[House Hearing, 111 Congress]
[From the U.S. Government Publishing Office]


 
                 SMART GRID ARCHITECTURE AND STANDARDS:
                  ASSESSING COORDINATION AND PROGRESS

=======================================================================

                                HEARING

                               BEFORE THE

               SUBCOMMITTEE ON TECHNOLOGY AND INNOVATION

                  COMMITTEE ON SCIENCE AND TECHNOLOGY
                        HOUSE OF REPRESENTATIVES

                     ONE HUNDRED ELEVENTH CONGRESS

                             SECOND SESSION

                               __________

                              JULY 1, 2010

                               __________

                           Serial No. 111-104

                               __________

     Printed for the use of the Committee on Science and Technology


     Available via the World Wide Web: http://www.science.house.gov

                                 ______



                  U.S. GOVERNMENT PRINTING OFFICE
57-602                    WASHINGTON : 2010
-----------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Printing Office, 
http://bookstore.gpo.gov. For more information, contact the GPO Customer Contact Center, U.S. Government Printing Office. Phone 202ï¿½09512ï¿½091800, or 866ï¿½09512ï¿½091800 (toll-free). E-mail, [email protected].  

                  COMMITTEE ON SCIENCE AND TECHNOLOGY

                   HON. BART GORDON, Tennessee, Chair
JERRY F. COSTELLO, Illinois          RALPH M. HALL, Texas
EDDIE BERNICE JOHNSON, Texas         F. JAMES SENSENBRENNER JR., 
LYNN C. WOOLSEY, California              Wisconsin
DAVID WU, Oregon                     LAMAR S. SMITH, Texas
BRIAN BAIRD, Washington              DANA ROHRABACHER, California
BRAD MILLER, North Carolina          ROSCOE G. BARTLETT, Maryland
DANIEL LIPINSKI, Illinois            VERNON J. EHLERS, Michigan
GABRIELLE GIFFORDS, Arizona          FRANK D. LUCAS, Oklahoma
DONNA F. EDWARDS, Maryland           JUDY BIGGERT, Illinois
MARCIA L. FUDGE, Ohio                W. TODD AKIN, Missouri
BEN R. LUJAN, New Mexico             RANDY NEUGEBAUER, Texas
PAUL D. TONKO, New York              BOB INGLIS, South Carolina
STEVEN R. ROTHMAN, New Jersey        MICHAEL T. McCAUL, Texas
JIM MATHESON, Utah                   MARIO DIAZ-BALART, Florida
LINCOLN DAVIS, Tennessee             BRIAN P. BILBRAY, California
BEN CHANDLER, Kentucky               ADRIAN SMITH, Nebraska
RUSS CARNAHAN, Missouri              PAUL C. BROUN, Georgia
BARON P. HILL, Indiana               PETE OLSON, Texas
HARRY E. MITCHELL, Arizona
CHARLES A. WILSON, Ohio
KATHLEEN DAHLKEMPER, Pennsylvania
ALAN GRAYSON, Florida
SUZANNE M. KOSMAS, Florida
GARY C. PETERS, Michigan
JOHN GARAMENDI, California
VACANCY
                                 ------                                

               Subcommittee on Technology and Innovation

                      HON. DAVID WU, Oregon, Chair
DONNA F. EDWARDS, Maryland           ADRIAN SMITH, Nebraska
BEN R. LUJAN, New Mexico             JUDY BIGGERT, Illinois
PAUL D. TONKO, New York              W. TODD AKIN, Missouri
HARRY E. MITCHELL, Arizona           PAUL C. BROUN, Georgia
GARY C. PETERS, Michigan                 
JOHN GARAMENDI, California               
BART GORDON, Tennessee               RALPH M. HALL, Texas
                 MIKE QUEAR Subcommittee Staff Director
        MEGHAN HOUSEWRIGHT Democratic Professional Staff Member
            TRAVIS HITE Democratic Professional Staff Member
            HOLLY LOGUE Democratic Professional Staff Member
           MELE WILLIAMS Republican Professional Staff Member
                  VICTORIA JOHNSTON Research Assistant


                            C O N T E N T S

                              July 1, 2010

                                                                   Page
Witness List.....................................................     2

Hearing Charter..................................................     3

                           Opening Statements

Statement by Representative David Wu, Chairman, Subcommittee on 
  Technology and Innovation, Committee on Science and Technology, 
  U.S. House of Representatives..................................     9
    Written Statement............................................    10

Statement by Representative Adrian Smith, Ranking Minority 
  Member, Subcommittee on Technology and Innovation, Committee on 
  Science and Technology, U.S. House of Representatives..........    11
    Written Statement............................................    12

                               Witnesses:

Dr. George W. Arnold, National Coordinator for Smart Grid, 
  National Institute of Standards and Technology
    Oral Statement...............................................    13
    Written Statement............................................    15
    Biography....................................................    21

Mr. Mason W. Emnett, Associate Director of The Office of Energy 
  Policy and Innovation, Federal Energy Regulatory Commission
    Oral Statement...............................................    22
    Written Statement............................................    23
    Biography....................................................    26

Mr. John D. McDonald, P.E., Director of Technical Strategy and 
  Policy Development, GE Energy
    Oral Statement...............................................    27
    Written Statement............................................    28
    Biography....................................................    37

Mr. Conrad Eustis, Director of Retail Technology Development, 
  Portland General Electric
    Oral Statement...............................................    38
    Written Statement............................................    39
    Biography....................................................    43

Ms. Lillie Coney, Associate Director, Electronic Privacy 
  Information Center
    Oral Statement...............................................    43
    Written Statement............................................    45
    Biography....................................................    59

             Appendix 1: Answers to Post-Hearing Questions

Dr. George W. Arnold, National Coordinator for Smart Grid, 
  National Institute of Standards and Technology.................    86

Mr. John D. McDonald, P.E., Director of Technical Strategy and 
  Policy Development, GE Energy..................................    87

Mr. Conrad Eustis, Director of Retail Technology Development, 
  Portland General Electric......................................    88

             Appendix 2: Additional Material for the Record

Verbal Questions from Subcommittee by Chairman David Wu..........    90


   SMART GRID ARCHITECTURE AND STANDARDS: ASSESSING COORDINATION AND 
                                PROGRESS

                              ----------                              


                         THURSDAY, JULY 1, 2010

                  House of Representatives,
         Subcommittee on Technology and Innovation,
                       Committee on Science and Technology,
                                                    Washington, DC.

    The Subcommittee met, pursuant to call, at 10:04 a.m., in 
Room 2318 of the Rayburn House Office Building, Hon. David Wu 
[Chairman of the Subcommittee] presiding.


                            hearing charter

                     U.S. HOUSE OF REPRESENTATIVES

                  COMMITTEE ON SCIENCE AND TECHNOLOGY

               SUBCOMMITTEE ON TECHNOLOGY AND INNOVATION

                 Smart Grid Architecture and Standards:

                  Assessing Coordination and Progress

                         thursday, july 1, 2010
                         10:00 a.m.-12:00 p.m.
                   2318 rayburn house office building

Witnesses

          Dr. George Arnold: National Coordinator for Smart 
        Grid, National Institute of Standards and Technology

          Mr. Mason Emnett: Associate Director of the Office of 
        Energy Policy and Innovation, Federal Energy Regulatory 
        Commission

          Mr. John McDonald: Director of Technical Strategy and 
        Policy Development, GE Energy

          Mr. Conrad Eustis: Director of Retail Technology 
        Development, Portland General Electric

          Ms. Lillie Coney: Associate Director, Electronic 
        Privacy Information Center

Purpose

    As directed by the Energy Independence and Security Act (EISA) of 
2007 (P.L. 110-140), the National Institute of Standards and Technology 
(NIST) is coordinating an effort to develop a common framework and 
interoperability standards for the smart grid. The purpose of this 
hearing is to examine the progress of this effort and discuss how 
standards affect the development of the smart grid and the deployment 
of smart grid technologies. Additionally, witnesses will discuss 
current and anticipated challenges associated with these standards and 
offer their views on the ability of the current process to meet these 
challenges and develop standards that will enable the growth of a 
reliable, efficient, and secure smart grid.

Overview

    The term ``smart grid'' refers to modernization of the electric 
grid to incorporate digital computing, microprocessor-based measurement 
and control, and communication technology. These technologies will 
enable greater two-way communication between consumers and electricity 
providers so that consumers can adjust their electricity usage in 
response to real-time demand and price information. These technologies 
will also enable two-way energy transfer, or the ability for consumers 
to feed surplus energy into the grid, and will help accommodate 
widespread use of different types of electricity generation and storage 
options, from solar roofing shingles to electric vehicles. Other 
anticipated benefits of the smart grid include: better regulation of 
power quality (i.e., minimizing the fluctuations in voltage which can 
damage more sensitive electronics and other equipment); more efficient 
use of power generating infrastructure; greater resiliency of the 
electric grid infrastructure in withstanding disasters; and economic 
growth from the new products and services created for, and by, the 
smart grid.
    The smart grid is often referred to as a system of systems and a 
network of networks. Given its highly interconnected nature, standards 
are essential to ensuring that smart grid components will work together 
effectively and efficiently. Section 1305 of EISA directed NIST to work 
with Federal, State, and private-sector stakeholders to develop a smart 
grid interoperability framework that is ``flexible, uniform, and 
technology neutral.'' An interoperability framework creates a model of 
a complex system, like the smart grid. It helps identify where 
information exchange needs to take place between devices and networks 
to meet the functional requirements of the system.
    With $15 million in Recovery Act funding, NIST has brought together 
over 1,500) interested parties, from power generators and utility 
regulators, to high-tech companies and software developers, to develop 
a conceptual architecture, or framework, for the smart grid and to 
coordinate the development of standards. Through this effort, NIST has 
already identified 75 existing standards, in varying stages of 
development, that have smart grid applications. NIST also performed a 
gap analysis to identify areas lacking necessary standards. This 
analysis revealed 70 gaps.
    NIST created 16 Priority Action Plans (PAPS) to engage the 
appropriate experts and develop, or refine, the most urgently needed 
standards on a fast-track timeline. The initial efforts will address 
needs in eight priority areas, including energy storage and Advanced 
Metering Infrastructure. Such standards are critical to creating viable 
consumer technology and for enabling the envisioned environmental 
benefits, such as distributed power generation and widespread adoption 
of plug-in electric vehicles.
    In conjunction with the development of interoperability standards, 
NIST is coordinating the development of cyber security standards to 
ensure the security and privacy of smart grid data and systems.
    According to NIST, the initial 75 standards represent only a 
``small subset of the totality of standards that will ultimately be 
required to build a safer, secure smart grid that is interoperable, end 
to end.'' Therefore, the agency has formed the Smart Grid 
Interoperability Panel (SGIP) to continue to oversee this standards 
coordination process. Nearly 600 stakeholder organizations are part of 
the SGIP, which will help identify additional priority areas for 
standards development and serve as a forum to resolve any issues that 
emerge during the standards development process. NIST is also working 
to develop a testing and evaluation framework for smart grid technology 
to ensure that products that are sold perform as intended.
    EISA requires that the Federal Energy Regulatory Commission (FERC) 
adopt into rulemaking ``standards and protocols that ensure smart grid 
functionality and interoperability in interstate transmission of 
electric power, and regional, and wholesale electricity markets.'' From 
the initial 75 existing standards with applicability to the smart grid, 
FERC is preparing to initiate rulemaking on 14 of these standards.

Background

Overview of Smart Grid

    The smart grid encompasses a wide array of technology that has the 
potential to dramatically improve the reliability, security, and 
efficiency of the electric grid, offering economic and environmental 
benefits. As described in more detail below, the existing grid is a 
patchwork of systems that pose reliability and security concerns, and 
limit opportunities for energy efficiency and conservation.
    Reliability. Congestion on the electric grid is a growing problem. 
At its worst, congestion can damage transmission lines and lead to 
major blackouts, like the one in 2003 that darkened large portions of 
the Northeast and the Midwest. Since electricity cannot be stored and 
must be used as soon as it is generated, the operators of the 
transmission system must carefully coordinate the routing of power from 
a number of sources through a limited number of pathways. Over the past 
several decades, growing electricity demand has pushed the limits of 
the transmission infrastructure, creating bottlenecks at major high-
voltage lines around the country, especially during peak demand 
periods. Exceeding the capacity of these pathways can cause brownouts, 
or worse, power outages and damage to infrastructure as lines and 
equipment become overheated. Failure at these junctions can disrupt the 
balance between electricity generation and usage, spreading disruption 
to other parts of the grid. According to the Department of Energy, 
outages affected 15 percent more customers from 1996 to 2000 than from 
1991 to 1995.\1\
---------------------------------------------------------------------------
    \1\ The Smart Grid: An Introduction. The Department of Energy, 
2008. p. 7.
---------------------------------------------------------------------------
    Modern smart grid technologies can improve reliability. With the 
existing grid, the slow response time of mechanical switches, a lack of 
automated analysis capabilities, and operators' low situational 
awareness--or detailed visibility--of the grid make the task of routing 
power more challenging and more prone to failure. Smart grid 
technologies will seek to provide ``wide area situational awareness,'' 
which will integrate real-time sensor data, weather information, and 
grid modeling with geographic information systems. This will enable 
grid operators to instantly switch between views that show the status 
of the grid for an entire region to views that show current conditions 
of the grid in individual neighborhoods. In addition, smart grid 
technologies are intended to allow operators to improve diagnosis of 
grid disturbances, precisely locating problems and optimizing repairs.
    Efficiency and Conservation. In addition to increasing the 
reliability of electricity transmission and distribution, smart grid 
technologies can enable greater energy efficiency and conservation and 
reduce emissions. The Department of Energy estimates that if the grid 
were just five percent more efficient, the emissions and fuel savings 
would be the equivalent of removing 53 million cars from the road.\2\
---------------------------------------------------------------------------
    \2\ The Smart Grid: An Introduction. The Department of Energy, 
2008. p. 7.
---------------------------------------------------------------------------
    As noted above, congestion in the transmission lines has a major 
impact on grid operation. The most efficient power plants are larger 
``baseload plants'' which operate continuously and generally meet the 
average customer demand in their service areas. Although demand during 
peak periods does not often exceed the generating capacity of these 
plants, it can exceed the capacity of the transmission lines. At such 
times, operators must bring additional, less efficient ``peaking 
plants'' online, which are often closer to the service area. One of the 
major anticipated benefits of the smart grid is technologies to help 
reduce demand during peak periods, reducing the need to draw on less 
efficient plants. A major component of the smart grid will be advanced 
metering infrastructure that provides real-time information directly to 
consumers, enabling them to see their own usage and react to higher 
demand--and higher prices--by using less electricity. These 
technologies, coupled with smart appliances, could also be used by 
utilities to quickly stem demand when it exceeds transmission capacity.
    In addition to demand-response pricing, the smart grid will also 
enable increased use of renewable sources of energy and the use of 
distributed energy storage devices. Advanced communication and 
computational technologies will allow the grid to remain in balance 
while drawing on intermittent renewable energy sources, such as wind 
and solar. It will also enable the integration of solar roofing 
shingles and other small-scale distributed renewable sources. The 
technology exists to connect renewable resources like these to the 
grid. However, they are far short of the ``plug and play'' capabilities 
needed to promote widespread adoption. They also do not incorporate 
technologies which would allow them to interact dynamically with the 
grid. Smart grid technologies hold the possibility of using electric 
vehicle batteries as energy storage devices that could feed energy back 
onto the grid. Plug-in electric vehicles and plug-in hybrid electric 
vehicles could help balance the large swings in demand over the course 
of a day by charging at night when demand is lowest, and returning 
power to the grid during the day when demand reaches its height (often 
termed peak-shaving). Through demand-response pricing, which will be 
enabled by smart grid, consumers will have an incentive to charge their 
vehicles at night.
    Security. The centralized control systems that manage and control 
the generation, transmission. and distribution of electric power raise 
significant cyber security concerns. These control systems monitor and 
control sensitive processes and physical functions on the grid, 
including opening and closing circuit breakers and setting thresholds 
for preventative shutdowns. In 2007, the Government Accountability 
Office (GAO) released a report highlighting the vulnerability of these 
control systems to cyber security attacks or unintentionally caused 
system disturbances.\3\ The report cited a number of factors, including 
the interconnectivity of these systems, their connection to the 
Internet, non-secure connections, and the availability of pertinent 
technical information, that make supervisory control and data 
acquisition systems susceptible to cyber threats and vulnerabilities. 
There are dozens of examples from around the world of malicious 
exploitation of vulnerabilities in control systems, or simple control 
system malfunctions, that caused serious consequences in the 
functioning of critical infrastructure.
---------------------------------------------------------------------------
    \3\ Critical infrastructure Protection: Multiple Efforts to Secure 
Control Systems Are Under Way, but Challenges Remain. The Government 
Accountability Office, 2007. pp. 3-18.
---------------------------------------------------------------------------
    With their increased reliance on networked communication systems, 
smart grid technologies have the potential to pose additional cyber 
security risks. Not only is there fear that non-secure systems could 
open the door to widespread power disruption, there is also fear that 
the storage and communication of real-time energy usage data could be a 
risk to consumer privacy.

Standards

    A common smart grid framework--or architecture--and technical 
standards are recognized as essential to realizing the potential 
benefits of the smart grid. This requires collaboration between 
industry sectors that have never before had to work together toward a 
common goal. Figure 1, which is the Conceptual Reference Model for 
Smart Grid Information Networks developed by NIST and associated 
stakeholders, illustrates this complex web of actors, grouped into 
domains where similar functions take place (e.g., the home, 
transmission systems, or power plants). Dozens of devices and systems 
must communicate under the proposed smart grid architecture, requiring 
common data sharing protocols and common methods of presenting 
information. In addition, the architecture should be flexible to allow 
the incorporation of evolving technologies, while still supporting 
legacy systems and devices.




    The NIST-led framework development and standards identification 
process described in the Overview section culminated in the January 
2010 release of the NIST Framework and Roadmap for Smart Grid 
Interoperability Standards, Release 1.0. As discussed in the Overview 
section above, this document identified a number of smart grid-related 
standards and standards gaps. From these, NIST created 16 Priority 
Action Plans (PAPs) to address standards needs that will be fundamental 
to achieving smart grid benefits, such as greater consumer visibility 
and control of electricity usage and greater use of distributed 
renewable energy sources.
    Three of the PAPs included in the NIST Framework are devoted to 
smart grid communications. The standards addressed by these PAPs--
Guidelines for the Use of IP Protocol Suite in the Smart Grid, 
Guidelines for Use of Wireless Communication, and Harmonization of 
Power Line Carrier Standards for Appliance Communications in the Home--
will ensure that smart appliances and other home systems can 
communicate with home area networks and advanced smart meters without 
requiring technological expertise and configuration by consumers, and 
without interfering with one another. For example, currently, 
manufacturers are considering several power line-based communication 
technologies for appliances, meters, and plug-in electric vehicle 
communications. A number of technologies currently exist, but they are 
not interoperable and some may actually interfere with one another. 
Thus these standards are critical to widespread adoption of smart grid 
technologies because consumers are unlikely to choose smart appliances 
unless they are smart, interoperable, and compatible.
    As discussed above, the smart grid holds the potential for electric 
vehicles to act as demand-stabilizing power storage devices and also 
for the penetration of renewables onto the grid. In response, work is 
currently underway on two PAPs, Energy Storage Interconnection 
Guidelines and Interoperability Standards to Support Plug-in Electric 
Vehicles. The objective of this work is to develop standards and 
guidelines for connecting these power sources and storage devices to 
the grid in a way that addresses potential intermittency and 
variability and is responsive to grid management requirements.
    The cyber security vulnerabilities of the electric grid are not 
new, but smart grid technologies will likely pose a more complex cyber 
security challenge. For example, with advanced metering infrastructure, 
third-party service providers (e.g., a web-based customer energy usage 
interface), smart appliances, and other smart grid features, there will 
be a greater number of entry points through which to stage cyber 
attacks. Moreover, the increased complexity of the grid could introduce 
vulnerabilities and increase exposure to potential attackers or 
unintentional disruptions.
    In addition to the more traditional risks of reliability, smart 
grid technologies may also create vulnerabilities around customer 
privacy. Real-time energy usage data can reveal personal habits, for 
example, revealing how many occupants live in a home and when they 
generally leave and return to the home. This information could even 
reveal detailed aspects of daily and weekly routines, such as when 
occupants of a home shower, and how often they run the washing machine.
    NIST has made cyber security a priority, initiating a separate 
cyber security process to complement the overall smart grid standards 
development process. Through a 300 member Smart Grid Cyber Security 
Coordination Task Group, NIST is ``coordinating the development of 
measures to ensure the confidentiality, integrity and availability of 
the electronic information communication systems and the control 
systems necessary for the management, operation, and protection of the 
grid.'' This task group released a draft version of the Cyber Security 
Guidelines early this year. In this document, the developers identify 
the risks associated with smart grid and the relevant security 
requirements for the smart grid. The work generated from this effort is 
intended to enable cyber security to be an integral part of the design 
process as the smart grid architecture and standards evolve.

Regulation

    In the U.S., the power industry is highly fragmented, with over 
3,100 entities under various forms of private investor and public 
ownership. By authority of the Federal Power Act, FERC has jurisdiction 
to regulate the wholesale power market and electric system reliability 
standards. However, a patchwork of state regulations govern electric 
industry structure, generation adequacy, energy resource mix, 
transmission siting, cost recovery, and retail electricity prices.
    Power-related regulations have evolved over time as utilities 
became increasingly interconnected. By the mid-part of the 20th 
century, through ad-hoc growth, the power system in the U.S. had become 
highly interconnected. A major power outage in 1965, which quickly 
cascaded to cover the entire Northeast, illustrated the lack of high-
level planning to prevent and prepare for outages. It also revealed 
that operators within the large interconnected zone did not have common 
operating standards and procedures. Created by legislation in response 
to the 1965 blackout, the North American Electric Reliability Council 
began to develop regional standards of operation to ensure reliability 
of the grid. After the major 2003 blackout which also blanketed the 
Northeast, these standards were adopted into regulation by FERC.
    The NIST framework notes that the transition to the smart grid 
introduces new regulatory considerations, including security, 
reliability, safety, privacy, and other policy considerations, which 
``may transcend jurisdictional boundaries and require increased 
coordination among Federal, state, and local lawmakers and 
regulators.'' To that end, the common architecture developed through 
the NIST process is intended to help facilitate and enable this 
coordination.

Issues and Concerns

    Even though the technologies are young, there has already been 
significant investment in the smart grid. The American Recovery and 
Reinvestment Act invested $9.2 billion ($4.5 billion in Federal funds; 
$4.7 billion in matching funds from private companies, utilities, 
cities, and other partners) in smart grid related technologies, 
including smart meters, software to manage meter and grid data, and 
distributed energy generation resources. The U.S. market for smart grid 
related equipment, devices, information and communication technologies, 
and other hardware, software, and services is expected to reach $47 
billion per year by 2014. Globally, this market is projected to reach 
$171 billion.\4\ Given the scale of investment, ensuring 
interoperability is imperative.
---------------------------------------------------------------------------
    \4\ NIST Framework and Roadmap for Smart Grid Interoperability 
Standards, Release 1.0, January 2010, p. 14.
---------------------------------------------------------------------------
    Standards development is typically a time intensive process, 
reflecting the complexity and requirement for consensus. However, given 
that modernizing the electric grid has been identified as a national 
priority, NIST has called for aggressive timelines for a number of the 
standards. An important challenge will be maintaining a pace of 
standards development that will ensure interoperability and encourage 
additional investment, but also maintain the quality of the standards 
and ensuring that they are open, flexible, and meet reliability, 
security, and efficiency needs.
    The Cyber Security Coordination Task Group described above 
performed a Privacy Impact Assessment for the customer interface 
portion of the smart grid. This assessment found that a lack of 
consistent and comprehensive privacy policies, standards, and 
supporting procedures throughout the states, government agencies, 
utility companies, and supporting entities that will be involved in 
smart grid data collection and management created privacy risks that 
would need to be addressed.
    As noted above, there is a sizable global market for smart grid 
technologies, and many countries are also planning to move to smart 
grid technologies. U.S. manufacturers stand to lead in the market for 
smart grid technologies, making international engagement an important 
aspect of the Nation's own smart grid development. NIST has engaged 
with smart grid stakeholders in other countries and is promoting a 
common smart grid framework. In addition, of the 75 existing standards 
listed in the NIST Framework, 13 percent came from domestic standards 
development organizations (SDOs), 111 percent from the U.S. Government, 
and 77 percent were from international SDOs.
    As noted above, NIST intends to incorporate testing and evaluation 
into the overall smart grid standards process to ensure that technology 
will perform as intended. Although NIST has designated testing and 
evaluation as the final phase in meeting the requirements of EISA, it 
has been included in the work of the SGIP and the development of a 
framework for testing and evaluation is currently underway. The fact 
that there is not yet a formal testing and evaluation process for all 
smart grid technologies raises important questions about the consistent 
implementation of existing standards.
    Chairman Wu. Good morning. Welcome to everyone. Thank you 
for coming to this first in a--well, one in a series of 
hearings on smart grid and smart grid-related issues. The 
enterprise that we are embarking upon, the modernization of our 
century-old electric power system, is a very, very important 
step in moving toward a clean and independent energy future. It 
is critical to developing a more reliable and secure, and as 
private as possible, electrical grid. My understanding is that 
about 40 percent of our national energy budget is allocated to 
electricity, and unfortunately, two-thirds of the total 
electrical energy that we generate does not arrive in useful 
form for the end user. So building out a smart grid will enable 
more efficient use, will enable the use of the addition of 
renewable sources and allow for better management of electrical 
transmission and distribution, and hopefully a more reliable 
network also. It will help support the increasing demand for 
electricity and our growing reliance on electrically based 
technologies.
    The grid, the smart grid, will incorporate two-way 
communication for a flow of information throughout a vast 
interconnected power transmission system. In fact, I think we 
are going to hear testimony that--actually this is not 
submitted testimony. This is, I think, in a letter to the 
Committee that the requirements of this information system may 
be 100 times what we currently invest in the Internet. In the 
smart grid future, customers will have access to real-time data 
on their energy use and on the market price of electricity, and 
as the demand for electricity increases, consumers will be able 
to make more-informed choices on how high to set the thermostat 
and when to run the dishwasher or other appliances, and 
consumers will also benefit when grid operators have more 
detailed information on the status of the grid and respond to 
disruptions more quickly to keep the lights on or prevent 
brownouts.
    The Nation's electrical grid has often been called the 
biggest machine on earth. With the addition of smart 
appliances, solar roofing and networks of communication 
systems, the grid will become even bigger and more complex. The 
scale and complexity makes it imperative that all of those 
involved in developing and using the smart grid share a common 
technical view, or framework, of the system. It is also crucial 
that the technologies be based on open standards that 
facilitate interoperability, security, and competition in the 
marketplace and also that it be technology-neutral.
    In addition, I believe that it is very, very important that 
the standards we set be promulgated internationally so that we 
do not have the problems that we have had in the past with 
certain countries trying to develop islands of technology 
whether it is to gain commercial advantage or otherwise 
balkanize the international system.
    The benefits of a smart grid will come from massive 
participation and widespread adoption of smart appliances, 
solar panels, electric vehicles and other technologies that 
will provide distributed sources and distributed storage. We 
need the entire system or the distributed system to be plug-
and-play. No consumer wants to find out that the smart 
dishwasher they bought a year ago will not work and that the 
home network they just purchased will not interoperate with 
those appliances. Few consumers will install solar panels, wind 
turbines and fuel cells for their homes if it is not easy to 
see how much power they are creating and track the value of 
their investment.
    Utilities also want to avoid stranded costs. The Energy Act 
of 2007 tasked the National Institute of Standard and 
Technology, or NIST, with coordinating the standards process. 
The 1,500 stakeholders or more NIST sought input from to 
identify an initial set of 75 standards, and the 580 
organizations that are represented on the Smart Grid 
Interoperability Panel, ranging from regional utilities to 
large technology companies, illustrate the size and complexity 
of this process. From reports on the process, the National 
Smart Grid Coordinator, George Arnold, has done an impressive 
job of marshaling the private- and public-sector expertise and 
input needed to perform this task and to do so on a very 
expedited timeline.
    Today we will delve into the standards process in more 
detail, discuss the work that has been done, and see where 
things are headed. I am particularly interested in the 
witnesses' views on the strength of this process thus far and 
when the witnesses think certification systems will be in place 
to bring more assurances that the technologies will work 
together as intended. I will also be interested in the progress 
of addressing privacy and security challenges posed by the 
smart grid and the level of international engagement that is 
necessary for the United States to continue its leadership in 
smart grid technologies and help the rest of the world in 
achieving a more energy-independent future.
    As we are dealing with the horrible aftermath of the BP 
spill in the Gulf, moving quickly with technology that will 
break our dependence on oil is imperative. The work that NIST 
is facilitating right now is an important component of 
achieving that goal, and I hope we will learn today how we can 
continue to address this challenge moving forward.
    Chairman Wu. With that, I would like to recognize the 
Ranking Member of this Subcommittee, Mr. Smith, for his opening 
statement.
    [The prepared statement of Chairman Wu follows:]

                Prepared Statement of Chairman David Wu

    Good morning, and thanks to all of you for attending today's 
hearing on smart grid standards.
    The modernization of our 100-year-old electric power system is an 
integral step in moving toward a clean, independent energy future, and 
it is critical to developing a more reliable and more secure electrical 
grid. Building out a smart grid will enable the addition of more 
renewable sources and allow for better management of the electricity 
transmission and distribution network. In addition, it will help 
support the increasing demand for electricity and growing reliance on 
technology.
    The smart grid will incorporate two-way communication for a 
constant flow of information throughout the vast interconnected power 
transmission system. In the smart grid future, customers will have 
access to real-time data on their energy usage and the market price of 
electricity. As the demand for electricity increases, driving the price 
up, consumers will be able to make more informed choices on how high to 
set the thermostat and when to run the dishwasher. Consumers will also 
benefit when grid operators have more detailed information on the 
status of the grid and can respond to disruptions more quickly to keep 
the lights on.
    The nation's electrical grid has often been called the biggest 
machine on earth. With the addition of smart appliances, solar roofing 
shingles, and networks of communication systems, the grid will become 
bigger and more complex. The scale and complexity makes it imperative 
that all of those involved in developing and using the smart grid share 
a common technical view--or framework--of the system. It is also 
crucial that the technologies be based on open standards that 
facilitate interoperability, security, and competition in the 
marketplace. The benefits of a smart grid will come from massive 
participation and widespread adoption of smart appliances, solar 
panels, and electric vehicles, among other technologies, and for that, 
we need it to be ``plug-and-play.'' No consumer wants to find out that 
the smart dishwasher they bought a year ago will not work with the home 
network they just purchased. And few consumers will install solar 
panels, wind turbines, or fuel cells for their homes if it's not easy 
to see how much power they're creating and track the value of their 
investment.
    The Energy Act of 2007 tasked the National Institute of Standards 
and Technology with coordinating the standards process. The 1,500 
stakeholders NIST sought input from to identify an initial set of seven 
standards, and the 580 organizations that are represented on the Smart 
Grid Interoperability Panel--ranging from regional utilities to large 
tech companies--illustrate the size and scope of this process. And, 
from reports on the process, the National Smart Grid Coordinator, 
George Arnold, has done an impressive job marshalling the private- and 
public-sector expertise and input needed to perform this task, and to 
do so on an expedited timeline.
    Today we will delve into the standards process in a little more 
detail, discuss the work that has been done, and see where things are 
headed. I am particularly interested in the witnesses' views on the 
strength of this process thus far and when the witnesses think 
certification systems will be in place to bring more assurances that 
the technologies will work together as intended. I will also be 
interested in the progress of addressing privacy and security 
challenges posed by the smart grid and the level of international 
engagement that is necessary for the U.S. to continue its leadership in 
smart grid technologies.
    As we are dealing with the horrible aftermath of the BP spill in 
the Gulf, moving quickly with technology that will break our dependence 
on oil is imperative. The work that NIST is facilitating right now is 
an important component of achieving that goal, and I hope we will learn 
today how we can continue to address this challenge moving forward.

    Mr. Smith. Thank you, Chairman Wu, for calling today's 
hearing to assess coordination and progress in the development 
of smart grid architecture and standards.
    The Energy Independence and Security Act of 2007 directed 
NIST to coordinate efforts to develop a common framework and 
interoperability standards for the implementation of smart grid 
technologies. This direction was both appropriate and 
necessary. Our electrical grid is an interconnected, cross-
border system, and NIST has proven expertise in developing such 
standards. In my home State of Nebraska, proper implementation 
of smart grid technologies would not only allow connected 
consumers to better manage their consumption of energy but 
could also encourage investment in small-scale technologies to 
take advantage of available renewable energy resources for home 
use and selling it onto the grid. Nebraska ranks sixth among 
states in wind energy potential but lags behind in 
implementation because of difficulties in getting electricity 
onto the grid. Likewise, our many small streams and irrigation 
canals are a potential resource for small-scale hydroelectric 
power.
    I hope we can also address outstanding concerns with 
implementation, as well. One particular issue I am interested 
to learn more about is the effect of smart grid implementation 
on consumer privacy and even choice. On its face, using macro 
and micro consumer data to optimize the generation and 
distribution of electricity is a logical step we can take to 
improve the efficiency of our system. However, we should also 
know at what level of granularity this data will be gathered 
and used, and who will be using it. We should also ensure this 
data is used to enable smarter consumer decision-making, not to 
force false choices on consumers or to cut off access to 
electricity.
    I also hope to learn what, if anything, is being done to 
ensure stimulus dollars dedicated to the smart grid aren't 
being wasted on infrastructure which won't meet the forthcoming 
standards, since these standards have not yet been completed.
    With that, thank you, Mr. Chairman, again, for calling this 
hearing and to our witnesses for your efforts and your 
expertise as we look at implementing these standards and for 
your presence here today. I look forward to a fruitful session, 
and I yield back the balance.
    [The prepared statement of Mr. Smith follows:]

           Prepared Statement of Representative Adrian Smith

    Thank you, Chairman Wu, for calling today's hearing to assess 
coordination and progress in the development of smart grid architecture 
and standards.
    The Energy Independence and Security Act of 2007 directed the 
National Institute of Standards and Technology to coordinate efforts to 
develop a common framework and interoperability standards for the 
implementation of smart grid technologies. This direction was both 
appropriate and necessary. Our electrical grid is an interconnected, 
cross border system, and NIST has proven expertise in developing such 
standards.
    In my home state of Nebraska, proper implementation of smart grid 
technologies would not only allow connected consumers to better manage 
their consumption of energy, but could also encourage investment in 
small scale technologies to take advantage of available renewable 
energy resources for home use and selling it onto the grid. Nebraska 
ranks sixth among states in wind energy potential but lags behind in 
implementation because of difficulties in getting electricity onto the 
grid. Likewise, our many small streams and irrigation canals are a 
potential resource for small scale hydroelectric power.
    I hope we can also address outstanding concerns with 
implementation, as well. One particular issue I am interested to learn 
more about is the effect of smart grid implementation on consumer 
privacy and choice.
    On its face, using macro and micro consumer data to optimize the 
generation and distribution of electricity is a logical step we can 
take to improve the efficiency of our system. However, we should also 
know at what level of granularity this data will be gathered and used, 
and who will be using it. We should also ensure this data is used to 
enable smarter consumer decision-making, not to force false choices on 
consumers or to cut off access to electricity.
    I also hope to learn what, if anything, is being done to ensure 
stimulus dollars dedicated to smart grid aren't being wasted on 
infrastructure which won't meet the forthcoming standards, since these 
standards have not yet been completed.
    With that, thank you again, Mr. Chairman, for calling this hearing, 
and to our witnesses for your efforts to implement these standards and 
your presence here today. I look forward to a fruitful session and I 
yield back the balance of my time.

