Читать книгу Building an Effective Security Program for Distributed Energy Resources and Systems - Mariana Hentea - Страница 98

In the United States, the DOE envisions a robust, resilient energy infrastructure in which continuity of business and services is maintained through secure and reliable information sharing, effective risk management programs, coordinated response capabilities, and trusted relationships between public and private security partners at all levels of industry and government [DOE 2015c].

Within the electricity subsector, the FERC is focused on the development of key standards to achieve interoperability and functionality of Smart Grid systems and devices [FERC 2009]. FERC certified the North American Electric Reliability Corporation (NERC) as the Electric Reliability Organization that is responsible for developing reliability standards, subject to FERC oversight, review, and approval.

NERC developed the critical infrastructure protection (CIP) standards [NERC CIP], which FERC approved in 2008. The NERC CIP standards suite is composed of a whole family of standards that are continuously revised and changed. These standards were originally devised and implemented to prevent big blackouts – so they are considered both rigorous and heavily enforced only for bulk power systems (generation and transmission).

However, NERC cybersecurity standards and supplementary documents are often similar to guidance applicable to federal agencies [GAO 2011] and do not apply to all power grid functions. In addition, the standards adoption by the electric power industry is lacking coordination and a consistent approach in monitoring industry compliance with voluntary standards. FERC is responsible for regulating aspects of the electric power industry, which includes adopting cybersecurity and other standards it deems necessary to ensure Smart Grid functionality and interoperability.