- Feb 20, 2021 3:34 pm GMT
I commend our colleagues at NIST's Smart Grid and Cyber-Physical Systems Program Office for providing this timely and necessary update to the NIST Framework and Roadmap for Smart Grid Interoperability Standards, Release 4.0. The authors provide insights and updates to the Smart Grid (SGIP) Framework based on rapid changes taking place in the electric system with the momentous expansion of small distributed resources (DER) and the need for improved cybersecurity controls to protect the grid, based on the NIST Cybersecurity Framework.
Bravo to the authors for their deep research and for providing such a useful tool to aid the electric industry as we transition to more distributed supply resources under a FERC Order 2222 rule structure and the need for greater emphasis on best cybersecurity practices by applying the NIST Cybersecurity Framework, V1.1. Well Done!
As in the past with NIST SGIP Priority Action Plans (PAP), this updated framework will also require greater collaboration across industry to ensure that interoperability is "built-in" to the grid's system of systems, through adherence to industry standards. NAESB has announced a standards development initiative aimed squarely at one of the key areas identified in the updated SGIP Framework, Version 4.0, the need for standards to enable interoperability between ISO/RTO organizations and DER Aggregators, with a kickoff meeting scheduled for 2/25/2021. I hope you will join us in this very important NAESB standards initiative.
As useful as I find the updated NIST SGIP Framework, there is one area that, IMO, could have been given more consideration: the need for cybersecurity software supply chain risk management. A very important initiative is being carried out by NIST's sister organization, NTIA, that aims to address software supply chain risks, like Solarwinds, to secure grid operations; the creation of Software Bill of Materials (SBOM) guidelines and best practices. NTIA is currently working on an Energy Proof of Concept (POC) for SBOM in collaboration with DOE National Lab's and industry. The results of this Energy SBOM POC would be a useful addition/errata to the V4.0 Framework as a best practice to address software supply chain risk with SBOM. I hope the authors will consider this addition.
I commend the NIST authors for this very useful and insightful update to the NIST SGIP Framework. I hope to meet you in the NAESB DER Standards development initiative and NTIA's SBOM Energy Proof of Concept.
Get Published - Build a Following
The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.
If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.