    Chairman Wu. Thank you very much, Mr. Smith.
    If there are any other Members who wish to submit opening 
statements, those opening statements will be inserted into the 
record at this point.
    And now it is my pleasure to introduce our witnesses. Dr. 
George Arnold is the National Coordinator for Smart Grid at the 
National Institute of Standards and Technology. Welcome. Mr. 
Mason Emnett is the Associate Director of the Office of Energy 
Policy and Innovation at the Federal Energy Regulatory 
Commission. We are going to rename Federal agencies like Dave 
or Joe. Mr. John McDonald is the Director of Technical Strategy 
and Policy Development at GE Energy. Mr. Conrad Eustis is the 
Director of Retail Technology Development at Portland General 
Electric. And our final witness is Ms. Lillie Coney, who is the 
Associate Director of the Electronic Privacy Information 
Center.
    With that, you will each have five minutes for your spoken 
testimony. Your written testimonies will be included in the 
record in their entirety, and when you complete all of your 
testimony, we will begin with questions. Each Member will have 
five minutes to question the panel, and I have already spoken 
with the witnesses about this, but for the information of 
everyone in the room, we expect votes fairly soon, and what I 
would like to do is, as much as possible, get through 
everyone's testimony before votes, proceed with questioning as 
far as we can, recess for the votes because there are going to 
be three votes, and then we will, if necessary, come back after 
those votes and complete the questions and the rest of the 
hearing.
    Dr. Arnold, please proceed.

  STATEMENT OF DR. GEORGE W. ARNOLD, NATIONAL COORDINATOR FOR 
   SMART GRID, NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY

    Dr. Arnold. Chairman Wu, thank you for the opportunity to--
--
    Chairman Wu. Dr. Arnold, I believe that there is a switch 
in front of you. It is not a smart microphone, so----
    Dr. Arnold. Okay.
    Chairman Wu. There we go.
    Dr. Arnold. I will have to apply some intelligence here.
    I would like to thank you for the opportunity to discuss 
NIST's progress in accelerating the development of standards to 
realize a secure and interoperable nationwide smart grid.
    The smart grid is indeed central to the Nation's efforts to 
increase the reliability, efficiency and security of the 
electric delivery system and to increase America's use of 
renewable and distributed clean energy. The smart grid is also 
an important piece of the Administration's overall goal of 
fostering innovation and creating millions of jobs in a green 
energy economy.
    As has been said, under the Energy Independence and 
Security Act of 2007, Congress assigned NIST the primary 
responsibility to coordinate development of standards for the 
smart grid. This task represents an enormous challenge and a 
tremendous opportunity. Several years ago, the National Academy 
of Engineering described today's electric grid as the greatest 
engineering achievement of the 20th century. Future generations 
may well describe the smart grid as the first great engineering 
achievement of the 21st century. NIST is providing strong 
national and international leadership to drive the creation of 
the standards needed to make the smart grid a reality. We are 
engaging industry, government and consumer stakeholders in an 
unprecedented open public process.
    In April of 2009, NIST launched a three-phase plan to 
expedite development and adoption of smart grid 
interoperability standards. I am pleased to tell you that the 
plan we laid out is on course and on schedule. Phase one of our 
effort resulted in the January 2010 release of NIST Special 
Publication 1108, Release 1.0, Framework and Roadmap for Smart 
Grid Interoperability. It describes a high-level reference 
model, identifies seven initial standards, specifies 16 
priority action plans and the highest priority standards gaps 
and describes a strategy to establish requirements and 
standards for smart grid cybersecurity.
    The NIST Release 1.0 Framework is also having influence 
around the world and is being used as a reference by many other 
countries that are beginning to work on their standards for 
their smart grid.
    Smart grid will ultimately require hundreds of standards, 
specifications and requirements. Some are obviously needed more 
urgently than others. To prioritize its work, NIST chose to 
focus its initial effort on the priorities in FERC's Policy 
Statement plus additional areas identified by NIST in 
consultation with DOE [Department of Energy].
    The Release 1.0 Framework lays a strong foundation but much 
work lies ahead. Phase two of the NIST plan saw the 
establishment of a more permanent public-private partnership, 
the Smart Grid Interoperability Panel, to guide the development 
and evolution of the standards. This body is also guiding the 
establishment of a testing and certification framework for the 
smart grid which is phase three of the NIST plan.
    Cybersecurity is a paramount concern, and this has been the 
major focus of our effort from the beginning. A NIST-led 
cybersecurity working group is finalizing a major deliverable 
that will be published later this month establishing 
cybersecurity guidelines for the smart grid.
    So where are we headed next? Our most immediate priority is 
completion of the priority action plans we currently have 
underway. We anticipate that these tasks will result in about 
25 additional standards, guidelines and requirements documents 
to fill the highest priority gaps in the standards post office, 
and significant progress is being made in these action plans.
    Another key priority for NIST is supporting future FERC 
rulemaking to adopt smart grid standards, and NIST has been 
working very closely with FERC and will continue to do so, and 
we are also reaching out to state commissions.
    I would like to conclude by mentioning some of the major 
challenges that we are addressing. First is ensuring that our 
standards are, wherever possible, harmonized internationally. 
To achieve this, we are fully engaged in all the relevant 
international standards bodies and in bilateral and 
multilateral discussions with our governmental counterparts in 
other countries. Second, we are working to accelerate 
resolution of some key standards issues that could impede the 
development of the market if not settled soon, such as 
communication between consumer appliances in the grid and 
electric vehicle to grid interconnection. Third, we are 
continuously weighing the correct balance between speed and 
deliberation in our work, because any fundamental mistakes made 
at this stage may be difficult and costly to correct later.
    NIST is proud to have been given such an important role and 
is committed to achieving the Administration's vision. Thank 
you for the opportunity to testify today. I would be happy to 
answer any questions that you may have.
    [The prepared statement of Dr. Arnold follows:]

                 Prepared Statement of George W. Arnold

Introduction

    Chairman Wu, Ranking Member Smith, and Members of the Subcommittee, 
I am George Arnold, the National Coordinator for Smart Grid 
Interoperability at the Department of Commerce's National Institute of 
Standards and Technology (NIST).
    Thank you for the opportunity to appear before you today to discuss 
NIST's progress in accelerating the development of standards needed to 
realize a secure and interoperable nationwide Smart Grid. I last 
testified about our progress and plans before the Subcommittee on 
Environment and Energy on July 23, 2009. Today I would like to update 
you on what we have accomplished since then, where we are going, and 
some of the key issues on the horizon that we are addressing.
    The Smart Grid, which will modernize the United States electric 
power delivery system, is central to the Nation's efforts to increase 
the reliability, efficiency and security of the electric delivery 
system and also to help build the infrastructure that will facilitate 
clean, energy sources to American homes and businesses: The Smart Grid 
utilizes advanced information and communications technologies to 
replace the one-way flow of electricity and information in the current 
grid with a two-way flow of electricity and information. This marriage 
of energy and information technologies will create capabilities to 
integrate solar, wind, and other forms of renewable energy, enable 
widespread use of distributed energy sources, provide consumers with 
tools to reduce energy usage and potentially save money, make the grid 
more efficient by reducing peak demand, and facilitate electrification 
of vehicles.
    The Smart Grid is an important piece of the Administration's 
overall goal of fostering innovation and creating millions of jobs in a 
green economy through the creation of whole new industries and green 
entrepreneurs. NIST's mission to advance innovation and U.S. industrial 
competitiveness fits perfectly with this goal and we're committed to 
helping make that vision a reality.
    Modernizing and digitizing the nation's electrical power grid--the 
largest interconnected machine on Earth--is an enormous challenge and a 
tremendous opportunity. Several years ago, the National Academy of 
Engineering described the electric grid as the greatest engineering 
achievement of the 20th century, and the largest industrial investment 
in the history of humankind. The basic structure of the present grid 
has changed little over its hundred-year history. The U.S. grid, which 
is operated by over 3100 electric utilities using equipment and systems 
from hundreds of suppliers, has historically not had much emphasis on 
standardization and thus incorporates many proprietary interfaces and 
technologies that result in the equivalents of stand-alone silos.
    Transforming this infrastructure into an interoperable system 
capable of supporting the nation's vision of extensive distributed and 
renewable resources, energy efficiency, improved reliability and 
electric transportation may well be described by future generations as 
the first great engineering achievement of the 21st century.

NIST's Standards Role: A Framework for Interoperability

    Moving towards nationwide North American, interoperable and secure 
Smart Grid cannot be done without establishing standards that are, 
preferably, harmonized with international standards. Under the Energy 
Independence and Security Act of 2007 (EISA), Congress assigned the 
National Institute of Standards and Technology (NIST) the ``primary 
responsibility to coordinate development of a framework that includes 
protocols and model standards for information management to achieve 
interoperability of Smart Grid devices and systems . . .'' [EISA Title 
XIII, Section 1305]. The act further specifies that the 
interoperability framework should be ``flexible, uniform, and 
technology neutral.'' The law also instructs that the framework should 
accommodate ``traditional, centralized generation and distribution 
resources'' while also facilitating incorporation of new, innovative 
Smart Grid technologies, such as distributed and renewable energy 
resources and energy storage.
    There is an urgent need to establish protocols and standards for 
the Smart Grid. Deployment of various Smart Grid elements, including 
smart sensors on distribution lines, smart meters in homes, and widely 
dispersed sources of renewable energy, is already underway and will be 
accelerated as a result of Department of Energy (DOE) Smart Grid 
Investment Grants and other incentives, such as loan guarantees for 
renewable energy generation projects. Without standards, there is the 
potential for technologies developed or implemented with sizable public 
and private investments to become obsolete prematurely or to be 
implemented without measures necessary to ensure security.
    NIST is providing strong national and international leadership to 
drive the creation of interoperability standards needed to make the 
Smart Grid a reality. We are engaging industry, government, and 
consumer stakeholders in an unprecedented, open, public process. As I 
will detail shortly, in January of this year the NIST-led process 
reached a major milestone with the publication of the Release 1.0 
Framework and Roadmap for Smart Grid Interoperability (NIST Special 
Publication 1108). This document provides the initial foundation for an 
interoperable and secure Smart Grid and has been widely praised by the 
Smart Grid stakeholder community. It has also provided direction for 
Smart Grid efforts around the world.

Comparatively Speaking: Off to a Fast Start

    We are calling this framework ``Release 1.0'' because, while it 
provides a very comprehensive foundation for the Smart Grid, our work 
to develop the standards is far from complete. A similar effort to 
develop foundational standards for the Next Generation Networks (NGN) 
in the telecom domain--the broadband networks we use today to provide 
integrated telephone, television and internet services--took two years 
to develop their ``Release 1.0'' and five years to develop ``Release 
2.0''. With the Smart Grid we have accomplished in about a year what 
took two years to do for the NGN. This is in spite of the fact that the 
Smart Grid is a far more complex system. The fast pace reflects the 
intensity and urgency with which we and our partners are working.
    While we are driving this program with a strong sense of urgency, 
we must also keep in mind that the foundation we lay with these 
standards likely will establish the basic architecture of the grid for 
the next 100 years. Any fundamental mistakes made at this stage may be 
difficult and costly to correct later. We especially cannot afford to 
make incorrect architectural choices or adopt weak standards that would 
compromise the security, reliability or stability of the grid. We need 
to work both quickly and carefully.

Accomplishments

    In April 2009, NIST launched a three-phase plan to expedite 
development and promote widespread adoption of Smart Grid 
interoperability standards. This plan was developed after consulting 
with numerous stakeholders in industry, the standards community, and 
Federal and state government. The plan, which I described in my 
testimony last July, reflects the need to rapidly establish an initial 
set of standards, while providing a robust, well governed process for 
the evolution of smart grid standards. I am pleased to tell you that 
the plan we laid out is on course and on schedule.
    In May 2009, U.S. Secretary of Commerce Gary Locke and U.S. 
Secretary of Energy Steven Chu chaired a meeting of nearly 70 
executives from the power, information technology, and other industries 
at which the executives expressed their commitment to support NIST's 
plan.

Initial Framework

    In Phase one, we engaged over 1,500 stakeholders representing 
hundreds of organizations in a series of public workshops over a six-
month period. In a recent letter, the U.S. Chamber of Commerce 
commended NIST for its ``willingness to reach out to the private sector 
on these issues.'' The Chamber described the NIST-led process as 
``transparent and inclusive.''
    Through this process, we and our collaborators created a high-level 
architectural model for the Smart Grid, analyzed use cases, identified 
applicable standards, determined gaps in currently available standards, 
and agreed on priorities for new standardization activities. The result 
of this phase, ``NIST Special Publication 1108--NIST Framework and 
Roadmap for Smart Grid Interoperability Release 1.0,'' was published in 
January 2010.
    The Release 1.0 Framework describes a high-level conceptual 
reference model for the Smart Grid, identifies 75 existing standards 
that are applicable to the ongoing development of the Smart Grid, 
specifies 16 high-priority gaps and harmonization issues for which new 
or revised standards and requirements are needed, documents action 
plans by which designated standards-setting organizations (SSOs) are 
addressing these gaps, and describes the strategy to establish 
requirements and standards to help ensure Smart Grid cyber security.
    The Smart Grid is a complex system of systems for which a common 
understanding of its major building blocks and how they interrelate 
must be broadly shared. The reference model described in the Release 
1.0 Framework provides a foundation to ensure alignment among the many 
Standards Setting Organizations that are working with NIST on achieving 
the Smart Grid vision.
    The Smart Grid will ultimately require hundreds of standards, 
specifications, and requirements. Some are needed more urgently than 
others. To prioritize its work, NIST chose to focus initially on 
standards needed to address the priorities identified in the Federal 
Energy Regulatory Commission (FERC) Policy Statement, plus additional 
areas identified by NIST. The eight priority areas are:

          Demand Response and Consumer Energy Efficiency

          Wide-Area Situational Awareness

          Energy Storage

          Electric Transportation

          Advanced Metering Infrastructure

          Distribution Grid Management

          Cyber Security

          Network Communications

    Many of the standards identified by NIST are mature and already 
widely used by industry, others require revisions to accommodate Smart 
Grid applications and requirements, and still others are in the draft 
stage and not yet publicly available. Collectively, these 75 standards 
provide an extensive foundation for the Smart Grid. They address such 
issues as standardizing the data captured by smart meters, common 
information models for the grid, protocols for communicating price and 
demand response signals between the grid and smart appliances, and the 
interface between plug-in electric vehicles and the grid for charging 
at 110 or 220 volts, to provide a few examples. However, there are many 
gaps in the standards portfolio that must be filled in.
    Through the NIST workshops, NIST determined that many potentially 
useful standards will require revision or enhancement before they can 
be implemented to address Smart Grid requirements. In addition, 
stakeholders identified gaps requiring entirely new standards to be 
developed. In all, a total of 70 such gaps or related issues were 
initially identified. Of these, NIST selected 16 for which resolution 
is most urgently needed to support one or more of the Smart Grid 
priority areas. For each, an action plan involving relevant 
stakeholders was launched. These Priority Action Plans specify 
organizations that have agreed to accomplish defined tasks with 
specified deliverables. One key action plan, to develop a standard to 
ensure software upgradeability of the millions of smart meters that 
will be deployed over the next several years, has already been 
completed. Substantive progress has been made in meeting the milestones 
of other action plans addressing gaps in the standards portfolio.

Establishing a New Partnership to Maintain Momentum

    Phase two of the NIST plan saw the establishment of a more 
permanent public-private partnership, the Smart Grid Interoperability 
Panel (SGIP), to guide the development and evolution of the standards. 
This body is also guiding the establishment of a testing and 
certification framework for the Smart Grid, which is Phase three of the 
NIST plan. The SGIP was formalized and launched in November 2009 and is 
now in execution mode. During its eight months in existence, membership 
in the SGIP has grown to over 580 organizations, representing private 
companies, universities, research institutes, industry associations, 
standards setting organizations, testing laboratories, and government 
agencies at the Federal, state and local levels. Nearly 1600 
individuals who participate in the committees, working groups, and 
priority action plans working under the panel, represent these hundreds 
of organizations. An elected 27-member governing board representing 22 
different stakeholder groups ranging from electric utilities, electric 
equipment manufacturers, building automation providers, information and 
communications technology companies, state regulators, and even venture 
capital firms oversees the SGIP. Membership in the SGIP is open to 
international participants, and 52 organizations from other countries 
around the world participate in its work. This is helping to ensure 
that standards used for the Smart Grid in the U.S. are based wherever 
possible on international standards that are harmonized globally. This 
provides a double benefit to the U.S. It enables Smart Grid suppliers 
to cost-effectively address the global market, and it promotes greater 
supplier competition, which in turn reduces costs for utilities and 
consumers.

Cyber Security: A Paramount Concern from the Very Beginning

    Cyber security of the Smart Grid is a paramount concern, and this 
has been a major focus of our effort. A NIST-led cyber security working 
group, consisting of over 460 participants from the private and public 
sectors, is leading the development of a cyber security strategy and 
guidelines for the Smart Grid. The working group has developed an 
overall cyber security strategy; selected and revised security 
requirements for the Smart Grid; identified vulnerability classes and 
specific cyber security issues applicable to the Smart Grid; performed 
a privacy impact assessment; specified research and development topics; 
and is assessing relevant standards and developing a security 
architecture linked to the Smart Grid conceptual reference model. 
Results of the group's work have been published in two drafts of NIST 
Interagency Report 7628 (Smart Grid Cyber Security Strategy and 
Requirements), issued in September 2009 and February 2010, which have 
gone through public review. This draft is now being finalized 
addressing all comments received and will be published as NIST IR 7628: 
Guidelines for Smart Grid Cyber Security in July of this year.

Where Are We Headed

    Our most immediate priority is completion of the Priority Action 
Plans that are now tackling the highest-priority needs in the standards 
portfolio. One action plan, the Smart Meter Upgradeability Standard, 
has already been completed. The other Priority Action Plans currently 
underway are:

          Data standard for consumer energy usage information

          Common specification for communicating electricity 
        price and product definition

          Common scheduling mechanism for energy transactions

          Common information model for distribution grid 
        management

          Standard demand response signals

          DNP3 Mapping to IEC 61850 Objects

          Harmonization of IEEE C37.118 with IEC 61850 and 
        precision time synchronization

          Transmission and distribution power systems models 
        mapping

          Guidelines for use of the Internet Protocol suite in 
        the Smart Grid

          Guidelines for use of wireless communications in the 
        Smart Grid

          Energy storage interconnection guidelines

          Interoperability standards to support plug-in 
        electric vehicles

          Standard meter data profiles

          Harmonize power line carrier standards for appliance 
        communications in the home

          Standards for Wind Plant Communication

    One action plan I wish to highlight is the work to create a 
standard for consumer energy usage information. Today, the only 
information available to most consumers about their electricity usage 
is their monthly utility bill. Consumers need more timely and detailed 
electronic access to their data in order to reduce energy usage. Under 
the NIST action plan, the North American Energy Standards Board is 
developing a standard that will define the data on energy usage that 
smart meters and utility information systems must make available to 
consumers. A draft of this standard will be available by the end of 
2010. As these highest priority action plans are completed in 2010, new 
action plans will be launched by the Smart Grid Interoperability Panel 
to address additional gaps that still need to be filled, as well as new 
requirements and technologies that emerge.
    Another high priority for NIST is supporting the forthcoming FERC 
rulemaking. EISA directs FERC to institute a rulemaking proceeding to 
adopt such standards and protocols as may be necessary to ensure smart-
grid functionality and interoperability in interstate transmission of 
electric power, and regional and wholesale electricity markets, at any 
time after NIST's work has led to sufficient consensus in the 
Commission's judgment. NIST has been working very closely with FERC 
throughout the entire process.
    The evolving nature of the Smart Grid implies that the regulatory 
adoption of standards will be an ongoing process rather than a one-time 
action. Therefore I anticipate that FERC's initial rulemaking will 
focus on a subset of the standards identified by NIST that are the most 
mature and the most critically needed for end-to-end Smart Grid 
interoperability and security. NIST, working closely with FERC staff, 
is preparing additional technical documentation and analysis of these 
standards to inform FERC's decision about which standards to include in 
its initial rulemaking. NIST is working to complete these documents by 
the end of July.
    It is important for Federal and state regulators to keep in mind, 
when considering the adoption of standards, that while all of the 
standards identified through the NIST process are needed for the Smart 
Grid, it is not necessary or appropriate for all of them to be adopted 
in regulations. Many consensus standards are already widely used by 
industry on a strictly voluntary basis. In some cases their adoption in 
regulations can be counterproductive. A careful balance must be struck 
to ensure that the most critical standards needed to ensure end-to-end 
interoperability and security are adopted in regulations, without 
impeding continuing innovation and technology improvement.
    Another major priority is the establishment of a testing and 
certification framework for the Smart Grid. The standards 
specifications are necessary but not sufficient to ensure 
interoperability and security. A robust and well-defined testing and 
certification program is needed.
    A new Testing and Certification Committee that has been established 
under the Smart Grid Interoperability Panel is guiding the development 
of a testing and certification framework for the Smart Grid. This 
committee is co-chaired by a leading expert from the private sector and 
a manager in the NIST Office of the National Coordinator for Smart Grid 
Interoperability. The committee includes representatives of leading 
testing laboratories, industry associations, electric utilities, and 
smart grid suppliers. The committee is working to prioritize the types 
of interoperability testing needed, laboratory qualification criteria, 
and requirements for Testing Organizations and Certification 
Organizations to successfully facilitate conformity assessment to 
product or system interoperability and cyber security standards.
    There are few formalized test programs currently in existence 
focused on the Smart Grid. One of the most urgent areas of need is a 
formalized program to test the conformance of smart meters against 
applicable Smart Grid cyber security requirements and standards. NIST 
is using a portion of its Recovery Act funds to develop a smart meter 
cyber security conformance program. A solicitation for a private sector 
contractor to support NIST in developing this program closed on June 
10, 2010, and our goal is to have the initial test methodology 
developed and ready for deployment within 12 months from the contract 
award date.

Challenges and Opportunities

    The task of developing standards for an infrastructure like the 
Smart Grid is a large and complex undertaking; however, it is eminently 
doable. There have been several previous infrastructure standards 
projects of similar magnitude that were accomplished successfully and 
with which I have personal experience.
    Thirty years ago, Bell Laboratories successfully put in place 
architecture for the complete automation of maintenance and operations 
in the nationwide telecommunications network, with an underlying 
foundation of protocols and standards that utilized distributed 
computing and data networking technology of that era. That job was 
comparable in scale to the current challenge of the Smart Grid; however 
the coordination challenge was a bit easier because the national 
network at that time was owned and operated by a single entity with a 
captive manufacturer rather than 3100 utilities and hundreds of 
suppliers.
    The evolution of the Internet provides another example of a global 
infrastructure that has evolved over the course of decades, using open 
standards to achieve interoperability in a flexible way to support new 
applications and technologies that were never imagined at the outset. 
Like the Internet, the Smart Grid will need to evolve over the 15-20 
years in which its deployment will likely occur, and in that sense the 
development of the standards will be an ongoing process.
    One of the key challenges that we face is to ensure that our 
standards are, wherever possible, harmonized internationally. This 
provides a double benefit. It ensures the broadest possible market for 
U.S. Smart Grid suppliers, helping U.S. companies export their smart 
grid products, technologies, and services overseas, while creating high 
technology and jobs within the United States. The Administration's 
National Export Initiative (NEI) aims to double U.S. exports in five 
years, with the goal of creating two million new jobs in the United 
States. Smart Grid companies and technology providers based in the 
United States will be instrumental in advancing Smart Grid deployment 
in overseas markets while creating jobs at home. This will support 
NEI's efforts on international standards, promote greater supplier 
competition, and lower equipment prices for utilities and consumers. 
Our policy has been to base our U.S. Smart Grid on international 
standards wherever possible. Of the 75 standards identified in the NIST 
Release 1.0 Framework, 77 percent are produced by international 
standards organizations.
    The U.S. is ahead of every other country in establishing a 
standards framework for its Smart Grid. We have intentionally opened 
our process to the international community and expressed a preference 
for international standards to encourage harmonization. We have also 
invested significant effort in establishing bilateral and multilateral 
dialogs with other nations that are working on Smart Grids, including 
Canada, Mexico, Brazil, the EU (and many of its member states), Japan, 
Korea, Australia, India and China. It will not be possible to harmonize 
all our standards, given the historical differences that exist between 
electrical systems in different parts of the world, but we are making 
harmonization a very high priority.
    China in particular is making very large investments to create a 
Smart Grid, with significant emphasis on transmission and distribution 
infrastructure. By one estimate, China will spend $10 billion annually 
on Smart Grid/smart infrastructure systems. There is great opportunity 
for foreign investment. Companies that specialize in transmission and 
transformation equipment, automation equipment, and information and 
communications technology components are well-positioned to contribute 
to China's grid development projects. I have read some reports that 
predict that China's preference for indigenous innovation will extend 
to the Smart Grid, and that China may seek to establish its own 
standards for the Smart Grid in the belief that the size of its market 
will lead to their adoption as de facto global standards. I hope that 
this will not be the case, and that China will take action to 
strengthen collaboration with the U.S. in creating harmonized 
international standards.
    Another challenge that we face is accelerating the resolution of 
some key standards issues that could impede development of the market 
if not settled soon.
    Several major appliance manufacturers have announced their 
intention to bring to market Smart Grid-enabled consumer appliances 
beginning in late 2011, provided that standards for communication 
between appliances and the grid for pricing and demand response signals 
are resolved by the end of 2010. The existence of too many competing 
standards has the potential to fragment the market and impede its 
development. Recognizing the urgency, a task group of the SGIP 
Governing Board including representatives from the appliance, consumer 
electronics, electric utility, building automation, and IT industries, 
and other stakeholders including state regulators, has been addressing 
the issue. In conjunction with a related effort being undertaken by the 
Association of Home Appliance Manufacturers, we are on target to 
achieve a timely resolution of the standards for smart appliances to 
communicate with the grid to meet the needs of the appliance industry.
    Another issue that will be more difficult to resolve is the 
interconnection standard between electric vehicles and the grid for 
high-voltage, rapid charging. As I indicated earlier, the standards for 
charging at 110 or 220 volts have been settled and this will support 
the deployment of first generation electric vehicles. Charging stations 
that support rapid charging in minutes rather than hours will be 
needed, however, for widespread adoption of electric vehicles. There 
are at least four different competing proposals advocated by auto 
manufacturers headquartered in the U.S., Japan, Europe and China on 
what this interface should be. Lack of clarity on what the standard 
will be could impede development of a charging infrastructure in the 
U.S. Our Priority Action Plan on electric vehicles includes the timely 
resolution of this difficult issue as a key goal.
    An overarching challenge that we face in setting standards for the 
Smart Grid is ensuring that they are sufficiently flexible to preserve 
options for the evolution of the grid as we gain experience with early 
deployment. The fact is that there are still many unknowns in such 
issues as the degree of centralized vs. distributed control of the 
grid. For example as we move toward more distributed renewable 
generation, with households and buildings not only consuming power but 
also generating power and selling it back into the grid, and appliances 
behaving in different ways in response to price signals, having 
effective controls to ensure stability of the grid will become 
increasingly important. New, more dynamic measurements and models of 
grid performance will be needed. Measurements, characterization, and 
models of storage devices, electric vehicles, and distribution system 
loads have to be developed. These are areas in which NIST's expertise 
in measurement science can contribute and we are addressing them in the 
program planning for our research efforts related to the Smart Grid. 
Cyber security will remain a significant challenge as threats continue 
to evolve, and application of NIST's expertise in computer and network 
security to the Smart Grid will continue to be a top priority.
    Finally, I would like to mention an opportunity. Basing the Smart 
Grid architecture on open standards, as we are doing, may facilitate 
multi-use scenarios, in much the same way as the Internet has evolved 
over time to provide a common set of protocols and standards supporting 
voice, video and data applications. Japan, which is following what we 
are doing very closely, is moving in this direction. Japan has recently 
unveiled their national Smart Grid program, which they have called the 
``Smart Community''. Their roadmap envisions a common architecture 
supporting automation in their electric grid, water and gas networks, 
energy efficient buildings, and intelligent transportation. I believe 
that the architecture and standards for the U.S. Smart Grid should 
consider this broader concept and not limit our future direction.
    The knowledge gained by rigorous analysis of the performance of the 
Smart Grid under the Department of Energy's (DOE) ARRA programs will 
give us valuable information to determine whether or not benefits could 
be gained by applying the standards based intelligence infrastructure 
to other domains important to our society.

Conclusion

    The Smart Grid, with the unique investment opportunity afforded by 
the American Recovery and Reinvestment Act, represents a once in a 
lifetime opportunity to renew and modernize one of the Nation's most 
important infrastructures. NIST is proud to have been given such an 
important role and is committed to achieving the Administration's 
vision of a cleaner, more reliable, more efficient and effective 
electricity grid that creates jobs and reduces our dependence on 
others.
    Thank you for the opportunity to testify today on NIST's work on 
Smart Grid interoperability. I would be happy to answer any questions 
you may have.

                     Biography for George W. Arnold



    George Arnold was appointed National Coordinator for Smart Grid 
Interoperability at the National Institute of Standards and Technology 
(NIST) in April 2009. He is responsible for leading the development of 
standards underpinning the nation's Smart Grid. Dr. Arnold joined NIST 
in September 2006 as Deputy Director, Technology Services, after a 33-
year career in the telecommunications and information technology 
industry.
    Dr. Arnold served as Chairman of the Board of the American National 
Standards Institute (ANSI), a private, non-profit organization that 
coordinates the U.S. voluntary standardization and conformity 
assessment system, from 2003 to 2005. He served as President of the 
IEEE National Coordinator for Smart Grid Standards Association in 2007-
08 and is currently Vice Interoperability Office of the Director 
President-Policy for the International Organization for Standardization 
(ISO) where he is responsible for guiding ISO's strategic plan.
    Dr. Arnold previously served as a Vice-President at Lucent 
Technologies Bell Laboratories where he directed the company's global 
standards efforts. His organization played a leading role in the 
development of international standards for Intelligent Networks and IP-
based Next Generation Networks. In previous assignments at AT&T Bell 
Laboratories he had responsibilities in network planning, systems 
engineering, and application of information technology to automate 
operations and maintenance of the I nationwide telecommunications 
network.
    Dr. Arnold received a Doctor of Engineering Science degree in 
Electrical Engineering and Computer Science from Columbia University in 
1978. He is a Senior Member of the IEEE.

    Chairman Wu. Thank you very much, Dr. Arnold.
    Mr. Emnett, please proceed.

  STATEMENT OF MR. MASON W. EMNETT, ASSOCIATE DIRECTOR OF THE 
    OFFICE OF ENERGY POLICY AND INNOVATION, FEDERAL ENERGY 
                     REGULATORY COMMISSION

    Mr. Emnett. Thank you, Mr. Chairman and Members of the 
Subcommittee. My name is Mason Emnett and I am the Associate 
Director of the Office of Energy Policy and Innovation at the 
Federal Energy Regulatory Commission. Yes, that is a mouthful. 
I appear today before you as a staff witness. My testimony does 
not necessarily represent the views of the Commission or any 
individual commissioner.
    As Dr. Arnold explained, the Commission shares statutory 
responsibility regarding the development of smart grid 
interoperability standards with the National Institute of 
Standards and Technology. The Energy Independence and Security 
Act of 2007 directs NIST to coordinate the development of a 
framework to achieve interoperability of smart grid systems and 
devices. Once the Commission is satisfied that NIST's work has 
led to sufficient consensus, the Commission is directed to 
institute a rulemaking proceeding to adopt such standards and 
protocols as may be necessary to ensure smart grid 
functionality and interoperability in the interstate 
transmission of electricity and in regional and wholesale 
electric markets.
    In order to provide input to NIST in the development of its 
interoperability framework, the Commission in July 2009 issued 
a smart grid policy statement that identified areas that 
deserved high priorities in the smart grid standards 
development process. The Commission explained that addressing 
these issues would help expedite the development of functions 
that are important to Federal energy policy. NIST embraced the 
Commission's priority in preparing its framework, which was 
released by NIST in January 2010 and included additional 
priorities identified by NIST. The NIST framework identifies an 
initial set of 75 interoperability standards that are 
applicable or are likely applicable to the ongoing development 
of smart grid technologies and applications. The framework also 
outlines a number of action plans providing for further 
standards development to address the priorities identified by 
NIST and the Commission.
    As Dr. Arnold mentioned, to provide continuing stakeholder 
input in the smart grid standards development process, NIST has 
formed the Smart Grid Interoperability Panel, a public-private 
partnership of stakeholder groups supporting NIST in the 
ongoing coordination, acceleration and harmonization of 
standards development for the smart grid. Although the 
Commission is not a formal member of the interoperability panel 
or its governing board, our staff has attended meetings of both 
as well as many meetings regarding work on the priority action 
plans and working group meetings focusing on such issues as 
cybersecurity.
    With regard to the adoption of smart grid standards by the 
Commission, the commission explained in the Policy statement 
that its statutory mandate under EISA [Energy Independence and 
Security Act] requires it to consider standards that will be 
applicable to all electric power facilities with smart grid 
features. This could include facilities at the local 
distribution level and those used directly by retail customers 
as long as the related standard is necessary for the purpose 
identified in EISA. The Commission stated, however, that it 
would not adopt a smart grid standard without a demonstration 
of sufficient cybersecurity protection. The Commission noted in 
the policy statement that adoption by the Commission of a 
standard under EISA does not make the standard mandatory. To 
the extent the Commission might wish to make any particular 
smart grid standard mandatory, its authority to do so must 
derive under other statutory authority such as the Federal 
Power Act. The Commission also explained that adoption of a 
smart grid standard by the Commission under EISA does not alter 
any state jurisdiction that may exist with regard to compliance 
with the smart grid standard.
    To support an active dialog with states regarding the 
interest in smart grid development, the Commission has formed a 
Federal-state collaborative with the National Association of 
Regulatory Utility Commissioners and encouraged states to 
actively participate in the smart grid standards development 
process.
    Finally, the Commission also has sought to encourage the 
development of smart grid applications by providing rate 
incentives to early adopters of smart grid technologies. The 
Commission expressed concern that waiting for all technical 
issues to be resolved before beginning investment in smart grid 
deployment would frustrate the development of smart grid 
standards. The Commission will therefore allow recovery of a 
jurisdictional smart grid cost prior to finalization of related 
smart grid standards if certain specific demonstrations are 
made.
    In conclusion, the Commission remains committed to 
supporting development of smart grid standards and investments 
in smart grid technologies where appropriate. Continued 
cooperation among NIST, other Federal agencies, state 
regulators and industry representatives as well as consumer 
representatives and other interested entities will enable the 
successful deployment of innovative, effective and secure smart 
grid technologies.
    Thank you again for the opportunity to appear before you 
today. I would be happy to answer any questions you may have.
    [The prepared statement of Mr. Emnett follows:]

                 Prepared Statement of Mason W. Emnett

Mr. Chairman and members of the Subcommittee:

    My name is Mason Emnett, and I am the Associate Director of the 
Office of Energy Policy and Innovation at the Federal Energy Regulatory 
Commission (Commission). I appear before you as a staff witness; my 
testimony does not necessarily represent the views of the Commission or 
any individual Commissioner. Thank you for the opportunity to appear 
before you today to discuss the progress of standards development 
towards smart grid interoperability and modernization of the nation's 
electricity transmission and distribution system.
    The Chairman of the Commission, Jon Wellinghoff, most recently 
testified about the benefits of smart grid technologies and the status 
of the agency's work on smart grid standards on March 23, 2010, before 
the Energy and Environment Subcommittee of the House Committee on 
Energy and Commerce. Today, I will focus on the Commission's efforts to 
support the development of smart grid standards, its role in adopting 
standards, and its work to incentivize investment in smart grid 
technologies.

