Smart Grid Draft Framework -- Comments of EPIC
COMMENTSOFTHEELECTRONICPRIVACYINFORMATIONCENTER to
THENATIONALINSTITUTEOFSTANDARDSANDTECHNOLOGY "NISTFrameworkandRoadmapforSmartGridInteroperabilityStandardsRelease
1.0(Draft)" November9,2009
BynoticepublishedintheFederalRegisteronOctober9,2009,theNational
InstituteofStandardsandTechnology(NIST)announceditseekspubliccommentonthe
draftframeworkandroadmapforSmartGridinteroperabilitystandards.1NISTseeks
(1)Commentsontheoveralldocumentandthecontentsofallchapters, exceptChapter4,StandardsIdentifiedforImplementation;and(2) Commentson...``StandardsIdentifiedforImplementation''(Chapter4);the NIST-proposed``GuidanceforIdentifyingStandardsforImplementation''; andrecommendationsforaddingorremovingstandardsandspecifications onthelistofstandardsidentifiedforimplementation(Table2),referencing relevantguidancecriteria.Inaddition,NISTrequestscommentsonthe standardsinTable3--additionalstandardsNISThasidentifiedforfurther review.2
PursuanttothisnoticetheElectronicPrivacyInformationCentersubmitsthe
followingcommentstoNISTregardingtheprivacyimplicationsofthedraftframeworkand
roadmap.
TheElectronicPrivacyInformationCenter(EPIC)isapublicinterestresearchcenter
inWashington,D.C.EPICwasestablishedin1994tofocuspublicattentiononemerging
civillibertiesissuesandtoprotectprivacy,theFirstAmendment,andconstitutionalvalues.
EPIChasalong-standinginterestinprivacyandtechnologyissues.3EPIChasaspecialized
1NISTFrameworkandRoadmapforSmartGridInteroperabilityStandardsRelease1.0
(Draft),74Fed.Reg.52,181-83(October9,2009),availableat
. 2 Id. 3 Available at .
EPICComments
1
NIST
Nov.9,2009
SmartGridStandards
areaofexpertiseregardingdigitalcommunicationtechnologiesandprivacypolicy.4EPIC hasaparticularinterestintheprivacyimplicationsoftheSmartGridstandardsaswe anticipatethatthischangeintheenergyinfrastructurewillhavesignificantprivacy implicationforAmericanconsumers.5Inothersimilarareas,EPIChasconsistentlyurged federalagenciestominimizethecollectionofpersonallyidentifiableinformation(PII),and toestablishprivacyobligationswhenPIIisgathered. Background
TheEnergyIndependenceandSecurityActof2007(EISA)6directedNISTtotake "primaryresponsibilitytocoordinatedevelopmentofaframeworkthatincludesprotocols andmodelstandardsforinformationmanagementtoachieveinteroperabilityofSmart Griddevicesandsystems...."7Accordingly,NISTpublishedthe"NISTFrameworkand RoadmapforSmartGridInteroperabilityStandardsRelease1.0(Draft)."8TheDraft Frameworkstatesthatit:
describesahigh-levelreferencemodelfortheSmartGrid,identifiesnearly 80existingstandardsthatcanbeusednowtosupportSmartGrid development,identifies14highprioritygaps,pluscybersecurity,forwhich neworrevisedstandardsareneeded,documentsactionplanswith aggressivetimelinesbywhichdesignatedStandardsDevelopment
4 Available at . 5 Available at .
6Id.at52,182;Pub.L.No.110-140,121Stat.1492(codifiedasamendedinscattered
sectionsof42U.S.C.). 7 EISA ? 1305.
8 NationalInstituteforStandardsandTechnology,NISTFrameworkandRoadmapfor
SmartGridInteroperabilityStandardsRelease1.0(Draft)5(2009)[hereinafterDraft
Framework].
EPICComments
2
NIST
Nov.9,2009
SmartGridStandards
Organizationsaretaskedtofillthesegaps,anddescribesthestrategybeing pursuedtoestablishstandardsforensuringcybersecurityoftheSmartGrid.9
TheNISTFrameworkisambitiousscope,coveringawiderangeofissues,butitmentions
privacyonlybriefly.Thefirstreferenceto"privacy"comesonpage74ofthe90page
document,afteralldiscussionofstandardsand"priorityactionplans."10
Onceprivacyisfinallydiscussed,itisthroughafleetingreferencetotheprivacy
implicationsoftheSmartGridunderasectiontitled"OtherIssuesthatMustbe
Addressed."11Thatsectionreferencesandsummarizesthefindingsofanotherreport,
entitled"SmartGridCyberSecurityStrategyandRequirements."12
Privacycannoteffectivelybeprotectedwhenitisanafterthought,andNISTcannot
purporttoestablishaSmartGridFrameworkwithoutweavingsecurityandprivacy
concernsintotheframeworkatafundamentallevel.Accordingly,NISTshouldfirstreview
commentsregardingthesecurityandprivacyoftheSmartGrid,andthenincorporatethose
commentsintoarevisedversionoftheDraftFramework.
