Monday, November 21, 2011

European Smart Grid Cyber Security through American Eyes

You know, there are ways in which the EU Smart Grid Security & Privacy standards process mimics the structural problems that have so far stymied solutions to the EU budget crisis:
The initiatives are not harmonized. For example, the Netherlands’ approach to smart meter data privacy would be illegal in Germany because it forces a choice between personal data privacy and energy efficiency. Yes, the much loved opt-in has been outlawed in Germany.
See that? This is from Pike Research security analyst Bob Lockhart, who had the pleasure of attending the  recent European Smart Grid Cyber Security in Amsterdam. Bob's been keeping a close eye on security standards forming and evolving in North America, and we've both talked and wondered out loud about how things were going in Europe.

Well, it's seems like they're not going as well as they could be. Here's Bob again:
There is an entire document in the NISTIR 7628 series – Volume 2 – devoted to Data Privacy, an issue of great concern to European nations and their citizens. Someone suggested why not start with NIST’s cyber security guidelines, overlay European Data Privacy guidelines, and call it done? I am still trying to work out why that is not the answer. Instead there are ... five other efforts, all of which freely admit that they love the NISTIR documents, creating ... or recreating a new set of smart grid cyber security [and privacy] guidelines.
Bob goes on to talk about the need for urgency and haste, but you can just tell nothing's going to happen fast on that side of the Atlantic. And we thought things were slow on this side!

C'est la vie.

You can read his full post HERE.