and requirements, which have usually been handled in a proprietary implementation. However, since the IoT is connected to the Internet, most of the devices comprising IoT services need to operate utilizing standardized technologies. The Internet Protocol for Smart Objects (IPSO) Alliance (www.ipso‐alliance.org) promotes the IoT. Prominent standardization bodies, such as IETF (www.ietf.org), the Institute of Electrical and Electronics Engineers (IEEE) (www.ieee.org), and European Telecommunications Standards Institute (ETSI) (www.etsi.org), are working on developing protocols, systems, architectures, and frameworks to enable the IoT devices to interoperate.
In respect to privacy, international standards bodies are currently working on establishing standards to assist organizations in better protecting personal data. Examples include:
The ISO is working on technical standards for a Privacy Framework and Privacy Reference Architecture.
Regional standards organizations, such as the American National Standards Institute (ANSI) and the European Committee for Standardization (CEN), are involved in data protection standards; CEN\ISSS reported to the European Commission in 2003 on the utility of standards in enforcing the directive. Their work continues in setting standards for networks, biometrics, identity and authentication, cryptographic protocols, security management, deidentification of health information, data storage, and other standards that have a bearing on privacy architectures.
The ETSI produces standards for information and communication technologies.
United Nations Internet Governance Forum (IGF) and the regional IGFs are increasing the privacy discussions. In 2009 and 2010, the IGF program included a main session on security, openness, and privacy as well as numerous workshops devoted to privacy issues.
The need for open standards is a trend that can increase standards adoption toward improving security and privacy of Smart Grid. However, cyber threats can evolve faster than standards. To safeguard vital interests like electrical grids, it is also needed collaboration and information sharing among federal, state, local governments, and industry [NISTIR 7628r1].
Конец ознакомительного фрагмента.
Текст предоставлен