This document provides a threat analysis for distribution automation systems. It analyzes information assets and threats to derive security objectives for the distribution automation system and its operational environment.
Making sure the distribution automation systems are secure is critical. This document analyzes the threats to these systems and defines security objectives to counter these threats. Objectives are defined for both the distribution automation system itself and for the environment in which it operates. The focus is on technological objectives, but organizational, people, and physical controls are also considered.
The objectives for the system are used to define security requirements for distribution automation systems based on the IEC 62443-3 standard. Grid operators can use these requirements when they procure a distribution automation system from a system integrator, or when an internal department installs and maintains the system.
The objectives are organized according to the controls in ISO/IEC 27002:2022, so that they can also be compared to controls that the grid operator has selected in an ISO/IEC 27000 based information security management system.