The SCADA, EMS and (A)DMS systems are the core of a grid operation infrastructure for both transmission system operators (TSOs) and distribution system operator (DSOs). This core position also makes them attractive targets to anyone trying to sabotage the electricity grid. Through these systems, they can control thousands of field devices. So, the systems should be strongly secured.
But securing these systems is becoming more difficult as they are becoming more connected. The time that SCADA, EMS and (A)DMS systems were stand-alone, air-gapped systems has long passed. Most grid operators have now connected them to their enterprise IT systems to export data for grid planning and to import geographic information. The vendor of the systems often has remote access for maintenance. Control centers of other grid operators are connected. Field equipment from distributed energy resources (DER) or customer feeding in gas are being connected. And field engineers are getting remote access to get a better view of the system and give feedback about executing switching actions. Each connection creates a possibility for attackers to get into the systems.
This document provides a harmonized set of security requirements for SCADA, EMS, or (A)DMS applications that grid operators use directly in their procurement documents. The requirements have been thoroughly reviewed by both grid operators and vendors. They are designed to fit into the processes and procedures already in place in the organizations and to find a good balance between security and the operational impact.