This document proposes a security architecture for modern high voltage substations. The architecture has three layers of security defined based on the criticality of the assets:
- The first layer secure the substation perimeter to protect the monitoring and control capabilities. It ensures that only the control center can get measurements and switch equipment.
- The second layer secures the protection functions and interlockings within the substation from remote attacks. These functions most critical, as disabling them can lead to physical damage and safety risks.
- The third layer is protecting the engineering laptops against malware, so that attackers cannot use them to get into the substation.
These layers are designed to be strong enough to withstand professional attackers with high motivation and resources. They should provide protection against attacks such as those in Ukraine.