Grid operators depend on grid information for effective and efficient operation, maintenance, and planning. This information is traditionally collected by the SCADA system through remote terminal units (RTUs) or gateways placed at substations.
But in this way grid operators are only monitoring part of the grid. For many use cases, information cannot be collected in the traditional way. Examples are oil quality monitoring in the transformers, hot spot temperature monitoring in transformers and lines, copper theft detection and fault passage indication in overhead lines. Sensors collecting information for these cases can often not easily be connected to substation RTUs or gateways, because they are physically too far, or it is too costly to logically integrate them into the systems.
New sensors, often based on internet-of-thing (IoT) technologies, are used to fill this gap. These sensors allow grid operators to get more data about the grid, at a lower cost.
But because of the goal of low cost, it is often not clear what security requirements can be set for the sensor systems. To keep the cost of sensors down, they have less computing power than RTUs or gateways. To reduce installation cost, the sensors are sometimes battery powered. So, some measures may not be feasible on the sensors. Also, to minimize the cost of installation and maintenance, security configuration and key management should take as little time as possible from engineers. So, these functions should be automated where possible.
This document provides a recommended security architecture for sensor system, particularly those based on IoT technologies. It gives a set of technical measures that those designing and maintaining the systems can use to mitigate security risks by reducing the likelihoods.