Re: [bacnet-it-wg] Some notes on Smart Grid, FERC and BACnet
- The network security addendum should be posted soon and that will help show that BACnet isn't just talking about adding security in the future. Soon all statements can use present tense: BACnet *has* real security (AES/SHA).
On Jul 9, 2010, at 10:39 AM, "Holmberg, David" <david.holmberg@...> wrote:
Just an FYI note--Cyber security is a big deal to FERC, and BACnet will be looked at carefully.
First, Section 1305(d) STANDARDS FOR INTEROPERABILITY IN FEDERAL JURISDICTION. “At any time after the Institute’s [NIST] work has led to sufficient consensus in the Commission’s [FERC] judgment, the Commission shall institute a rulemaking proceeding to adopt such standards and protocols as may be necessary to insure smart-grid functionality and interoperability in interstate transmission of electric power, and regional and wholesale electricity markets.
Right now, BACnet is one of the standards for FERC evaluation since it has been generally agreed that BACnet is important to Smart Grid. I don’t think FERC will do much with it, except as it impacts the transmission domain that they oversee. But BACnet ties the facility to the building interface and OASIS Energy Interoperation, which is very much in FERC domain with market and DR interactions. And this all ties back then to “how secure is BACnet”, since FERC also has said (Smart Grid Policy Statement, Paragraph 41): “Accordingly, consistent with our [cyber security] mandates under EISA, …. Specifically, there must be a demonstration that a proposed smart grid standard: (1) directly incorporates [cyber security] protection provisions, or (2) incorporates [cyber security] protection provisions from other smart grid standards or electric Reliability Standards ...[that] provide [cyber security] protection for the electric power system for the proposed standard.”
The SGIP Cyber Security WG (http://collaborate.nist.gov/ twiki-sggrid/ bin/view/ SmartGrid/ CyberSecurityCTG) is looking at all these standards, their updated NISTIR will be out very soon with discussion of Cyber-security strategy, architecture, etc. They don’t yet have a security analysis of standards. I haven’t had a chance to review the early drafts (that don’t seem to be posted publically yet).
NIST Building and Fire Research Lab