[Federal Register Volume 78, Number 207 (Friday, October 25, 2013)]
[Notices]
[Pages 63964-63966]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2013-25168]


-----------------------------------------------------------------------

DEPARTMENT OF COMMERCE

National Institute of Standards and Technology

[Docket No. 130612544-3544-01]


Request for Comments on Draft NIST Interagency Report (NISTIR) 
7628 Rev. 1, Guidelines for Smart Grid Cyber Security

AGENCY: National Institute of Standards and Technology (NIST), 
Department of Commerce.

[[Page 63965]]


ACTION: Notice; request for comments.

-----------------------------------------------------------------------

SUMMARY: The National Institute of Standards and Technology (NIST) 
seeks comments on draft NISTIR 7628 Rev. 1, Guidelines for Smart Grid 
Cyber Security. Draft NISTIR 7628 Rev. 1 was completed by the NIST-led 
Smart Grid Cybersecurity Committee (formerly the Cyber Security Working 
Group) of the Smart Grid Interoperability Panel. The document has been 
updated to address changes in technologies and implementations since 
the release of NISTIR 7628 in September 2010. In addition, the document 
development strategy, cryptography and key management, privacy, 
vulnerability classes, research and development topics, standards 
review, and key power system use cases have been updated and expanded 
to reflect changes in the Smart Grid environment since 2010. The final 
version is expected to be posted in the fall of 2013.

DATES: Comments must be received by December 24, 2013.

ADDRESSES: Please submit your comments, using the comment template 
forms available electronically from the NIST Web site at: http://csrc.nist.gov/publications/PubsDrafts.html. Written comments concerning 
the document may be sent to: Information Technology Laboratory, ATTN: 
Tanya Brewer, National Institute of Standards and Technology, 100 
Bureau Drive, Stop 8930, Gaithersburg, MD 20899-8930.
    Electronic comments should be sent to: [email protected], 
with the Subject line: Draft NISTIR 7628 Rev. 1 Comments.
    Draft NISTIR 7628 Rev. 1, Guidelines for Smart Grid Cyber Security, 
is available electronically from the NIST Web site at:  http://csrc.nist.gov/publications/PubsDrafts.html. The comment templates are 
available at the same address.

FOR FURTHER INFORMATION CONTACT: Tanya Brewer, telephone: 301-975-4534, 
National Institute of Standards and Technology, 100 Bureau Drive, Stop 
8930, Gaithersburg, MD 20899-8930 or via email: [email protected].

SUPPLEMENTARY INFORMATION: 

Background

    Section 1305 of the Energy Independence and Security Act of 2007 
(EISA) (Pub. L. 110-140) requires the Director of the National 
Institute of Standards and Technology (NIST) ``to coordinate the 
development of a framework that includes protocols and model standards 
for information management to achieve interoperability of smart grid 
devices and systems.'' EISA also specifies in Section 1301 that, ``It 
is the policy of the United States to support the modernization of the 
Nation's electricity transmission and distribution system to maintain a 
reliable and secure electricity infrastructure that can meet future 
demand growth and to achieve each of the following, which together 
characterize a Smart Grid:
    (1) Increased use of digital information and controls technology to 
improve reliability, security, and efficiency of the electric grid.
    (2) Dynamic optimization of grid operations and resources, with 
full cyber-security. . . .''
    With the transition to the Smart Grid--the ongoing transformation 
of the nation's electric system to a two-way flow of electricity and 
information--the information technology (IT) and telecommunications 
infrastructures have become critical to the energy sector 
infrastructure.
    NISTIR 7628 was first drafted in 2009 by NIST staff and industry 
technical experts. NIST published a Request for Comments in the Federal 
Register on October 9, 2009 (74 FR 52183) soliciting comments on the 
working draft. NIST issued a second Request for Comments on April 13, 
2010 (75 FR 18819), which also included a summary disposition of 
comments received in response to the October 9, 2009 Request for 
Comments. Comments from both Requests for Comments informed the final 
version of NISTIR 7628, which was released on September 1, 2010, at 
http://csrc.nist.gov/publications/PubsNISTIRs.html#NIST-IR-7628.
    NISTIR 7628 has been utilized by a variety of stakeholders 
including utilities, Smart Grid vendors and service providers, and 
regulatory organizations since its initial publication. Additionally, 
emerging Smart Grid technologies have matured since the initial 
publication and are being considered in this revision.

Draft NISTIR 7628 Rev. 1

    Draft NISTIR 7628 Rev. 1 was completed by the NIST-led Smart Grid 
Cybersecurity Committee (formerly the Cyber Security Working Group) of 
the Smart Grid Interoperability Panel. This document incorporates 
updates to address changes in technologies and implementations since 
the release of NISTIR 7628 in September 2010. In addition, this 
document updates and expands the development strategy, cryptography and 
key management, privacy, vulnerability classes, research and 
development topics, standards review, and key power system use cases to 
reflect changes in the Smart Grid environment since 2010. The final 
version is expected to be posted in the fall of 2013.

Summary of Changes to Draft NISTIR 7628 Rev. 1

     Chapter 1, Document Development Strategy, was updated to 
reflect progress and completion of previously outstanding issues and 
remaining tasks, including a new section addressing cyber-physical 
attacks.
     Chapter 2, Logical Architecture and Interfaces of the 
Smart Grid, was updated to address feedback from the SGIP Smart Grid 
Architecture Committee and includes an expanded section on defense-in-
depth security.
     Chapter 3, High-Level Security Requirements, was updated 
to include additional background information on selection of security 
requirements, and includes a revised Crosswalk of Cyber Security 
Documents.
     Chapter 4, Cryptography and Key Management, was updated to 
reflect the recommended transition lifetimes for cryptographic 
algorithms and key lengths in NIST Special Publication 800-131 A, 
Transitions: Recommendation for Transitioning the Use of Cryptographic 
Algorithms and Key Lengths.
     Chapter 5, Privacy and the Smart Grid, has been updated to 
reflect changes in the regulatory and legislative areas regarding Smart 
Grid. The update also addresses emerging Plug-In Electric Vehicle (PEV) 
technologies and associated privacy concerns, an expanded Appendix of 
privacy use cases, a new Appendix summarizing how two states 
(California and Colorado) arrived at their respective privacy-related 
regulations, and a new Appendix containing recommendations for how 
third parties should handle consumer energy usage data.
     Chapter 6, Vulnerability Classes, has been updated to 
incorporate changes in technologies since the original publication.
     Chapter 8, Research and Development Themes for Cyber 
Security in the Smart Grid, has been updated to incorporate changes in 
technologies since the original publication.
     Chapter 9, Overview of the Standards Review, has been 
updated to reflect the SGCC review and analysis methodology of Smart 
Grid standards against the high-level security requirements of NISTIR 
7628.
     Chapter 10, Key Power System Use Cases for Security 
Requirements has been updated to include more granular use case 
scenarios in the area of the Advanced Metering Infrastructure.

[[Page 63966]]

     A number of editorial changes that do not have substantive 
impact on the document to improve readability, update references, and 
standardize writing style.

Request for Comments

    NIST seeks public comments on draft NISTIR 7628, Rev. 1, Guidelines 
for Smart Grid Cyber Security; particularly on the changes made since 
the originally published version. The draft report is available 
electronically from the NIST Web site at: http://csrc.nist.gov/publications/PubsDrafts.html. The comment templates are available at 
the same address, and are required for both written and electronic 
comments.
    Interested parties should submit comments in accordance with the 
DATES and ADDRESSES sections of this notice.

    Dated: October 1, 2013.
Willie E. May,
Associate Director for Laboratory Programs.
[FR Doc. 2013-25168 Filed 10-24-13; 8:45 am]
BILLING CODE 3510-13-P