EPIC'scommentswillfocusonthesignificantprivacyimplicationsoftheSmartGrid
proposalandaproposedframeworkforprivacyprotection.
9 Id. 10 Id. at 74. 11 Id. at 81. 12 National Institute of Standards and Technology, Smart Grid Cyber Security Strategy and
Requirements (2009).
EPICComments
3
NIST
Nov.9,2009
SmartGridStandards
EPIC'sCommentsandRecommendations 1. TheSmartGridHasSignificantPrivacyImplications Thecollectionofpersonallyidentifiableinformationwilldramaticallytransformthe
abilityofprovidersofpowerservicesintheUnitedStatestotracktheactivitiesof Americanconsumers.Someofthistrackingwillservetheimportantpurposeofreducing energyconsumption.Butotherformsoftrackingmaybecompletelyunrelatedtothestated goaloftheSmartGridprogram.Itisforthisreasonthatcomprehensiveprivacyregulations thatlimitthecollectionanduseofthisdataneedtobeestablished.
TheSmartGridmaythreatenprivacyinmanydifferentways.First,theSmartGrid couldrevealsensitivepersonalbehaviorpatterns.TheDraftFrameworkproposestocreate a"draftspecificationforfacilitatingcommonschedulingoperations."13Thatis,coordinate powersupplybasedontheschedulesofthepowerneedsofusersandtheavailabilityof power.Forinstance,[e]nergyuseinbuildingscanbereducedifbuilding-systemoperations arecoordinatedwiththeschedulesoftheoccupants."14However,coordinatingschedulesin rmationaboutapower consumer'sschedulecanrevealintimate,personaldetailsabouttheirlives,suchastheir medicalneeds,interactionswithothers,andpersonalhabits:"highlydetailedinformation aboutactivitiescarriedonwithinthefourwallsofthehomewillsoonbereadilyavailable formillionsofhouseholdsnationwide."15"Forexample,researchhasdelineatedthe
13 Draft Framework, supra note 8, at 51. 14 Id. at 52. 15 Elias Leake Quinn, Privacy and the New Energy Infrastructure 28 (2009), available at
(emphasis in original) [hereinafter Privacy and the New
Energy Infrastructure]; see Rebecca Herold, SmartGrid Privacy Concerns, available at
EPICComments
4
NIST
Nov.9,2009
SmartGridStandards
differencesinavailabilityathomeforvarioussocialtypesofelectricityconsumers
includingworkingadults,seniorcitizens,housewives,andchildrenofschoolage."16
Similarly,thedatacouldrevealthetypeofactivitythattheconsumerisengagingin,
differentiatingbetween,forexample,houseworkandpersonalhygiene,orevenrevealing
thataconsumerhasaseriousmedicalconditionandusesmedicalequipmenteverynight,
orthathelivesaloneandleavesthehousevacantallday.17
ThatconcernisfurtherexacerbatedbythefactthatSmartGridmeterdatamaybe
abletotracktheuseofspecificapplianceswithinusers'homes:
This,morethananyotherpartofthesmartmeterstory,parallelsShelley's fableofFrankenstein:whileresearchersdonotcurrentlyhavetheabilityto identifyeveryapplianceeventfromwithinanindividual'selectricityprofile, thedirectionoftheresearchasawholeandthesurroundingcontextand motivationsforsuchresearchpointdirectlytodevelopingmoreandmore sophisticatedtoolsforresolvingthepictureofhomelifethatcanbegleaned fromanindividual'selectricityprofile.Beforetheswitchisthrownandthe informationunleashedupontheworldforwhateveruseswilled,itmaybe prudenttolookintodataprotectionslesttheunforeseenconsequencescome backtohauntus.18
Theabilitytotrackapplianceusagedatahassignificantprivacyimplications:"Withthe
wholeofaperson'shomeactivitieslaidtobare,[appliance-usagetracking]providesa
[hereinafter Privacy Concerns]. 16 Privacy and the New Energy Infrastructure at 26-27; see A. Capasso et al., Probabilistic
Processing of Survey Collected Data in a Residential Load Area for Hourly Demand Profile
Estimation, 2 Athens Power Tech 866, 868 (1993). 17 Privacy and the New Energy Infrastructure at 27 ("differences in consumption vary with the
type of activity, and profiles of energy uses that differentiate between activities can be
constructed for things like leisure time, housework, cooking, personal hygiene"); see Capasso at
869. 18 Privacy and the New Energy Infrastructure at 28.
EPICComments
5
NIST
Nov.9,2009
SmartGridStandards
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related searches
- 10 example of epic story
- etc passwd example of epic story
- 109728555 example of epic story
- acxzzzzzzzzbbbccccdddeeexca replace z o example of epic story
- 10rlmn 9719 example of epic story
- 10 es3j rlmn egm example of epic story
- 109601817 example of epic story
- 10 onmouseover rlmn 99334 example of epic story
- 10 style acu expre ssion rlmn 9819 bad example of epic story
- 10 rlmn 9148 example of epic story
- 10rlmn 9506 example of epic story
- 104jmrz example of epic story