Tuesday, August 2, 2011

Cisco’s conclusion on FERC’s Non-Ruling on IEC Standards

FERC (Federal Energy Regulatory Commission) decided in July 2011 to not (yet) rule on five Smart Grid standard series suggested by the National Institute of Standards Technology (NIST) / Smart Grid Interoperability Panel (SGIP). These families of standards defined by the International Electrotechnical Commission (IEC) were nominated by NIST/SGIP for consideration by FERC in rule making in October 2011. These are:

  • IEC 61968: Application Integration at Electric Utilities-System Interfaces for Distribution Management
  • IEC 61970: Energy management system application program interface
  • IEC 61850: Communication Networks and Systems for Power Utility Automation
  • IEC 60870-6 series: Telecontrol protocols compatible with ISO standards and ITU-T recommendations
  • IEC 62351: Power systems management and associated information exchange - data and communications security

Cisco’s position on this FERC non-ruling (according to their website – see below) is:

  • "Are the IEC standards really not ready for prime time? This is unlikely because most of these standards are already in use outside North America.
  • Is cyber security a solved problem? Not likely, as long as there are hackers in the world, cyber security will be an on-going challenge.
  • Is cyber security an intractable problem? Far from it, the public Internet and private Internets (e.g. DoD) can be highly secure networks. And open-standards, community-based security mechanisms are far superior to "security by obscurity", or the status quo in utility networking which largely consists of hundreds of parallel SCADA networks.
  • Is greater awareness and education required? Indeed yes. The utility industry and the regulatory commissions need to hear from the Internet community of vendors, service providers, network operators, system admins, and cyber security experts, how packet networks can be made secure.
The FERC non-action is both a temporary setback and a call-to-action for the Smart Grid community. The concerns expressed by FERC and the regulators are genuine and need to be addressed. Unfortunately, the need for standards in transmission and distribution networks can't be put off. Fortunately, the cyber security questions related to the Smart Grid have good answers available from the long experience of the Internet.

Click HERE for the Cisco Developer Network statement on FERC’s non-ruling.

What is true for the security issues (IEC 62351) is true for the other standard families, too! Many engineers need to become aware of the huge challenges by more education and training!!

Investment in peopleware is one of the needed actions to keep the power flowing.

Click HERE for more discussions on peopleware.

Next opportunity in North America:

Nashville (TN, USA)
20.-21. September 2011
Remote Conference
2 day Seminar (conducted by NettedAutomation) on Power System Communication covering IEC 61850, IEC 61400-25, DNP3, NIST Interoperability Roadmap, Smart Grids, security standards, ...
http://www.remotemagazine.com/rem-conf11/rem11_workshop.php

2 comments:

Anonymous said...

Hi there,

especially in terms of IEC 62351 I'm currently uncertain, if one of the IED - Vendors will implement those features. (at least for encryption)
Currently IPSEC implementations seem to be more common than IEC 62351-3. That appears also for inter-substation GOOSE - communication where IEC 62351-6, in my opinion, is not sufficient. Let's see what IEC 62351-9 will bring.

Anonymous said...

Hi,

the FERC ruling was not related specifically to security. One issue was the openess of the selection process by NIST and the more fundamental question is if standards really need to be enforced by the regulator?
Saftey and may be some security related standards should be enforced by the regulator. Also certain standards for interfaces between market players could be enforced, but for standards for company internal interface like 61850 I don't see that need.
IF you look on the telecom market the regulator usually does not enforce standards. IP or Wifi is not selected by a regulator and for your broadband access we have different DSL flavors, Cable access or other methods.
In teh first place the market should decide. Only if this doesn't work and the openess of the market is an issue the regulator may decide on a naction.