The Federal Energy Regulatory Commission (FERC) ruled last week to not rule (yet) on Smart Grid standards suggested by the National Institute of Standards Technology (NIST) / Smart Grid Interoperability Panel (SGIP). Five families of standards defined by the International Electrotechnical Commission (IEC) were nominated by NIST/SGIP for consideration by FERC in rule making. These are:
- IEC 61968: Application Integration at Electric Utilities-System Interfaces for Distribution Management
- IEC 61970: Energy management system application program interface
- IEC 61850: Communication Networks and Systems for Power Utility Automation
- IEC 60870-6 series: Telecontrol protocols compatible with ISO standards and ITU-T recommendations
- IEC 62351: Power systems management and associated information exchange - data and communications security
FERC ruled that sufficient "consensus" did not exist for requiring these standards in the U.S. This was based on testimony given at the National Association of Regulatory Utility Commissioners (NARUC) earlier this year, where the primary concern cited was "cyber security deficiencies".
What is to be concluded from this FERC non-ruling?
- Are the IEC standards really not ready for prime time? This is unlikely because most of these standards are already in use outside North America.
- Is cyber security a solved problem? Not likely, as long as there are hackers in the world, cyber security will be an on-going challenge.
- Is cyber security an intractable problem? Far from it, the public Internet and private Internets (e.g. DoD) can be highly secure networks. And open-standards, community-based security mechanisms are far superior to "security by obscurity", or the status quo in utility networking which largely consists of hundreds of parallel SCADA networks.
- Is greater awareness and education required? Indeed yes. The utility industry and the regulatory commissions need to hear from the Internet community of vendors, service providers, network operators, system admins, and cyber security experts, how packet networks can be made secure.
The FERC non-action is both a temporary setback and a call-to-action for the Smart Grid community. The concerns expressed by FERC and the regulators are genuine and need to be addressed. Unfortunately, the need for standards in transmission and distribution networks can't be put off. Fortunately, the cyber security questions related to the Smart Grid have good answers available from the long experience of the Internet.