Reports of serious breaches of established practice in terms of unauthorized access, damages to data and systems, deployment of malware, outright theft, invasion of privacy and a host of rapidly growing disruptions -- to note some of the most recurrent themes – all of which have created a vocabulary that expands day by day. This study focuses on key NIST reports on cybersecurity for smart grid of power systems.
There is little need for introduction of NIST, the premier standard setting entity in the nation and often for the international community as a whole. In this study, we go beyond appreciating the contributions of NIST to viewing reports as a source of new knowledge, a basis for identifying risk, valuating alternative courses of action, and facilitating prioritization in the deployment of corrective measures.
We select two key documents from the overall NIST ecosystem to conduct our investigations. These are (i) NISTIR 7628: Guidelines for Smart Grid Cybersecurity, and (ii) NIST Cybersecurity Framework —all totaling more than 600 pages. We use the NIST 7628 Guidelines as the basis and augment our investigations with the Framework. We consider these as distinctive generic meta-representations of system state and risk assessments.
Rather than evoking the “one size fits all” idiom, NIST highlights the necessary as well as sufficient. The smart grid is ubiquitous feature of power systems. The cybersecurity of smart gird in power systems is thus at the very core of the 21st century economy.
Simply put, the first step is to transform the basic text (NISTIR 7628: Guidelines for Smart Grid Cybersecurity) into a structured model, a design structure matrix, of the entire system in question.