Development of Smart Grid Standards

    In the Energy Independence and Security Act of 2007 (EISA), 
Congress enacted several requirements related to development of a smart 
grid. Among other things, EISA directs the National Institute of 
Standards and Technology (NIST) to coordinate the development of a 
framework to achieve interoperability of smart grid devices and 
systems. In furtherance of this responsibility, NIST has engaged in 
significant outreach to identify standards for potential inclusion in a 
smart grid interoperability framework, leading to the publication in 
January 2010 of the Framework Roadmap for Smart Grid Interoperability 
Standards, Release 1.0 (Framework).
    To provide input into the development of the NIST Framework, the 
Commission in July 2009 issued a Smart Grid Policy Statement that, 
among other things, discussed smart grid functions and characteristics 
that could help address challenges to the reliable operation of the 
transmission system. In response to the need for action on these 
challenges, the Commission identified areas that deserved high priority 
in the smart grid standards development process. These areas include 
two cross-cutting issues, system security and inter-system 
communication, and four key grid functionalities: wide-area situational 
awareness, demand response, electric storage and electric vehicles.
    The Commission explained that addressing these priorities would 
help to expedite the development of functions that are important to 
Federal energy policy. For example, wide-area situational awareness 
will provide tools that can improve reliability. Demand response and 
electric storage will support initiatives that have emerged in many 
states such as integrating renewable generation to permit utilities to 
meet state-mandated renewable portfolio standard requirements. Electric 
vehicles will help reduce our dependence on foreign oil, and will also 
have favorable environmental impacts. NIST embraced these priorities in 
drafting its Framework, and added two additional priorities for 
standards: advanced metering and distribution system automation.
    In order to ensure broad support for these priorities, staff from 
NIST and the Commission have engaged in individual and coordinated 
outreach with standards development organizations from the 
telecommunications, internet, and power industries to discuss framework 
development and the respective roles of each agency in the standards 
development process. NIST also released a draft of its Framework in 
September 2009 to provide an opportunity for public comment and 
collaboration with the Commission prior to finalizing the document. 
Based on this feedback, NIST's Framework identified 75 interoperability 
standards that are applicable, or are likely applicable, to the ongoing 
development of smart grid technologies and applications. The NIST 
Framework also outlines the priority areas identified by both the 
Commission and NIST in the smart grid standards development process. In 
particular, sixteen Priority Action Plan areas were created to address 
gaps in standards that are critical for the interoperability of the 
smart grid.
    In addition, NIST has provided for continuing stakeholder input 
into the smart grid standards development process through formation of 
the Smart Grid Interoperability Panel (SGIP), a public-private 
partnership of 22 stakeholder groups supporting NIST in the ongoing 
coordination, acceleration and harmonization of standards development 
for the smart grid. The Governing Board of this Panel was elected and 
tasked with maintaining a broad perspective regarding the NIST 
interoperability framework and providing recommendations to NIST. 
Within the SGIP are two standing committees and one permanent working 
group to support NIST on particular issues. One standing committee has 
responsibility for outlining the architecture needed to realize the 
smart grid vision. The second committee addresses testing and 
certification of vendor products and systems for conformance with smart 
grid standards and for interoperability.
    The working group within the SGIP addresses matters related to the 
security of the smart grid, including reviewing standards to determine 
the level of cyber security present and determining whether each 
identified standard meets appropriate security requirements. This 
working group has released two drafts of an Interagency Report on Smart 
Grid Cyber Security Strategy and Requirements in September 2009 and 
February 2010, and is currently reviewing comments on the latest draft. 
The report addresses risks, vulnerabilities, threats, and impacts, and 
provides guidance related to smart grid cyber security.
    Although the Commission is not a formal member of the SGIP or its 
Governing Board, Commission staff has attended meetings of both, as 
well as many meetings regarding work on the Priority Action Plans. 
Commission staff is also actively involved in the work of the cyber 
security working group, as the Commission recognizes that inadequate 
cyber security could threaten the health of the bulk power system.

Adoption of Standards by the Commission

    As defined by EISA, the Commission's responsibility to review a 
smart grid interoperability standard is triggered once the Commission 
is satisfied that NIST's work has led to sufficient consensus. At such 
time, the Commission is directed to institute a rulemaking proceeding 
to adopt such standards and protocols as may be necessary to ensure 
smart grid functionality and interoperability in interstate 
transmission of electric power and regional and wholesale electric 
markets.
    The Commission explained in the Policy Statement that it understood 
this mandate to give it authority to adopt a standard that will be 
applicable to all electric power facilities and devices with smart grid 
features, including those at the local distribution level and those 
used directly by retail customers, as long as the standard is necessary 
for the purpose identified in EISA. The Commission noted, for example, 
that two-way communications are a distinguishing characteristic of 
smart grid devices on both the transmission and distribution systems. 
Such two-way communication capability is essential to the smart grid 
vision of interoperability, allowing the transmission and distribution 
systems to communicate with each other and affecting the security and 
functionality of each other. Consequently, the Commission found that 
EISA grants it the authority to adopt standards that relate to 
distribution facilities and devices deployed at the distribution level, 
if the Commission finds that such standards are necessary for smart 
grid functionality and interoperability in interstate transmission of 
electric power, or in regional and wholesale electric markets.
    In addition, the Commission stated in the Policy Statement that it 
will require a demonstration of sufficient cyber security protection 
for a standard to be adopted. This consideration is consistent with 
EISA's inclusion of cyber security as a characteristic of a smart 
grid,\1\ EISA's identification of cyber security as a ``smart grid 
function,'' \2\ and EISA's requirement for the Department of Energy (in 
consultation with the Commission, the Department of Homeland Security, 
and the Electric Reliability Organization certified by the Commission) 
to study and report on the potential impact of deployment of Smart Grid 
systems on the security of the Nation's electricity infrastructure.\3\
---------------------------------------------------------------------------
    \1\ EISA section 1301(2).
    \2\ EISA section 1306(d)(5).
    \3\ EISA section 1309(b).
---------------------------------------------------------------------------
    The Commission noted in the Policy Statement, however, that 
adoption by the Commission of a standard under EISA does not make the 
standard mandatory, nor does EISA give the Commission authority to 
require the development of a smart grid standard. To the extent the 
Commission might wish to make any smart grid standards mandatory, its 
authority to do so must derive from other statutory authority, such as 
the Federal Power Act. For example, the Commission has the authority 
under section 215 of the Federal Power Act to approve and enforce 
reliability standards developed by the North American Electric 
Reliability Corporation. The Commission also has the authority under 
sections 205 and 206 of the Federal Power Act to establish the rates, 
terms and conditions of wholesale sales and interstate transmission of 
electricity, including the incorporation into Federal regulations of 
business practice standards developed by the North American Energy 
Standards Board. Although there is the potential for some overlap in 
the adoption of smart grid standards under EISA and review of 
reliability or business practice standards under the Federal Power Act, 
these sources of jurisdiction are distinct and the Commission has 
interpreted EISA as not changing the scope of its jurisdiction.
    The Commission also explained in the Policy Statement that adoption 
of a smart grid standard by the Commission under EISA does not alter 
any state jurisdiction that may exist to require compliance with smart 
grid standards. To that end, the Commission has recognized that states 
have an interest in the functionalities of smart grid technologies and 
encouraged states to actively participate in the standards development 
process to ensure that their perspectives are represented. The 
Commission expressed in the Policy Statement an expectation that its 
adoption of national standards should enhance, not limit, the policy 
choices available to each state.
    To support an active dialogue with the states on these issues, the 
Commission has formed a Federal-state collaborative with the National 
Association of Regulatory Utility Commissioners to address issues 
related to smart grid and demand response. This body has received 
substantial input from a variety of smart grid stakeholders on a range 
of issues, including smart grid interoperability standards, consumer 
access to and privacy of data, potential smart grid benefits, and 
potential new business models and regulatory approaches. By 
coordinating consideration of these issues, the Collaborative provides 
a forum to identify how smart grid development can benefit consumers 
and to address the concerns of regulators regarding grid security and 
functionality.

Incentivizing Smart Grid Investment

    The Commission also has sought to encourage the development of 
smart grid applications by providing rate incentives to early-adopters 
of smart grid technologies. In its Policy Statement, the Commission 
established an interim rate policy to apply during the period prior to 
adoption of interoperability standards by the Commission. The 
Commission expressed concern that waiting for all technical issues to 
be resolved before beginning investment in smart grid deployment would 
frustrate the development of smart grid standards. The Commission 
concluded that smart grid resources deployed with appropriate 
protections during the interim period prior to the Commission's 
adoption of interoperability standards could instead increase our body 
of knowledge and ultimately assist the standards development process.
    During this period, the Commission will allow recovery of 
Commission-jurisdictional smart grid-related costs if four 
demonstrations are made. These four demonstrations are (1) the smart 
grid facilities will advance the policy and goals of section 1301 of 
EISA, (2) the smart grid facilities will not adversely affect the 
reliability and cybersecurity of the bulk-power system, (3) the 
applicant has minimized the possibility of stranded investment in smart 
grid equipment, and (4) the applicant agrees to provide certain 
information to the Department of Energy Smart Grid Information 
Clearinghouse.
    With regard to the fourth demonstration, the Commission recognizes 
the benefit of DOE implementing a Smart Grid Information Clearinghouse 
to collect information about the results of the smart grid grant and 
demonstration programs that have been funded by the American Recovery 
and Reinvestment Act of 2009. This information can help Federal and 
state regulators as they make decisions on smart grid filings from 
electric utilities, providing knowledge gained from pilot projects, 
lessons learned about the impact of investments, and best practices. 
Commission staff has worked with DOE and other stakeholders to help 
define the precise data that should be collected, and the Commission 
has sought to supplement that data by requiring applicants for rate 
recovery of smart grid costs to provide relevant information to the 
Clearinghouse.

Conclusion

    In conclusion, the smart grid effort has benefited from the active 
participation of many industry segments in NIST's standards development 
process. The Commission remains committed to continued cooperation 
among NIST, other Federal agencies, state regulators, industry 
representatives, consumer representatives, and other interested 
entities in order to realize the successful deployment of innovative, 
efficient and secure smart grid technologies.
    Thank you again for the opportunity to appear before you today. I 
would be happy to answer any questions you may have.

                     Biography for Mason W. Emnett
    Mason Emnett is Associate Director of the Office of Energy Policy 
and Innovation at the Federal Energy Regulatory Commission. The Office 
provides leadership in the development and formulation of policies and 
regulations to address emerging issues affecting wholesale and 
interstate energy markets.
    Mr. Emnett joined the Commission in 2006, serving as Senior Legal 
Advisor in the Commission's Office of General Counsel. There he advised 
the Commission on legal and policy matters related to electric 
transmission service, wholesale power sales, electric system 
reliability, corporate regulation of public utilities, and enforcement 
proceedings. Prior to joining the Commission, Mr. Emnett was in private 
practice with the law firm of Skadden, Arps, Slate, Meagher and Flom 
LLP in Washington, DC. where he represented public utilities appearing 
before the Commission on matters related to market design, wholesale 
rates, mergers and acquisitions, and regulatory compliance.
    Mr. Emnett is a graduate of the Georgetown University Law Center 
and of the University of Texas at Arlington.

    Chairman Wu. Thank you very much.
    Mr. McDonald, please proceed.

STATEMENT OF MR. JOHN D. McDONALD, P.E., DIRECTOR OF TECHNICAL 
           STRATEGY AND POLICY DEVELOPMENT, GE ENERGY

    Mr. McDonald. Good morning, Mr. Chairman and Members of the 
Subcommittee, I am John McDonald, Director of Technical 
Strategy and Policy Development with GE's Digital Energy 
business. Digital Energy provides technology solutions enabling 
grid management and optimization for electric utilities 
worldwide. And in my role, I set and drive the vision 
integrating standards, policy, regulatory and industry 
participation with customer solutions development.
    My comments today are based on over three decades of 
experience in the electric industry including past President of 
the Institute of Electrical and Electronics Engineers, or IEEE, 
Power and Energy Society, current member of DOE's Smart Grid 
Electricity Advisory Committee, Board Member of the Gridwise 
Alliance and the IEEE Standards Association, and Governing 
Board Chair of the NIST Smart Grid Interoperability Panel, or 
the SGIP.
    I welcome this opportunity to update you on the SGIP's 
efforts to support smart grid architecture and standards and 
offer GE's perspectives on principles to guide standards 
development.
    The smart grid is essential to addressing our energy 
demand, security and environmental challenges. We commend our 
Nation's leadership for embracing the smart grid in the Energy 
Independence and Security Act of 2007 and the American Recovery 
and Reinvestment Act [ARRA] of 2009. This legislation and 
direction from Federal and state regulatory agencies gives our 
industry a tremendous opportunity to begin transforming our 
grid into a more automated, interactive, and intuitive power 
delivery system.
    Crucial to this undertaking are system architecture and 
standards, testing and certification and cybersecurity. These 
are the foundation for bringing together the electrical and 
communications infrastructure and for evolving technology to 
meet many and disparate needs. They also provide a framework 
for development, a roadmap for progress, and a catalyst for 
continued industry investment.
    Given the importance and complexity of these areas, there 
is a need for the government to play a coordinating role. The 
National Institute of Standards and Technology, or NIST, under 
Dr. George Arnold's leadership as National Coordinator for 
Smart Grid Interoperability, has embraced this role and is 
working diligently to ensure we create a foundation that is 
built to last and a modern grid that is more robust, responsive 
and resilient.
    The SGIP is lead by three core teams--NIST, Plenary 
officers, and a Governing Board--and is fully supported by an 
administrator. Our membership is large and diverse by design, 
as it is free and open to all who share the smart grid vision. 
To date, it consists of some 1,700 individuals from 590 member 
organizations representing 22 stakeholder categories. 
Furthermore, the membership is organized into three standing 
committees, six domain expert working groups and 16 priority 
action plan teams, and now supported by a Program Management 
Office.
    Since the beginning of the year, NIST and the SGIP have 
gained interest and traction worldwide on their Smart Grid 
Conceptual Reference Model. The identification and 
prioritization of the 75 existing standards of greatest impact 
to smart grid interoperability and our priority action plans to 
address gaps and inconsistencies are driving much-needed focus 
while the SGIP structure and operating rhythm are driving much-
needed collaboration and consensus. Timelines are being adhered 
to, even accelerated, in light of related policy discussions 
and actions. Meetings are being co-located with other 
stakeholders and industry influencers to further harmonize our 
respective work.
    I would also like to share that GE believes the following 
principles should guide the government's engagement in private-
sector standards activities: number one, encourage consensus-
based adoption of technical standards; two, balance Federal 
leadership with private-sector innovation; three, promote 
international standards development; four, utilize Federal R&D 
to support standards development; and five, educate 
stakeholders to accelerate deployment of standards.
    In closing, let me say thank you for your interest in and 
evaluation of how smart grid architecture and standards are 
progressing. As these represent the foundation we build upon, 
that will guide our technology development and innovation for 
years to come, it is essential that we continue to move forward 
in a deliberate, disciplined fashion that represents and 
respects all industry stakeholders. While the work of NIST and 
the SGIP is extremely challenging, it is always rewarding given 
we are charting the course for a truly 21st century grid, 
steady, sustainable and truly smart. Thank you.
    [The prepared statement of Mr. McDonald follows:]

                 Prepared Statement of John D. McDonald

    Good morning Mr. Chairman and members of the Committee, I am John 
McDonald, Director, Technical Strategy and Policy Development, with GE 
Energy's Digital Energy business. In this role, I set and drive the 
vision that integrates standards, policy, regulatory and industry 
participation with customer solutions development at Digital Energy.
    My comments today are based upon my more than three decades of 
experience working in the electric power industry, my position at GE 
and my numerous industry leadership roles. These include Past President 
of the Institute of Electrical and Electronics Engineers (IEEE) Power & 
Energy Society, current member of the Department of Energy (DOE) Smart 
Grid Electricity Advisory Committee, current Board Member of The 
GridWise Alliance and the IEEE--SA (Standards Association), and current 
Chair of the Governing Board of the NIST Smart Grid Interoperability 
Panel (SGIP).
    I welcome this opportunity to provide an update on the SGIP's 
efforts in support of Smart Grid architecture and standards, and also 
to offer perspectives on behalf of GE on principles to guide standards 
development.

Introduction

    The Smart Grid is essential to addressing the energy demand, 
security and environmental challenges we face. We commend our nation's 
leadership for embracing the Smart Grid in the Energy Independence and 
Security Act (EISA) of 2007 and the American Recovery and Reinvestment 
Act (ARRA) of 2009.
    This legislation, and the direction being provided by various 
Federal and state regulatory agencies, gives the industry a tremendous 
opportunity to noticeably begin transforming our grid into a more 
automated, interactive and intuitive power delivery system.
    Crucial to this undertaking are system architecture and standards, 
the foundation for bringing together the electrical and communications 
infrastructure and for evolving technology to meet many and disparate 
needs. System architecture and standards that foster interoperability 
provide a framework for development, a roadmap for progress and a 
catalyst for continued industry investment.
    In this area, and the areas of testing and certification and cyber 
security, there is a need for the government to play a coordinating 
role. The National Institute of Standards and Technology (NIST), under 
Dr. George Arnold's leadership as National Coordinator for Smart Grid 
Interoperability, has embraced this role and is working diligently to 
ensure we create a foundation that is built to last and a modern grid 
that will remain one of mankind's greatest achievements.
    And, while all stakeholders want to move fast and get it right from 
the start, the reality is that we need to move with purpose and be able 
to adapt to a dynamic environment. Flexibility, uniformity and 
technology neutrality are key considerations for the decisions we make 
around systems architecture and standards. Furthermore, we need to make 
those decisions in an open, inclusive, transparent manner, where 
thoughtful debate, technology innovation and market forces help guide 
us. So balance--in terms of participation, perspective and direction--
is essential to advancing both national and international Smart Grid 
efforts. To be effective, to realize our vision and produce the 
outcomes we intend to, the private and public sectors must continue to 
successfully partner with one another. We are working well today in 
this new paradigm and we will continue to improve with time.

GE Energy

    GE Energy is one of the world's leading suppliers of power 
generation and energy delivery technologies with businesses focused on 
fossil power, gasification, nuclear, renewable energy--including wind, 
solar and biomass, oil and gas, water, as well as transmission and 
distribution. We have more than 100 years of industry experience, and 
our team of 65,000 employees operates in more than 140 countries.

GE Digital Energy

    GE Digital Energy provides technology solutions that enable grid 
management and optimization for electric utilities worldwide. These 
solutions encompass hardware, software and services supporting the 
entire electricity delivery value chain, from power transformers at the 
generation switchyard to smart meters at the customer premises. They 
help utilities boost their productivity and reliability, while at the 
same time reducing their environmental footprint, and they empower 
consumers to monitor and control their electricity usage.
    We have a strong North American presence, with headquarters in 
Atlanta, Georgia, and facilities across the United States, as well as 
in Mexico, Canada, the United Kingdom, Spain, Switzerland and India.
    The business has experienced significant growth over the past few 
years, and we expect this trend to continue as electric utilities 
worldwide prepare for a more secure, low carbon energy future.

The NIST Roadmap \1\
---------------------------------------------------------------------------

    \1\ NIST Framework and Roadmap for Smart Grid Interoperability 
Standards, Release 1.0, January 2010.

    The NIST Roadmap is phase one of a three-phase plan to establish 
standards, priorities and a framework to achieve Smart Grid 
interoperability. The second phase of the plan, in which I am pleased 
to participate, is the SGIP. The SGIP is an ongoing, public-private 
organization that provides an open process through which stakeholders 
can participate in coordinating, harmonizing and accelerating Smart 
Grid standards development. The third phase of the plan is the 
establishment of a framework for testing conformity with Smart Grid 
standards and certifying the compliance of Smart Grid devices and 
systems.
    To help guide the industry, NIST defines interoperability as 
follows:

         The capability of two or more networks, systems, devices, 
        applications, or components to exchange and readily use 
        information--securely, effectively, and with little or no 
        inconvenience to the user.\2\ The Smart Grid will be a system 
        of interoperable systems. That is, different systems will be 
        able to exchange meaningful, actionable information. The 
        systems will share a common meaning of the exchanged 
        information, and this information will elicit agreed-upon types 
        of response. The reliability, fidelity, and security of 
        information exchanges between and among Smart Grid systems must 
        achieve requisite performance levels.\3\
---------------------------------------------------------------------------
    \2\ Recovery Act Financial Assistance, Funding Opportunity 
Announcement. U.S. Department of Energy, Office of Electricity Delivery 
and Energy Reliability, Smart Grid Investment Grant Program Funding 
Opportunity Number: DE-FOA-0000058.
    \3\ GridWise Architecture Council, interoperability Path Forward 
Whitepaper, November 30, 2005 (v1.0).

    The NIST Roadmap contains several important items that shape the 
---------------------------------------------------------------------------
work of the SGIP.

        -  A conceptual reference model . . . to present a shared view 
        of Smart Grid's complex system of systems and to facilitate 
        design of Smart Grid architecture (See Figure 1)

        -  An initial set of 75 Smart Grid standards for implementation 
        . . . to address issues identified by NIST and priorities 
        identified in the Federal Energy Regulatory Commission (FERC) 
        Smart Grid Policy Statement\4\--demand response and consumer 
        energy efficiency, wide-area situational awareness, energy 
        storage, electric transportation, advanced metering 
        infrastructure, distribution grid management, network 
        communications and cyber security
---------------------------------------------------------------------------
    \4\ FERC Smart Grid Policy Statement, July 16, 2009.

        -  Priorities for developing additional standards and making 
        revisions to existing standards, with supporting action plans . 
        . . to resolve major gaps affecting interoperability and 
---------------------------------------------------------------------------
        security of Smart Grid components

        -  Initial steps toward a Smart Grid cyber security strategy . 
        . . to assess risks and to identify requirements to address 
        those risks

        
        

Smart Grid Interoperability Panel \5\
---------------------------------------------------------------------------

    \5\ SGIPGB and SGIP Charter, Version 1.2, June 10, 2010; SGIP 
brochure created for the 2010 IEEE/PES Transmission & Distribution 
Conference & Exposition; www.sgipweb.org.

    Initiated by NIST and established in November 2009, the SGIP is 
dedicated to the interoperability of Smart Grid devices and systems. 
---------------------------------------------------------------------------
According to the SGIP charter:

         The Smart Grid Interoperability Panel is a membership-based 
        organization created by an Administrator under a contract from 
        NIST to provide an open process for stakeholders to participate 
        in providing input and cooperating with NIST in the ongoing 
        coordination, acceleration and harmonization of standards 
        development for the Smart Grid. The SGIP also reviews use 
        cases, identifies requirements and architectural reference 
        models, coordinates and accelerates Smart Grid testing and 
        certification, and proposes action plans for achieving these 
        goals. The SGIP does not write standards, but serves as a forum 
        to coordinate the development of standards and specifications 
        by many standards development organizations.

    Thus, the SGIP not only identifies and addresses standardization 
priorities, but also plays a leadership role in facilitating and 
developing an information architecture, a cyber security strategy and a 
framework for testing and certification. It focuses on analysis and 
coordination of effort in helping NIST fulfill its responsibilities 
under EISA. The NIST Roadmap is the starting point for this activity.
    The structure depicted in Figure 2 enables the SGIP to accomplish 
its complex and urgent work. The SGIP membership is led by three core 
teams--NIST, Plenary Officers and a Governing Board--and it is fully 
supported by an administrator. The Governing Board that I now chair 
maintains a broad community based perspective by having a breadth of 
experience, knowledge and involvement. It also holds consensus as a 
core value, ensuring that all legitimate views and proposals are 
considered. Key responsibilities include approving and prioritizing 
work programs, facilitating dialogue with standards development 
organizations and arranging for necessary resources for the SGIP.




    Our membership is large and diverse by design, as it is free and 
open to all who share the Smart Grid vision. To date, it consists of 
some 1,700 individuals from 590 member organizations (90% U.S., 5% 
Canada, 5% Other International) representing 22 stakeholder categories. 
Furthermore, the membership is organized into the following standing 
committees, working groups and teams, and is now supported by a Program 
Management Office.

        -  Standing Committees & Working Groups

                  Architecture (SGAC)

                  Cyber Security (CSWG)

                  Test & Certification (SGTCC)


        -  Domain Expert Working Groups

                  Transmission & Distribution (TnD)

                  Industry to Grid (I2G)

                  Building to Grid (B2G)

                  Home to Grid (H2G)

                  Vehicle to Grid (V2G)

                  Business & Policy (BnP)


        -  Priority Action Plan (PAP) Teams

                  Meter Upgradeability Standard

                  Role of IP in the Smart Grid

                  Wireless Communications for the Smart Grid

                  Common Price Communication Model

                  Common Scheduling Mechanism

                  Standard Meter Date Profiles

                  Common Semantic Model for Meter Data Tables

                  Electric Storage Interconnection Guidelines

                  CIM for Distribution Grid Management

                  Standard DR and DER Signals

                  Standard Energy Usage Information

                  Common Object Models for Electric 
                Transportation

                  IEC 61850 Objects/DNP3 Mapping

                  Time Synchronization, IEC 61850 Objects/IEEE 
                C37.118 Harmonization

                  Transmission and Distribution Power Systems 
                Model Mapping

                  Harmonize PLC Standards for Appliance 
                Communications in the Home

                  Wind Plant Communications

SGIP Status Report

    To fully convey the effectiveness and progress of the SGIP to date, 
we need to address the following:

        -  What makes a standard? Why do standards not necessarily 
        deliver interoperability? How can this be overcome?

        -  To what extent are currently available standards being 
        implemented?

        -  How do we further advance the development of new standards?

        -  What ensures stakeholder buy-in and adoption of standards 
        emerging from the SGIP process?

        -  How effective have we been in coordinating tasks and 
        gathering stakeholder input in the SGIP process?

        -  What progress have our working groups and teams made since 
        inception?

Relating Standards and Interoperability

    With respect to a technical standard, conformance, interoperability 
and performance are critical. Technology may be developed in accordance 
with the standard, and it may even fully perform in a formal stress 
test state of heightened activity. However, there remains room for 
interpretation in how the technology is implemented, how it ultimately 
operates in conjunction with other technology. This differential 
between compliance in design and ease of use in system operation speaks 
to the technology's interoperability.
    As we strive for interoperability across Smart Grid's system of 
systems, we strive for compatibility, even interchangeability, which 
goes beyond the everyday talk of plug and play. Getting all the devices 
and infrastructure to speak a common language, use common interfaces 
and really work in unison is a new reality for both suppliers and 
customers that have traditionally operated in silos, built around 
specific functionality and/or areas of expertise. From the utility's 
perspective today, a supplier needs to ensure interoperability of 
technology not only within its own portfolio, but also with the 
technology portfolio from competing suppliers. This provides confidence 
in the technology investment and, ideally, a better return on the 
investment due to fewer, more easily managed implementations and/or 
integrations. The creation of the SGIP, with its knowledge and focus on 
all the building blocks of Smart Grid and the networked domains they 
reside in, reinforces the need and provides a forum for more 
coordinated and further structured implementation of standards.

Encouraging Implementation

    With all technical standards, we must also address the issue of 
application and use. The industry should be leveraging standards 
already developed and tested, even if the implementation of these 
standards needs to be further refined to promote interoperability. The 
major barriers to overcome in this area are awareness and risk 
aversion.
    In the U.S.A., the transition from DNP 3.0 to IEC 61850 for 
substation automation and communications is an excellent example of the 
challenge we have before us. IEC 61850 calls for sending protection 
messages over Ethernet local area networks (vs. dedicated copper wires) 
and accessing measurements via a central process bus (vs. wired to the 
individual relays). These relatively small technology changes, but 
large process and cultural changes, have resulted in continued 
performance with substantial savings for those deploying this new 
technology worldwide. But there is enough concern and resistance to 
these changes here in the USA that IEC 61850 is not yet widely accepted 
or deployed.
    Currently, standards development organizations and suppliers do 
little to educate utilities about standards, their features, benefits 
and overall value. The education required is comprehensive and constant 
in nature, to address awareness, trial/usage, acceptance and adoption, 
even recommendation. In addition, there is apprehension on the part of 
some utilities and regulators that needs to be addressed. Is the 
technology proven, at scale, in a real-life operating environment? Is 
it hardened to withstand changes in that environment? Does the 
technology adhere to standards? If so, which standards? And will those 
standards stand the test of time?
    To address awareness and risk aversion, we need engagement, active 
participation and collaboration among a fully representative set of 
stakeholders. Being part of the process is paramount to trusting the 
process and its outcomes. The SGIP embodies and promotes these 
principles. The charter, membership profile and structure of the 
organization clearly demonstrate the desire to be open and inclusive in 
composition, transparent in operations and in consensus with work 
product and deliverables. The Governing Board is constantly evaluating 
balance among stakeholders, particularly, suppliers and utilities. This 
is required for the SGIP to drive standards that are technically strong 
and able to be successfully implemented--affordably and without 
adversely affecting performance.

Addressing the Speed of Standards Development

    The SGIP desires to create both a sense of stability and a sense of 
urgency with standards development. Suppliers may resist implementing 
technology that is not yet anchored to a standard. Utilities may also 
resist, and further require independent third party assurance of 
conformance once the technology is anchored to a standard. Timely 
development and implementation of standards are a priority, as delay 
may be a bigger risk for Smart Grid than balkanization. Our goal is to 
provide direction and a rapid path forward in that direction. To that 
end, the SGIP now has the ability to encourage standards development 
organizations to fast track a standard. This essentially means that 
NIST and the SGIP facilitate requirements capture, communicate a sense 
of urgency and push for expedited timetables with standards development 
organizations that still retain control of the actual development. The 
SGIP can also create additional PAPs as they are needed.
    With respect to fast track, we should look to IEEE 1613, a standard 
for environmental requirements for networking equipment in the 
substation. The use of off the shelf retail networking equipment was a 
growing concern, creating an immediate need for hardened commercial 
equipment. The IEEE accomplished their task in just 18 months versus 
the usual four or more years and, this was back in 2003, well before 
the Smart Grid, NIST and the SGIP altered the landscape.
    Additionally, when the SGIP--just three months in existence--
recognized the growing importance of bringing and then managing wind on 
the grid, it quickly added PAP 16 around wind plant communications.
    I also want to point out that, given the scope and pace of the SGIP 
agenda, we have recently established a Program Management Office to 
further coordinate and expedite the work of the various PAP teams. We 
have to ensure that we do not duplicate effort within the SGIP, and 
that technologies that are needed by multiple PAPs have consistency.

Achieving Stakeholder Buy-In and Adoption

    As NIST and the SGIP continue their efforts, we have every reason 
to believe that we have created the right environment for private 
sector buy-in and support of Smart Grid standards. In addition to 
policies and procedures around membership, committee participation, 
work planning, project management, conflict resolution and the 
nomination and election of the SGIP leadership, we have influential 
parties including the DOE, FERC and the Office of Management and Budget 
(OMB), along with state regulatory and international agencies, who are 
shaping our initiatives.
    The DOE funding announcements for the Smart Grid Investment Grant 
Program and Smart Grid Demonstration Program emphasize the importance 
of addressing interoperability and providing a summary of how a project 
will support compatibility with NIST's emerging Smart Grid standards 
framework and roadmap. As the grants are currently driving the majority 
of Smart Grid deployments, this tie to NIST and the work of the SGIP is 
important.
    In addition, NIST expects that standards be produced and maintained 
by recognized standards development organizations as described in OMB 
Circular A-119 and the National Technology Transfer and Advancement 
Act. This ensures that standards and conformity assessment activities 
are acceptable for reference by Federal and state regulators. Some 
regulators further assert that the American National Standards 
Institute (ANSI) or an ANSI-accredited organization be involved so that 
there is greater assurance of openness and consensus. Given the 
regulatory construct for our largest investor owned utilities and the 
significant business they generate for suppliers, the private sector 
will buy-in and adopt what the public sector will authorize and 
approve.

