WP-010-2018: Security policy for substation automation

This document describes the recommended security policies for each of these roles. The policies cover:
• Substation engineers configuring the equipment in the substation, including setting up the internal security measures
• Other employees working at substations, but not configuring equipment
• WAN network administrators configuring the perimeter firewalls
• Team managers that need to enable the administrators and engineers to do their job securely
• Security operations analysts responsible for coordinating vulnerability management and incident response
• Procurement staff for buying new equipment with the right security capabilities
A concrete example policy is given aimed at each group. This policy is linked to the controls in ISO 27002. Guidance is given on implementing the example policy at a particular grid operator. The policies apply both to employees and contractors or service providers in the same role.

Download this document (ENCS members only)

Employees of ENCS members can download the document by entering their e-mail address below. A link to the document will be sent to the address.

This field is for validation purposes and should be left unchanged.