|Committee||NORTH AMERICAN ELECTRIC RELIABILITY CORPORATION (NERC)|
MultiSpeak® defines interfaces that are used by electric utilities to integrate enterprise applications. It consists of a data model and associated service definition contracts. The kinds of data that are passed include all data pertaining to the utility enterprise including, but not limited to, metering information, customer information, and even payment information in some instances. Confidentiality and integrity are important considerations around such information. Some MultiSpeak messages trigger actions in the distribution grid, such as engaging or disengaging breakers. Interference with such messages can threaten life and property, thus requiring authenticity and accountability.
In general, external and internal threats may attempt to modify commands and/or inject entirely new commands, modify data being exchanged, or get access to sensitive data. This could result in loss of life or limb, widespread or targeted power outages, various operational issues resulting from incorrect information being stored in MDM/CIS, breach of customers’ personally identifiable information, financial losses for utilities, reputation damage for utilities, and regulatory/legal issues.