Guiding Development and Adoption Internationally

    For global suppliers like GE, working closely with any and all 
standards development organizations that have ANSI type processes and a 
culture of openness and consensus is essential for both speed of 
development and stakeholder buy-in. The adoption of open, international 
standards means that the technology investments we make and solutions 
we provide can be most cost effectively developed and produced to serve 
the largest possible population.
    Thus, while NIST and the SGIP have influence with national 
organizations, they must continue to gain traction and favor with 
international organizations such as the International Electrotechnical 
Commission (IEC) and the Internet Engineering Task Force (IETF). 
Outreach to and involvement with the IEC and IETF are required for the 
NIST model of coordination and collaboration to be adopted rather than 
merely replicated region by region. Standards that become regionalized 
and fragmented create difficulties for suppliers and unnecessary risks 
for the future of Smart Grid.

Ensuring Effectiveness of the SGIP Process

    In all of the areas previously discussed in this SGIP status 
report, it is evident that the SGIP has been effective in coordinating 
tasks and gathering stakeholder input. Since the beginning of the year, 
NIST and the SGIP have gained interest and traction worldwide on their 
Smart Grid Conceptual Reference Model. The identification and 
prioritization of the 75 existing standards of greatest impact to Smart 
Grid interoperability and the 16 Priority Action Plans to address gaps 
and inconsistencies are driving much needed focus, while the SGIP 
structure and operating rhythm are driving much needed collaboration 
and consensus. Timelines are being adhered to, even accelerated, in 
light of related policy discussions and actions. Meetings are being co-
located with other stakeholders and industry influencers to further 
harmonize our respective work. Examples of this include Connectivity 
Week with IEEE in May and the National Association of Regulatory 
Utility Commissioners Summer Committee Meetings in July. Just as the 
Smart Grid is new, expansive and virtually all encompassing, so is the 
work of the SGIP. Yet, we are being nimble and reacting quickly to meet 
our goals, exceed industry expectations and encourage the international 
community and other regional standards organizations to join in our 
efforts.

Reporting Progress Made by the SGIP

    The overall PAP process is shown in Figure 3. Supporting 
accomplishments and timelines for each PAP, as presented in the May 
24th Governing Board meeting, follow.\6\ We are fortunate to be moving 
forward on all fronts, made possible by the commitment and 
contributions of our valued members.
---------------------------------------------------------------------------
    \6\ SGIP Governing Board Meeting, May 24, 2010, presentation 
materials.




PAP 0--Meter Upgradeability Standard:
Complete. This effort resulted in the NEMA standard SG-AMl 1-2009 in 
September, 2009. The PAP was officially closed March 1, 2010.

PAP 1--Role of IP in the Smart Grid:
Quantified requirements for networking of Metering Systems and Initial 
Distribution Automation functions were completed.

PAP 2--Wireless Communications for the Smart Grid:
The wireless capability matrix for Smart Grid applications was 
completed. Final deliverables are expected in May and June, 2010.

PAP 3--Common Price Communication Model:
Use cases and requirements were completed. Combined PAP 3, 4, 9, 10 
summit held in September, 2009. Draft specifications are in public 
comment period May 2010.

PAP 4--Common Scheduling Mechanism:
Standard XML serialization for bi-directional translation, use cases 
and requirements to test the standard, and web services Application 
Programming interfaces were completed. Combined PAP 3, 4, 9, 10 summit 
held in September, 2009. This PAP is expected to be closed in June, 
2010.

PAP 5--Standard Meter Data Profiles:
AEIC guidelines with revisions were completed along with white paper 
descriptions and presentation materials. This effort is expected to be 
closed mid-summer, 2010.

PAP 6--Common Semantic Model for Meter Data Tables:
This PAP was dependent on PAP five and is now fully operational. Tasks 
and deliverables have been defined and use case analysis is currently 
underway.

PAP 7--Electric Storage Interconnection Guidelines:
A scoping study and key use cases and requirements were completed. 
These deliverables have directly affected an accelerated pace of 
activity on IEEE 1547 and IEC 61850-7-420 standards.

PAP 8--CIM for Distribution Grid Management:
Interoperability testing of CIM Wires Model and first set of key use 
cases and requirements are complete. Combined PAP 3, 4, 9, 10 summit 
held in September, 2009. Draft specifications are in public comment 
period May 2010.

PAP 9--Standard DR and DER Signals:
NAESB has collected, analyzed, and consolidate use cases and delivered 
requirements to PAP team.

PAP 10--Standard Energy Usage Information:
Contributions for supporting the requirements have been received from 
OpenADE, OpenHAN, EIS Alliance, and Zigbee. Requirements are being 
aggregated and a requirements review is imminent.

PAP 11--Interoperability Standards to Support Plug-in Electric 
Vehicles:
Existing use cases and requirements identified and assembled. 
Coordination between SAE and IEC, alignment of vehicle information 
models, analysis of related standards, and connector alignment are 
ongoing.

PAP 12--IEC 61850 Objects/DNP3 Mapping:
Use cases and requirements completed. Mapping is ongoing.

PAP 13--Time Synchronization, IEC 61850 Objects/IEEE C37.118 
Harmonization:
Harmonization use cases and requirements are complete. Gap analysis and 
mapping document are being completed in early summer, 2010.

PAP 14--Transmission and Distribution Power Systems Model Mapping:
Developing use cases.

PAP 15--Harmonize PLC Standards for Appliance Communications in the 
Home:
Completed requirements for wide band coexistence. Developing 
requirements for narrow band coexistence. IEEE and ITU modifying 
coexistence standards.

PAP 16--Wind Plant Communications:
PAP approved. Charter completed. Team assembled. Tasks and deliverables 
identified. Use cases and requirements being developed.

    As previously noted, the meter upgradeability standard (PAP 0) that 
gives guidance to utilities, regulators and others wanting to 
immediately deploy advanced metering infrastructure was completed last 
year. Other highlights since that May 24th Governing Board meeting 
follow:

        -  The team working on the development of energy usage 
        information standards (PAP 10) recently reached a significant 
        milestone. On June 23rd, the North American Energy Standards 
        Board (NAESB) agreed to develop a basic energy usage data model 
        standard, which the American Society of Heating, Refrigerating 
        and Air-Conditioning Engineers (ASHRAE) will extend for 
        exchanging facility energy usage data with energy providers. 
        NAESB has committed to complete the standard, which defines 
        both the information used to communicate between utilities--and 
        other sources--and the customer and how that information is 
        organized, before the end of 2010.

        -  The team working on broadband and narrowband coexistence 
        standards to provide for common communications mechanisms for 
        appliance manufacturers (PAP 15) is nearing final selection of 
        a supporting standards development organization.

        -  The SGIP just released a working draft of requirements for 
        the essential application program interfaces for electronic 
        calendars and schedules (PAP 4) and guidelines for ``ANSI 
        C12.19 End Device Communications and Supporting Enterprise 
        Devices, Networks and Related Accessories'' (PAP 5).

GE Position on Standards

    Technical standards can accelerate innovation and investment in 
emerging technologies, provided those standards are developed and 
adopted in an open, consensus based fashion.
    GE believes that the following principles should guide the Federal 
Government's engagement in private sector standards activities:

        1.  Encourage consensus based adoption of technical standards

        2.  Balance Federal leadership with private sector innovation

        3.  Promote development of international standards

        4.  Utilize Federal R&D to support standards development

        5.  Educate stakeholders to accelerate deployment of standards

    We shared these same principles with ANSI with respect to the 
recently announced National Science and Technology Council (NSTC) 
Subcommittee on Standards, and we would welcome further discussion if 
so desired.

Concluding Remarks

    In closing, let me reiterate what Robert Gilligan, Vice President, 
GE Digital Energy shared in his testimony before the House Select 
Committee on Energy Independence and Global Warming in February 2009. 
This is an unprecedented time in the energy industry. And, with respect 
to Smart Grid, this is definitely the time to be innovative, agile and 
willing to make bold moves. We are energized by the focus and momentum 
now surrounding Smart Grid and the solutions that enable energy 
efficiency, consumer empowerment and the integration of more renewable 
energy . . . solutions that in turn provide economic, environmental and 
energy security benefits to our nation.
    We thank you, in advance, for your interest in and evaluation of 
how Smart Grid architecture and standards are progressing. As these 
represent the foundation we build upon, that will guide our technology 
development and innovation for years to come, it is essential we 
continue to move forward in a deliberate, disciplined fashion that 
represents and respects all industry stakeholders. While the work of 
NIST and the SGIP is extremely challenging, it is always rewarding 
given we are charting the course for a truly 21st century grid . . . 
steady, sustainable and truly smart.
    Once again, we commend Chairman Wu for your leadership on these 
issues, and we appreciate the Committee's time and look forward to your 
questions.

                     Biography for John D. McDonald



    John D. McDonald, P.E., is Director, Technical Strategy and Policy 
Development for GE Digital Energy. In his 36 years of experience in the 
electric utility industry, John has developed power application 
software for both Supervisory Control and Data Acquisition (SCADA)/
Energy Management System (EMS) and SCADA/Distribution Management System 
(DMS) applications, developed distribution automation and load 
management systems, managed SCADA/EMS and SCADA/DMS projects, and 
assisted Intelligent Electronic Device (IED) suppliers in the 
automation of their IEDs.
    John received his B.S.E.E. and M.S.E.E. (Power Engineering) degrees 
from Purdue University, and an M.B.A. (Finance) degree from the 
University of California-Berkeley. John is a member of Eta Kappa Nu 
(Electrical Engineering Honorary) and Tau Beta Pi (Engineering 
Honorary), is a Fellow of IEEE, and was awarded the IEEE Millennium 
Medal in 2000, the IEEE PES Excellence in Power Distribution 
Engineering Award in 2002, and the IEEE PES Substations Committee 
DistinguishedServiceAward in 2003.
    In his twenty-three years of Working Group and Subcommittee 
leadership with the IEEE Power & Energy Society (PES) Substations 
Committee, John led seven Working Groups and Task Forces who published 
Standards/Tutorials in the areas of distribution SCADA, master/remote 
terminal unit (RTU) and RTU/IED communications protocols. John was 
elected to the Board of Governors of the IEEE-SA (Standards 
Association) for 2010-2011, focusing on long term IEEE Smart Grid 
standards strategy. John was elected to Chair the NIST Smart Grid 
Interoperability Panel (SGIP) Governing Board for 2010.
    John is Past President of the IEEE PES, is a Member of IEC 
Technical Committee (TC) 57 Working Groups (WGs) 3 and 10, is the VP 
for Technical Activities for the U.S. National Committee (USNC) of 
CIGRE, and is the Past Chair of the IEEE PES Substations Committee. 
John was the IEEE Division VII Director in 2008-2009. John is a member 
of the Advisory Committee for the annual DistribuTECH Conference, is a 
member of DOE's Smart Grid Electricity Advisory Committee (EAC), is a 
member of NEMA's Smart Grid Council, and is on the Board of Directors 
of the GridWise Alliance. John received the 2009 Outstanding Electrical 
and Computer Engineer Award from Purdue University.
    John teaches a SCADA/EMS course at the Georgia Institute of 
Technology, a Smart Grid course for GE, and substation automation, 
distribution SCADA and communications courses for various IEEE PES 
local chapters as an IEEE PES Distinguished Lecturer. John has 
published thirty-four papers and articles in the areas of SCADA, SCADA/
EMS, SCADA/DMS and communications, and is a registered Professional 
Engineer (Electrical) in California, Pennsylvania and Georgia.
    John is co-author of the book Automating a Distribution 
Cooperative, from A to Z, published by the National Rural Electric 
Cooperative Association Cooperative Research Network (CRN) in 1999. 
John was Editor of the Substations Chapter, and a co-author, for the 
book The Electric Power Engineering Handbook, co-sponsored by the IEEE 
PES and published by the CRC Press in 2000. John is Editor-in-Chief, 
and Substation Integration and Automation Chapter author, for the book 
Electric Power Substations Engineering, Second Edition, published by 
Taylor & Francis/CRC Press in 2007.

    Chairman Wu. Thank you, Mr. McDonald.
    Mr. Eustis, please proceed.

 STATEMENT OF MR. CONRAD EUSTIS, DIRECTOR OF RETAIL TECHNOLOGY 
             DEVELOPMENT, PORTLAND GENERAL ELECTRIC

    Mr. Eustis. Good morning Chairman Wu, Ranking Member Smith 
and other Members of the Subcommittee. My name is Conrad 
Eustis. I am the Director of Retail Technology Development of 
Portland General Electric. I have 35 years of experience in the 
power industry and 17 years implementing smart grid-related 
projects. Thank you for holding this important hearing on the 
development of standards for smart grid-related technologies.
    Portland General Electric is Oregon's largest utility. We 
are an investor-owned utility serving approximately 820,000 
customers in metro Portland and the Willamette Valley. We focus 
on providing reliable electricity at reasonable prices while 
continuing to be good stewards of Oregon's environment. PGE 
consistently ranks nationally near the top for renewable power 
sales customers. Long before the term ``smart grid'' arrived, 
PGE was implementing projects now labeled as smart grid. A few 
examples. We lead in our ability to operate our customers' 
standby generation during times of peak demand. We lead with 
innovative net metering programs to encourage solar 
development. We have had a residential time-of-use program 
available since 2001. And this August we will complete a 
systemwide installation of smart meters.
    We are strong supporters of the NIST effort to achieve 
interoperability. I participate on NIST's Smart Grid 
Interoperability Panel and with other efforts. We feel that 
NIST leadership has implemented a number of useful policies to 
ensure industry buy-in; we highlight them in our testimony.
    The NIST roadmap includes a testing phase to prove 
interoperability of selected standards among different 
manufacturers and devices. This is the most important part of 
the NIST plan and it is also the most important to ensure 
industry adoption. But it will probably be the most expensive 
and difficult. The testing process is also the best time to 
clarify, and prove, required cybersecurity methods.
    Our written testimony elaborates on two suggestions to 
improve utility adoption of standards. We recommend efforts to 
understand, and then mitigate, the institutional barriers that 
our suppliers and our information technology departments face 
to adopt standards.
    With regard to the availability of existing standards, it 
is important to understand that while there are many useful 
standards, interoperability requires multiple standards to 
achieve a specific end-to-end solution. While most systems 
purchased today implement one or more standards, 
interoperability still falls short because some standards are 
not developed. For example, where a communication device from 
one vendor is placed in the meter of another vendor, a meter 
data standard under ANSI [American National Standards 
Institute] helps reduce development time. However, because the 
physical method to pass data and the physical form factor have 
not been standardized, the integration of components still 
takes six to twelve months.
    In establishing standards-related priorities, I think about 
criteria first. The first principle is that interoperability is 
most important when you talk about interconnecting low cost, 
mass-consumption products. For example, without 
interoperability, most home appliances can't be controlled 
economically. Second, standards adoption will likely be 
stronger by demonstrating an end-to-end solution that is 
visible to both customers and utilities. This means testing a 
set of standards to show an effective plug-and-play solution. 
Third, early successes will be more probable if we focus on 
very simple transactions. Additional, or more feature-rich 
modifications can be added to a standard later.
    Guided by the principles above, I elaborate on three 
priorities in the written testimony. First, for home 
appliances, we need a standardized, USB-like socket together 
with a very simple transaction set to enable demand response 
programs. This is the lowest-hanging fruit on the smart grid 
tree and it would create interest for, and time for, consumers 
to learn about demand response. Second, we need a basic 
standard that allows electric vehicles to charge at the most 
opportune time. Electric vehicles represent a greenfield 
development process. They will have high visibility, and a 
standard will have wide adoption because it will not undergo 
undo an existing process. Finally, we need a standard for the 
format and process to send and receive usage data.
    NIST is working on these last two suggestions but I want to 
reiterate that more than the standards themselves, testing them 
with a practical, end-to-end application is what will further 
adoption.
    Thank you again, Chairman Wu, for your leadership and 
interest in this issue. I would be pleased to answer any 
questions the Committee may have.
    [The prepared statement of Mr. Eustis follows:]

                  Prepared Statement of Conrad Eustis

    Good morning Chairman Wu, Ranking Member Smith and other members of 
the subcommittee. My name is Conrad Eustis--I serve as Director of 
retail technology development at Portland General Electric. I have 35 
years of experience in the energy business and 17 years of experience 
implementing successful smart grid related projects. In my role at PGE 
I participate on the utility's behalf in a number of regulatory and 
technical forums related to smart grid development, including the NIST 
standards process. Thank you for holding this important hearing on the 
development of standards for smart grid related technologies.
    Portland General Electric is Oregon's largest electric utility. We 
are a vertically oriented investor-owned utility serving more than 
817,000 customers in the Portland area and the Willamette Valley. We're 
focused on providing reliable electricity supplies at reasonable prices 
while continuing to be good stewards of Oregon's environment. In part, 
that means we're leading the charge on clean energy in Oregon.
    I am sure it is no surprise to you, Mr. Chairman, that the U.S. 
Department of Energy has consistently ranked PGE as one of the top 
utilities for renewable power sales to residential customers. In fact, 
this year PGE earned DOE's top spot in the Nation for having more 
renewable power customers than any other utility in the nation.
    We are also a recognized leader in the development of electric 
vehicle infrastructure. As a partner in the DOE's historic $100 million 
ECOtality grant, we expect to see more than 2,000 residential and 
public charging stations deployed in Oregon by 2013.
    Long before the term ``smart grid'' became commonplace, PGE was 
investing in smart grid-related innovations--such as our Dispatchable 
Standby Generation (DSG) program in which we can remotely start and 
monitor our business customers' standby generation during times of peak 
demand. In exchange the utility installs telemetry equipment and 
contributes to its maintenance. We have worked with our regulators to 
support net metering for solar and other renewables. We've had a 
residential time-of-use program available since 2001. Today, we are 
actively deploying smart meters to all 817,000 customers throughout our 
service territory. We are 90 percent deployed and expect to complete 
deployment by the end of August. Ultimately, our goal is to be a leader 
in bringing the benefits of a smarter grid to our customers--providing 
them with more energy management options while increasing system 
reliability and efficiency.
    Portland General Electric is also pleased to be a partner in the 
Pacific Northwest Smart Grid Demonstration Project, which will involve 
more than 60,000 metered customers in Idaho, Montana, Oregon, 
Washington and Wyoming. Using smart grid technologies, the study will 
test new combinations of devices, software and advanced analytical 
tools that enhance the power grid's reliability and performance.
    As part of the study, PGE will implement a demonstration project on 
a distribution feeder in Salem serving residential and business 
customers. There are three primary objectives for this project: 1) to 
demonstrate how batteries together with demand response can be used to 
create a reliable micro-grid; 2) to determine how the batteries/
inverter systems can be operated to provide peak-load following and 
frequency regulation; and 3) to determine how to position the 
batteries'storage to accept off-peak wind generation.
    At the national level, we greatly appreciate the bipartisan support 
that passed the Energy Independence and Security Act (EISA) in 2007. 
That Act sets the course for the current standards making process at 
NIST and launched some of the most important policy changes for the 
utility sector in decades. With limited funding, NIST began 
implementing its responsibilities under EISA in 2008, establishing 
teams to collect stakeholder input, organizing meetings to create 
awareness of their effort to gain additional stakeholders and so forth. 
The passage of the American Recovery and Reinvestment Act provided the 
funds necessary to really launch this standards process and to create 
awareness across the 22 stakeholder groups that are required to 
implement a successful smart grid.
    This effort is none too soon for the electric utility sector. Real 
challenges exist with the transition to lower carbon resources and the 
large-scale installation of intermittent renewable resources. This will 
force changes to system operation where smart grid transactions will be 
the most appropriate solution. However, I think many people have 
unrealistic expectations of how fast this change will come--even if a 
full set of standards were available today.
    PGE learned that successful implementation of smart grid projects 
requires careful planning by a small team of cross-functional 
professionals working nearly full time for two or more years before 
launching the project implementation team. Successful implementation 
requires understanding the specific business processes that will need 
to change and identification of the legacy information systems that 
must be enhanced to support the new processes. Management must commit 
subject matter experts and provide training to support new departments 
while eliminating others. For most utilities, high public expectations 
for low-cost, reliable power means the vertical organization structure 
is lean and focused on existing processes. Since our industry has had, 
historically, levels of research and development expenditures below 0.2 
percent of revenues, there are scarce funds and scarce resources 
available to staff the large project teams required to implement a 
smart grid project. This leads most utilities to seek regulatory 
support for a new smart grid project from their governance 
stakeholders. Regulatory buy-in involves more than just the regulators. 
All, or at least most, stakeholders to the regulatory process must 
understand the value and benefits that smart grid will bring. This is 
not any easy task, and requires considerable time for education and 
due-diligence.
    We are active participants in the NIST standards making process. I 
am PGE's participating member on NIST's Smart Grid Interoperability 
Panel, which had its first meeting in November of 2009. This panel 
includes 600 plus members from 22 stakeholder groups. To date, we have 
had only a small role coordinating tasks and gathering input. However, 
we serve a major role in keeping the more than 600 businesses we 
represent informed about the many parallel efforts taking place. The 
coordinating tasks have been managed by NIST directly or through the 
SGIPGB, and the Priority Action Plan team leaders.
    One of the challenges with a standards making process is ensuring 
that you have industry support and a high level of adoption of the 
standards that eventually emerge from the process. We feel that NIST 
has implemented a number of policies to help ensure the utility 
industry buy-in. These include encouragement for all utilities to 
participate in the process, the recognition that there are multiple 
types of utility organizations, a fair governance process, and the 
beginnings of a public knowledge base to document support for 
implementing standards. NIST has also put together conferences that 
disseminate information, issue progress reports, and encourage face-to-
face stakeholder input.
    Looking ahead, NIST's plans for interoperability testing of 
standards will also be critical to ensuring industry adoption. Testing 
is critical with immature standards to determine where additional 
specifications are required to ensure interoperability. Because of the 
cost of testing, it also helps prioritize the initial requirements. It 
is not uncommon to overstate mandatory requirements to reach consensus 
in the definition stage; testing ensures the most important 
requirements are interoperable, and that different vendors interpret 
the written specification in the same way.
    The NIST roadmap includes a testing phase to prove interoperability 
of selected standards from different manufacturers and devices. My 
understanding is that this phase has not started, or if it has, only 
recently so. This is the most important part of the NIST plan and will 
probably be the most expensive and difficult.
    There are two additional activities that NIST could implement that 
we believe would likely improve utility buy-in and adoption.
    The first has to do with the fact that the vendors--the suppliers 
of systems and equipment to utilities--enjoy a ``seller's advantage.'' 
For a given type of electric utility equipment there are usually about 
five major international suppliers. It is not uncommon for utilities to 
keep a relationship with one primary vendor and a second relationship 
with a back-up vendor. Part of the reason for this approach is because 
maintenance and operation of each vendor's equipment is somewhat unique 
to each vendor. While some aspects may be interoperable, the more 
complex features are often not. This is subtle example of non-
inoperability and it allows vendors the opportunity to extract a larger 
profit margin because of a utility's reluctance to switch vendors. This 
is a gross simplification to make a point; there have been successes 
too--particularly in the area of interoperability for substation 
equipment. But the point remains that the higher margins created by 
partial interoperability is a potential barrier to higher levels of 
interoperability. NIST might consider as part of the early testing 
process, interviewing vendors separately and together to learn the 
needs of vendors to make standards adoption a higher priority.
    Second, a focus on utility IT managers may be valuable. Among 
utilities, the responsibilities of VPs or general managers of the IT 
department vary greatly. For many of these managers, most of their time 
is spent keeping existing systems running smoothly; they have minimal 
time to focus on evolving and emerging standards. I would not be 
surprised to find that the average IT manager is minimally informed 
about the NIST process. NIST might consider engaging a diverse group of 
these managers, together with purchasing personnel that support them, 
to help keep them informed and to provide tools for them to require 
vendors to adopt specific standards. Some of the outcomes might be as 
easy as the publication of a quarterly update targeted to the utility 
IT manager.
    NIST also needs to focus on developing standards and processes that 
make sense for consumers and addresses consumer behavior. For example, 
one complex and low priority transaction involves providing ``real-
time'' time usage data from the meter to the home display. While 
desirable for some customers, most of the value in the usage data is 
available from non-real-time sources like a web page with perhaps a day 
of delay. PGE implemented a home display pilot in 2003. While half the 
customers found them interesting, most stopped accessing the displays 
after about a week. Energy is a low involvement product; effective 
smart grid implementations in the home will need to emphasize set and 
forget controls, and not depend entirely on real-time involvement for 
their success. Spending time and money on programs consumers do not 
want should be avoided.
    Now let me return to the issue of interoperability and its 
importance in the overall smart grid standards process. Fundamentally, 
the smart grid is about moving data from one system or device to 
another. This requires not one standard, but at least three to move one 
byte of data between two separate devices. If security is needed, this 
adds a fourth standard. In many systems purchased by utilities today, 
vendors focus on data transactions among devices in their product line. 
Generally, they design the transactions to minimize their cost to the 
customer utility--this is especially true of advanced metering 
infrastructure (AMI) systems. Where a communication device from one 
vendor is placed in the meter of another vendor, a meter data standard 
called ANSI C12.19 helps reduce development time. However, because the 
physical method to pass data and the physical form factor have not yet 
been standardized, the actual integration of the components still 
usually takes 6 to 12 months. For new two-way applications between the 
utility and the home, only immature standards exist. Between major 
utility enterprise systems--such as an outage management system--the 
use of a common information model at the application level is 
unfortunately rare. Small electric cooperatives, municipal utilities 
and PUDs that use a common application called MultiSpeak  are probably 
further along than the larger utilities who generally decide that 
custom applications serve their needs better.
    The value in interoperability comes into play when you talk about 
the future for low-cost mass consumption products. Avoiding $200,000 of 
custom engineering in a $10 million substation because interoperability 
is available is still desirable, but the lack of interoperability 
doesn't prevent an economic implementation. But chasing after a peak 
demand savings of 50 watts in a common consumer item like a 
refrigerator would be impossible unless the total incremental cost is 
less than $40. This cost can only be met via interoperability.
    In thinking about what should be the top priorities for the NIST 
standards making process going forward, I believe the focus should be 
to create visible successes that can be implemented with end-to-end 
demonstrations. Early successes are possible if NIST focuses on very 
simple transactions; additional or more feature-rich modifications can 
be added to a standard later. These early successes will build upon 
themselves and create more utility interest and adherence to the NIST 
process. My top three suggestions along these lines are:
    1)We need a standardized USB-like socket, together with a very 
simple transaction set, to enable demand response programs with home 
appliances. If appliance manufactures were to incorporate these sockets 
on their major appliances over approximately five years, including the 
value-based appliances, utilities would gain the potential of 15,000 MW 
of demand response every year. Adding the socket without embedded 
communication hardware minimizes obsolesce and security issues. Since 
appliances last 10 to 30 years, making them demand response ready is 
important to prevent a lost opportunity in five to ten years as 
customer awareness increases. This is the lowest hanging fruit on the 
smart grid tree, and it would create interest for, and time for, 
customers to learn about demand response.
    Some organizations advocate embedding a specific wireless \1\ 
communication device in the appliance. While the free market should to 
some extent determine the best approach to creating ``smart'' 
appliances, security and interoperability are much more difficult to 
ensure with embedded communication devices. Consumer adoption of smart 
gird technologies could be threatened if even one or two bad 
experiences occur using embedded communication devices.
---------------------------------------------------------------------------
    \1\ Wireless includes radio and power-line communication 
techniques.
---------------------------------------------------------------------------
    2) My second suggestion is for standardized smart charging for 
plug-in-vehicles (PIVs). This is not the same as the vehicle-to-grid 
concept, which will take more time and requires PIV manufactures to 
gain more experience with the life of their batteries. This would be 
the basic standard for allowing PIVs to charge at the most opportune 
time. While the number of total PIVs in the near term will be small, 
the visibility of these vehicles as smart-grid friendly will be 
significant in the popular media. PIVs represent a ``green field'' 
development process and represent a great opportunity to gain wide 
adoption. This would counter the natural resistance that might occur 
from utilities and vendors to modify their existing systems to adopt a 
specific standard. Standards are easier to accept when you don't have 
to throw away something you already developed.
    3) Finally, we need a standardized application for the format and 
process to send and receive usage data. This format would be used in 
multiple applications, for example: in meter-to-home applications, 
among back-office enterprise systems, utility-to-third parties, etc. In 
a year or two smart meters will be generating multiple petabytes of 
usage data per year; we need a standard way to move meter usage 
information around.
    Thank you, again, Chairman Wu for your leadership and interest in 
this issue. I would be pleased to answer any questions the committee 
may have.

                      Biography for Conrad Eustis

    Conrad Eustis has 35 years of experience in the energy industry 
including five years as a Naval officer in nuclear submarines, five 
years studying energy economics, technology and policy at Carnegie 
Mellon department's of Engineering and Public Policy, and 25 years at 
PGE leading new activities for the Company. He has technical degrees 
from both Carnegie-Mellon and Brown Universities.
    The last 17 years of professional work have included the 
implementation of more than 20 ``Smart Grid'' projects in metering, 
demand response, home displays, smart appliances, web portals, utility 
enterprise systems development, and at least a dozen customer research 
projects. Conrad personally developed the design specifications for 
original hardware and software in many of these projects.
    Career Highlights include:

        D  Engineer directing initial criticality on the refueled 
        reactor of the USS Skate SSN 578 ('79)

        D  Ph.D. Thesis on policy to improve efficiency of cogeneration 
        systems ('85)

        D  PGE's first demand--side resource plan; labeled as 
        ``innovate'' by PUC ('90)

        D  Design and implementation of a critical peak pricing pilot 
        (rate design and enabling hardware) '94

        D  Personal national award for an innovate electric vehicle 
        infrastructure design ('95)

        D  Provided leadership for transactions to create 
        interoperability in California's unregulated meter services 
        market ('97)

        D  10+ business cases for new smart grid platforms to deploy 
        assets of > $400 million, all reached executive approval for 
        initial action steps, five reached operational status ('99 to 
        '07)

        D  Provided technical and financial input to about ten fed-
        funded grant proposals leading to six successful awards ('93 to 
        '09)

        D  Created Business Case, RFP, and Contract for current PGE 
        smart meters project ('04 to '07)

        D  My influence helped earn PGE national awards for best smart 
        meter implementation preparation (``Best Practices Award for 
        Advanced Metering and Data Management'', Chartwell, 2008), and 
        meter data management leadership (``10 Years of Excellence 
        Award'', Metering America, 2009)

        D  Adjunct Professor at PSU teaching Designing Smart Grid for 
        Sustainable Communities, '09 & '10

        D  Personal ``Applied Award'' for contributions to 
        Interoperability from Gridwise Architecture Council ('10)

    Chairman Wu. Thank you, Mr. Eustis.
    The votes have been called. There are about 10 minutes, 45 
seconds left, and it is the intention of the Chair to proceed 
with Ms. Coney's testimony. Then I will ask one quick question 
and turn it over to Mr. Smith. We hope that he will get his 
questions in and then we will recess.
    Ms. Coney, please proceed.

 STATEMENT OF MS. LILLIE CONEY, ASSOCIATE DIRECTOR, ELECTRONIC 
                   PRIVACY INFORMATION CENTER

    Ms. Coney. Thank you. EPIC would like to thank the 
Subcommittee Chair and Ranking Member for this opportunity to 
speak with you on a matter that has emerged as one of the 
leading privacy challenges for our generation. Members of 
Congress, committees and their staffs from both sides of the 
aisle routinely approach EPIC on matters related to privacy and 
consumer rights.
    Today, electricity usage generates 12 data points a year, 
the monthly bills that customers receive. The smart grid will 
raise that number to over 3,000 data points annually. As a 
result, the ability to assess consumer electricity usage 
information will pose significant privacy threats. These 
threats can include surveillance by government, businesses, and 
criminals.
    Privacy is about the establishment and enforcement of fair 
information practices, or FIPs. The privacy impact assessment 
is an effective tool for evaluating whether fair information 
practices are enforced. The model many privacy advocates look 
to for real-world examples of what is possible to incorporate 
each of these components of privacy protection is the OECD 
Guidelines. The smart grid presents an extraordinary 
opportunity to establish a new approach where privacy is part 
of the architecture and R&D mindset of applications as they are 
developed. There can be security without privacy but there 
cannot be privacy without security. Smart grid customer data 
can pose physical dangers such as assaults, vandalism, home 
invasion, stalking, domestic abuse, targeting of homes for 
burglary or civil threats such as identity theft. Further, 
misuse of data by authorized parties such as data mining for 
resale or sharing of customer energy usage information or 
profiling of customers to further monetize their energy use 
presents privacy challenges to the smart grid adoption.
    As EPIC looked to the participation in the standards 
process, we learned of the NIST smart grid recommendation 
drafting effort through two announcements published in the 
Federal Register on October 9, 2009. Later that month, we 
became aware of the working group effort to develop 
recommendations and sought out a NIST subject matter expert to 
get more information. EPIC encouraged the Electronic Frontier 
Foundation, the ACLU, the Privacy Rights Clearinghouse and 
others to join this effort. It is doubtful EPIC would have 
learned of the NIST effort on smart grid without the Federal 
Register notice process. The work on the NISTIR [NIST 
Interagency Report] on smart grid was far from smooth sailing, 
but overall it was productive and instructive for advocacy 
groups and utilities who value consumer privacy and potential 
partners from the online economy where consumer privacy is not 
as highly valued.
    The NISTIR privacy subgroup for the project included those 
unfamiliar with privacy issues as well as privacy experts. The 
challenge was learning to speak the same language and 
understanding the core values of privacy as they relate to 
smart grid. The field of privacy is just like other 
disciplines: We learn from the mistakes and successes of 
others, improving our knowledge and understanding about what 
works and why. At present, the draft text incorporates a good 
statement on privacy and includes clearly supported language 
for fair information practices, recognizes the importance of 
privacy by design and other privacy-enhancing technology 
approaches, acknowledges the serious problem of 
reidentification first noted by Professor Latanya Sweeney at 
Carnegie Mellon University and by Professor Alessandro Acquisti 
at the same institution, and finally, details smart grid 
threats that include insecure smart meters, Internet access to 
smart grid data and third-party use of customer smart grid 
information.
    However, as the document is merged with the remainder of 
the NIST Smart Grid Interoperability Standards Project, it will 
continue to be edited. The first draft will go to the 
Department of Commerce where it may further be edited prior to 
public release. The final document may bear little resemblance 
to the results of the privacy groups' hours of effort to 
address the unique privacy challenges of the smart grid. For 
this reason, EPIC reserves judgment on the success of including 
advocacy groups in the process until the final document is 
published.
    Privacy protection is essential to the successful 
implementation of the smart grid and failure to develop robust 
standards that incorporate FIPS for protecting PII will likely 
hinder adoption of applications and services. Only by 
developing standards that ensure end-to-end privacy and 
security protection can NIST contribute to innovation and 
technology of the smart grid. NIST could fill an important role 
in establishing comprehensive privacy practices.
    EPIC appreciates the Subcommittee's interest in smart grid 
privacy issues, is eager to contribute to the further 
development of smart grid privacy policy, and looks forward to 
the Committee's questions. Thank you.
    [The prepared statement of Ms. Coney follows:]

                   Prepared Statement of Lillie Coney

    EPIC would like to thank the Subcommittee Chair and Ranking Member 
for this opportunity to speak with you on a matter that has emerged as 
one of the leading privacy challenges for our generation.
    EPIC is a public interest research center, based in Washington, DC, 
established in 1994 to focus public attention on emerging civil 
liberties issues and to protect privacy, the First Amendment, and other 
constitutional values. EPIC has a long-standing interest and 
specialization in privacy and technology issues.\1\ EPIC has a 
particular interest in the privacy implications of the Smart Grid 
standards, as we anticipate that this change in the energy 
infrastructure will have significant privacy implications for American 
consumers.\2\ In other similar areas, EPIC has consistently urged 
Federal agencies to minimize the collection of personally identifiable 
information (PII) and to establish privacy obligations when PII is 
gathered.
---------------------------------------------------------------------------
    \1\ EPIC, Electronic Privacy Information Center, http://
www.epic.org (last visited June 29, 2010); EPIC, Privacy, http://
www.epic.org/privacy/default.html (last visited June 29, 2010).
    \2\ EPIC, The Smart Grid and Privacy, http://epic.org/privacy/
smartgridlsmartgrid.html (last visited June 29, 2010).
---------------------------------------------------------------------------
    It is rare today to discover an industry that collects, retains, 
and uses vast amounts of personal information that is also transparent, 
accountable, and operates collaboratively under state regulations. 
Utilities ``do what they are told,'' adhering to rules established by 
public utility commissions and business models based upon fair 
information practices. The electric utility industry has done this for 
over one hundred years. It is EPIC's hope that they will adhere to this 
model of conduct as they move toward full deployment of the Smart Grid.
    However, there will be great temptation to monetize the information 
about consumer electricity consumption in ways that may threaten 
consumer privacy, competitiveness of businesses, both small and large, 
and the security of Smart Grid infrastructure should it become a ``plug 
and play'' environment.

