Security roadmap for substation automation

Many grid operators are considering new use cases for substation automation, such as direct IEC 61850 communication between the control center and IEDs, remote configuration of IEDs, and collecting disturbance data directly from IEDs. These use cases do not fit in the security architecture developed in the ENCS member project on substation automation. A key measure in this architecture is that IEDs cannot be accessed directly from central systems. This document describes the new security functions that would be needed in IEDs to allow direct access and keep them secure in future use cases.


Security requirements for procuring HMI software

This document defines procurement requirements for application software for substation HMIs, based on IEC 62443. It selects the requirements based on the security architecture and risk assessment from the ENCS member project. Where needed it further specifies and clarifies these requirements, and provides guidance on how they should be evaluated.


Security requirements for procuring IEDs

This document defines procurement requirements for IEDs based on IEC 62443. It selects the requirements based on the security architecture and risk assessment from the ENCS member project. Where needed it further specifies and clarifies these requirements, and provides guidance on how they should be evaluated.


Security requirements for procuring substation gateways

This document defines procurement requirements for gateways used in high-voltage substations, based on IEC 62443. It selects the requirements based on the security architecture and risk assessment from the ENCS member project. Where needed it further specifies and clarifies these requirements, and provides guidance on how they should be evaluated.


Security market survey for substation automation

This document presents the results of a market survey of the security of substation automation equipment. The market survey was performed as part of the ENCS member project on substation automation security. The market survey has been used to define procurement requirements.


Improving the security of legacy substations

This whitepaper describes a strategy to improve the security of legacy substations to which not all the security measures in the security architecture for substation automation can be applied.


Security risk assessment for substation automation

This document presents a reference architecture and security risk assessment of high voltage substations. The risk assessments to supports the definition of security measures in the security architecture for substation automation. They are used to derive security requirements for gateways, IEDs, and HMI software, and to define a security policy for substation automation.

The risk assessment covers high voltage substations, including both transmission and transformer substations. It applies for both Distribution System Operators (DSOs) and Transmission System Operators (TSOs). The risk assessment aims to cover different generations of substations, from legacy to current and future designs. The risk assessment has been performed using the BowTie method.


Security monitoring for substation automation

This document present a strategy to monitor the security of substation. The strategy makes it difficult for advanced threats to execute controlled attacks. Advanced threats may be able to penetrate into substations. But this only has value for them if they can stay there, and control or disrupt the grid at a moment that is expedient for them. So, they somehow need to establish a permanent foothold in the substation, and establish communication with it. The strategy tries to detect such a foothold.


Protection Relay Security Requirements

security requirements for procuring protection relays


SA RTU Security Requirements

This catalog describes security requirements for procuring of secure distribution automation Remote Terminal Units (RTUs). The RTUs are a critical part in distribution automation systems because they act as access points in the substation and control the grid equipment.
The catalog describes: devices security, security requirements for end-to-end secured communication between the RTU and the central systems, and for processes the vendor should implement to keep the RTU secure during its lifecycle.
The requirements have been developed by ENCS in the member project on distribution automation security.