This document presents the security profile for electric grid substation automation technology. The profile addresses security concerns associated with automated and manual interaction in support of system protection (inter and intra-substation), system control (local and remote), system optimization (e.g., voltage and reactive power), and system monitoring (i.e., equipment health) performed by equipment located in transmission and distribution substations. The recommendations made herein are based on stated system architectural and functional assumptions, and offer a security baseline for overall use of substation automation technology with tailored subsets of recommendations where variations in system deployment or usage occur.
This document defines a reference architecture, a set of roles to define system functionality and communications, and a set of security controls for systems and components that implement the roles. The security controls in this document are inspired by and reference the application of technical requirements found in NIST Interagency Report (IR) 7628: Guidelines for Smart Grid Cyber Security to substation automation systems and technology. The underlying approach behind this document was therefore to (1) study real-world use of substation automation systems, (2) define the function of these systems by presenting a reference architecture that defines abstract roles and their interactions through state machines and communications analyses, (3) map the architecture's roles to real-world substation automation systems, (4) define broad security objectives for substation automation systems, (5) identify potential failure modes for each role in the context of the state machines and communications analyses, (6) define security controls to address the failure modes, and (7) assign controls to the appropriate elements of the reference architecture.
The primary audiences for this document are system owners, system implementers, and security engineers within organizations that are developing or implementing solutions requiring or providing substation automation functionality. This security profile is intended to be suitable for review, analysis, evolution, and improvement by the broader research and engineering community through the profile’s presentation of details behind the analyses, such as the complete state-machine models for each of the in-scope substation automation roles and the explicit linkage between failure modes and recommended controls.