The IT Law Wiki


NIST, Guidelines for Smart Grid Cyber Security, Rev. 1 (NISTIR 7628, Rev. 1) (Sept. 2014) (full-text).

  • Vol. 1: Smart Grid Cyber Security Strategy, Architecture, and High-Level Requirements (full-text).
  • Vol. 2: Privacy and the Smart Grid (full-text).
  • Vol. 3: Supportive Analyses and References (full-text).

Note: An earlier version of this report is available at Guidelines for Smart Grid Cyber Security.


This three-volume report updates and expands the development strategy, cryptography and key management, privacy, vulnerability classes, research and development topics, standards review, and key power-system use cases to reflect changes in the smart grid environment since 2010.

It presents an analytical framework that organizations can use to develop effective cybersecurity strategies tailored to their particular combinations of smart grid-related characteristics, risks, and vulnerabilities. Organizations in the diverse community of smart grid stakeholders — from utilities to providers of energy management services to manufacturers of electric vehicles and charging stations — can use the methods and supporting information presented in this report as guidance for assessing risk and identifying and applying appropriate security requirements.

This approach recognizes that the electric grid is changing from a relatively closed system to a complex, highly interconnected environment. Each organization's cybersecurity requirements should evolve as technology advances and as threats to grid security inevitably multiply and diversify.