Security policy for substation automation

This document describes the recommended security policies for each of these roles. The policies cover:

• Substation engineers configuring the equipment in the substation, including setting up the internal security measures
• Other employees working at substations, but not configuring equipment
• WAN network administrators configuring the perimeter firewalls
• Team managers that need to enable the administrators and engineers to do their job securely
• Security operations analysts responsible for coordinating vulnerability management and incident response
• Procurement staff for buying new equipment with the right security capabilities

A concrete example policy is given aimed at each group. This policy is linked to the controls in ISO 27002. Guidance is given on implementing the example policy at a particular grid operator. The policies apply both to employees and contractors or service providers in the same role.

• Version
• March 29, 2019 Last Updated
• 485.06 KB File Size
• 1 File Count
• October 8, 2018 Create Date