This document describes a recommended security architecture for substation automation systems. It gives a set of technical measures that those designing and maintaining such systems can use to mitigate security risks.
Substations are being more and more automated. Not only are they remotely monitored and controlled through a SCADA system. But local protection functions are also being implemented in software.
The automation means that cyber-attacks can have a large impact. Through remote switching, it is possible to create blackouts. Attacks that can disable the software protection functions can lead to permanent damage to transformers, lines, and busbars, and endanger the safety of engineers.
This document provides a recommended security architecture that allows the major security risks to be mitigated with current technology. It provides guidance on what technical measures to take to secure substation automation systems. It can be used by departments designing and maintaining substation automation systems to determine which measures they should take.