This document provides a recommended security architecture for DA systems. The architecture can act as a blueprint for system integrators and the departments maintaining the system. Measures are chosen for the entire system, as this is usually more effective than choosing measures per component. It should be used as a reference by grid operators who are seeking to implement the RTU procurement requirements as suggested by ENCS. The architecture is intended to be used together with an information security management system (ISMS) based on ISO 27001:2013 or similar. Each subsection gives the relevant technical security measures to meet an objective in the ISO 27001 Annex A.
The distribution automation security architecture covers the central maintenance systems and field devices placed in the medium voltage grids, including in:
- Medium to low voltage transformer substations
- Medium voltage transport substations
- Automatic circuit recloser controllers applied to overhead distribution lines
The architecture includes the interfaces of the DA system and the users on these interfaces. The architecture does not include the internal working on the infrastructure and makes no assumptions on it. The supervisory control and data acquisition (SCADA) system is out of scope. It is considered as an external system accessing the distribution automation system.