This document presents a high-level threat analysis for RTUs forming a basis for the security requirements developed in the project. For a variety of threats and threat agents it is analyzed which security requirements mitigates the risk. The information provided by this risk analysis will help motivate the need for security requirements for distribution automation RTUs to asset management.
This document does not provide a full risk analysis. Since an in-depth risk analysis for distribution automation would depend on threats and vulnerabilities that are unique to each DSO, such an analysis is considered out of scope for the current project. Instead this document gives an overview of threat agents, threats, and potential impact, and links threats to requirements.
Grid operators can use this document to link the requirements to their own risk analysis. The threats in this document can be related to risks in the organization’s full security risk analysis. This document then provides the link from threats to risks.