Guidelines for smart grid cyber security

Original publisher: Gaithersburg, MD : U.S. Dept. of Commerce, Technology Administration, National Institute of Standards and Technology, [2010] OCLC Number: (OCoLC)701552667 Subject: Electric power distribution -- Technological innovations -- United States. Excerpt: ... • Governance, risk, and compliance ( GRC ) requirements: Addressed at the organizational level and relevant to all Smart Grid organizations, but it may be necessary to augment these organization-level requirements for specific logical interface categories and / or Smart Grid information systems; • Common technical requirements: Applicable to all of the 22 logical interface categories; and • Unique technical requirements: Applicable to one or more - but not all - of the 22 interface categories. The common and unique technical requirements should be allocated to each Smart Grid system and not necessarily to every component within a system, as the focus is on security at the system level and not on specific information exchanges between components. Each organization must develop a security architecture for each Smart Grid information system and allocate security requirements to components / devices. Some security requirements may be allocated to one or more components / devices. However, not every security requirement must be allocated to every component / device. Impact levels for a specific Smart Grid information system - and, therefore, the need to implement enhancements to specific requirements - will be determined by organizations during the risk assessment process. In addition, organizations may find it necessary to identify compensating security requirements. A compensating security requirement is implemented by an organization in lieu of a recommended security requirement to provide equivalent or comparable level of protection for the information / control system and the information processed, stored, or transmitted by that system. More than one compensating requirement may be required to...