The supervisory control and data acquisition (SCADA) system is the core of a grid operation infrastructure for both transmission system operators (TSOs) and distribution system operator (DSOs). The SCADA system is critical to the business continuity of grid operators.
The core position of SCADA system also makes them attractive to anyone trying to sabotage the electricity grid. Through the SCADA system, they can control thousands of field devices. So, SCADA systems should be strongly secured.
But securing these systems is becoming more difficult as they are becoming more connected. The time that SCADA systems were stand-alone, air-gapped systems is long past. Most grid operators have now connected them to their enterprise IT systems to export data for grid planning and import geographic information. The vendor of the SCADA system often has remote access for maintenance. Control center of other grid operators are connected. Field equipment from distributed energy resources (DER) or customer feeding in gas are being connected. And field engineers are getting remote access to get a better view of the system and give feedback about executing switching actions.
Each connection creates a possibility for attackers to get into the SCADA system. This document describes a security architecture for SCADA systems to mitigate these risks. It specifies the technical security measures grid operators can implement to secure the SCADA system.