Читать книгу Building an Effective Security Program for Distributed Energy Resources and Systems - Mariana Hentea - Страница 58

The NIST initiated the SGIP in 2009 to support NIST in fulfilling its responsibility, under the EISA, to coordinate standard development for the Smart Grid. Since January 2013, SGIP (http://sgip.org) entered a new phase – self‐sustaining entity with the majority of funding to come from industry stakeholders. The NIST SGIP is the way NIST interacts with the electricity industry and other stakeholders. They are working on Smart Grid standards, developing priority action plans, and designing the testing and certification standards. SGIP developed the Smart Grid conceptual model and cybersecurity requirements [NISTIR 7628r1] including recommendations for security solutions. Specific NIST activities include:

 Identifying existing applicable standards.

 Addressing and solving gaps where a standard extension or new standard is needed.

 Identifying overlaps where multiple standards address some common information.

NIST maintains an active role and continues to support SGIP’s mission to provide a framework for coordinating all Smart Grid stakeholders in an effort to accelerate standard harmonization and advance the interoperability of Smart Grid devices and systems. The catalog of standards (http://sgip.org/Catalog‐of‐Standards) is a compendium of standards and practices considered to be relevant for the development and deployment of a robust and interoperable Smart Grid. The catalog is expected to be a larger compilation that can support the FERC, but it is independent of FERC decision making.

The SGIP has several priority‐specific committees and working groups. NIST maintains an active presence in these groups. Among these groups, we mention the cybersecurity (SGCC) group and domain expert working groups (DEWGs). The SGCC working group identifies and analyzes security requirements and develops a risk mitigation strategy to ensure the security and integrity of the Smart Grid. DEWGs perform analyses and provide expertise in specific application domains including distributed renewables, generation, and storage.

Once there is, in the judgment of the FERC, sufficient consensus concerning the standards developed under NIST’s oversight, FERC is directed to adopt such standards and protocols as may be necessary to ensure Smart Grid functionality and interoperability in interstate transmission of electric power and regional and wholesale electricity markets [EISA 2007]. The law delegates to the FERC the responsibility of defining what sufficient consensus and adopts means in the context of the standards.

Recognizing the needs of the energy sector, FERC identified four functional priorities for the development of key interoperability standards for the following areas:

 Demand and response.

 Wide area situational awareness.

 Energy storage.

 Electric transportation.

Also, FERC identifies two crosscutting priorities, system security (cybersecurity and physical security) and intersystem communication, a common semantic framework (e.g. agreement as to meaning and software models) for enabling effective communication and coordination across inter‐system interfaces.

On 22 November 2013, FERC approved Version 5 of the critical infrastructure protection standards (CIP Version 5), which represents significant progress in mitigating cyber risks to the bulk power system. In 2014, NERC initiated a program to help industry transition directly from the currently enforceable CIP Version 3 standards to CIP Version 5. The goal of the transition program is to improve industry’s understanding of the technical security requirements for CIP Version 5, as well as the expectations for compliance and enforcement.

While NERC‐CIP Version 5 of standards was released on 22 November 2013, organizations must transition all high‐ and medium‐impact BES to NERC‐CIP v5 on 1 April 2016. Low‐impact BES systems can wait until 1 April 2017. However, there is no clear cybersecurity strategy as many CIP standards were made inactive and many standards are pending enforcement. It is recommended to visit [NERC CIP] portal for the most current standards and recent activities.