I. Privacy and the Smart Grid

            A. Defining Privacy and the Smart Grid

    Privacy is one of the most fundamental and basic of human rights. 
Without it, many other rights, such as the freedoms of speech, 
assembly, religion and the sanctity of the home, would be jeopardized. 
Although most countries around the world include explicit protection of 
a right to privacy in their constitutions, it remains one of the more 
difficult rights to define.
    The focus for protecting privacy of information stored on computers 
or exchanged on computing networks is determining whether data is or is 
not PII. This type of information can locate or identify a person, or 
it can be used in conjunction with other information to uniquely 
identify an individual. Historically, PII includes name, social 
security number, address, phone number, or date of birth. In the 
Internet Age, the list of PII has grown to include other data, 
including e-mail addresses, Internet Protocol (IP) addresses, social 
networking pages, search engine requests, log records, and passwords.
    Our legal system has long recognized and protected an individual's 
right to personal privacy in PII. The drafters of the Constitution 
``conferred, as against the Government, the right to be let alone--the 
most comprehensive of rights and the right most valued by civilized 
man. To protect that right, every unjustifiable intrusion by the 
Government upon the privacy of the individual, whatever the means 
employed, must be deemed a violation'' of constitutional principles.\3\ 
Moreover, public opinion polls consistently find strong support among 
Americans for legally cognizable privacy rights in law to protect their 
personal information from government and commercial entities.\4\
---------------------------------------------------------------------------
    \3\ Olmstead v. United States, 277 U.S. 438, 478 (1928) (Brandeis, 
J., dissenting).
    \4\ See generally EPIC, Public Opinion on Privacy, http://epic.org/
privacy/survey (last visited June 29, 2010).
---------------------------------------------------------------------------
    More recently, the Supreme Court, in Kyllo v. United States,\5\ 
addressed the privacy implications of monitoring electrical use in the 
home. After reviewing precedent, the Court found that a search warrant 
must be obtained before the government may use new technology to 
monitor the use of devices that generate heat in the home:
---------------------------------------------------------------------------
    \5\ 533 U.S. 27 (2001).

         [I]n the case of the search of the interior of homes--the 
        prototypical and hence most commonly litigated area of 
        protected privacy--there is a ready criterion, with roots deep 
        in the common law, of the minimal expectation of privacy that 
        exists, and that is acknowledged to be reasonable. To withdraw 
        protection of this minimum expectation would be to permit 
        police technology to erode the privacy guaranteed by the Fourth 
        Amendment.\6\
---------------------------------------------------------------------------
    \6\ Id. at 34.

    The Court found that even the most minute details of a home are 
intimate: ``[i]n the home, our cases show, all details are intimate 
details, because the entire area is held safe from prying government 
eyes.'' \7\ Thus, the Court held that the police could not use thermal 
imaging equipment, which was not in general public use, ``to explore 
details of the home that would previously have been unknowable without 
physical intrusion,'' without first obtaining a search warrants.\8\
---------------------------------------------------------------------------
    \7\ Id. at 37.
    \8\ Id. at 40.

---------------------------------------------------------------------------
            B. Assessing Smart Grids and Privacy

    The Smart Grid implicates privacy at a fundamental level, as it can 
best be understood as a powerful digital communication network. Indeed, 
communications giant Cisco predicts the Smart Grid network will be 
``100 or 1,000 times larger than the Internet.'' \9\ The Smart Grid 
would allow the unprecedented flow of information between power 
providers and power consumers. Its potential benefits to energy 
efficiency, granular control over power usage, and the environment are 
immense. However, like any analogous communications network, such as 
the Internet, the Smart Grid also admits the possibility of new and 
problematic threats to privacy in the form of increased data 
collection, retention, sharing and use.\10\ As the National Institute 
of Standards and Technology (NIST) acknowledges, ``[t]he major benefit 
provided by the Smart Grid, i.e. the ability to get richer data to and 
from customer meters and other electric devices, is also its Achilles' 
heel from a privacy viewpoint.'' \11\
---------------------------------------------------------------------------
    \9\ Martin LaMonica, Cisco: Smart Grid Will Eclipse Size of 
Internet, CNET, May 18, 2009, http://news.cnet.com/8301-
11128-3-10241102-54.html.
    \10\ See Ann Cavoukian, Jules Polonetsky & Christopher Wolf, 
Privacy by Design, SmartPrivacy for the Smart Grid: Embedding Privacy 
into the Design of Electricity Conservation 8 (Nov. 2009), http://
www.ipc.on.ca/images/Resources/pbd-smartpriv-smartgrid.pdf 
(``Modernization of the current electrical grid will involve end-user 
components and activities that will tend to increase the collection, 
use and disclosure of personal information by utility providers, as 
well as, perhaps, third parties.'') [hereinafter Privacy by Design].
    \11\ National Institute for Standards and Technology, NIST 
Framework and Roadmap for Smart Grid Interoperability Standards Release 
1.0 (Draft) 84 (2009) [hereinafter Draft Framework].
---------------------------------------------------------------------------
    The basic architecture of the Smart Grid presents several thorny 
privacy issues. The first widely distributed smart grid application is 
the smart meter.\12\ Smart meters monitor and can report customer 
electricity consumption to the utility service provider. Experts 
estimate that U.S. investment in smart meters could total $40 to $50 
billion, and that roughly one hundred million smart meters could be 
installed over the next five years.\13\ Smart meters, like traditional 
meters, will be associated with a unique physical address, which makes 
it PII.\14\ Along with the meter serial number and the electronic 
information associated with the meter address, this information is PII.
---------------------------------------------------------------------------
    \12\ See Stan Mark Kaplan, Congressional Research Service, Electric 
Power Transmission: Background and Policy Issues 23 (2009), available 
at http://opencrs.com/document/R40511/2009-04-14/download/1013 
(discussing basic functions of smart meters); U.S. Dep't of Energy, 
Smart Grid System Report 38 (July 2009) [hereinafter ``Smart Grid 
System Report] (``The use of smart meters, a driving force behind being 
able to evaluate grid load and support pricing conditions, has been 
increasing significantly, almost tripling between 2006 and 2008 to 19 
million meters . . .'').
    \13\ Draft Framework, supra note 11, at 21-22.
    \14\ See National Institute for Standards and Technology, Draft 
NISTIR 7628: Smart Grid Cyber Security Strategy and Requirements (2nd 
public draft) 33 (2010) [hereinafter Cyber Security Strategy], 
available at http://csrc.nist.gov/publications/drafts/nistir-7628/
draft-nistir-7628-
2nd-public-draft.pdf (flow chart detailing Smart Grid communication 
links between consumers and providers).
---------------------------------------------------------------------------
    Smart meters will increase the frequency of communication from the 
home to the utility service provider or the third party application 
user. Traditional meter reading takes place once a month, by a visit 
from a person affiliated with the electricity service provider or 
billing company. In contrast, proposals for smart meters discuss 
``real-time'' reporting of usage data.\15\ Currently, the design 
specification is not for electricity consumption information to remain 
in the home or meter location, which could only be accessed easily by 
the utility user. Rather, the plan, as suggested in the Cyber Security 
Strategy, is to instead share the information with the utility company 
or others. If, as the document suggests, the information will allow 
customers to make better energy consumption decisions, then only the 
customer should have access to that information. This is one of many 
instances in which the design of a Smart Grid application can either 
favor privacy or ignore it.
---------------------------------------------------------------------------
    \15\ See, e.g., Draft Framework, supra note 11, at 56.
---------------------------------------------------------------------------
    Another architectural point which raises privacy implications is 
the use of wireless communications to transmit Smart Grid data.\16\ The 
Draft Framework proposed to assess ``the capabilities and weaknesses of 
specific wireless technologies.'' \17\ Although it mentions security as 
a characteristic of wireless technology that may be relevant to that 
assessment, privacy is not mentioned. Any wireless technology that 
would be used to transmit user data must protect personal privacy. 
Wireless sensors and networks are susceptible to security breaches 
unless properly secured,\18\ and breaches of wireless technology could 
expose users' personal data.\19\ Similarly, the potential transmission 
of Smart Grid data through ``broadband over power line'' (BPL) 
implicates users' privacy:
---------------------------------------------------------------------------
    \16\ See Draft Framework, supra note 11, at 65.
    \17\ Id.
    \18\ See, e.g., Mark F. Foley, Data Privacy and Security Issues for 
Advanced Metering Systems (Part 2), http://www.smartgridnews.com/
artman/publish/industry/Data-Privacyand-Security
-Issues-for-Advanced-Meterin
g-Systems-Part-2.html (``Wireless 
sensor networks, for example, are subject to the general security 
problems of computer networks, ordinary wireless networks, and ad-hoc 
networks).
    \19\ See id. (breaches could ``result in denial of service to 
customers or utilities (e.g., access to billing information or energy 
usage), payment avoidance, system overload, reduced quality of service, 
and violation of power control protocols'').

         A BPL node could communicate with any device plugged into an 
        electrical socket. Capture of a substation node would provide 
        control over messages going to smart appliances or computing 
        systems in homes and offices. A utility may also offer 
        customers BPL as a separate revenue stream. This creates risks 
        that [advanced meter] data could be read or modified over the 
        internet or that common internet attacks could be brought 
        against the electrical grid or individual customers.\20\
---------------------------------------------------------------------------
    \20\ Id.

    Moreover, wireless communication is especially problematic in light 
of how easily signals from wireless devices are detectable by bad 
actors to pick-up valuable information on systems using wireless 
technology, and the past exploitation of wireless systems by thieves 
who use techniques known as ``wardriving'' to seek out unprotected or 
insufficiently protected wireless communication portals.\21\
---------------------------------------------------------------------------
    \21\ See, e.g., Patrick S. Ryan, War, Peace, or Stalemate: 
Wargames, Wardialing, Wardirving, and the Emerging Market for Hacker 
Ethics, 9 VA. J.L. & TECH. 7 (2004).
---------------------------------------------------------------------------
    Wireless communications to transmitting Smart Grid data would not 
only provide a significant challenge to privacy of users, but may also 
pose economic and security threats. Identity theft, third party 
monitoring of utility use, home invasions, domestic abuse and predatory 
use of home electricity consumption information strips home owners of 
the protection from prying eyes provided by the walls of their home.
    A final architectural problem with the proposed Smart Grid is the 
interaction between the Smart Grid and plug-in electric vehicles (PEV). 
It is possible that the Smart Grid would permit utility companies to 
use PEVs and other sources of stored energy ``as a grid-integrated 
operational asset,'' \22\ i.e., to drain the energy stored in the PEVs 
when the energy is needed to supply other users. This application of 
the Smart Grid is particularly troubling. If privacy is, as the Supreme 
Court has said, the ``interest in independence in making certain kinds 
of important decisions,'' \23\ then this proposed application could 
severely damages both privacy interests and consumer rights.
---------------------------------------------------------------------------
    \22\ Draft Framework, supra note 11, at 67.
    \23\ Whalen v. Roe, 429 U.S. 589, 599-600 (1977).

---------------------------------------------------------------------------
            C. Privacy Threats

    In addition to the architectural weaknesses of the proposed Smart 
Grid, the application and use of the Smart Grid threatens privacy 
interests in many other ways.

                           i. Misuse Of Data

    The massive amounts of data produced by the Smart Grid can 
potentially be misused by a number of parties--the power utilities 
themselves, authorized third parties such as marketing firms, or 
unauthorized third-parties such as identity thieves.

                          ii. Power Utilities

    Power utilities themselves will likely be interested in conducting 
complex data mining analysis of Smart Grid data in order to make power 
distribution decisions. For instance, at the Tennessee Valley Authority 
(TVA), administrators estimate that they will have 40 terabytes of data 
by the end of 2010, and that five years of data will amount to roughly 
half a petabyte.\24\ The TVA administrators are actively working to 
improve their ability to analyze the data, including through ``complex 
data mining techniques.'' \25\ Moreover, the TVA has explored using 
cloud computing resources to analyze and data mine the data, which 
raises a separate set of privacy concerns.\26\
---------------------------------------------------------------------------
    \24\ Josh Patterson, Cloudera, The Smart Grid and Big Data: Hadoop 
at the Tennessee Valley Authority (TVA), June 2, 2009, http://
www.cloudera.com/blog/2009/06/02/smart-grid-bib-data-hadoop-tennessee-
valley-authority-tva.
    \25\ Id.
    \26\ See EPIC, Cloud Computing, http://epic.org/privacy/
cloudcomputing (last visited June 29, 2010).

---------------------------------------------------------------------------
             iii. Data Mining and Authorized Third-Parties

    Data mining of sensitive personal information raises serious 
privacy concerns.\27\ For example, Total Information Awareness (TIA), 
developed by the Defense Advanced Research Projects Agency (DARPA), 
proposed to data mine wide swaths of information in order to detect 
terrorists.\28\ However, privacy concerns led the Congress to eliminate 
funding for the project, and the Technology and Privacy Advisory 
Committee of the Department of Defense issued a report recommending 
that Congress pass laws to protect civil liberties when the government 
sifts through computer databases containing personal information.\29\ 
The data mining of sensitive personal information transmitted through 
the Smart Grid raises similar privacy concerns.
---------------------------------------------------------------------------
    \27\ See EPIC, Terrorism (Total) Information Awareness, http://
epic.org/privacy/profiling/tia (discussing government data mining of 
citizens' personal information) (last visited June 29, 2010).
    \28\ See id.
    \29\ Department of Defense, Safeguarding Privacy in the Fight 
Against Terrorism (2004), available at http://www.epic.org/privacy/
profiling/tia/tapac-report.pdf.
---------------------------------------------------------------------------
    Authorized third-parties may also be interested in using data 
collected through the Smart Grid. The real-time data streaming 
capabilities of the Smart Grid, in particular, implicate a separate 
group of privacy risks. Just as appliance manufacturers and insurance 
companies may want access to appliance usage data, marketing and 
advertising firms may want access to the data--particularly real-time 
data--in order to target marketing more precisely.\30\ However, power 
usage data can reveal intimate behavioral information; providing that 
information to third-party marketing and advertising firms 
surreptitiously would be a repugnant invasion of privacy.
---------------------------------------------------------------------------
    \30\ See Privacy and the New Energy Infrastructure, supra note 46, 
at 46; Rebecca Herold, SmartGrid Privacy Concerns, available at http://
www.privacyguidance.com/files/Smart
GridPrivacyConcernsTableHeroldSept-2009.pdf [hereinafter 
Privacy Concerns]; Mark F. Foley, The Dangers of Meter Data (Part 1), 
available at http://www.smartgridnews.com/artman/publish/industry/
The-Dangers-of-Meter-Data-
Part-1.html [hereinafter ``Dangers (Part I)''].

---------------------------------------------------------------------------
                  iv. Identity Theft and Data Breaches

    Further, without privacy standards that protect privacy there will 
be unauthorized third-parties who will likely also be interested in 
misusing Smart Grid data, for many of reasons such as identity theft or 
burglary. Identity theft victimizes millions of people each year.\31\ 
The Federal Trade Commission (FTC) estimated that 8.3 million people 
discovered that they were victims of identity theft in 2005, with total 
reported losses exceeding $15 billion.\32\ According to the Privacy 
Rights Clearinghouse, more than 340 million records containing 
sensitive personal information have been involved in security breaches 
since January 2005.\33\
---------------------------------------------------------------------------
    \31\ See generally EPIC, Identity Theft, http://epic.org/privacy/
idtheft (last visited June 29, 2010).
    \32\ Fed. Trade Comm'n, 2006 Identity Theft Survey Report 4, 9 
(2007) [hereinafter ``FTC Survey Report''].
    \33\ Privacy Rights Clearinghouse, Chronology of Data Breaches, 
June 25, 2010, http://www.privacyrights.org/ar/ChronDataBreaches.htm.
---------------------------------------------------------------------------
    The faith placed in the capacity of the Smart Grid to safeguard 
sensitive personal information is unfounded. As an employee for Itron, 
a manufacturer of automated meters, admitted, ``Any network can be 
hacked.'' \34\ Similarly, some experts argue that ``an attacker with 
$500 of equipment and materials and a background in electronics and 
software engineering could `take command and control of the [advanced 
meter infrastructure] allowing for the en masse manipulation of service 
to homes and businesses.'' \35\ Thus, it is possible that ``just as 
identities, credit and debit card numbers, and other financial 
information are routinely harvested and put up for sale on the 
Internet, so can Smart Grid identifiers and related information.'' \36\ 
Alternatively, identity thieves could use PII obtained elsewhere to 
impersonate utility customers, which poses the risk of fraudulent 
utility use and potential impact on credit reports.\37\
---------------------------------------------------------------------------
    \34\ Jeanne Meserve, `Smart Grid' May Be Vulnerable To Hackers, 
CNN, March 21, 2009, http://www.cnn.com/2009/TECH/03/20/
smartgrid.vulnerability.
    \35\ Id.
    \36\ Eric Breisach & H. Russell Frisby, Energy Identity Theft: 
We're Way Beyond Plugging in the Meter Upside Down, Smartgridnews.com, 
April 9, 2008, http://www.smartgridnews.com/artman/publish/
article-425.html.
    \37\ See Rebecca Herold, SmartGrid Privacy Concerns, available at 
http://www.privacyguidance.com/files/
SmartGridPrivacyConcemsTableHeroldSept-2009.pdf [hereinafter 
Privacy Concerns].
---------------------------------------------------------------------------
    Peter Neumann, an expert on privacy and security who testified to 
the House Committee On Ways and Means Subcommittee On Social Security 
in 2007, concluded that the design of information systems are subject 
to many pitfalls, and that there is ``[a] common tendency to place 
excessive faith in the infallibility of identification, authentication, 
and access controls to ensure security and privacy.'' \38\ As such, the 
dangers of identity theft and data breaches are a threat that must be 
addressed during the implementation of the Smart Grid.
---------------------------------------------------------------------------
    \38\ Security and Privacy in the Employment Eligibility 
Verification System (EEVS) and Related Systems: Hearing Before the H. 
Comm. On Ways and Means Subcomm. On Social Security, 110th Gong. 9 
(2007) (statement of Peter G. Neumann, Principal Scientist, Computer 
Science Lab, SRI International).

---------------------------------------------------------------------------
                         v. Unauthorized Access

    The misuse of Smart Grid data is further exacerbated by the 
possibility of combining Smart Grid data with other data sources or 
scanning of open Home Area Networks that transmit Smart Grid energy 
usage data. For example, Google PowerMeter collects data on home energy 
consumption.\39\ This technology raises the obvious possibility that 
Google will combine consumer information about power consumption with 
Google's preexisting ability to record, analyze, track and profile the 
activities of Internet users.\40\ Such new business models also raise 
significant antitrust concerns.\41\
---------------------------------------------------------------------------
    \39\ Google PowerMeter, http://www.google.org/powermeter (last 
visited June 29, 2010).
    \40\ See generally EPIC, Privacy? Proposed GoogIe/DoubleClick 
Merger, http://epic.org/privacy/ftc/google (last visited June 29, 
2010).
    \41\ Cf. Statement of Interest of the United States of America 
Regarding Proposed Class Settlement, The Author's Guild, Inc., et al. 
v. Google, Inc., No. 05 Civ. 8136 (DC), at 16-26 (S.D.N.Y. Sept. 28, 
2009) (Department of Justice arguing that the proposed settlement 
regarding Google Books ``may be inconsistent with antitrust law ''). 
See generally EPIC, Google Books Settlement and Privacy, http://
epic.org/privacy/googlebooks (last visited June 29, 2010).
---------------------------------------------------------------------------
    The recent admission by Google that it secretly collected 
electronic PII from wireless networks around the world is particularly 
telling. For years, Google used its Street View data collection project 
to access and download data from unsecured wireless computer devices in 
homes and businesses without providing notice to or acquiring consent 
from government bodies or individuals.\42\ Google's failure to provide 
notice was especially troubling because it precluded governments from 
enforcing local laws and protecting the security, welfare, and values 
of their own citizens. Google's massive misuse of emerging technology 
highlights the potentially devastating consequences of newly deployed 
technologies, and the need for effective oversight. In another example 
of the dangers presented by unanticipated negative effects of new 
technology, microwave ovens were first made available to consumers 
before their safety was comprehensively evaluated. The spectrum range 
of these appliances had a disruptive effect on heart pacemakers. 
However, contrary to many recently developed technologies, microwave 
technology was transparent and therefore accessible for independent 
review and study, so the problem was easily identified and quickly 
remedied.
---------------------------------------------------------------------------
    \42\ EPIC, Google Street View and Privacy, http://epic.org/privacy/
streetview (last visited June 29, 2010).
---------------------------------------------------------------------------
    Indeed, these risks remain if even residual data is stored on Smart 
Grid meters. If data on Smart Grid meters are not properly removed, 
residual data could reveal information regarding the activities of the 
previous users of the meter.\43\ Thus, the Smart Grid should be 
designed to avoid the unnecessary retention of PII. Moreover, the 
prospect of remote access to Smart Grid data could lead to unauthorized 
access and misuse of the data. Many companies and government agencies 
provide employees and contractors with remote access to their networks 
through organization-issued computing devices. Remote access to Smart 
Grid customer information or utility usage data should be prohibited 
except for service provision and maintenance. The misuse of Smart Grid 
data could also harm consumers' reputations in many different ways. The 
collection and sharing of Smart Grid data could cause unwanted 
publicity and/or embarrassment. Moreover, public aggregated searches of 
Smart Grid data could reveal individual behaviors. Finally, the 
aforementioned data aggregation and data mining activity could permit 
publicized privacy invasions.
---------------------------------------------------------------------------
    \43\ See Privacy Concerns, supra note 37.

---------------------------------------------------------------------------
                       vi. Personal Surveillance

    The Smart Grid could also reveal sensitive personal behavior 
patterns. The proposed Smart Grid will be able to coordinate power 
supply in real time, based on the power needs of users and the 
availability of power.\44\ For instance, ``[e]nergy use in buildings 
can be reduced if building-system operations are coordinated with the 
schedules of the occupants.'' \45\ However, coordinating schedules in 
this manner poses serious privacy risks to consumers. Information about 
a power consumer's schedule can reveal intimate, personal details about 
their lives, such as their medical needs, interactions with others, and 
personal habits making ``highly detailed information about activities 
carried on within the four walls of the home will soon be readily 
available for millions of households nationwide.'' \46\ ``[R]esearch 
has delineated the differences in availability at home for various 
social types of electricity consumers including working adults, senior 
citizens, housewives and children of school age.'' \47\ Similarly, the 
data could reveal the type of activity that the consumer is engaging 
in, differentiating between, for example, housework and entertainment, 
or even a consumer's lifestyle by revealing that a consumer has a 
serious medical condition and uses medical equipment every night, or 
that he lives alone and leaves the house vacant all day.\48\
---------------------------------------------------------------------------
    \44\ Draft Framework, supra note 11, at 51.
    \45\ Id. at 52.
    \46\ Elias Leake Quinn, Privacy and the New Energy Infrastructure 
28 (2009), available at http://ssrn.corm/abstract=1370731 [hereinafter 
Privacy and the New Energy Infrastructure]; see Privacy Concerns, supra 
note 37.
    \47\ Privacy and the New Energy Infrastructure at 26-27; see A. 
Capasso et al., Probabilistic Processing of Survey Collected Data in a 
Residential Load Area for Hourly Demand Profile Estimation, 2 Athens 
Power Tech 866, 868 (1993).
    \48\ Privacy and the New Energy Infrastructure, supra note 46, at 
27 (``differences in consumption vary with the type of activity, and 
profiles of energy uses that differentiate between activities can be 
constructed for things like leisure time, housework, cooking, personal 
hygiene''); see Capasso, supra note 47, at 869.

                      vii. Energy Use Surveillance

    Smart Grid meter data may also be able to track the use of specific 
appliances within users' homes.\49\ These ``smart appliances'' would be 
able to communicate with the Smart Grid, transmitting detailed energy-
use information and responding dynamically to price fluctuations and 
power availability. A smart water heater, for example, could engage in 
``dynamic pricing'' by using ``a device that coordinates with a 
facility's energy-management system to adjust temperature controls, 
within specified limits, based on energy prices.'' \50\
---------------------------------------------------------------------------
    \49\ See, e.g., Privacy by Design, supra note 10, at 8-9.
    \50\ Smart Grid System Report, supra note 12, at 34.
---------------------------------------------------------------------------
    As other devices become commercially available that are designed to 
send consumption data over the Smart Grid, the collection of personal 
data could increase. For example, the monitoring of electricity 
consumption may require the registration of items within a home for 
monitoring by the utility company or a third party service provider. 
Smart Grid enabled appliances such as washers, dryers, air 
conditioners, central heating systems, water heaters, stoves, 
refrigerator, freezers, swimming pools and Jacuzzis consume large 
amounts of electricity, and may be associated with a fixed address such 
as a home. Each of these items may have a unique product manufacturer 
designation (e.g. Whirlpool, General Electric, etc.), product serial 
number, and the purchase history of the item which would include the 
purchaser's name. Monitoring the function and operation of these items 
would be physically associated with an address, which is PII for those 
occupying the residence.
    Further, it can be anticipated that the Smart Grid could track even 
smaller electricity usage. Smart plugs or outlets might report in real-
time when a lighting fixture, lamp, computer, television, gaming 
system, music device, or exercise machine is operating and the duration 
of use. One scholar forcefully argues that the ability to monitor 
electricity use at such a granular level poses a serious threat to 
privacy:

         This, more than any other part of the smart meter story, 
        parallels Shelley's fable of Frankenstein: while researchers do 
        not currently have the ability to identify every appliance 
        event from within an individual's electricity profile, the 
        direction of the research as a whole and the surrounding 
        context and motivations for such research point directly to 
        developing more and more sophisticated tools for resolving the 
        picture of home life that can be gleaned from an individual's 
        electricity profile. Before the switch is thrown and the 
        information unleashed upon the world for whatever uses willed, 
        it may be prudent to look into data protections lest the 
        unforeseen consequences come back to haunt us.\51\
---------------------------------------------------------------------------
    \51\ Privacy and the New Energy Infrastructure, supra note 46, at 
28.

    Indeed, the potential amount of personal information that could be 
---------------------------------------------------------------------------
gleaned from smart appliances is colossal:

         For example, it is suggested that the following information 
        could be gleaned with the introduction of end-user components . 
        . .: Whether individuals tend to cook microwavable meals or 
        meals on the stove; whether they have breakfast; the time at 
        which individuals are at home; whether a house has an alarm 
        system and how often it is activated; when occupants usually 
        shower; when the TV and/or computer is on; whether appliances 
        are in good condition; the number of gadgets in the home; if 
        the home has a washer and dryer and how often they are used; 
        whether lights and appliances are used at odd hours, such as in 
        the middle of the night; whether and how often exercise 
        equipment such as a treadmill is used.\52\
---------------------------------------------------------------------------
    \52\ Privacy by Design, supra note 10, at 11.

    Perhaps even more problematic, much of the personal information 
which could be gleaned from smart appliances would not otherwise be 
available to outsider observers: ``With the whole of a person's home 
activities laid to bare, [appliance-usage tracking] provides a better 
look into home activities than would peering through the blinds at that 
house.'' \53\
---------------------------------------------------------------------------
    \53\ Id. at 25.
---------------------------------------------------------------------------
    Not only could that information be used to extract even more 
intimate information from the usage data, but that information could 
also be used in ways that impact the user in tangential areas of their 
lives.\54\ For instance, appliance usage data could be transferred to 
appliance manufacturers to respond to warranty claims. Or, the data 
could be transferred to insurance companies that may want the 
information as part of an investigation into an insurance claim.\55\ 
Landlords could track the energy use and behavior patterns of renters/
leasers. The data could even be used to impinge on civil liberties by 
facilitating censorship or limitation of activities based on energy 
consumption patterns.\56\ For instance, ``meter data could reveal 
resident activities or uses that utility companies may then 
subsequently decide are inappropriate or should not be allowed.'' \57\ 
Or more generally, energy service providers in possession of consumer 
data may simply choose to use the data for marketing purposes or to 
sell it on the open market for a multitude of applications such as 
behavioral advertising.
---------------------------------------------------------------------------
    \54\ See Privacy Concerns, supra note 37; Dangers (Part I), supra 
note 30.
    \55\ See Dangers (Part I), supra note 30.
    \56\ See Privacy Concerns, supra note 37.
    \57\ Id.
---------------------------------------------------------------------------
    The possibility that the appliances could interface with the Smart 
Grid through IP-based networks further exacerbates these privacy 
issues. The Draft Framework raises indirectly the privacy risk that 
would arise in an IP-based power network: ``An analysis needs to be 
perforated for each set of Smart Grid requirements to determine whether 
IP is appropriate and whether cyber security can be assured.'' \58\ The 
effect of IP-based networks on privacy must be part of that analysis, 
as IPv6 and the ``Internet of Things'' raise new privacy 
considerations. For instance, the IP addresses associated with 
appliances or other devices ``could be used to track activities of a 
device (and an associated individual),'' thereby revealing an 
individual's health condition, daily activities, and other sensitive 
and private information.\59\
---------------------------------------------------------------------------
    \58\ Draft Framework, supra note 11, at 29.
    \59\ SANS Institute, The Next Internet Privacy in Internet Protocol 
5 (2004); see Commission To the European Parliament, the Council, the 
European Economic and Social Committee and the Committee of the 
Regions, Internet of Things--An Action Plan for Europe 5-6 (2009) 
(``Social acceptance of [Internet of Things] will be strongly 
intertwined with respect for privacy and the protection of personal 
data, two fundamental rights of the EU.'').
---------------------------------------------------------------------------
    Moreover, allowing the devices access to the Internet will make 
them more vulnerable, increasing the likelihood of security breaches 
and loss of personal privacy: ``All of these [Smart Grid] communication 
links introduce vulnerabilities, especially if they can be accessed 
over the Internet.'' \60\ The invasiveness of extracting appliance 
usage data from Smart Grid data, particularly from IP-enabled 
appliances, cannot be overstated as IP addressing in an IPv6 
environment will make possible the unique identification of every 
single device in the home that receives electric power. This combined 
with collected creates a bundle of vulnerable PII.
---------------------------------------------------------------------------
    \60\ See M. Granger Morgan, et al., Carnegie Mellon University 
Department of Engineering and Public Policy, The Many Meanings of 
``Smart Grid'' 5 (2009), available at http://www.epp.cmu.edu/
Publications/Policy-Brief 
Smart-Grid-July 09.pdf.

                         viii. Physical Dangers

    Data collected by the Smart Gird could be used by criminals, such 
as burglars or vandals, to monitor real-time data in order to determine 
when the house is vacant.\61\ As one Carnegie Mellon University 
researcher argued, ``[w]e should not build a power system in which a 
hacker working for a burglar can tell when you are home by monitoring 
your control systems . . .'' \62\
---------------------------------------------------------------------------
    \61\ See Privacy and the New Energy Infrastructure, supra note 46, 
at 30; Privacy Concerns, supra note 37; Dangers (Part I), supra note 
30.
    \62\ Morgan, et al., supra note 60, at 5.
---------------------------------------------------------------------------
    Similarly, the Smart Grid affects the interaction between privacy 
and domestic violence/stalkers.\63\ Stalking, domestic violence and 
intimate partner abuse are also the targets of evolving state and 
Federal policy.\64\ Over the years this area has grown to include the 
protection of the privacy of stalking and domestic violence 
survivors.\65\ As EPIC has repeatedly argued, domestic violence victims 
often have urgent needs for privacy, as they may need to keep personal 
data from their abusers. This type of abuse can also involve privacy 
violations such as surveillance, monitoring, or other stalking methods. 
For a domestic violence victim, the need for privacy is a need for 
physical safety. However, the Smart Grid could provide abusers with 
another method for tracking and monitoring their victims. For instance, 
an abuser could track a victim's daily activities in order to exercise 
greater control over her ability to contact the authorities or other 
aid. Similarly, the capabilities of the Smart Grid could affect even 
emancipated domestic abuse victims, as their former abusers may be able 
to relocate the victims using personal information transmitted through 
the Smart Grid.
---------------------------------------------------------------------------
    \63\ See generally EPIC, Domestic Violence and Privacy, http://
epic.org/privacy/dv (last visited June 29, 2010).
    \64\ See. e.g., Violence Against Women and Department of Justice 
Reauthorization Act of 2005, Pub. L. No. 109-162, 119 Stat. 2960 
(2005).
    \65\ See EPIC, Violence Against Women Act and Privacy, http://
epic.org/privacy/div/vawa.html (last visited June 29, 2010).

