In 2018, ENCS ran a member project on the security of high-voltage substations. The project delivered:

  • A security risk assessment for substations
  • A security architecture for substations
  • Security requirements for procuring substation equipment
  • Security policies for substations
  • Use cases for monitoring the security of substations

Key documents:

  • Substation reference architecture and risk assessment (D1.1)
  • Security architecture for new substations (D1.2)
  • Procurement requirements for gateways (D2.2a)
  • Procurement requirements for IEDs (D2.2b)
  • Security policy for high-voltage substations (D3.2)
  • Monitoring the security of high-voltage substations (D1.4)

Security for past, present, and future substations

Equipment in substation has a lifetime of fifteen to twenty years or more. So, he project takes into account:

  • Improving the security of legacy substations
  • A roadmap for the security of future substations

Security risk assessment for substations

Security risks to the substations were assessed using the BowTie method developed by ENCS. The information assets in the substation were identified. The impact if they are compromised was analysed. And the likelihood of different threats was determined.

Security architecture for substations

A security architecture was designed to mitigate the risks. The architecture considers the security of the substation as a whole. It identifies security measures to counter all identified threats.

Security requirements for procuring substation equipment

The project also developed security requirements for procuring new substation equipment. Requirements are available for all commonly used components:

  • gateways and RTUs
  • IED and protection relays
  • HMIs

The requirements come from the IEC 62443-4-2 standard. This standard is widely accepted in the industry. Requirements were selected based on the measures in the security architecture. So, each requirement can be clearly linked back to a threat.  A market survey among vendors was held to assess the feasibility of the requirements.

Security policy for substations

The project developed policies needed to implement the measures in the security architecture. The policies are written for the different employees groups involved in substations:

  • substation engineers
  • network administrators
  • team managers
  • procurements staff

The policies give concrete guidance on what each group needs to do to keep substations secure. The policy rules are linked to the controls in ISO 27002. The are also linked to the barriers in the security architecture, and thus the threats in the risk assessment. In this way, the policies traceable reduce the risks.

 Use cases for monitoring the security of substations 

The project selected use cases to monitor the security of substations. The use cases come from the risk-based use cases developed in the ENCS member project on OT security monitoring. Use cases were selected based on the security architecture. So, each use case can be directly linked to a threat.