With power grids gradually becoming software intensive and digitally connected, their exposure to cyber threats has increased, putting key assets and the operations of an organization at risk. At the same time, the sophistication of cyber attacks is rising. This is adding to the threats that security teams for information technology (IT) and operational technology (OT) must deal with, often without experience or any suitable cyber security solutions readily available. The power grid is vulnerable to cyber security incidents that may, in the worst case, be used to trip circuit breakers, as seen during two incidents in the Ukraine, or to prevent protective systems from working in the case of an actual fault.
The purpose of power system protection is to isolate a faulty section of the electrical power system from the rest of the live system. Once this is isolated, the remaining portion of the power system can function to an acceptable extent without any severe damage due to the current fault. As such, securing the protection devices is essential for the stability of the power grid.
Objective
The objective of this recommended practice (RP) is to propose practical guidelines describing attack surfaces, potential threats and possible countermeasures that a company should take into consideration when planning to improve the security of its protection devices and the digital technology within its substations. The RP aims to improve security for second and third generation substation protection devices. It offers a set of industry reviewed activities to include when planning and assessing the implementation of security measures and controls in the power system.