The current process for formulating cybersecurity standards for the smart grid is subject to potential conflict of interest, says a Congressional Research Service report dated June 15.

The report, posted online by Secrecy News, a Federation of American Scientists blog, echoes other government reports in noting that authority to craft safety and reliability standards for the bulk power system is split between the Federal Energy Regulatory Commission, a federal entity, and the North American Electric Reliability Corporation, a private-sector association.

FERC designated NERC as the "electric reliability organization" responsible for establishing and enforcing reliability standards in 2006.

The standards NERC codifies are mandatory for the bulk power generation industry, but since NERC is made up of private sector bulk power generators, regulations "are essentially being established by the entities who are being regulated," the CRS report states. "Standards may conceivably result from the option with the lowest costs," the report adds.

FERC has ultimate approval authority over NERC standards, but any FERC-proposed revisions are still subject to NERC approval. As a result, NERC standards could be seen as merely a minimum threshold for compliance, one that some utilities may choose to exceed, the report states.

But an interconnected system with some utilities holding to NERC standards could lead to vulnerabilities, the report says, since those utilities would provide a weakest point of access.

The report also discusses National Institute of Standards and Technology proposed smart grid cybersecurity standards released by the agency in October 2010.

A FERC conference in January to discuss the NIST standards showed that they did not in fact represent a consensus, "with several participants stating that they were unsure of what would constitute a consensus, and questioning whether such standards would then automatically become 'mandatory and enforceable,'" the report adds.

Whether the electricity industry adopts smart grid technology or not, it faces cybersecurity problems since legacy communication methods supporting grid operations also provide potential cyber attack paths, the report notes.

For more:
- download the CRS report from the FAS website (.pdf)

Related Articles:
DOE: Interagency collaboration underway on smart grid security 
Pike Research: Smart grid cyber security revenue to reach $1.3B by 2015 
NERC: Government intervention in electric grid controls 'scary' to contemplate