[Federal Register Volume 78, Number 207 (Friday, October 25, 2013)]
[Notices]
[Pages 63964-63966]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2013-25168]
-----------------------------------------------------------------------
DEPARTMENT OF COMMERCE
National Institute of Standards and Technology
[Docket No. 130612544-3544-01]
Request for Comments on Draft NIST Interagency Report (NISTIR)
7628 Rev. 1, Guidelines for Smart Grid Cyber Security
AGENCY: National Institute of Standards and Technology (NIST),
Department of Commerce.
[[Page 63965]]
ACTION: Notice; request for comments.
-----------------------------------------------------------------------
SUMMARY: The National Institute of Standards and Technology (NIST)
seeks comments on draft NISTIR 7628 Rev. 1, Guidelines for Smart Grid
Cyber Security. Draft NISTIR 7628 Rev. 1 was completed by the NIST-led
Smart Grid Cybersecurity Committee (formerly the Cyber Security Working
Group) of the Smart Grid Interoperability Panel. The document has been
updated to address changes in technologies and implementations since
the release of NISTIR 7628 in September 2010. In addition, the document
development strategy, cryptography and key management, privacy,
vulnerability classes, research and development topics, standards
review, and key power system use cases have been updated and expanded
to reflect changes in the Smart Grid environment since 2010. The final
version is expected to be posted in the fall of 2013.
DATES: Comments must be received by December 24, 2013.
ADDRESSES: Please submit your comments, using the comment template
forms available electronically from the NIST Web site at: http://csrc.nist.gov/publications/PubsDrafts.html. Written comments concerning
the document may be sent to: Information Technology Laboratory, ATTN:
Tanya Brewer, National Institute of Standards and Technology, 100
Bureau Drive, Stop 8930, Gaithersburg, MD 20899-8930.
Electronic comments should be sent to: [email protected],
with the Subject line: Draft NISTIR 7628 Rev. 1 Comments.
Draft NISTIR 7628 Rev. 1, Guidelines for Smart Grid Cyber Security,
is available electronically from the NIST Web site at: http://csrc.nist.gov/publications/PubsDrafts.html. The comment templates are
available at the same address.
FOR FURTHER INFORMATION CONTACT: Tanya Brewer, telephone: 301-975-4534,
National Institute of Standards and Technology, 100 Bureau Drive, Stop
8930, Gaithersburg, MD 20899-8930 or via email: [email protected].
SUPPLEMENTARY INFORMATION:
Background
Section 1305 of the Energy Independence and Security Act of 2007
(EISA) (Pub. L. 110-140) requires the Director of the National
Institute of Standards and Technology (NIST) ``to coordinate the
development of a framework that includes protocols and model standards
for information management to achieve interoperability of smart grid
devices and systems.'' EISA also specifies in Section 1301 that, ``It
is the policy of the United States to support the modernization of the
Nation's electricity transmission and distribution system to maintain a
reliable and secure electricity infrastructure that can meet future
demand growth and to achieve each of the following, which together
characterize a Smart Grid:
(1) Increased use of digital information and controls technology to
improve reliability, security, and efficiency of the electric grid.
(2) Dynamic optimization of grid operations and resources, with
full cyber-security. . . .''
With the transition to the Smart Grid--the ongoing transformation
of the nation's electric system to a two-way flow of electricity and
information--the information technology (IT) and telecommunications
infrastructures have become critical to the energy sector
infrastructure.
NISTIR 7628 was first drafted in 2009 by NIST staff and industry
technical experts. NIST published a Request for Comments in the Federal
Register on October 9, 2009 (74 FR 52183) soliciting comments on the
working draft. NIST issued a second Request for Comments on April 13,
2010 (75 FR 18819), which also included a summary disposition of
comments received in response to the October 9, 2009 Request for
Comments. Comments from both Requests for Comments informed the final
version of NISTIR 7628, which was released on September 1, 2010, at
http://csrc.nist.gov/publications/PubsNISTIRs.html#NIST-IR-7628.
NISTIR 7628 has been utilized by a variety of stakeholders
including utilities, Smart Grid vendors and service providers, and
regulatory organizations since its initial publication. Additionally,
emerging Smart Grid technologies have matured since the initial
publication and are being considered in this revision.
Draft NISTIR 7628 Rev. 1
Draft NISTIR 7628 Rev. 1 was completed by the NIST-led Smart Grid
Cybersecurity Committee (formerly the Cyber Security Working Group) of
the Smart Grid Interoperability Panel. This document incorporates
updates to address changes in technologies and implementations since
the release of NISTIR 7628 in September 2010. In addition, this
document updates and expands the development strategy, cryptography and
key management, privacy, vulnerability classes, research and
development topics, standards review, and key power system use cases to
reflect changes in the Smart Grid environment since 2010. The final
version is expected to be posted in the fall of 2013.
Summary of Changes to Draft NISTIR 7628 Rev. 1
Chapter 1, Document Development Strategy, was updated to
reflect progress and completion of previously outstanding issues and
remaining tasks, including a new section addressing cyber-physical
attacks.
Chapter 2, Logical Architecture and Interfaces of the
Smart Grid, was updated to address feedback from the SGIP Smart Grid
Architecture Committee and includes an expanded section on defense-in-
depth security.
Chapter 3, High-Level Security Requirements, was updated
to include additional background information on selection of security
requirements, and includes a revised Crosswalk of Cyber Security
Documents.
Chapter 4, Cryptography and Key Management, was updated to
reflect the recommended transition lifetimes for cryptographic
algorithms and key lengths in NIST Special Publication 800-131 A,
Transitions: Recommendation for Transitioning the Use of Cryptographic
Algorithms and Key Lengths.
Chapter 5, Privacy and the Smart Grid, has been updated to
reflect changes in the regulatory and legislative areas regarding Smart
Grid. The update also addresses emerging Plug-In Electric Vehicle (PEV)
technologies and associated privacy concerns, an expanded Appendix of
privacy use cases, a new Appendix summarizing how two states
(California and Colorado) arrived at their respective privacy-related
regulations, and a new Appendix containing recommendations for how
third parties should handle consumer energy usage data.
Chapter 6, Vulnerability Classes, has been updated to
incorporate changes in technologies since the original publication.
Chapter 8, Research and Development Themes for Cyber
Security in the Smart Grid, has been updated to incorporate changes in
technologies since the original publication.
Chapter 9, Overview of the Standards Review, has been
updated to reflect the SGCC review and analysis methodology of Smart
Grid standards against the high-level security requirements of NISTIR
7628.
Chapter 10, Key Power System Use Cases for Security
Requirements has been updated to include more granular use case
scenarios in the area of the Advanced Metering Infrastructure.
[[Page 63966]]
A number of editorial changes that do not have substantive
impact on the document to improve readability, update references, and
standardize writing style.
Request for Comments
NIST seeks public comments on draft NISTIR 7628, Rev. 1, Guidelines
for Smart Grid Cyber Security; particularly on the changes made since
the originally published version. The draft report is available
electronically from the NIST Web site at: http://csrc.nist.gov/publications/PubsDrafts.html. The comment templates are available at
the same address, and are required for both written and electronic
comments.
Interested parties should submit comments in accordance with the
DATES and ADDRESSES sections of this notice.
Dated: October 1, 2013.
Willie E. May,
Associate Director for Laboratory Programs.
[FR Doc. 2013-25168 Filed 10-24-13; 8:45 am]
BILLING CODE 3510-13-P