Authentication requirements in NIST Cybersecurity Framework Smart Grid Profile for Improving Critical Infrastructure

The U.S. electric power grid is modernizing through “smart” technologies. These changes bring a lot of benefits, but also a lot of potential cybersecurity risks. National Institute of Standards and Technology’s (NIST) recently published Smart Grid Profile.

The Smart Grid Profile is NIST’s “initial attempt to apply risk management strategies from the Framework for Improving Critical Infrastructure Cybersecurity (Cybersecurity Framework) to the smart grid.” The Profile provides numerous cybersecurity considerations for power system owners/operators in each of the Cybersecurity Framework’s five Core areas: “identify, protect, detect, respond, and recover.”

Three Core Authentication requirements:

1. Devices should be authenticated before connecting to the grid network to ensure that only authorized devices are allowed to connect. Proper authentication of users, devices, and assets helps ensure safety and reliability. Special care will need to be taken to ensure that modernized devices are also authenticated to the grid network.

2. When collecting and aggregating data from third-party devices, the devices and the data should be authenticated and validated. Without this authentication and validation, power system owners/operators should carefully consider whether those devices and their data can be trusted.

3. Unauthorized personnel, connections, devices, or software introduce risks into IT and OT and may impact grid operations. Any connections to IT and OT systems and networks should be authenticated to ensure that only approved and trusted parties gain access to those systems and networks.

If you want to know more how Hideez Authentication Solution can implement Authentication requirements for Smart Grid Profile please contact us.