This group brings together the best thinkers on energy and climate. Join us for smart, insightful posts and conversations about where the energy industry is and where it is going.

Richard Brooks's picture
Co-Founder and Lead Software Engineer, Reliable Energy Analytics LLC

Dick Brooks is the inventor of patent 11,374,961: METHODS FOR VERIFICATION OF SOFTWARE OBJECT AUTHENTICITY AND INTEGRITY and the Software Assurance Guardian™ (SAG ™) Point Man™ (SAG-PM™) software...

  • Member since 2018
  • 1,540 items added with 672,030 views
  • Feb 20, 2021
  • 1052 views

I commend our colleagues at NIST's Smart Grid and Cyber-Physical Systems Program Office for providing this timely and necessary update to the NIST Framework and Roadmap for Smart Grid Interoperability Standards, Release 4.0. The authors provide insights and updates to the Smart Grid (SGIP) Framework based on rapid changes taking place in the electric system with the momentous expansion of small distributed resources (DER) and the need for improved cybersecurity controls to protect the grid, based on the NIST Cybersecurity Framework.

Bravo to the authors for their deep research and for providing such a useful tool to aid the electric industry as we transition to more distributed supply resources under a FERC Order 2222 rule structure and the need for greater emphasis on best cybersecurity practices by applying the NIST Cybersecurity Framework, V1.1. Well Done!

As in the past with NIST SGIP Priority Action Plans (PAP), this updated framework will also require greater collaboration across industry to ensure that interoperability is "built-in" to the grid's system of systems, through adherence to industry standards. NAESB has announced a standards development initiative aimed squarely at one of the key areas identified in the updated SGIP Framework, Version 4.0, the need for standards to enable interoperability between ISO/RTO organizations and DER Aggregators, with a kickoff meeting scheduled for 2/25/2021.  I hope you will join us in this very important NAESB standards initiative.

As useful as I find the updated NIST SGIP Framework, there is one area that, IMO, could have been given more consideration: the need for cybersecurity software supply chain risk management. A very important initiative is being carried out by NIST's sister organization, NTIA, that aims to address software supply chain risks, like Solarwinds, to secure grid operations; the creation of Software Bill of Materials (SBOM) guidelines and best practices. NTIA is currently working on an Energy Proof of Concept (POC) for SBOM in collaboration with DOE National Lab's and industry. The results of this Energy SBOM POC would be a useful addition/errata to the V4.0 Framework as a best practice to address software supply chain risk with SBOM. I hope the authors will consider this addition.

I commend the NIST authors for this very useful and insightful update to the NIST SGIP Framework. I hope to meet you in the NAESB DER Standards development initiative and NTIA's SBOM Energy Proof of Concept.

 

Discussions
Matt Chester's picture
Matt Chester on Feb 22, 2021

As useful as I find the updated NIST SGIP Framework, there is one area that, IMO, could have been given more consideration: the need for cybersecurity software supply chain risk management.

Was the omission one of not including it in the scope, not having an awareness of the need, the SolarWinds issue bringing the topic more to the forefront too late in this process, something else? 

Richard Brooks's picture
Richard Brooks on Feb 22, 2021

I'm not really sure, Matt. I defer to the NIST SGIP Framework V4.0 authors to address that question.

Richard Brooks's picture
Thank Richard for the Post!
Energy Central contributors share their experience and insights for the benefit of other Members (like you). Please show them your appreciation by leaving a comment, 'liking' this post, or following this Member.
More posts from this member

Get Published - Build a Following

The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.

If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.

                 Learn more about posting on Energy Central »