This document gives requirements that grid operators can use to specify hardware security measures.
More vendors are including hardware security measures in smart grid field devices. For instance, some encrypt the external flash modules on smart meters. Some use hardware security modules to encrypt key databases on data concentrators. And others are implementing secure boot through specialized chips on RTUs and IEDs. Such measures are useful for field devices, as they are exposed to physical attacks.
But some measures may not mitigate the real security risks. Protecting keys stored on smart meters is not that important if meters have unique keys. Attackers can decrypt or use key databases on data concentrators if they gain access to a running device.
To get effective measures, grid operators should therefore include specific requirements. This document gives requirements for hardware security measures that grid operators can use tin their procurement documents.