This document provides a threat analysis for SCADA, EMS, and (A)DMS systems. It analyzes information assets, access control policies and threats to derive security objectives for the system and its operational environment.
The SCADA, EMS and (A)DMS systems are the core of a grid operation infrastructure for both transmission system operators (TSOs) and distribution system operators (DSOs). This core position system also makes them attractive targets to anyone trying to sabotage the electricity grid. Through these systems, they can control thousands of field devices. So, the systems should be strongly secured.
But securing these systems is becoming more difficult as they are becoming more connected. The time that SCADA, EMS, and (A)DMS systems were stand-alone, air-gapped systems is long past. Most grid operators have now connected them to their enterprise IT systems to export data for grid planning and import geographic information. The vendor of the systems often has remote access for maintenance. Control center of other grid operators are connected. Field equipment from distributed energy resources (DER) or customer feeding in gas are being connected. And field engineers are getting remote access to get a better view of the system and give feedback about executing switching actions.
Making sure the SCADA, EMS, and A(DMS) systems are secure is, hence, critical. This document analyzes the threats to these systems and defines security objectives to counter these threats. Objectives are defined for both the SCADA system itself and for the environment in which it operates.