---------------------------------------------------------------------------
II. Recommended Privacy Standards

            A. Adopt Fair Information Practices

    PII activity should, as mentioned, be limited to a permitted and 
specified purpose. EPIC agrees that ``only the minimum amount of data 
necessary for the utility companies to use for energy management and 
billing should be collected.'' \66\ EPIC also agrees that treatment of 
information must conform to fair information practices. However, NIST 
should specify that those practices match the practices identified in 
the HEW Report \67\ and the OECD Privacy Guidelines.\68\ As discussed, 
the HEW Report established fair information practices, based on five 
principles:
---------------------------------------------------------------------------
    \66\ Id. at 12.
    \67\ Dep't. of Health, Educ. and Welfare, Secretary's Advisory 
Comm. on Automated Personal Data Systems, Records, Computers, and the 
Rights of Citizens (Government Printing Office 1973) [hereinafter ``HEW 
Report''].
    \68\ OECD, Guidelines on the Protection of Privacy and Transborder 
Flows of Personal Data (1980), http://www.oecd.org/document/l8/
0,3343,en-2649-34255-1815186-
1-1-1-1,00.html
[hereinafter OECD Privacy Guidelines], reprinted in The Privacy Law 
Sourcebook 395-423 (Marc Rotenberg ed., 2004).

         (1) There must be no personal data record-keeping systems 
        whose very existence is secret. (2) There must be a way for a 
        person to find out what information about the person is in a 
        record and how it is used. (3) There must be a way for a person 
        to prevent information about the person that was obtained for 
        one purpose from being used or made available for other 
        purposes without the person's consent. (4) There must be a way 
        for a person to correct or amend a record of identifiable 
        information about the person. (5) Any organization creating, 
        maintaining, using, or disseminating records of identifiable 
        personal data must assure the reliability of the data for their 
        intended use and must take precautions to prevent misuses of 
        the data.\69\
---------------------------------------------------------------------------
    \69\ HEW Report, supra note 67, at xx-xxiii.

    Similarly, the OECD Privacy Guidelines established eight principles 
for data protection that are widely used as the benchmark for assessing 
privacy policies and legislation: Collection Limitation; Data Quality; 
Purpose Specification; Use Limitation; Security Safeguards; Openness; 
Individual Participation; and Accountability.\70\ The treatment of 
Smart Grid information should conform to those practices in the 
following manner:
---------------------------------------------------------------------------
    \70\ OECD Privacy Guidelines, supra note 68.

    
    

    Moreover, NIST should require enforcement of the guidelines in 
accordance with the HEW Report.\72\ NIST should recommend enforcement 
mechanisms, such as civil and criminal penalties, injunctions and 
private rights of action. By specifying the parameters and enforcement 
of the fair information practices, NIST can require actual conformance, 
rather than loosely requiring treatment to ``conform.''
---------------------------------------------------------------------------
    \71\ ``Consent'' is widely understood as ``any freely given 
specific and informed indication of a data subject's wishes by which 
the data subject signifies his agreement to personal data relating to 
him being processed.'' European Union Data Protection Directive, 
reprinted in The Privacy Law Sourcebook 450 (Marc Rotenberg ed., 2004).
    \72\ HEW Report, supra note 67, at xxiii.
---------------------------------------------------------------------------
    Several of the principles proposed by NIST reflect the FIPs 
contained in the HEW Report and the OECD Privacy Guidelines, which is 
commendable. However, the NIST guidelines also propose other principles 
that could be strengthened or improved upon.

            B. Establish Independent Privacy Oversight

    The Cyber Security Strategy proposes that ``[a]n organization 
should formally appoint personnel to ensure that information security 
and privacy policies and practices exist and are followed. Documented 
requirements for regular training and ongoing awareness activities 
should exist and be followed. Audit functions should be present to 
monitor all data accesses and modifications.'' \73\
---------------------------------------------------------------------------
    \73\ Cyber Security Strategy, supra note 14, at 9.
---------------------------------------------------------------------------
    It is essential to ensure that information security and privacy 
policies and practices exist and are followed. NIST proposes that 
``[d]ocumented requirements for regular privacy training and ongoing 
awareness activities for all utilities, vendors and other entities with 
management responsibilities throughout the Smart Grid should be created 
implemented, and compliance enforced.'' However, it may be insufficient 
for organizations to simply provide privacy training to their employees 
or even to appoint dedicated privacy officers with audit functions.
    For example, in an analogous situation, despite the training and 
audit authority conferred to the Chief Privacy Office of the Department 
of Homeland Security, that office has proven to be impotent, powerless 
to effectively protect privacy. On a range of issues, from whole body 
imaging to suspicionless electronic border searches, the Chief Privacy 
Officer for DHS has failed to fulfill her statutory obligations.\74\ 
Accordingly, EPIC and other privacy and civil liberties groups have 
called for Congress to consider the establishment of alternative 
oversight mechanisms, including the creation of an independent 
office.\75\ Without such an independent office,\76\ it would be 
impossible to ensure the proper protection of privacy rights, because 
the decisions of the Chief Privacy Officer would continue to be subject 
to the oversight of the Secretary and the rest of the Executive branch.
---------------------------------------------------------------------------
    \74\ See EPIC, Department of Homeland Security Chief Privacy Office 
and Privacy, http://epic.org/privacy/dhs-cpo.html (last visited June 
29, 2010).
    \75\ Letter from EPIC, et al., to Representatives Bennie G. 
Thompson and Peter T. King (Oct. 23, 2009), available at http://
epic.org/security/
DHS-CPO-Priv-Coal-Letter.pdf.

    \76\ See, e.g., European Commission, Data Protection--National 
Commissioners,http://ec.europa.eu/justice-home/fsj/privacy/
nationalcomm/index-en.htm (last visited June 29, 2010); 
Office of the Privacy Commissioner of Canada, http://www.priv.gc.ca/
index-e.cfm (last visited June 29, 2010); Office of the 
Privacy Commissioner for Personal Data, Hong Kong, http://
www.pcpd.org.hk (last visited June 29, 2010).
---------------------------------------------------------------------------
    Similarly, for Smart Grid organizations to appoint privacy 
personnel or simply train existing personnel would be an ineffective 
solution that would only serve to preclude the possibility of creating 
an independent position with actual authority to protect privacy. The 
better solution is simple--NIST should recommend that an independent 
Privacy Office, with completely independent authority be established, 
with power over all entities associated with the Smart Grid.

            C. Abandon the Notice and Consent Model

    The NIST principles rely heavily on the notice and consent model:

         A clearly-specified notice should exist and be shared in 
        advance of the collection, use, retention, and sharing of PII. 
        Data subjects should be told this information at or before the 
        time of collection . . .. The organization should describe the 
        choices available to individuals and obtain explicit consent if 
        possible, or implied consent when this is not feasible, with 
        respect to the collection, use, and disclosure of their 
        PII.\77\
---------------------------------------------------------------------------
    \77\ Cyber Security Strategy, supra note 14, at 105.

    As a threshold matter, the purposes for which PII can be collected, 
used, retained, or shared should be severely restricted. The purposes 
for which PII can be collected, used, retained, or shared should be 
severely restricted. It is insufficient to simply require authorities 
or organizations to have a nebulous ``purpose,'' as anything from 
``improved marketing'' to ``government surveillance'' could qualify. 
NIST should recommend that a formal rulemaking be established so that 
service providers establish a concrete set of approved purposes for 
which PII activity is permitted. That list of approved purposes should 
be very limited, and only purposes essential to the functioning of the 
Smart Grid should be permitted.
    Once permissible purposes are established, data subjects should 
always be informed of the purpose of any collection, use, retention, or 
sharing of any PII. However, the ``notice and consent'' model is 
fundamentally flawed and should not be relied upon to excuse or justify 
any PII activity. As David Vladeck, Director of the Bureau of Consumer 
Protection at the Federal Trade Commission, recently acknowledged, the 
model simply does not function as intended:

         [The notice and consent model] may have made sense in the past 
        where it was clear to consumers what they were consenting to, 
        that consent was timely, and where there would be a single use 
        or a clear use of the data. That's not the case today. 
        Disclosures are now as long as treatises, they are written by 
        lawyers--trained in detail and precision, not clarity--so they 
        even sound like treatises, and like some treatises, they are 
        difficult to comprehend, if they are read at all. It is not 
        clear that consent today actually reflects a conscious choice 
        by consumers.\78\
---------------------------------------------------------------------------
    \78\ David Vladeck, Privacy: Where do we go from here?, Speech to 
the International Conference of Data Protection and Privacy 
Commissioners, Nov. 6, 2009, available at http://www.ftc.gov/speeches/
vladeck/091106dataprotection.pdf.

    Indeed, in EPIC's testimony before the United States Senate 
Committee on Commerce, Science and Transportation, Marc Rotenberg 
argued that ``[slolutions which rely on simple notice and consent will 
not adequately protect users.'' \79\ In an analogous context--notice 
and consent in online agreements--the failures of the model become more 
obvious. A recent survey of California consumers showed that they 
fundamentally misunderstand their online privacy rights.\80\ In two 
separate surveys almost 60% of consumers incorrectly believed that the 
presence of ``privacy policy'' meant that their privacy was 
protected.\81\ In a different survey, 55% of participants incorrectly 
believed that the presence of a privacy policy meant that websites 
could not sell their address and purchase information.
---------------------------------------------------------------------------
    \79\ Impact and Policy Implications of Spyware on Consumers and 
Businesses: Hearing Before the S. Comm. on Commerce, Science, and 
Transportation, 110th Cong. (2008) (statement of Marc Rotenberg, 
President, EPIC).
    \80\ 80 Joseph Turow, et al., Consumers Fundamentally Misunderstand 
the Online Advertising Marketplace (Oct. 2007), available at http://
groups.ischool.berkeley.edu/samuelsonclinic/files/
annenberg-samuelson-advertising.pdf.
    \81\ Id. at 1.
---------------------------------------------------------------------------
    Users also routinely click through notices. The Pew Internet and 
American Life Project found that 73% of users do not always read 
agreements, privacy statements or other disclaimers before downloading 
or installing programs.\82\ In such an environment, merely giving 
notice to users before collecting their sensitive information fails to 
adequately protect privacy in the way consumers expect.
---------------------------------------------------------------------------
    \82\ Pew Internet & American Life Project, Spyware: The Threat of 
Unwanted Software Programs isChanging the way People use the Internet, 
6 (July 2005), available at http://pewinternet.org/pdfs/
PIP-Spyware-Report-July-05.p
df.
---------------------------------------------------------------------------
    Consumer data should instead receive substantive and ongoing 
protection. Especially because of the pervasiveness of the proposed 
nation-wide Smart Grid, choice and consent of individuals' is severely 
restricted. In all likelihood, individuals who wish to receive 
electricity will have little or no choice but to comply with policies 
that require the disclosure of PII. For authorities or organizations to 
obtain the consent of individuals would be nearly meaningless, as the 
power dynamic is fatally skewed. Information should be kept securely, 
and users should have the ability to know what data about them is being 
kept, to understand with whom it has been shared and to withdraw 
consent for the holding of this data. Further, data should only be 
collected and kept for specified purposes. Authorities and 
organizations must limit the collection, use, retention and sharing of 
PII in the first instance, rather than relying on hollow consents to 
justify more data collecting activity.

            D. Impose Mandatory Restrictions on Use and Retention of 
                    Data

    NIST must ensure that restrictions on the use and retention of data 
is mandatory, not aspirational. The NIST guidelines propose that: 
``Information should only be used or disclosed for the purpose for 
which it was collected, and should only be divulged to those parties 
authorized to receive it . . .. PII should only be kept as long as is 
necessary to fulfill the purposes for which it was collected.'' \83\
---------------------------------------------------------------------------
    \83\ Cyber Security Strategy, supra note 14, at 106.
---------------------------------------------------------------------------
    It is insufficient to simply say that information should be used or 
disclosed only for a permitted purpose. Instead, NIST must require 
organizations to follow those policies, and must provide the 
authorities with the power to enforce them.
    Furthermore, it is inadequate to permit PII to be retained ``as 
long as is necessary to fulfill the purposes for which it was 
collected.'' That standard is entirely too lenient, and it would permit 
organizations too much leeway to retain information whenever they deem 
it necessary. Instead, NIST should set expiration dates on PII so that 
PII can be retained only for a certain period of time.\84\ The length 
of time could vary based on the type of PII and the purpose for which 
it was collected. A concrete expiration date would make the system more 
transparent for consumers, as they would be more aware of the lifespan 
of their data.
---------------------------------------------------------------------------
    \84\ See Viktor Mayer-Schonberger, Delete: The Virtue of Forgetting 
in the Digital Age (2009) (arguing that digital information should have 
expiration dates, which will enable people to both control the sharing 
of information with others, as well as be more aware of the 
``finiteness of information).
---------------------------------------------------------------------------
    NIST should also implement role-based access control to Smart Grid 
data. NIST has done significant work on the topic of role-based access 
control to computer records and systems. In this context, role-based 
access control protocols should strictly manage when, where, who and 
how PII in Smart Grid data is accessed. Access to PII, including 
electricity usage, should be limited to the function of the position an 
individual fills within the Smart Grid service delivery and billing 
relationship. Graduated levels of access should be based on 
responsibilities for providing Smart Grid FIPs and service provision 
purposes. Access should be monitored by log files and auditing of 
access use and resolution of issues related to customer service and 
proper operation of the Smart Grid.
    Finally, NIST should explicitly address law enforcement access to 
Smart Grid data and should ensure that their access complies with the 
strictures of the Fourth Amendment. As discussed,\85\ the Supreme Court 
in Kyllo v. United States addressed the interaction between the Fourth 
Amendment and the monitoring of electrical use, holding that the police 
could not use thermal imaging equipment not in general public use ``to 
explore details of the home that would previously have been unknowable 
without physical intrusion,'' without first obtaining a search 
warrant.\86\ As the Court recognized, ```At the very core' of the 
Fourth Amendment `stands the right of a man to retreat into his own 
home and there be free from unreasonable governmental intrusion.''' 
\87\ Similarly, in the Smart Grid context, NIST should make clear that 
the Fourth Amendment protects the information of Smart Grid consumers, 
and that law enforcement must first obtain a search warrant before 
gaining access to the information.
---------------------------------------------------------------------------
    \85\ See supra notes 5-8 and accompanying text.
    \86\ 533 U.S. 27, 40 (2001).
    \87\ Id. at 31 (quoting Silverman v. United States, 365 U.S. 505, 
511 (1961)).

---------------------------------------------------------------------------
            E. Verify Techniques for Anonymization of Data

    The privacy risks associated with the use and retention of 
``anonymized data'' are significant because such data may not be truly 
anonymous. Quasi-identifiers can be used for re-identification because 
they can be linked to external databases that contain identifying 
variables. This method, record linkage, occurs when two or more 
databases are joined. Such information can be obtained through public 
records, such as birth and death certificates.\88\ Using record 
linkage, de-identified data can also be easily re-identified. For 
example, by utilizing date of birth, gender and zip code information 
for members of the public, a researcher was able to uniquely identify 
87% of the U.S. population.\89\
---------------------------------------------------------------------------
    \88\ See Salvador Ochoa et al., Re-identification of Individuals in 
Chicago's Homicide Database: A Technical and Legal Study, Massachusetts 
Institute of Technology (2001) (utilizing the Social Security Death 
Index and de-identified information about Chicago homicide victims, the 
researchers were able to re-identify 35% of the victims).
    \89\ Latanya Sweeney, Weaving Technology and Policy Together to 
Maintain Confidentiality, 25 J. Law, MED., & ETHICS 98, 98-99 (1997).
---------------------------------------------------------------------------
    Similarly, according to the GAO, complete SSNs may be reconstructed 
from truncated digits by simply comparing truncated SSNs in federally 
generated public records, which provide only the final four digits, to 
truncated SSNs provided by many information resellers, which provide 
only the first five digits.\90\ Thus, by simply comparing the two 
records, a complete SSN can be reconstructed.\91\
---------------------------------------------------------------------------
    \90\ U.S. Gen. Accounting Office, Identity Fraud Survey Report: 
Consumer Version 2-3 (2009).
    \91\ Id. at 3.
---------------------------------------------------------------------------
    Moreover, in a study published in July 2009, two researchers at 
Carnegie Mellon University found that an individual's entire SSN often 
could be predicted from publicly available birth information.\92\ The 
first five digits of an individual's SSN could be predicted with a 
greater degree of accuracy. The accuracy of the researchers' 
predictions was even greater when predicting the numbers of individuals 
born in sparsely-populated states like Montana, and the researchers 
anticipate that their predictions will become increasingly accurate 
over time. This research demonstrates the ineffectiveness of attempting 
to protect privacy by ``anonymyzing'' or ``de-identifying'' data.
---------------------------------------------------------------------------
    \92\ See Alessandro Acquisiti & Ralph Gross, Predicting Social 
Security Numbers from Public Data, 106 Proceedings of the National 
Academy of Sciences 10975.
---------------------------------------------------------------------------
    Techniques for anonymizing data should be pursued, but it is 
vitally important to ensure that such methods are robust, provable and 
transparent. Any technique proposed to anonymize data should be made 
public and available to researchers to examine and evaluate. Under no 
circumstance should a company be able to represent, without independent 
verification, that it had anonymized data. Until such techniques are 
established and safeguards are put in place, the primary objective 
should be to minimize the collection of PII in the first instance.

            F. Establish Robust Cryptographic Standards

    Strong cryptography should be applied to secure all electronic 
communications from a Smart Grid application or device. Threats to 
address include injection of false information; deletion of 
information, denial of service attacks, billing identity theft, service 
identity theft, malicious software, cyber attacks, pranks and various 
types of surveillance.\93\
---------------------------------------------------------------------------
    \93\ Patrick McDaniel & Stephen McLaughlin, Security and Privacy 
Challenges in the Smart Grid, IEEE SECURITY AND PRIVACY, May/June 2009, 
75-77.
---------------------------------------------------------------------------
    The Billion-Dollar Bug Smart meters are extremely attractive 
targets for malicious hackers, largely because vulnerabilities can 
easily be monetized. Hackers who compromise a meter can immediately 
manipulate their energy costs or fabricate generated energy meter 
readings.
    For this reason, there should be an open call for designs that seek 
to maximize both data security and privacy of the home as well as of 
enterprises. It is well known in the cryptographic community, for 
instance, that so-called ``blind signatures'' can allow ultra-secure 
reporting of energy usage statistics without revealing the precise 
appliance and timings involved.\94\
---------------------------------------------------------------------------
    \94\ David Chaum, Achieving Electronic Privacy, SCIENTIFIC AMERICA, 
Aug. 1992, at 96-101, available at http://chaum.com/articles/
Achieving-Electronic-Privacy.htm.
---------------------------------------------------------------------------
    Sound cryptographic techniques do not rely upon hiding the 
cryptographic process, often referred to as an algorithm, from public 
review. Sound cryptographic processes are made so by the rigors imposed 
by public disclosure and testing of algorithms, and perhaps even more 
significantly, by the environment in which the cryptography is 
implemented.\95\ Placing the strongest cryptography in an operating 
system or application that can easily be subverted by insiders, or 
compromised externally by penetration and malware can render the 
cryptography ineffective.\96\ For this reason, it is imperative that 
all cryptographic algorithms used to secure Smart Grid technology and 
electronic technology used to facilitate Smart Grid optimization and 
operations be open for public inspection and testing and that the 
findings be made public, including the entire systems in which the 
cryptography is used. Further, encryption and decryption keys that are 
used to secure information stored or transmitted on the Smart Grid 
should be of sufficient complexity that they cannot be easily deduced 
or broken.
---------------------------------------------------------------------------
    \95\ Bruce Schneier, Applied Cryptography 21-46 (2d ed. 1996).
    \96\ Peter Neumann, Computer Related Risks 132-180 (1995).
---------------------------------------------------------------------------
    It is disconcerting that a document prepared by NIST on what will 
be the most significant leap forward in digital communication 
capability in thirty years had so little to say about cryptography. The 
document mentioned ``cryptography'' and ``encryption'' only twice, and 
both times were in a table on standards and applications.

III. The Effectiveness of NIST-Coordinated Standards Process in 
                    Gathering and Incorporating the Input From Consumer 
                    Advocacy Organizations

    EPIC first became aware of the development of Smart Grid 
recommendations through two announcements published in the Federal 
Register on October 9, 2009. We later became aware of the working group 
effort to develop recommendations in mid-October 2009 and sought out a 
NIST subject matter expert to get more information on that effort. 
Tanya Brewer, with NIST Computer Security Division, and computer 
scientist Annabelle Lee were leading the effort on the NIST Smart Grid 
Interoperability Standards Project.
    EPIC was made welcome to join the effort and I asked if it would be 
possible to include additional privacy organizations into the process. 
The response was that all would be welcome to participate in the 
privacy group. I coordinated the work of EPIC's Privacy Coalition and 
invited members to participate in the effort. The Electronic Frontier 
Foundation, ACLU, and Privacy Rights Clearinghouse accepted the 
invitation. We joined the Future of Privacy Forum and the Samuelson Law 
Clinic at Berkley (which represented the Center for Digital Technology) 
in providing input on the privacy components to the Smart Grid 
document.
    The meetings I attended with NIST staff were punctuated by an 
invitation to join the NIST Smart Grid Interoperability Standards 
Project drafting effort.
    Whether EPIC would have known about the NIST Smart Grid 
Interoperability Standards Project without a vital link to our Advisory 
Board is doubtful. Consumer advocacy organizations and NIST do not 
normally travel in the same circles. A chance confluence of events made 
the participation in the NIST Smart Grid Interoperability Standards 
Project possible. The process was far from ``smooth sailing,'' but 
overall it was productive and instructive for groups that value 
consumer privacy and potential partners from the online economy, where 
consumer privacy is not as highly valued.\97\
---------------------------------------------------------------------------
    \97\ EPIC, Social Networking Privacy, http://epic.org/privacy/
socialnet/ (last visited June 30, 2010).
---------------------------------------------------------------------------
    The Privacy Group for the project included those unfamiliar with 
privacy issues as well as privacy experts. The challenge was learning 
to speak the same language and understanding the core values of privacy 
as they relate to Smart Grid. The field of privacy is just like other 
disciplines: we learn from the mistakes and successes of others, 
improving our knowledge and understanding about what works and why.
    Critical to the Privacy Group's ability to work together was NIST's 
hosting two face-to-face meetings with participants. This helped to 
communicate the necessary breadth of privacy protection, which is 
neither a zero sum decision-making process nor a series of trade-offs. 
Rather, protecting privacy consists of a series of steps to assure that 
users retain the rights to control who, when, why, and how others may 
access information about themselves.
    There were some rough spots as NIST computer security experts 
grappled with the language of privacy protection. There were 
discussions about whether Smart Grid data collection would introduce 
anything new about consumers or only make available information that 
was already public. There were discussions around common concepts like 
de-identification and re-identification, widely recognized terms within 
the field of privacy policy.
    The conversations continued with a healthy exchange of ideas, until 
equilibrium was reached. The Privacy Group divided its work among 
legal, privacy, and technical experts to complete the draft of the 
privacy chapter. This is one of the most interesting aspects of the 
project; the people who worked on it were primarily volunteers, giving 
their time and talent freely.
    The draft of the privacy chapter I received last week is a good 
document because it covers the basics of privacy and offers solid 
recommendations on how to address privacy in the Smart Grid. However, 
as the document is merged with the remainder of the NIST Smart Grid 
Interoperability Standards Project, it will continue to be edited. The 
final draft will go to the Department of Commerce, where it may further 
be edited prior to public release. The final document may bare little 
resemblance to the result of the Privacy Group's hours of effort to 
address the unique privacy challenges of the Smart Grid.
    For this reason, EPIC will reserve judgment on the success of 
including advocacy groups in the process until the final document is 
published. To the degree that NIST remains free of politics and can 
remain rooted in science, it can serve the nation's best interest. The 
Smart Grid for some presents a grand opportunity to create energy 
independence for our nation, while for others it is an opportunity to 
open new markets and reap profits. Unfortunately, third-party energy 
management service providers may be more focused on the data they can 
access and monetize than the benefits to the consumer or energy 
independence.

IV. Conclusion

    Privacy protection is essential to the successful implementation of 
the Smart Grid and failure to develop robust and implement privacy 
policy will hinder adoption of applications and services. Only by 
building privacy protection into the Smart Grid from the outset can the 
NIST defend the privacy interests long protected by our legal system. 
Thus, NIST should establish comprehensive privacy regulations that 
limit the collection and use of consumer data. EPIC appreciates the 
Subcommittee's interest in Smart Grid privacy issues, is eager to 
contribute the further development of Smart Grid privacy policy, and 
looks forward to the Subcommittee taking action in this area.

                       Biography for Lillie Coney

    In 2009, House Speaker Nancy Pelosi appointed Ms. Lillie Coney to 
the Election Assistance Commission (EAC) Board of Advisors. Ms. Coney's 
work at EPIC encompasses original research and writing on topics that 
impact privacy rights and civic participation. In 2004, she contributed 
the chapter ``Mobilize Underrepresented Voters,'' to the New York Times 
Bestseller, 50 Ways to Love Your Country. In 2005, she co-authored, 
along with computing technologists and researchers, the paper, Toward a 
Privacy Measurement Criterion for Voting Systems. In 2006, Ms. Coney 
was the organizing force behind the first research conducted in a 
polling location to measure the usability of optical-scan and touch 
screen voting systems resulted in the report, Voting Technology, 
Election Administration, and Voter Performance, published by Stein, 
Vonnahme, Byrne, and Wallach (2008). In October 2008, EPIC's voting 
project published E-Deceptive Campaign Practices Report: Internet 
Technology and Democracy 2.0, the first report to review technology as 
a tool for online deceptive campaign practices. The report reviewed the 
potential for abuse of Internet technology in an election context, and 
made recommendations for steps that could be taken by Election 
Protection, Election Administrators, and voters to protect the 
integrity of the upcoming election. In 2009, she coordinated and lead 
the audit review of the Punchscan Voting Systems use in the November 
2009, Takoma Park Municipal election. She has written and spoken 
extensively on the subject of voting technology and privacy. She has 
published several law and policy journal articles on elections and 
voting systems.
    Ms. Coney serves in an advisory capacity to Verified Voting, 
ACCURATE, Voting System Performance Rating, and Open Voting Consortium. 
She is also a member of the Association for Computing Machinery's 
Public Policy Committee.
    Ms. Coney's work at EPIC includes coalition development and civil 
rights in the digital information age. She serves as the Coordinator 
for the Privacy Coalition, an EPIC project. The Privacy Coalition has 
over 40 organizations and affiliates, representing a broad political 
spectrum, committed to freedom and privacy rights. She manages monthly 
meetings of the Privacy Coalition as well as one annual conference held 
in January of each year. Guest speakers from previous administrations 
included: Chairs of the Federal Trade Commission, the Civil Liberties 
Protection Officer for the Office of National Intelligence, and the 
former Executive Director and Vice Chair of the Privacy & Civil 
Liberties Oversight Board. Ms. Coney has coordinated several major 
Internet Privacy advocacy campaigns; most notable are the ``Stop REAL 
ID Campaign'' and the ``Stop Digital Strip Searches'' efforts.
    She has testified before the House Judiciary Committee on Privacy 
and Cybercrime Enforcement and the House Committee on Homeland Security 
on the topic of Watchlists. She also testified several times before the 
Department of Homeland Security's Data Privacy and Integrity Advisory 
Committee on domestic surveillance, CCTV Surveillance, and ``Fusion 
Centers''. Ms. Coney has testified before the Election Assistance 
Commission on the subject of voter registration database privacy, 
electronic voting system standards development, and developing reliable 
measures for voting administration and equipment management.
    She also provides advice and input on privacy issues related to 
Cloud Computing and Smart Grid implementation.
    Ms. Coney was the former Public Policy Coordinator for the 
Association of Computing Machinery (ACM). The ACM is the largest and 
oldest organization of computing professionals in the world. Prior to 
that, Ms. Coney served as special assistant to Rep. Sheila Jackson Lee 
(D-TX) on a variety of issues ranging from energy and information 
technology policy, election reform, to education policy. Her background 
includes extensive work in computer systems and technology policy. She 
has over 18 years of experience working on science and technology 
issues. She also has worked with civil rights and grassroots 
organizations on issues of voting and civil rights.
    Ms. Coney received a B.A. in Political Science and a Masters in 
Public Administration from Lamar University in Beaumont, Texas. She is 
a former Systems Administrator who has designed and developed web sites 
for Congressional offices.

