In 2015, ENCS ran a member project on distribution automation security. The project delivered:

  • Requirements for procuring RTUs
  • A threat assessment used to select the requirements
  • A market survey of available RTU

Security requirements for procuring RTUs

The security requirements cover Remote Terminal Units (RTUs) used in medium voltage substations. The requirements:

  • can be used directly in procurement documents, such as RFPs
  • are technology independent: they can be used with all communication technologies.
  • have been used in procurement by several members
  • have been improved based on this experience

ENEXIS Case Study: Procuring Secure Systems (PDF opens in new window)

Security requirements for distribution automation light

A version of the requirements is available for ‘light’ RTUs that only can monitor and not control the grid. These face lower risks. So, lighter security requirements can be set.

Based on a threat assessment and market

The security requirements are based on a threat assessment and a market survey. The threat assessment was made based on information from security experts at ENCS members. All security requirements are explicitly linked to threats.

The market survey checked the feasibility of the requirements. Vendors were asked which requirements they support. Only requirements that are supported by enough vendors have been included. A separate market survey was held for the ‘light’ RTUs , used only for monitoring.