IoT Security Blog

Articles and Posts on IoT Security, Embedded Systems, and the Internet of Things

Meeting the Standards That Don’t Apply

Contributed by Joanne C. Kelleher

The Hawaii Natural Energy Institute put together The Maui Smart Grid Project team to evaluate new smart-grid technologies and collect feedback from the community. A recent article in the Maui News, Smart Grid Project Concerns Addressed, said :

The project team considers the safety and satisfaction of participants extremely important, and there are three common concerns to clarify further:
3. Privacy/security – The data captured by smart meters will only be used to evaluate the technologies tested in the project. The security protocols implemented adhere to all standards set by the Department of Defense for wireless networks.

I thought this reference to the DOD was strange, one of those statements that sounds good to people not involved in the industry, but doesn’t really go far enough.

The DOD’s CIO office has issued several policies, some related to wireless networks, such as # 8100.02 – Use of Commercial Wireless Devices, Services, and Technologies in the DoD Global Information Grid (GIG). There are also specific standards related to top secret and classified information shared over wireless networks, which don’t apply in this situation.

However, the DOD is not responsible for setting standards related to smart grid security and privacy for public utilities.  The article, Smart Grid Privacy And Security Risks Loom For Agencies discusses several agencies involved in the Smart Grid, but the DOD isn’t mentioned. The agencies and organizations that are involved include:

  • Department of Homeland Security,
  • National Institute of Standards and Technology(NIST)
  • Federal Energy Regulatory Commission (FERC)
  • Department of Energy and their Advanced Metering Infrastructure Security Task Force with 11 utility companies
  • North American Electric Reliability Corporation (NERC) and their regional level committees
  • Various state public utility commissions

In addition George W. Arnold, the National Coordinator for Smart Grid Interoperability at NIST, said in a recent paper published by the Institute of Electrical and Electronics Engineers (IEEE), that there are currently more than 20 technical standards development organizations working on smart grid.

Despite this long list, there are multiple jurisdiction issues and no one agency is in charge. Usman Sindhu, Senior Research Analyst at IDC Energy Insights, said it would be impossible to pinpoint one particular agency that is responsible for smart grid security standardization.

We do know that the DOD is not responsible for smart grid security, yet the security protocols implemented in Hawaii will adhere to all standards set by the Department of Defense for wireless networks. Maybe meeting standards that don’t apply is the easy way out of the hard work that needs to be done.