    Chairman Wu. Thank you very much, Ms. Coney, and thank you 
for your very, very interesting written testimony also.
    I am going to ask one question to start and then turn it 
over to Mr. Smith. The utility business or the electric grid is 
dominated by very large players, by utilities. General Electric 
is not a small player. We have seen some of the research and 
development, particular technology development, benefits of 
having small high-tech startups, whether it is in the 
electronic hardware business or in software or in 
biotechnology. Think through for me, anyone who wants to 
address this, what the standard-setting process and what other 
things we can do to harness the small-business capacity and 
particularly the high-tech startup folks so that they can 
contribute as they have contributed with great success to other 
technologic development fields, anyone who wants to address 
that. Mr. Eustis.
    Mr. Eustis. Yes. I work with a number of entrepreneurial 
groups back in Portland, and they do very much need standards 
as a way to get access, for example, to meter data as a way to 
implement energy management systems in the home versus right 
now it is a custom implementation with every utility. Standards 
are essential to creating innovation.
    Chairman Wu. A wider playing field for any startup.
    Mr. Eustis. Yes, sir.
    Chairman Wu. Thank you very much.
    Dr. Arnold?
    Dr. Arnold. Well, we have certainly gotten a lot of 
startups and small companies involved in the Smart Grid 
Interoperability Panel, and one indicator of that is that we 
have about a dozen venture capital firms who are members of the 
panel and so clearly there is great interest in startups and 
innovation.
    Chairman Wu. Mr. McDonald.
    Mr. McDonald. One of the things with smart grid as shown by 
the reference model that NIST prepared was it is very 
expansive. It covers--the domain is from the generation plant 
all the way down to the home. We find no matter how big of a 
company, even GE, we need small startups. We need other 
companies to partner with us to be able to provide the 
technology for smart grid. So we formed a strategic partner 
organization. We are constantly talking with startups and new 
companies to fill the gaps that we don't provide ourselves, and 
in doing that we bring them in to the standards arena because 
standards is very important to us, and if the startup company 
that we are going to partner with doesn't embrace standards, we 
make sure that that happens and we work closely with them in 
that regard. Thank you.
    Chairman Wu. Thank you very much, Mr. McDonald. I just want 
to add that whether U.S. General Electric or Intel, IBM, 
Westinghouse, the example from other industries has been that 
when the startups are permitted to play, they frequently 
contribute to the ecosystem and further development of the 
field and occasionally there are acquisitions also that add to 
larger companies.
    We have 327 not voted, and I think we can push it down 
another 100. Ms. Coney, you wanted----
    Ms. Coney. Yes, I wanted to add that the utility industry 
for over 100 years has managed the personal information of 
their customers pretty well. They practice fair information 
practices without maybe articulating that is what they were 
doing. As they bring new players into this environment, 
standards can set an appropriate benchmark for managing data. 
From the privacy community's perspective, we look at the smart 
grid as not just an energy delivery system but a huge 
communication network that will allow two-way flow of data 
between the home to the grid as well as communication among 
electrical appliances devices. So as they look to bring players 
in, how data might be used in ways that will enhance consumer 
trust and broader adoption of smart grid will have a lot to do 
with how consumer personal information or their energy usage 
data is managed in that system.
    Chairman Wu. Thank you for that point. It is that it is a 
communication system as well as a power delivery system that 
makes it a privacy as well as security concern and the fact 
that it is also not just energy storage but data storage 
ultimately for the smart grid that drives the privacy concern 
even further.
    Mr. Smith, please proceed.
    Mr. Smith. Thank you, Mr. Chairman.
    I appreciate all the testimony here, and I think that there 
are a lot of great points to be talked about. As I am meeting 
with constituents here, back in my district and so forth, 
certainly I think it is fair to say that consumers are paying 
more attention relating to energy, electricity distribution and 
other things probably than in the history of our country. They 
are also paying more attention to what is happening here in 
Washington and they are concerned. The various trends that we 
see have them concerned. I mean, I point to a bill that we took 
up here not long ago relating to the social behavior of energy 
consumers. I would argue that any worthwhile economic study 
involves consumer behavior that should touch on some of those 
things as it relates to the economics and so forth. So I think 
we need to be mindful of that and make sure that anything we do 
is consumer-driven because that is I think that is more 
sustainable and more effective long term.
    But that being said, we have a situation with the $4 
billion for smart grid technologies from the stimulus bill and 
I am not sure if there is a sign that says this is credited to 
the ARRA like so many of the projects around America do at a 
great expense to taxpayers, by the way, but I am concerned that 
we might have the cart ahead of the horse without the standards 
in place. Dr. Arnold, can you speak to how that money can be 
effectively spent in terms of utilizing and upholding standards 
that may not exist yet?
    Dr. Arnold. Yes. Thank you, Congressman. This is indeed an 
issue that we have been paying very careful attention to for 
precisely the reasons that you have stated. One of the major 
areas of investment with these grants has been in smart meters 
and we recognized early on that some of the standards for the 
smart meters would have to be revised to accommodate certain 
requirements. So we tasked the National Electrical 
Manufacturers Association, which is responsible for developing 
the standards for the smart meters, to get the industry 
together and develop a smart meter upgradability standard and 
gave them a timeframe of 90 days to get that done and indeed 
that standard was developed and published last September with 
the full participation of the metering industry. So that is one 
example where we have thought about this and put in place a 
solution. Many of the other standards that we are talking about 
here on interoperability are based on software. They deal with 
information management and the ability to update software over 
time is well understood and part of the process.
    Chairman Wu. If anyone else wishes to answer, we will take 
your comments after we come back from votes. We are a little 
short on time now, and after Mr. Smith--after that answer, 
Chairman Gordon, Chairman of the Full Committee, will be the 
next to ask questions. The panel is now recessed until the 
completion of these three votes.
    [Recess.]
    Chairman Wu. Thank you for your patience and forbearance on 
these three, four votes. Next will be the Chairman of the Full 
Committee, Mr. Gordon. Please proceed.
    Chairman Gordon. Thank you, Chairman Wu, and thanks for 
having this very interesting hearing, and I want to thank our 
witnesses. You have been very helpful for us to better 
understand what is going on in the state of play now. I think 
we all recognize that a smart grid can help us become more--
have more energy security, become more technically efficient, 
which hopefully then means new markets for our new technology 
and jobs in those markets both globally as well as 
domestically.
    But I want to follow up on a couple of things. Mr. 
McDonald, you had mentioned, and obviously you have a big stake 
in this in terms of products, that there needed to be 
international cooperation with the standards, and Dr. Arnold, 
you had mentioned that there were some collaboratives at 
different agencies, or not agencies but rather groups, as well 
as working countries. But I want to go back to a statement that 
you made in your written testimony and I would like to flesh it 
out a little bit more. I have read some reports that predict 
that China's preference for indigenous innovation will extend 
to the smart grid and that China may seek to establish its own 
standards for the smart grid in the belief that the size of its 
market will lead to their adoption as a de facto global 
standard. So with that sort of context, I assume this would not 
be a good thing for you, Mr. McDonald, as well as other 
domestic and global companies here.
    So Dr. Arnold, you had mentioned that there is some 
collaboration going on. Can you tell me what is going on there 
and how your fears are now?
    Dr. Arnold. Thank you, Chairman Gordon. I would be happy to 
elaborate on that. We are actively reaching out to our 
counterparts in China. NIST has hosted a number of visits by 
representatives from Chinese agencies including the state grid 
of China to discuss our standardization efforts. Several weeks 
ago a NIST delegation visited the Chinese National Institute of 
Metrology and the smart grid was one of the topics discussed. I 
have had meetings with the Chinese national committee to the 
IEC [International Electrotechnical Commission]. My deputy met 
a couple weeks ago with a Chinese representative to a new ITU-T 
[International Telecommunications Union-Telecommunications 
Standardization Sector] focus group on smart grid, and I and 
several members of my team at NIST have been invited to give 
talks at smart grid conferences in China and so we will 
certainly continue to engage in outreach.
    What I can tell you is that China has publicly said that 
they intend to use international standards and for them, that 
primarily means IEC standards. One of the concerns that I have 
is that as we have learned through our process, there are about 
27 different standards organizations that develop standards 
needed for the smart grid, so it is not possible to point to 
just one. Also, there are many instances in which countries 
will bring proposals into a group like the IEC and what is 
eventually adopted at the international level is not the same 
as the starting point and so there is a question as to whether 
if China does wish to pursue a different path on some of these 
standards whether they will indeed be harmonized with the 
United States and other countries. So we are going to continue 
to be very proactive in engaging in outreaching and 
establishing a dialog, and China obviously is a very big 
country with many players and I also believe that it is not 
entirely clear who has the lead within China on the development 
of the standards. So we are going to continue to work this 
intensively.
    Chairman Gordon. Well, let us put China over to the side 
just a moment now. With the 27 different agencies, is there 
something that we need to do in this country either 
legislatively, administratively to bring more continuity to 
that? And how is the rest of the world outside of China, how 
does that seem to be coming along with harmonizing?
    Dr. Arnold. Well, with regard to the 27 different agencies, 
I think Congress has already in brilliant fashion dealt with 
that by enacting the Energy Independence and Security Act which 
gave NIST the role of coordinating, and that coordination I 
believe is going very, very well.
    Chairman Gordon. But that is coordinating all of our 
efforts, but then you are having to coordinate in with all 27?
    Dr. Arnold. Yes, coordination among the 27, and by the way, 
many of the 27 are international standards bodies. They include 
the IEC, the ITU-T. IEEE is really an international 
organization, and I would say the United States is really 
leading the way in terms of figuring out the architecture, what 
standards are needed, and getting the right discussions among 
all these players to produce the specifications that we need 
both in the United States and that other countries will need.
    Chairman Gordon. So again, with China on the side, you are 
comfortable that the rest of the world is moving in a similar 
direction?
    Dr. Arnold. I believe that we are. Clearly there are 
differences in the electrical systems around the world that 
have been around for 100 years and are probably never going to 
change, so it is not going to be possible to harmonize 100 
percent in the electric grid, but a lot of the issues we are 
dealing with regard to information management don't differ, 
don't change whether you are operating at 110 volts or 230 
volts and so I believe that harmonization is indeed possible--I 
am very optimistic about it.
    Chairman Gordon. Any of the other witnesses want to bring 
any caveats or any thoughts to this issue? Okay.
    And finally, is there any type of a WTO [World Trade 
Organization] or any type of a way to appeal if China were to 
go a completely different way for a proprietary reason?
    Dr. Arnold. Well, if the result creates a technical barrier 
to trade that doesn't have some justification, I would assume 
that might be possible, but I don't know. We will have to see. 
I don't think China is far enough along yet. We are really 
leading the way in this standardization effort.
    Chairman Gordon. Thank you.
    Chairman Wu. Thank you very much, Mr. Chairman.
    Next, Mr. Broun, please proceed.
    Mr. Broun. Thank you, Mr. Chairman.
    Dr. Arnold, is NIST ensuring that all smart grid standards 
are developed using a process that ensures a consensus that is 
consistent with the requirements of the National Technology 
Transfer and Advancement Act as well as the OMB [Office of 
Management and Budget] circular number A-119 that encourage 
Federal agencies to use standards developed by private 
consensus organizations?
    Dr. Arnold. Thank you, Congressman. That is an excellent 
question, and, in fact, one that we discuss extensively in the 
SGIP, and because we are directed in EISA to use a consensus 
process and FERC is directed to ensure that there is consensus, 
we have had to reach out for a definition of consensus, and the 
one that we have used is the definition incorporated in the 
NTTAA [National Technology Transfer and Advancement Act] and 
circular A-119. So that is sort of a foundation that we are 
using.
    Mr. Broun. So that is yes?
    Dr. Arnold. Yes.
    Mr. Broun. Okay. Very good. Dr. Arnold, in light of the 
accelerated time frame and the numerous and varied 
organizations upon which NIST is relying to develop the smart 
grid standards, how specifically is NIST ensuring that all 
smart grid standards are being developed in a process that 
satisfies these strict requirements?
    Dr. Arnold. Well, when proposals come up to include certain 
standards that are being worked in organizations that are, let 
me say--if you have an organization that is accredited by ANSI, 
it is pretty clear that it complies with the NTTAA and OMB. 
There are other organizations like the IEC or the ITU which 
operate at an international level which are deemed to be 
compliant with those principles because they are basically in 
their charter, but there is in some cases extensive discussions 
about the need to move some of the work that is going on in 
certain forums in the smart grid into more open processes and I 
can point to an example where the Zigbee Alliance has actually 
changed their process for public review and addressing public 
comments specifically because we insisted that it had to follow 
the principles in NTTAA and circular A-119.
    Mr. Broun. Very good.
    Mr. Emnett, EISA provides that FERC initiate a rulemaking 
once it determines that what is described as a ``sufficient 
consensus'' on standards exists. What criteria will FERC use to 
determine that sufficient consensus has been achieved and how 
will FERC independently confirm that such criteria have been 
satisfied?
    Mr. Emnett. Thanks for that question. It is a good question 
because we haven't yet gotten the first set of standards so the 
Commission hasn't spoken. It hasn't had to process the 
standards and identify the criteria that is going to apply in 
light of the processes that exist within the NIST standards 
development process. That said, on a staff level, we regularly 
engage with the NIST staff to monitor the development of the 
standards development process, the setting up of the 
Interoperability Panel and the working groups, and the 
discussion around the NTTAA and the OMB circular to make sure 
that we can advise the Commission of the progress that has been 
made within the NIST standards development process in terms of 
building that consensus and then ultimately have the record to 
present to the Commission once we get the standards.
    Mr. Broun. That is a big job and I trust that you all will 
fulfill it. How will FERC determine in its rulemaking process 
what smart grid standards will become mandatory and which will 
remain voluntary?
    Mr. Emnett. The statute directs FERC to adopt standards 
developed by NIST for which there is consensus in the NIST 
process provided that they relate to the interoperability and 
functionality of interstate transmission and regional and 
wholesale electric markets. The Commission in a Policy 
Statement last year interpreted that directive to apply to the 
breadth of electric facilities that involve smart grid 
interoperability. So that could include distribution-level 
equipment which would not traditionally be subject to the 
Commission's ratemaking jurisdiction and yet that is implicated 
in its smart grid jurisdiction through the approval of 
standards under EISA. The Commission also looked to the 
language of EISA to understand not only the scope but also the 
applicability and noted that the statutory language does not 
grant the Commission authority to manage or enforce standards 
under EISA. That said, the Commission does adopt and enforce 
standards developed by the North American Electrical 
Reliability Corporation, the North American Energy Standards 
Board, other standards development organizations that do 
present standards to the Commission for adoption under other 
statutes such as the FPA, the Federal Power Act. And so there 
will be an analysis that is required of each standard that is 
provided to determine whether regardless of the adoption under 
EISA there needs to be an incorporation of the standard into 
the mandatory regulations of the Commission.
    Mr. Broun. Thank you very much.
    Mr. Chairman, my time is expired, and I have one more 
question for Mr. Emnett. I assume that we can submit written 
questions to be answered----
    Chairman Wu. We will do that, and also a second round.
    Mr. Broun. Well, unfortunately, I won't be able to be here 
to attend that, and I would ask unanimous consent to----
    Chairman Wu. Why don't we give you--why don't we ask 
unanimous consent for you to complete your questions?
    Mr. Broun. Well, thank you, Mr. Chairman, I appreciate 
that.
    Well, then, Mr. Emnett, how will FERC deal with the 
standards that are applicable to facilities and entities that 
are outside its your jurisdiction?
    Mr. Emnett. FERC has interpreted the statutory language for 
those entities outside of jurisdiction or the activities that 
are outside of the Commission's jurisdiction, to mean that the 
adoption of a smart grid standard would not be mandatory or 
enforceable by the Commission. So there would be a distinction 
between the sources of jurisdiction for reliability matters or 
ratemaking matters under the Federal Power Act and the 
jurisdiction that EISA grants us in terms of responsibility to 
adopt the smart grid standards.
    Mr. Broun. Very good. Thank you, Mr. Chairman.
    Ms. Coney. I was wondering if I could add one point? The 
standards that are being developed, you are focusing a great 
deal on what is happening in the United States, but we also 
purchase power from Canada. There are concerns between Canadian 
and U.S. transfer of data and information so any standards that 
address the issue of stripping information from the electricity 
or power that actually flows across the border may present some 
additional challenges to international standards. I am not sure 
if that is part of any of the discussions that are happening 
with international standards organizations but there is concern 
about the data that is wrapped up in the energy that is 
actually moving back and forth across borders.
    Mr. Broun. That is a great point. I hope that Mr. Emnett 
heard your concerns, and I certainly share the privacy concerns 
that you do, Ms. Coney.
    Thank you so much, Mr. Chairman.
    Chairman Wu. Thank you very much, Mr. Broun, and perhaps 
the panel when it is my turn to ask questions again could 
address the issue of how closely the Canadians and we are 
cooperating on the privacy side.
    Mr. Lujan, please proceed.
    Mr. Lujan. Mr. Chairman, thank you very much. I appreciate 
the attention to the last mile, if you will, and it sounds like 
that is what we have been focusing on. The last mile I am 
referring to demand-side management. I want to make sure that 
we also don't depart too far from the importance of 
understanding what smart grid means to our distribution 
systems, our transmission systems, reliability, along those 
lines, and how it integrates fully as we talk about this.
    How far off are we from establishing standards for the last 
mile, if you will, for the demand-side portion that it seems 
that we have been focusing on here? Dr. Arnold.
    Dr. Arnold. Yes. Well, the customer domain which deals with 
the demand-side management is one of the major domains in the 
smart grid and our Release 1 Framework has a lot of standards 
that apply in that area, some of which are under development 
but will provide a rich set of tools for customers to get real-
time access on their energy usage and be able to reduce energy 
usage both in residential, commercial and industry 
environments. So that is clearly a major focus of our standards 
effort.
    Mr. Lujan. And Mr. Chairman, the reason I ask that question 
is, we have been engaged in installing rooftop PV 
[Photovoltaics] for some time, small wind systems for people 
with distributed generation, and we still don't have national 
interconnection standards. Here we are. It seems to me that had 
we had national interconnection standards, states that have 
adopted them have fully accelerated their installation of PV, 
securing the grid. Had we had a stronger, more robust system in 
New York when we experienced the blackouts and the brownouts, 
we could have prevented that if we would have had adequate 
distributed generation and some integration when we talk about 
large scale and small scale. It seems to me, Mr. Chairman, that 
we do need to fully accelerate when we talk about 
interconnection standards or standards associated with any 
application whether it is big or small with smart grid so that 
industry, which is driving this and making these investments, 
they can focus in and hone in on where these critical 
investments need to be, and so that is something that I am very 
interested in, Mr. Chairman, not only on the net metering side, 
which I think has an important component when we are talking 
about smart grid with bringing on and off, especially as you 
are going to be using the demand-side focus to maybe even firm 
up peak with what you may be generating on some small DG 
[Digital Generation] systems and be able to control that demand 
side in the home on a commercial application and then ramp up 
where you need to, which could prevent a peaking system from 
coming on. And so----
    Chairman Wu. If the gentleman would yield just briefly?
    Mr. Lujan. Yes.
    Chairman Wu. I completely agree with the gentleman about 
the need for standards to connect distributed power sources, 
and with the assistance of former Chairman Boehlert, I drafted 
a small provision in an energy bill passed under Chairman 
Boehlert's leadership to make sure that some wind sources and 
other distributed sources could connect well to the grid. There 
was some question about NIST jurisdiction then and there was 
also some question about this Committee's jurisdiction but that 
is now well established. I yield back to the gentleman.
    Mr. Lujan. I appreciate that very much, Mr. Chairman, and 
that is going to be an important item for us to solve and work 
with industry as well to make sure that we are able to come to 
this.
    The reason I asked that question, Mr. Chairman, as well, is 
recently it was announced in New Mexico where there is a large 
effort, a partnership with Japan and the United States with a 
few of our national laboratories, with the city of Albuquerque, 
with commercial application with bringing in their smart grid 
technology as well. Japan as well, over the 1990s, have 
invested $100 billion into this area, into this testing. They 
have been making significant investments into their distributed 
systems and transmission systems and have been concentrating on 
their last mile recently, which I am happy that they are coming 
with here, but as we look to see the companies that are coming 
in, companies like GE, companies like Portland General Electric 
to see what we can do with learning from the expertise that 
lies therein, to make sure we are including and we are 
collaborating with companies that have a strong presence in the 
United States as well with the integration into some of these 
test areas.
    And so I certainly hope, Mr. Chairman, as we go forward 
that those are the kinds of ideas that we can definitely look 
to and that we don't forget about our brothers and sisters who 
are serving on the public utility commissions across the 
country. They have a lot to add, and I will tell you, Mr. 
Chairman, as a former regulator, that is a voice that we need 
to make sure that we are reaching out to, especially when we 
talk about these areas with the leadership over at NARUC 
[National Association of Regulatory Utility Commissioners] as 
well. So with that, I yield back, Mr. Chairman. Thank you.
    Chairman Wu. Thank you very much, Mr. Lujan, and I just 
want to add that your energetic and intelligent participation 
in this Subcommittee is very, very impressive. Ms. Biggert and 
I were just chatting that the New Mexicans that we know, you 
and Mr. Heinrich and your predecessor, Mr. Udall, a lot of 
smarts there and maybe it is leakage from the two national labs 
that you have in New Mexico.
    The Ranking Member----
    Mr. Lujan. Mr. Chairman, if I may, we will take it for what 
we get it, sir, because it is hard to come by. Thank you for 
that.
    Chairman Wu. Ms. Biggert.
    Ms. Biggert. Yes. Thank you, Mr. Chairman.
    With regard to the smart grid, I really do appreciate the 
Administration's vision of a cleaner, more reliable, more 
efficient and effective electricity grid that creates jobs and 
reduces our dependence on others. I have a couple of questions 
based on that. Let us start with the job issue.
    It seems like there is going to be a lot of short-term jobs 
to do the installation but what happens to the meter readers? 
Are we going to lose more jobs than we will gain with this 
installation? Dr. Arnold?
    Dr. Arnold. Sure. Well, I can tell you from the studies I 
have read, there was a study done by KEMA, a consulting 
company, about a year ago that estimated over the first several 
years of the smart grid deployment net gain of about 280,000 
jobs in the United States, and in the long term they predicted 
140,000, if my memory is correct, and what is interesting is 
that they actually analyzed the effect of the meter readers' 
jobs going away. There are about 42,000 of those jobs. So even 
after you subtract that out, their estimate was 280,000 net 
increase in the early years.
    Ms. Biggert. But besides the installation, what jobs would 
be new jobs?
    Dr. Arnold. Well, there are certainly jobs to do the 
engineering of these new grids, bringing in new technologies, 
the information technology and communications. These are new 
skills for most of the electric utilities and so they also 
represent opportunities to train a new generation of young 
people to pursue careers in the ongoing evolution of the smart 
grid.
    Ms. Biggert. I have an article from Maine where they are 
concerned because those might be short-term versus the long-
term a meter readers. They are concerned because of the 
stimulus was, you know, to create jobs, and it will, but will 
it be enough to overcome the long-term jobs?
    Dr. Arnold. Well, the nature of the, you know, jobs to put 
in place the automation in the grid are long-term. I come from 
the telecommunications industry and a whole industry grew up 
through the automation that was done in the telecom industry in 
the 1970s and 1980s. Companies like Telcordia and many others 
found new businesses, and I think technology transformation is 
a wonderful way of creating new skills and new jobs that have a 
long-term nature.
    Ms. Biggert. And then my district is home to the only 
Illinois recipient of stimulus funding. It is the city of 
Naperville in Illinois and it has about 145,000 residents, and 
it operates an independent municipal utility and they are just 
starting with using only wind power and biomass to create the 
electricity, so they are really moving ahead. But as the plans 
for their smart meter deployment move forward, a number of 
residents have expressed concern about privacy. So Dr. Arnold, 
can you tell us how feedback from the stimulus funding 
recipients will be incorporated into future standards 
development and would you really want to hear from all of these 
cities or whoever has the stimulus money and is creating these 
smart grids about standards? They probably--I think the 
discussion was before--that a lot of places are doing this but 
they really don't have the standards yet.
    Dr. Arnold. Absolutely, so the privacy issues we regard as 
a key issue. We have a working group that is underneath our 
cybersecurity working group that is specifically focused on 
privacy, and I would like to thank Ms. Coney for being an 
active participant along with many others in that. There is 
about 50 pages in the forthcoming NISTIR that deals with 
cybersecurity specifically on privacy and recommendations.
    Ms. Biggert. Then Mr. Eustis, could you respond to the jobs 
question?
    Mr. Eustis. Yes, ma'am. I grew up in Illinois, so I 
appreciate the Illinois connection. The jobs on meter readers, 
for example, we have been aware of this problem in our smart 
meter deployment. We have had two full-time people working to 
reposition the meter readers and we have now relocated 70 
percent of the meter readers in other jobs within the company, 
so a focused effort there can, you know, put these people back 
to work.
    But to the point of new jobs, there is an analogy if you 
look back to about 1986 to 1990 when we started putting 
computers on business desktops, and people were worried about 
getting rid of word processing groups, and yes, a lot of jobs 
were lost in admin assistants and libraries but I can tell you 
that the amount of IT support that now takes place to support 
all the utilities is like double or triple the number of jobs, 
and for example, the line workers today don't need any 
information skills. They are all going to need information 
skills in the future. We are going to need support tools. We 
need to maintain the databases. Customers as we get into the 
home are going to have questions and there are going to be 
support centers for people that answer questions. So while IT 
is supposed to make things simpler and makes it richer, it does 
require care and feeding.
    Ms. Biggert. Thank you.
    My time is expired. I yield back.
    Chairman Wu. Thank you very much, Ms. Biggert. The Chair 
recognizes himself for five minutes.
    Ms. Coney, you referred in your written testimony a number 
of really unprecedented privacy concerns presented by smart 
grid development and its penetration right into the kitchen or 
other rooms in our home. How are smart grid technology 
developers and operators currently addressing privacy? Is this 
reflected in the standards that are being developed? And also, 
it is my recollection that you mentioned that you reached out 
to NIST and the standards process rather than vice versa, and I 
would like to ask Dr. Arnold to address whether NIST had 
reached out to other groups or whether in reaching out to other 
groups there was an oversight with the privacy groups. Ms. 
Coney, why don't you go first and then anyone else who wants to 
address this issue?
    Ms. Coney. Thank you. Privacy is basically on a fundamental 
level the ability of an individual to control who, when, why 
and how access to personal information is managed. So in the 
development of standards, we look specifically at the data that 
is being collected, as I mentioned earlier. Now, the 
incorporation of the knowledge of privacy experts into this 
process began with privacy organizations learning about the 
ability to participate in the cybersecurity subgroup on 
privacy. We brought to that discussion some perspectives that 
were not resonant inside of the process initially, but through 
the participation of privacy cyber there is knowledge at NIST 
about privacy issues and the smart grid. They produced a 
document actually in April of this year that is titled ``Guide 
to Protecting the Confidentiality of PII,'' which speaks to a 
lot of the key components of privacy. In standards development, 
we should focus on how do you give consumers control over the 
information about their electric utility usage. Control can be 
as simple as an interface device for existing appliances that 
smart adaptors that connect appliances to electric outlets 
customers plug the appliance into that interface device that 
allows the micro management of energy consumption on the 
consumer level, Giving the consumer access to information about 
the peak cost hours versus the low-cost hours to run very 
energy-intense devices; and as customers purchase new 
appliances and technology to replace worn--out or broken 
equipment that the same level of control of energy consumption 
data confers to these new purchases.
    As far as the participation in the NIST process is 
concerned, advocacy groups and NIST just don't swim in the same 
waters. I happen to be more aware of NIST because I work on 
technology issues regarding voting systems and its standard 
development process. But I must say that NIST has been open-
minded about privacy advocates' our participation, while still 
not quite sure how it is hard science. We have worked very hard 
to make sure that NIST, utilities, and others understand that 
the principles of privacy are grounded in fair information 
practices and that those practices can be conferred into 
architecture designed software applications that give consumers 
control over their personal information.
    Chairman Wu. Well, Ms. Coney, as technology develops 
further and further and has further implications for our 
privacy and personal behavior patterns, perhaps this 
Subcommittee or this Committee can provide the encouragement to 
NIST to swim further in other ponds, and I also want to 
underscore that in this new arena, it is not just when devices 
are coupled with communication or wireless technology. I think 
there are several competing technologies currently 
incompatible, I understand, to send information back out over 
the power wire. So, you know, there is a lot of chatter that is 
going to go on.
    Dr. Arnold, would you care to toss in just a little bit on 
this question?
    Dr. Arnold. Sure. Well, we are well aware that the smart 
grid touches everyone and many constituencies that haven't been 
thought about in the electric system and we are not omniscient 
so we can't possibly know everyone who we should be reaching 
out to but we have really tried to make our process as open as 
possible. We have made use of the Federal Register. Our website 
provides collaboration opportunities. We have tried to get as 
much word out through the process, through industry 
associations.
    In terms of your question as to whether we specifically 
reached out to the privacy community or whether they reached 
out to us, I will have to reach that and----
    Chairman Wu. No, the question is whether the privacy groups 
were an outlier and you reached out to a bunch of other folks 
and not them.
    Dr. Arnold. I will have to--I want to give you a precise 
answer so I will have to get back to you with what outreach we 
may or may not have done in that particular case.
    Chairman Wu. Terrific. I look forward to it, Dr. Arnold.
    And Mr. Emnett, I just want to comment that as important as 
voluntary standards are, in the privacy area, there are always 
some outliers, so I think that FERC will have an important role 
once the appropriate standards for policy and other purposes 
are developed.
    Mr. Emnett. If I may, Mr. Chairman, the Commission did 
recognize the importance of cybersecurity in our Policy 
Statement where we identified the criteria that we would apply 
to standards when they come in, and in light of the emphasis on 
cybersecurity in the Energy Independence and Security Act, we 
did state that we would require a showing of adequate 
cybersecurity protection prior to adopting any standard under 
EISA.
    Chairman Wu. Terrific. I just want to add that there is the 
cybersecurity issue. There is a concern about privacy and 
perhaps there is a related but different concern about 
anonymity, and anyone who has purchased, for cash, stuff at the 
grocery store understands the separate nature, that third 
component, not that any of us have concerns about that. We just 
may not want Safeway to know what we are buying.
    Ms. Biggert, back to you.
    Ms. Biggert. Thank you, Mr. Chairman.
    Dr. Arnold, the decisions that NIST makes with respect to 
the numerous standards will probably and most likely be picking 
winners and losers among competing standards with the companies 
that own the intellectual property that support the standards, 
and so they are set to make or lose millions of dollars based 
on the outcome of your process. How are you working to ensure 
that the standards finalization process is open and fair and 
transparent?
    Dr. Arnold. Well, NIST does not want to be in the position, 
nor should we, of picking winners and losers. No, I view our 
role as accelerating a process that primarily involves industry 
with government as an important stakeholder to accelerate the 
normal industry process of winnowing out the winners in the 
marketplace. So some of these standards might have taken five 
or ten years before it became clear and in the meantime there 
is confusion and people are afraid to invest. We are trying 
through our process, to get all the stakeholders together to 
more rapidly reach consensus and not be in a position where 
NIST is picking winners and losers.
    Ms. Biggert. But it does come into the intellectual 
property, doesn't it, or what their proprietary----
    Dr. Arnold. Yes, indeed. So the earlier discussion on the 
NTTAA and OMB circular A-119 is very important because that 
does include requirements that intellectual property that is 
needed to utilize the standards be available on reasonable and 
nondiscriminatory terms to anyone who has a need to practice 
the standards, so that is one of the fundamental principles 
that we are following.
    Ms. Biggert. Thank you. I yield back.
    Chairman Wu. Thank you very much, Ms. Biggert.
    Mr. Lujan.
    Mr. Lujan. Thank you, Mr. Chairman, and the reason for the 
line of questioning around net metering and interconnection 
standards that we could establish nationally based on IEEE 
standards would ultimately lower cost, and I appreciate the 
line of questioning from our Ranking Member as well looking to 
see what the role is with NIST and how we can work with private 
industry to drive the standards on the plug-and-play, if you 
will, nature of what we are talking about here, the interface. 
With that being said, hopefully, Mr. Chairman, maybe one day we 
can tackle a hearing on how we can have a set of chargers for 
our mobile phones that are all the same and we don't have to 
keep buying them every time we get a new phone, but I think 
that is a conversation for another day.
    Looking to see what we can do, and Mr. McDonald, I think I 
will start with you here, sir, what can we do to be working 
with our national laboratories as we talk about intellectual 
property, tech transfer, commercialization, maturation, maybe 
refining the technologies that you have where we can take 
advantage of supercomputers or simulation and modeling 
capabilities that no one else has, which is truly a competitive 
advantage that United States companies have? What more can we 
do along those lines to open up opportunities, for example, 
with GE for you to work with our scientists and physicists 
along those lines?
    Mr. McDonald. Well, that is a very good question. I think 
we--you know, we have to make sure that in addition to the 
standards process that we continue to spur innovation. Some 
people think that standardization squashes innovation from the 
point of view of everything looks the same, and it is very 
different than that. When we--you know, when we implement 
standards and products, it is true that a family of products 
will have the same functionality, core functionality, but it is 
the differentiating features that each supplier has that 
extends the standards model basically. So we can have a win-win 
situation of having standards but still have innovation. I 
really think with smart grid, you know, the emphasis on smart 
grid is not to implement technology that we have been 
implementing in the past. We really have an opportunity to 
innovate, and what we say really is that what we have been in 
the past is device level and system level, and with smart grid 
we have a whole new level of innovation which is solution 
level. How do we put together devices and systems that we 
haven't done before to provide solutions for customers, and 
this is where the innovation takes place, and we need to--you 
know, the national labs are very much involved with the NIST 
process, and we need to continue to spur that innovation and 
have that input. So, you know, once we have the innovation and 
the technology, then the next step is the commercialization 
step so that what we have from the labs or from research is 
usable by electric utilities, the end-use customer, and there 
is a commercialization step that needs to take place there.
    Mr. Lujan. I appreciate that very much.
    Mr. Chairman, and I know that both yourself and Ms. Biggert 
are big supporters of our national labs and with tech transfer 
and innovation to see what we can do to truly engage in that 
dialog to have that push and pull effect of the technology.
    Along those lines, Mr. Emnett, with FERC looking at this 
and along the lines of what we may be able to do, and Mr.--is 
it Eustis?
    Mr. Eustis. Yes.
    Mr. Lujan. I would like to hear from you if we get a chance 
as well. With the integration of what we are talking about with 
broadband and they have been testing broadband over power lines 
for some time, looking to see what we can do with some of our 
superconductors now with new transmission, paths that are going 
to be built in a country and DG lines that are going to be 
built out as well, what can we do for the integration of fiber 
or whatever other means are necessary to increase our capacity 
for communication or is it truly integrating with our telecom 
companies or cable companies, whoever it may be supplying that 
last mile of fiber? Because of the infrastructure associated 
with electric companies specifically, it seems to me that we 
have many of the easements needed that are going right to the 
home where we could provide that more robust deployment of 
broadband application. Any thoughts along the lines of what 
FERC is looking at there with the inclusion of the cyber 
application and cybersecurity needs?
    Mr. Emnett. Yes, I think it could be possible that under 
the particular state regulatory structure that there are 
mechanisms in place to allow companies to essentially leverage 
the existing investment and access the home. And in terms of 
FERC'S interaction in the standards development process and the 
facilitation of the technology development to make that happen, 
we have tried to identify our priorities within the standards 
development process, one of which did include demand response, 
other electric storage, plug-in vehicles--priorities that from 
the Commission's perspective development of standards to 
address those applications would facilitate and support 
national energy policy, and then once we identified the 
priorities we essentially handed it off to NIST which did we 
think just a great job of addressing the priorities in their 
standards development process, adding their own priorities and 
driving towards the creation of the priority action plans to 
address the gaps in existing standards so that there can be 
standardization, not necessarily in the results or the products 
but in the processes, as Mr. McDonald was saying, so that the 
technological innovation is essentially facilitated.
    Mr. Lujan. I appreciate that. I know my time is expired, 
sir, so Terry or someone from my team, Mr. Eustis, will get in 
touch and we will talk about that later.
    And then Ms. Biggert, with the line of questioning around 
the number of meter readers that may be impacted, that is an 
important aspect of this, because one thing that we do know 
with utility companies across the country is the workforce is 
aging as well and we are not replenishing, so I think a whole 
conversation around what we need to do to be making sure that 
we have adequate recruitment around making sure that our 
utility companies are going to be in a strong position in the 
near term and long term is something that is critically 
important, so I appreciate that perspective very much.
    Ms. Biggert. Would the gentleman yield?
    Mr. Lujan. Yes.
    Ms. Biggert. Don't you think, too, that there is going to 
have to be a lot of training for much more skilled workers? And 
I think that is good. I think technology demands that.
    Mr. Lujan. Ms. Biggert, I could not agree more. I 
appreciate that.
    And with that, Mr. Chairman, I yield back my time.
    Chairman Wu. I want to ask unanimous consent to insert in 
the record a statement from Vinton Cerf, the Vice President and 
Internet Evangelist for Google. These high-tech folks are very 
creative. Without objection, so ordered.
    [The submitted statement of Dr. Cerf follows:]

                   Submitted Statement of Vinton Cerf

    Dear Mr. Chairman,
    This letter is in response to a recent informal discussion I had 
with Committee staffer Meghan Housewright about the challenges and 
opportunities implicit in the Smart Grid standards facilitation effort 
now under way in the United States under the auspices of the National 
Institutes of Standards and Technology.
    For the benefit of possible readers of this letter, I thought a 
little capsule summary of my interests in this matter would be 
appropriate. My name is Vinton G. Cerf and I serve as Google's vice 
president and chief Internet evangelist. I am the co-inventor of the 
TCP/IP protocols and architecture of the Internet. I also serve as the 
chairman of the Visiting Committee on Advanced Technology for the 
National Institute of Standards and Technology (NIST) and as a member 
of the Smart Grid Interoperability Panel Governing Board. Google is an 
interested party as well through its development of the Google Power 
Meter (hardware and software system).
    The lead U.S. Government program manager for the Smart Grid program 
is Dr. George Arnold who is the National Coordinator for Smart Grid 
Interoperability and reports to the Director of NIST, Dr. Patrick 
Gallagher. I have had the opportunity to work and interact with Dr. 
Arnold over the course of some years in connection with my 
responsibilities at NIST and, more recently, in connection with the 
Smart Grid Interoperability Panel (SGIP). I want to go on record to say 
that Dr. Arnold has undertaken an extremely difficult and complex task: 
facilitating the development of standards needed to assure that the 
vision of a smart grid can in fact be realized. Moreover, the level of 
interest in the program is easily illustrated by noting that the SGIP 
activity now involves on the order of 600 companies and 1600 
representatives. The organizational structure and governance mechanisms 
of the SGIP were created quickly and formulated for maximum flexibility 
as a non-profit, private sector organization. Dr. Arnold deserves great 
credit for his successful efforts thus far.
    Perhaps even more important than the institutional aspects of the 
work is the vision and motivation for the development of a ``smart 
grid.'' I do not propose to outline this vision in its entirety in this 
brief contribution, but plainly there are many reasons for pursuing 
this course. If we can make more efficient use of electricity and avoid 
excessive use during peak load periods, we can avoid unnecessary 
capital investment and operating costs. To do this, we need appliances 
and mechanisms that will allow consumers to adjust their use of 
electricity in accordance with their preferences in more or less 
automatic ways. This means that our energy consuming appliances need to 
be able to communicate with the power grid management system and with 
each other. To achieve this goal, standards are needed, as has been 
admirably articulated by Secretary of Energy Steven Chu and Secretary 
of Commerce Gary Locke.
    The Smart Grid program is also partly motivated by the potential 
for job creation since new appliances will be needed as well as new 
monitoring systems, power meters and the like. Their production in 
quantity will lead to job growth in the appliance, power generation and 
monitoring sector. There is tension between the need for standards and 
the opportunity for job creation, however, because establishing 
standards for such a massive and complex undertaking needs time while 
job creation is a matter of urgency. Investing huge sums in the 
production of appliances using inappropriate standards could lead to 
serious vulnerabilities and fragility in the evolving 21st Century 
power grid. This tension makes the results of the SGIP initiative all 
the more important to get right.
    In forming the Smart Grid Interoperability Panel and its Governing 
Board, Dr. Arnold has drawn upon a diverse, motivated and well-
qualified cohort of participants. The structure of the standards effort 
involves nearly two score Priority Action Panels, several Working 
Groups (especially on Security and Architecture), and a number of ad 
hoc review groups. I cannot over emphasize the importance of the 
Architecture and Security working groups. If the effort is successful, 
the new power grid will allow appliances to reduce demand at the 
discretion of the consumers. Until now, the power grid has had to meet 
demand or be forced into rolling ``brownouts''. It is a tribute to the 
power industry that it has managed in large measure to meet the growing 
demand for electricity in the United States. However, a poorly designed 
software architecture or inadequate attention to security could create 
an unstable and unreliable system. Such an outcome would surely 
represent an unacceptable national security risk. One of my colleagues 
in the Smart Grid Interoperability Panel has also reminded me that the 
grid is not only vulnerable to potential software hazards but also to a 
range of physical frailties, exacerbating concerns for reliability and 
robust operation.
    Without reprising all of the many discussions that have taken place 
in connection with the frequent SGIP meetings, perhaps a few points are 
worth mentioning:

        1.  Standards will permit power meters and energy monitoring 
        systems to interwork with appliances and with the power grid's 
        management systems.

