DA-101-2019: Security risk assessment for distribution automation systems
ENCS has developed a security architecture for distribution automation systems. This risk assessment verifies that the measures proposed in the security architecture are enough to mitigate security risks. The risk assessment can also be used to select alternative measures if grid operators cannot implement some of the measures in the security architecture.
DA-390-2019: Market survey on distribution automation RTU security
Results of a market survey on the security of distribution automation (DA) remote terminal units (RTUs) held in November 2019.
ENCS has produced a set of security requirements that grid operators can use for this purpose. To verify that these requirements are feasible in the current market, ENCS has conducted a survey among RTU vendors, asking if they can implement the most advanced requirements. It also asks vendors about their future roadmap and plans to adjust future requirements.
EV-301-2019: Security requirements for procuring EV charging stations
This document specifies security requirements that charge point operators can use when procuring charging stations. The requirements can be used directly in tender documents. They cover the technical security features that the charging station should have, and the measures vendors should take to ensure the correct implementation of these features.
The document is an update of the EV Charging Systems Security Requirements from 2016. ENCS has created this document together with ElaadNL.
EV-201-2019: Security architecture for EV charging infrastructure
This document describes a security architecture for electric vehicle charging infrastructure specifying the technical security measures charge poin operators can implement. The architecture can act as a blueprint for system integrators and the departments maintaining the system. The architecture is intended to be used together with an information security management system (ISMS) based on ISO 27001:2013 or similar.
ENCS is creating this document in collaboration with ElaadNL.
DA-301-2019: Security requirements for procuring DA RTUs
This document gives requirements for procuring secure RTUs for use in distribution automation systems, including:
- medium to low voltage transformer substations;
- medium voltage transport substations;
- automatic circuit recloser controllers applied to overhead distribution lines.
The requirements concern the interfaces to the distribution automation system and the users on these interfaces. The measures are aligned with ISO/IEC 27001:2013. They are designed to fit as much as possible into the processes and procedures already in place in the organizations, and to find the needed balance between the assured security level, feasibility by vendors and the operational impact.
This harmonized set of requirements allows grid operators to get secure automation equipment more cost-effectively, saving their time and effort in developing requirements, as they are already freely available. It has been ensured that the requirements are feasible, as they have been tested in a market survey as well as in previous tenders by other operators. Lastly, these requirements save on implementation costs, as vendors get a common baseline to aim at, and only need to implement the security requirements once and then implement updates in their product roadmap.
The requirements are meant for procuring new RTUs, not for legacy systems, although grid operators may analyze which systems can be upgraded, updated or patched, once more, without disrupting the processes and procedures already in place.
DA-201-2019: Security architecture for distribution automation systems
This document provides a recommended security architecture for DA systems. The architecture can act as a blueprint for system integrators and the departments maintaining the system. Measures are chosen for the entire system, as this is usually more effective than choosing measures per component. It should be used as a reference by grid operators who are seeking to implement the RTU procurement requirements as suggested by ENCS. The architecture is intended to be used together with an information security management system (ISMS) based on ISO/IEC 27001:2013 or similar. Each subsection gives the relevant technical security measures to meet an objective in the ISO/IEC 27001 Annex A.
The distribution automation security architecture covers the central maintenance systems and field devices placed in the medium voltage grids, including in:
- Medium to low voltage transformer substations
- Medium voltage transport substations
- Automatic circuit recloser controllers applied to overhead distribution lines
The architecture includes the interfaces of the DA system and the users on these interfaces. The architecture does not include the internal working on the infrastructure and makes no assumptions on it. The supervisory control and data acquisition (SCADA) system is out of scope. It is considered as an external system accessing the distribution automation system.
WP-015-2019: Security roadmap for substation automation
Many grid operators are considering new use cases for substation automation, such as direct IEC 61850 communication between the control center and IEDs, remote configuration of IEDs, and collecting disturbance data directly from IEDs. These use cases do not fit in the security architecture developed in the ENCS member project on substation automation. A key measure in this architecture is that IEDs cannot be accessed directly from central systems. This document describes the new security functions that would be needed in IEDs to allow direct access and keep them secure in future use cases.
SA-303-2019: Security requirements for procuring HMI software
This document defines procurement requirements for application software for substation HMIs, based on IEC 62443. It selects the requirements based on the security architecture and risk assessment from the ENCS member project. Where needed it further specifies and clarifies these requirements, and provides guidance on how they should be evaluated.
SA-302-2019: Security requirements for procuring IEDs
This document defines procurement requirements for IEDs based on IEC 62443. It selects the requirements based on the security architecture and risk assessment from the ENCS member project. Where needed it further specifies and clarifies these requirements, and provides guidance on how they should be evaluated.
SA-301-2019: Security requirements for procuring substation gateways
This document defines procurement requirements for gateways used in high-voltage substations, based on IEC 62443. It selects the requirements based on the security architecture and risk assessment from the ENCS member project. Where needed it further specifies and clarifies these requirements, and provides guidance on how they should be evaluated.