SA-111-2022: Security threat analysis for substation automation systems [DRAFT]

This document provides a threat analysis for substation automation systems. It analyzes information assets, access control policies and threats to derive security objectives for the substation automation system and its operational environment. From the system objectives, objectives are also derived for gateways in the substation.
Grid operators are increasingly automating their high voltage substation with substation automation. They use these systems to get power measurements to reliably integrate renewables and electric vehicles, and to remotely control the grid to recover from power outages more quickly.
The automation increases the possible impact of cyber-attacks. Many grid operators already have hundreds of substations and lines automated. If attackers succeed in switching off the power in a large part of those, it can take a lot of time to recover.
Making sure the substation automation systems are secure is, hence, critical. This threat analysis allows grid operators to check if the security requirements are applicable in their situation. Operators can compare the assets, access control policy, and threats against their own situation. If these do not cover all their needs, they can add additional objectives to mitigate their specific risks.