        2.  Open, non-proprietary standards promote competition because 
        multiple parties can make equipment that will interwork without 
        having to make pairwise agreements or be limited by licensing 
        requirements.

        3.  Properly testing standards and their implementation can 
        reinforce the security of the Smart Grid systems.

        4.  Standards suitable for international use can increase 
        markets for American-made appliances.

        5.  Information from energy usage monitoring can reinforce 
        consumer awareness of the consequences of their energy 
        consumption. Consumers should have full access to this 
        information and be empowered to provide it to third parties for 
        analysis.

    Among the most significant challenges in this Smart Grid enterprise 
is the introduction of power generation in residential and industrial 
settings. While co-generation has been around for some time in the 
latter, the introduction of photovoltaic or wind or fuel cell power 
generation in residential settings is relatively new. As the economics 
of such distributed generation improves, there is increasing interest 
in local power generation and consumption. For the first time, 
consumers have the potential to become producers. Plug-in electric cars 
add to this picture as potential sources and sinks of electrical power. 
This phenomenon has both benefits and risks. On the beneficial side, 
use of renewable energy resources can reduce our dependence on non-
renewable fossil fuels and potentially reduce the production of 
atmospheric carbon dioxide, a greenhouse gas. In addition, reduced use 
of fossil fuels can also reduce our need to import energy sources, 
improving our trade balances. On the risk side, for most of the history 
of power generation in the United States, the power grid has used 
large-scale, centralized power generation facilities and an extensive 
power grid to deliver electrical energy to consumers. As power 
generation becomes more distributed and its sources more variable (wind 
power and photovoltaics operate episodically and not continuously, for 
example), the stability of the power generation and distribution 
systems becomes an even larger challenge than before. When we add to 
this mix the use of smart appliances that moderate their demands, we 
have a very complex, dynamic control system problem to solve to assure 
that the system stays stable.
    From the national security standpoint, the nightmare scenarios 
include the potential for a large number of appliances to 
simultaneously turn on or off, either because of common algorithmic 
decisions (think: programmed trading in the stock markets) or because 
someone has penetrated the power control system or somehow induced a 
large number of appliances to act in concert. Of course, there is also 
the ever-present possibility of human error or bugs in software that 
lead to the same effects. These concerns only reinforce the importance 
of care in the development of the standards and in careful analysis of 
the security provisions in their design. That the system must be 
resilient in the face of natural disasters is also apparent. Software 
alone will not prevent an ice storm from breaking power lines or 
prevent a hurricane or tornado from damaging a power plant or 
substation.
    Another of my fellow SGIP Governing Board members has pointed out 
that the decisions and choices we make in the design of the Smart Grid 
standards may look arbitrary at the outset but may prove to be utterly 
crucial in the long run. Since we cannot be certain which choices have 
this property, he strongly recommended that we devote the necessary 
time and resources to make use of testing, modeling and analytical 
methods, including prototyping, to assure that we have identified the 
not-so-arbitrary choices early on in this process. The Governing Board 
has strong advocates for a testing and certification program that would 
assure consumers that standards are met in the devices and appliances 
placed on the market. I support that view and extend it to include 
early testing and prototyping to avoid making large investments in 
dead-end designs.
    In the course of the many discussions about the Smart Grid idea, 
the question of fine-grained information as to usage and pricing has 
arisen. Fine-grained time information about pricing and usage can be 
used to moderate consumption and reduce peak load demand. Just how 
beneficial this may prove to be is still an unknown, at least as I 
comprehend the idea. Real data is needed to inform any credible 
opinions and this motivates once again the need for prototyping and 
pilot programs of use. I am told that fine-grained pricing information 
is not uniformly available at the retail level although it may be 
provided to wholesale customers who may be trying to minimize their 
costs by drawing on different suppliers at different times.
    While on the subject of fine-grained usage information, I think it 
is useful to remember that much can be inferred from such profiles. One 
could likely know whether someone is at home, possibly even who might 
be at home if one knows which appliances are in use. Diurnal patterns 
of usage, accumulated over time, could be used to identify periods when 
a home is unoccupied. Plainly there are privacy, safety and security 
issues associated with access to this information. With regard to 
access, it seems important that consumers have access to and some 
control over who may have access to this kind of information. Consumers 
may want third parties to have access for analytical purposes but at 
the same time assure that the information does not fall into the wrong 
hands.
    As should be obvious from this brief letter, the development of the 
Smart Grid is by no means a trivial enterprise and has many facets of 
interest to a wide range of policy-making bodies, private sector actors 
and, of course, the general public.
    I commend the Committee for its continuing interest in improving 
and evolving the American response to the need for more efficient 
production and use of electrical power. I hope that this same attentive 
perspective will be given to other resources of importance. If we 
design the standards for the Smart Grid well, they can be extended to 
monitor our use of water, oil, gas, and other resources, giving all of 
us a better sense of the consequences of our life style and resource 
consumption choices.

Vinton G. Cerf
VP and Chief Internet Evangelist
Google

    Chairman Wu. The chairman recognizes himself for another 
five minutes and I understand that Ms. Biggert has a 
conflicting obligation. Thank you for taking the additional 
time.
    Mr. Emnett, you mentioned in your testimony that FERC 
intends to allow utilities certain smart grid-related costs if 
certain factors can be shown, and one of them is that the 
applicant is to show that it minimized the possibility of 
stranded investment in smart grid equipment. We are in the 
process of developing the applicable interoperability standards 
so how is FERC going to proceed in making this determination? 
And Mr. Eustis, I guess I would like to hear from PGE's, 
Portland General Electric's perspective how you feel about 
stranded investment recovery versus not?
    Mr. Emnett, you first.
    Mr. Emnett. Sure. In the Policy Statement that FERC issued 
last year, FERC stressed that it would look towards applicants 
seeking to recover the costs of smart grid development prior to 
the adoption of related standards. It would expect the 
applicants to make a demonstration that, to the extent 
possible, they are relying on whatever existing open standards 
may be out there--so not necessarily those that have been 
adopted by FERC but those that are generally followed by the 
industry--as well as a demonstration that the equipment and 
technologies that are being invested in can be readily and 
securely upgraded. The Commission has had one instance of a 
utility seeking confirmation, affirmation of cost recovery 
under the Policy Statement, Pacific Gas and Electric, 
incorporating costs associated with development partially 
funded by the Recovery Act, the other PGE, PG&E [Pacific Gas 
and Electric Company], not PGE. So Pacific Gas and Electric did 
in fact make the demonstration that they were being careful in 
the selection of the technologies, that they tested different 
product vendors, component testing for ease of integration, 
implementation of open modular architecture for the facilities. 
So there was a demonstration that the applicant was able to 
make that the technologies would be flexible in the event that 
standards were developed in a different direction.
    Chairman Wu. Mr. Eustis, you bear the burden of 
representing all utilities, so from the utility perspective, 
how is it going in terms of the risk-reward on proceeding and 
the risk of stranded costs?
    Mr. Eustis. So, as we planned our business case for smart 
meters, for example, we definitely considered future 
applications and making sure it wouldn't be obsolete but first 
and foremost the business case has to be cost-effective that we 
implement and so the functions that we built the technology for 
are implemented and will be functional for the economic life of 
the project, so the first thing is make sure what you are 
investing actually serves an economic purpose.
    As far as interoperability over time, we look to things, 
technical hardware like communication bridges to bridge one 
protocol to another for those customers that need it, or the 
upgradeable firmware in a meter or in a distribution switch 
allows us to add additional functionality when the time comes. 
So the most important factor to prevent stranded assets is 
making sure that is there is an upgradeable path to the 
hardware that you install.
    Chairman Wu. Ms. Coney?
    Ms. Coney. I would like to add for the benefit of consumers 
that their stranded costs should be considered as well as they 
purchase new appliances, whether there will be additional costs 
incurred as new software, new hardware, new applications are 
placed onto the grid, will it push consumers to have to make 
additional expenditures. Human user interfaces for consumer 
devices and appliances should allow users to control or manage 
energy usage within their home. Energy consumers must have a 
full range of options for how their energy consumption will be 
managed. Control should not be pushed out of their control 
because of the design of devices and appliances based on the 
standards which are developed. Consumers should have a range of 
options for how to manage energy consumption.
    Chairman Wu. Ms. Coney, I will view this as the request to 
give hope to those who still have eight-track tape players and 
beta video machines.
    Ms. Coney. Privacy advocates typically like technology or 
those who like to be first adopters and like to tinker. Vint 
Cerf happens to be on EPIC's advisory board. He is one of the 
people who could appreciate having the ability to have the 
option for managing or not managing their own electric utility 
usage. Thank you.
    Chairman Wu. Thank you, Ms. Coney, and that makes me feel 
better because the young people around me always make me feel 
like a Luddite in adopting new technology, but I think that is 
just commendable caution for those who have seen many things 
come around.
    A further money question. The NIST budget includes $10 
million for standards and conformity assessment. This 
initiative will cover some smart grid activities as well as 
other technologies, and Mr. Arnold, this is the one you can go 
to town on. What resources do you think NIST will need to 
appropriately develop standards at a pace which I think the 
industry and our Nation needs? And if additional resources were 
appropriated by this Congress, what additional activities or 
what delta and speed could you achieve?
    Dr. Arnold. Well, if there were additional resources, my 
view is that the testing and certification program is the area 
that is in greatest need. As I think someone observed earlier, 
the standards in terms of the descriptions are necessary but 
they are not sufficient. Where the rubber meets the road is 
where you formalize the conformance requirements and the 
testing. There are hundreds of standards. There are many test 
programs that will be needed. We have efforts underway to 
develop a framework for that but getting these programs 
instantiated and in operation is going to be a big task, so I 
think that is the area in which there is the greatest need.
    Chairman Wu. Additional resources, additional activities, 
additional speed? I know you are trying to be a good foot 
soldier for the Administration but the question is asked.
    Dr. Arnold. If there were additional funds available, they 
would be well utilized. Most of the testing programs will be 
done by the private sector but the development of these 
programs today is done largely on a voluntary basis, and to the 
extent that funds can be utilized to apply more full-time 
dedicated resources, the availability of these programs would 
be accelerated.
    Chairman Wu. Mr. Arnold, we will apparently take this up 
offline, but if any of the other panelists would care to take a 
poke at this question, your comments are welcome.
    Ms. Coney. I would offer that if we look at projects and 
their implication for being done well, I look to the Panama 
Canal as the last major engineering effort that continues in 
use today. The United States delved into the project and took 
the lead on following the French effort. It was an engineering 
marvel. It cost to do it right. And if we plan to do a smart 
grid, and with the consequences to cybersecurity, individual 
privacy, reliability, energy independence and all of the best 
wishes for the smart grid, it will need to have appropriate 
investments made in critical areas regarding standards 
development, the time and energy of the legislative branch in 
developing policy that assures that all of our best hopes of 
privacy and security regarding the smart grid are realized.
    Chairman Wu. Well, let the record show that it was the NGO 
advocacy organization that jumped in with both feet on this 
one.
    Mr. Tonko.
    Mr. Tonko. Thank you, Mr. Chair, and thank you to our 
panelists. Obviously one of the big changes out there that I 
think we need to incorporate and focus on are electric 
vehicles, and Dr. Arnold, in your testimony you discussed the 
fact that there are at least four competing proposals for the 
fast charging of electric vehicles, and my question is about 
the uncertainty that this might foster, that if we slow down 
that development, I think it is to the detriment of our 
comprehensive energy plan if we indeed have one, but I think 
our Nation should build that sort of plan. How do you think 
this issue is being addressed and how it is best addressed?
    Dr. Arnold. Well, this is a complicated issue. I was in 
Japan a couple weeks ago and saw a demonstration of a system 
that is deployed on a pilot basis there, and I also had spent 
some time with the deputy CEO of the electric utility in 
Singapore, which is going to be piloting a similar system and 
they are actually requiring changes to the Japanese system for 
deployment in Singapore. So this is an area in which I think 
there is still some technical debate that needs to be engaged 
and we do have to balance speed versus doing this right. But at 
the end of the day we do need to make a decision on a single 
charging infrastructure standard for the United States because 
otherwise it is not going to be practical to develop the market 
for electric vehicles.
    We are actively engaged with the key standards bodies in 
which these areas are being debated including SAE [Society of 
Automotive Engineers] International and the International 
Electric Technical Commission. One of our priority action plans 
is on electric vehicles and this issue is part of that. One of 
the debates that is occurring among these competing proposal 
are the safety aspects, and when it gets to safety, we want to 
make sure that we are doing this right. So we are working with 
these bodies to convene a workshop to get the experts together 
to discuss the safety issues and inform what I hope will be a 
decision by the end of next year on a standard for use in the 
United States.
    Mr. Tonko. Is there anything you envision the Congress 
doing in the interim? Is there an incentive that needs to be 
developed? Is there some sort of effort that can be toward the 
single charging infrastructure?
    Dr. Arnold. I mean, the only thing that I think would help 
would be sort of clear direction that there has got to be one. 
This is not an area in which you can have cars that have 
different sockets and charging levels going around the country. 
We need one standard. My guess is that internationally there 
won't be a single standard in much the way that we haven't 
standardized left-hand drive versus right-hand drive in 
different countries, so there will probably be two or three as 
we look around the world and they will be embraced in some sort 
of umbrella international standard. But for the United States, 
we have to pick one, and just making clear that we can't have a 
proliferation of different competing approaches in the 
marketplace would be helpful.
    Mr. Tonko. And in your review of those areas around the 
world where you have witnessed their progress, anything gleaned 
from that that you would suggest to us as maybe an essential?
    Dr. Arnold. I think that we need a lot of real-world 
experience on how consumers are going to react to these 
vehicles, the issue of driving range, how to deal with this. We 
are into an exciting new area here but one in which we really 
need some real-world experience to see the right way for this 
to evolve.
    Mr. Tonko. Thank you very much. Mr. Eustis.
    Mr. Eustis. Portland General Electric is lucky enough to 
have one of the early implementations of electric vehicles in 
its service territory with the Nissan and state partnership, 
and we got that opportunity because we put infrastructure out 
initially. It didn't need a standard but we designed the 
charging infrastructure in a way that could be upgraded later 
on, you know, the right conduits, the right information support 
to that, and in much the same way the fast charging can be 
upgraded if a standard should change. I agree with Dr. Arnold 
absolutely, you know, one socket is what is required, but in 
the short run, the 240-volt standard, which is SAE 1772, I 
believe, does standardize, I think it is worldwide even, a 
method for the most predominant method of charging, and so the 
first order of business is to make sure we successfully get 
customers to adopt electric vehicles and the 240-volt standard 
will go a long way to get the early adoption and it gives us a 
little time to perfect fast charging.
    Mr. Tonko. And Ms. Coney?
    Ms. Coney. The one thing I would add is that there have 
been discussions about whether the identification information 
for a unique electric vehicle should convey when that vehicle 
is being re-charged. The privacy perspective, especially as it 
weighs on the fast adoption of these vehicles, would be to make 
sure that re-charging is anonymous as paying with cash. Where 
you charge a vehicle should not identify that you in fact were 
in a particular place. There are privacy issues with 
architecture that supports transferring that kind of 
information in the process of charging an electric vehicle. 
Thank you.
    Mr. Tonko. Thank you.
    Thank you, Mr. Chair.
    Chairman Wu. Thank you, Mr. Tonko, very thorough, as 
always.
    Mr. Eustis, you commented on the implementation in Portland 
for charging electric cars, and I asked a couple of questions 
of the company that is building out a charging field, if you 
will, or, you know, reaching from Portland to Salem or beyond, 
and their statement was that their charging format for the 
Nissan Leaf is not necessarily compatible with the Tesla that 
is sold more in California, or at least I have seen it in 
Silicon Valley a lot, and my comment back to them is that they 
are going to get a whole lot more enthusiastic support from 
Elon Musk and others if there is a compatible plug, and I just 
wanted to flag that because there apparently is a disagreement 
or not complete agreement about whether it is compatible or 
not. And you don't have to comment right now if you----
    Mr. Eustis. Yeah, I am not familiar with that technical 
difference. I don't doubt that there is. But it would be at the 
fast charging level.
    Chairman Wu. Well, it may be just like really, I mean for a 
guy like me, really basic like three prongs versus two and 
those adaptor plugs that we fiddle with all the time.
    On international standards, and again, if you all want to 
consider this and answer on the record later, or if you want to 
answer this, take a stab at it right now, I am concerned as 
Chairman Gordon pointed out about certain countries, particular 
China, in this field as in others developing their own standard 
to create an island of technology, whether that is for very 
legitimate national reasons or whether it is for trade and 
competitive reasons. Is there anything that we can do at the 
international standards-setting level or with other mechanisms 
available to us to provide both carrots and sticks for 
international cooperation and harmonization of standards?
    Dr. Arnold. Chairman Wu, that is a very thought-provoking 
question and I would prefer to respond to that on the record 
later after giving it some consideration, but I think that this 
is a difficult issue. Where we have partners that recognize 
that the market grows. If you have common standards and you can 
create new industries and applications, it is easier. Where you 
have partners that view this as a win-lose game, then it is 
more difficult and it takes two to tango, as they say.
    Chairman Wu. Well, Dr. Arnold, I very much appreciate you 
taking the time and energy to answer in a thorough and careful 
way. It is NIST's mission to cooperate internationally, and 
this is what this Subcommittee has pressed for repeatedly, and 
if NIST or any other governmental agency needs carrots or 
sticks, I think that this Committee will seek to give you those 
tools.
    If no one else wants to comment on that, you all have 
come--many of you have come from a long distance and it is the 
tradition of this Subcommittee when time permits to ask of the 
entire panel individually, are there things that we have not 
asked or that you have not had an opportunity to address live 
that you would like to address before we adjourn? Mr. McDonald.
    Mr. McDonald. I wanted to--there were two points that I 
wanted to cover. One was that Mr. Lujan brought up about the 
importance of state regulators, and the fact that standards are 
really tightly tied to policy and vice versa. There is a lot of 
interdependencies. We realize that at NIST, and we made a 
conscious decision for our next Governing Board meeting next 
month, or actually this month--today is July 1st--in a couple 
weeks to be co-located with the National Association of 
Regulatory Utility Commissioners Summer Meeting in Sacramento, 
California, so all of the NIST Governing Board will be meeting 
together with the NARUC Commissioners, and our meeting will be 
open. All the commissioners can attend our Governing Board, and 
likewise the next two days, the NIST Governing Board will be 
involved in the regulators' meetings also. So we see that as 
important and we have reached out to NARUC and decided to have 
our meeting co-located with theirs.
    That was one point. The second point was the permanence of 
jobs I think really boils down to standards. You know, if the 
technology is anchored in standards, it has permanence to it, 
and as a supplier, when we commit funds to incorporate new 
technology, if that technology is not anchored in a standard, 
there is a question from the supplier point of view is if we 
implement, commit resources and implement, that technology may 
go away the next year because there is not the stability to it 
that a standard provides. So I think, you know, with respect to 
technology, with respect to smart grid, with respect to jobs, 
it puts even more importance on standards. The more we have 
standards, the more we can interoperate, the jobs that we 
create with respect to smart grid will be permanent jobs. Thank 
you.
    Ms. Coney. I just wanted to close----
    Chairman Wu. Let me just respond to one thing that Mr. 
McDonald said about the permanence of jobs. We have a 
competitive society and also those of us who sit on this side 
of the dais completely understand that the functions of society 
may last for a long time but no job is permanent. Certainly no 
job is permanent.
    Ms. Coney, please proceed.
    Ms. Coney. Thank you. I wanted to thank the minority for 
the invitation to participate in today's hearing. I think this 
is a very topical discussion but we didn't touch much on the 
topic of cybersecurity which from our perspective has a lot to 
do with data collection, retention and use but that the 
standards process can greatly benefit from the collaboration 
with privacy experts, civil liberties experts as well as legal 
experts on the consequences of the data collection and use 
related to smart grid. We hope that the consumer as the end 
user is taken into consideration when standards are developed 
to be sure that their interests are served as well. Thank you.
    Chairman Wu. Any other comments for the good of the order? 
Well, thank you all very much. Ms. Coney, I am really glad you 
mentioned the Panama Canal as the last great engineering 
project of this Nation. Perhaps that is true, but it certainly 
permits me equal latitude in using something dramatic. To 
borrow a Churchillian phrase, this is a really, really 
important project and yet it is very, very complex and 
abstruse, so a lot of the general public, and in fact, a lot of 
this legislative body, is not going to understand the process 
as it goes forward, but it is absolutely vital to our energy 
security going forward, and to borrow a Churchill structure, if 
not his words, never have so many depended on so few to take on 
a topic so important and to get it right, and I thank you for 
your efforts to date and offer this Committee's support, 
continuing support to get it right going forward.
    And with that, the record will remain open for two weeks 
for additional statements from Members for answers to any 
follow-up questions the Committee may ask.
    Thank you all very, very much for your participation. The 
witnesses are excused and the hearing is now adjourned.
    [Whereupon, at 12:27 p.m., the Subcommittee was adjourned.]

                              Appendix 1:

                              ----------                              


                   Answers to Post-Hearing Questions

Responses by Dr. George W. Arnold, National Coordinator for Smart Grid, 
        National Institute of Standards and Technology

Questions submitted by Chairman David Wu

Q1.  In your testimony you mention that NIST is initiating a contract 
to develop cyber-security testing requirements for smart meters, and 
that the testing protocols should be available about a year after the 
contract is awarded. When will this contract be awarded? What concerns 
are there with deploying smart meters that have not undergone this 
testing and evaluation?

A1. The proposals are currently under review by NIST and follow our 
Federal acquisition process to award based on contractor capability and 
best value. NIST anticipates awarding this contract before the end of 
this Fiscal Year.

Q1,1a.  There have been stories in the media from California and other 
places around the country about smart meters that do not function 
properly. Would a testing and evaluation program have identified 
problems with the meters before they were deployed?

A1,1a. It is unclear whether the problems reported in California, Texas 
and other places are due to technical problems with the meters.
    At this time the main concern with deploying smart meters that have 
not undergone interoperability and cyber-security testing is the 
potential for lack of interoperability and potential for security 
vulnerabilities that could compromise the meter. NIST is aware that a 
number of major utilities have labs that are testing vendor products 
prior to their selection and deployment and are providing feedback to 
the vendors on problems uncovered during their testing. Unfortunately, 
we understand that the results of these tests cannot be shared with 
other utilities, NIST, or other parties due to non-disclosure 
provisions in vendor contracts; therefore, NIST cannot comment on what 
problems have been uncovered through testing. The work that NIST is 
contracting for will result in a well-defined and consistent test 
methodology that can be broadly applied by accredited test labs to 
support the industry. NEMA Standard SG1 for Smart Meter Upgradeability, 
published in September 2009, was one of the first Smart Grid standards 
to be developed through the NIST coordinated program. Meters that 
conform to this standard have firmware that can be securely upgraded, 
providing an ability to deploy changes to meter firmware to address 
issues uncovered by testing or expected revisions to the metering 
standards.

Q1,1b.  What is the timeline for initiating a testing and evaluation 
program for all smart grid technologies for which standards are 
available?

A1,1b. The identification and development of standards for the Smart 
Grid is an ongoing process. New use cases and applications for the 
Smart Grid will continue to grow and evolve over time. As such, the 
standards supporting these use cases and applications will continue to 
grow in number and evolve along with test programs supporting these 
standards. In the Smart Grid environment today very few standards which 
have been identified up to this point have test programs associated 
with them. The SGIP Testing and Certification Committee (SGIP TCC) is 
in the process of creating a Testing and Certification Framework which 
will identify new required test programs, identify gaps in existing 
programs and provide best practices to accelerate development of test 
programs which will help ensure interoperable smart grid products. We 
expect the SGIP TCC Framework to be completed by the end of the year. 
In addition, the SGIP TCC will concurrently use this Framework to 
identify at least two test programs meeting SGIP interoperability 
requirements. After the validation of this testing Framework, NIST will 
be in a better position to project the timeline for completion of the 
development of test programs associated with completed Smart Grid 
standards. At the beginning of FY 2011 the SGIP TCC will be evaluating 
the remainder of completed standards on the NIST catalogue of 
identified standards during FY 2011 to ensure test programs are being 
developed to ensure Smart Grid interoperability. In our experience with 
the telecom industry, once a standard is completed, it can take from to 
1-3 years to develop a test program to support it depending on the 
complexity. Our goal is to reduce the test program development cycle 
time by leveraging the SGIP TCC and its Testing Framework.

                   Answers to Post-Hearing Questions

Responses by Mr. John D. McDonald, P.E., Director of Technical Strategy 
        and Policy Development, GE Energy

Questions submitted by Chairman David Wu

Q1.  The NIST FY 2011 budget request includes $10 million for Standards 
and Conformity Assessment for Interoperability in Emerging 
Technologies. This initiative will cover smart grid standards 
activities, as well as other technologies. What amount of support is 
sufficient to allow the NIST smart grid standards process to continue 
at the level needed to develop the standards and the testing 
requirements? If additional resources were available, what more should 
be done?

A1. The NIST standards effort is vitally important to the successful 
development and deployment of the smart grid in the U.S. and to ensure 
harmonized international standards that open global market 
opportunities for U.S. companies. Much of the funding for the NIST 
effort was provided through the Recovery Act and those funds will be 
exhausted in 2011. My understanding is that, apart from the Recovery 
Act funding, the FY 2011 budget request would, if approved, result in 
an ongoing NIST smart grid program of $10 million per year. I would say 
that $20-$25 million per year is the minimum baseline for an effective 
smart grid standards and measurement program at NIST. The additional 
funding will be needed to 1) sustain operation of the Smart Grid 
Interoperability Panel beyond 2011 to carry out the essential work of 
coordinated standards development; 2) continue development of a 
comprehensive testing and certification program; and 3) develop new 
measurement capabilities to ensure robust characterization and control 
of smart grids.

                   Answers to Post-Hearing Questions

Responses by Mr. Conrad Eustis, Director of Retail Technology 
        Development, Portland General Electric

Questions submitted by Chairman David Wu

Q1.  The NIST FY 2011 budget request includes $10 million for Standards 
and Conformity Assessment for Interoperability in Emerging 
Technologies. This initiative will cover smart grid standards 
activities, as well as other technologies. What amount of support is 
sufficient to allow the NIST smart grid standards process to continue 
at the level needed to develop the standards and the testing 
requirements? If additional resources were available, what more should 
be done?

A1. Portland General Electric believes that the NIST budget should be 
at a maintained at a minimum of $10 million per year, and if possible 
increased for the next two years. The work of standards development and 
testing consists of three primary activities.

        1.  Initiative Management, Governance and Communications

        2.  Standards Development where gaps exist, the work of the 
        Priority Action Plan (PAP) groups

        3.  Interoperability Testing including development tools, 
        testing and audits

    The current $10 million budget is being consumed on mostly the 
first two items; these efforts have established processes but it should 
be noted that these processes rely heavily on volunteers to complete 
important work. The testing process is being developed according to a 
roadmap under the Smart Grid Testing and Certification Committee. 
Testing is the most difficult of the processes to be established and 
implementation will require seed money to create testing tools and set 
up test labs if required, hence the desire for an increased budget for 
2011 and 2012. Unlike the volunteers that write standards documents as 
time permits, testing requires full time professionals to manage 
whatever process is established. These resources will be considerably 
more expensive than the administrative support services that now 
consume a large part of NIST's budget.
    I am not familiar with details of staffing for the PAP groups, but 
my impression is that the resources are heavily weighted by volunteers; 
this should be confirmed by NIST. As this new, relatively exciting 
process wears on, the technical resources required to write competent 
standards may need to be supplemented by NIST-hired contractors: 
project managers, systems architects, hardware engineers, software 
engineers, communication engineers, utility process specialists, etc. 
These resources would aid the PAP process to drive consensus input to 
completed quality specifications.
    If additional resources are available they should be used to 
proactively seek input from utilities and their vendors with a focus on 
what should be done to aid standards adoption by these groups. 
Collecting input from each group is an independent effort. Portland 
General Electric's written testimony elaborates on why this is such an 
important task.
                              Appendix 2:

                              ----------                              


                   Additional Material for the Record


Responses by Dr. George W. Arnold, National Coordinator for Smart Grid, 
        National Institute of Standards and Technology

Verbal Questions from Subcommittee by Chairman David Wu

(Verbal questions within the unedited written transcript)

Q1.  No, the question is whether the privacy groups were an outlier and 
you reached out to a bunch of other folks and not them?

A1. NIST has recognized the importance of privacy issues for the Smart 
Grid from the beginning of NIST's efforts under EISA 2007. In 2009, 
NIST proactively included a working group focused on privacy as part of 
the initial establishment of its Cyber Security Coordination Task 
Group, which has since become the privacy subgroup of the Cyber 
Security Working Group of the Smart Grid Interoperability Panel. NIST 
has primarily relied on weekly teleconferences, regular conferences, 
face-to-face meetings and additional peer-to-peer outreach within the 
cyber security and privacy communities to inform and learn from 
interested parties about its Cyber Security Working Group and task 
groups. In addition, NIST initiated outreach efforts to inform a 
broader community about NIST Smart Grid activities through multiple 
Federal Register Notices asking for public review and comments on the 
NIST Framework and Roadmap for Smart Grid Interoperability Standards, 
Release 1.0, and two drafts of NIST Interagency Report 7628 (Smart Grid 
Cyber Security Strategy and Requirements, now titled Guidelines for 
Smart Grid Cyber Security). This outreach, particularly outreach 
through the Federal Register Notices, has been successful in 
encouraging privacy advocates and others to participate in the NIST 
process. For example, there are several privacy advocacy groups that 
participate in our privacy subgroup, including EPIC, Center for 
Democracy and Technology (CDT), Future of Privacy Forum, and the 
Electronic Frontier Foundation (EFF). The NIST Smart Grid 
Interoperability Panel is also working to identify and engage 
additional groups for outreach, including for example venture capital 
firms, state and local regulators, consumer groups and other sections 
of the broad Smart Grid community.

Q2.  What resources do you think NIST will need to appropriately 
develop standards at a pace which I think the industry and our Nation 
needs? And if additional resources were appropriated by this Congress, 
what additional activities or what delta and speed could you achieve?

A2. NIST is fortunate to have received ARRA funding ($17 million, 
consisting of $12 million from DOE and $5 million from NIST's own ARRA 
appropriation) to start the external NIST Smart Grid program by 
contracting with an administrator to support NIST in establishing the 
Smart Grid Interoperability Panel. This funding has also permitted 
additional contracted technical support to help NIST address a selected 
set of high priority action plans to fill identified standards gaps. In 
addition, NIST has received $5 million in the FY 2010 enacted 
appropriation to support a new Smart Grid Interoperability initiative. 
Collectively, these resources have enabled NIST to effectively carry 
out its program to date with successes as noted in George Arnold's 
written testimonyCurrent ARRA funding will be expended in FY 2011. An 
additional initiative to support Smart Grid Interoperability is 
proposed as part of the President's Budget for FY 2011 in order to 
sustain the NIST program. Any additional resources would be used to 
accelerate the development and implementation of a testing and 
certification framework to support Smart Grid interoperability and 
cyber security, to accelerate standards development to fill gaps that 
have been identified, and to develop a comprehensive measurements 
research program to better characterize and monitor the system-level 
performance and stability of the Smart Grid. This work would be 
conducted through NIST's internal efforts and the efforts of external 
contracted organizations including standards and testing/certification 
groups.

Q3.  Is there anything we can do at the international standards-setting 
level or with other mechanisms available to us to provide both carrots 
and sticks for international cooperation and harmonization or 
standards?

A3. NIST is actively engaged in and is providing leadership in all the 
international standards bodies relevant to the Smart Grid. In addition, 
NIST has bilateral engagements with counterparts in many other 
countries, including Canada, Mexico, Brazil, Japan, Korea, China, 
India, Singapore, Australia, the EU and member states, and Israel. NIST 
is also working closely with DOE in partnering with other major 
economies to establish a the International Smart Grid Action Network to 
provide a multilateral forum for coordination. As indicated in the 
written testimony, China's standardization activities in the Smart Grid 
present a concern because of China's preference for indigenous 
innovation and the fact that we have limited visibility into China's 
domestic standardization activities relating to the Smart Grid. NIST 
has initiated a dialog with State Grid Corporation of China to explore 
opportunities for collaboration through participation in standards 
development organizations such as the International Electrotechnical 
Commission and through the NIST coordinated Smart Grid Interoperability 
Panel. Specifically, NIST is supporting the work of several working 
groups within the International Electrotechnical Commission (IEC), 
especially Technical Committee 57, that are harmonizing the IEC 
standards with others. These working groups, which include 
representatives from China as participating members, are revising 
standards to be harmonized with others, such as IEEE standards, as 
identified by NIST in Priority Action Plans as part of the NIST 
Framework and Roadmap for Smart Grid Interoperability Standards.
    NIST is also exploring means to build upon its existing 
collaborations with key Chinese entities such as the Standardization 
Administration of China (SAC), the Certification and Accreditation 
Administration of China (CNCA), the China National Institute for 
Standardization (CNIS) and the China Electronics Standardization 
Institute (CESI) for engagement in the international standards 
development for Smart Grid standardization. In specific areas such as 
standards to support fast charging for electric vehicles, NIST has 
taken a more active role (in coordination with others in the Federal 
Government, including the Department of Energy) in outreach to Chinese 
entities to address specific issues.
    The most effective way for Congress to provide ``carrots and 
sticks'' to encourage international cooperation and harmonization of 
standards is by continuing to provide clear policy that standards for 
the Smart Grid in the U.S. will be based on the standards identified by 
NIST. This policy was enacted through the provisions in EISA directing 
FERC to adopt standards based on NIST-identified standards, and 
establishing use of NIST-identified standards a criteria for DOE Smart 
Grid grants. Since NIST is basing its framework upon international 
standards wherever possible--nearly 80% of the standards included in 
the Release 1.0 framework are produced by international SDOs--this is 
encouraging other countries to cooperate with NIST in creating global 
standards so that they can access the U.S. market and U.S. companies 
can access international markets.
