This document describes a strategy to improve the cyber security of legacy substations.
Substation automation equipment is not frequently replaced because of the high cost of replacement and scarcity of skilled engineers who can do the replacements. This means that many of these systems are legacy and do not support common security practices and not all the security measures in the security architecture for substation automation can be applied.
Therefore, this document defines four different categories of substations, based on two criteria (WAN Communication and IED connections), and proposes for each one a set of risk-based security recommendations to help improve the cyber security of these legacy substations.