Monday, September 28, 2009

What's on First: Insights in NIST's 1st Draft

Never will one mistake the complexities of the Smart Grid, and of undertaking the improvement of its protections, for a straightforward task in security and engineering. It presents an Augean stable of issues, and NIST has waded in with a legion of contributors, to first make sense of it all, and then to start handing out shovels.

In the first draft of their analysis, announced during Grid Week, Annabelle Lee and team have created a dense, but readable tome, numbering some 236 pages at present, entitled, Smart Grid Cyber Security Strategy and Requirements. I encourage you to read it, either on its own, or as an adjunct to the more general draft of NIST's Smart Grid guidance on interoperability. In the event that you are interested in some sense of where the emphasis was put, and are more engaged by the higher level issues of focus and risk, I did a bit of data reduction and reached some pretty interesting, if unintended ( and definitely scientifically questionable ) conclusions.

One of the techniques that NIST uses in creating a better means of discussing cyber security for the grid is to categorize the areas of likely risk and their impacts. This is very helpful, as there are myriad instances of connection between systems within the Smart Grid and some higher level abstraction helps to make the issues digestible. These 15 categories are defined within the document, as are the potential impacts to them ( Confidentiality, Integrity, Availablity ), and their levels ( High, Medium, Low ) using established definitions from the venerable FIPS Publication 199. This exercise, and the tables contained within the draft, permits a reader with a spreadsheet (me) to draw two conclusions about priorities in Smart Grid Security.

Conclusion 1: Integrity is the most important attribute
In reviewing the definitions of the categories, and the impact that was most highly rated, the answer was unanimous. Integrity, as opposed to confidentiality or availability, was rated as a "High", in every single instance. (NB: In categories 10-12, there is a range of impact level, but each included "High" for Integrity ) Whether because corrupted data could degrade the operation of the grid, or because it could be used to defraud customers, suppliers, or the market, integrity showed up as the Number 1 concern, with no exceptions, according to the NIST results.

Conclusion 2: B2B and control system connections are Riskiest
There were only two categories which ranked with "Highs" across the board, for Confidentiality, Integrity, and Availability, and both could be described as connections between different kinds of systems. The categories are numbers 6 and 7, relating to B2B and control/non-control systems respectively. This feels right intuitively, but it also represents a potential area of rapid growth in both members and risk for the Smart Grid. It describes the connections that are both most likely to be leveraged by new entrants and which are most likely to use either IP, or actual Internet-based, networking. As we have written about before, the Soft Grid is probably the next big area of investment and expansion, as organizations form to leverage the new infrastructure and public enthusiasm to deliver more interesting and likely complicated applications.

In the remarkable depth and detail of the NIST report, it is very possible to become discouraged by the references to "hundreds of standards" and by the complexity of the diagrams it contains. It is important to have a sense for where to start, as the NIST process will necessarily be a lengthy one, and time ( and Smart Grid Investment Grants ) are waiting for no-one. If, as contributors to the Smart Grid, or as advisors to organizations which seek to connect, we can help them to focus on these few issues from the start, it is possible that they will be far better prepared for the new documents, threats, and requirements that are certain to follow.

No comments: