This guideline identifies best practices for securing automated distribution management (DM) functions in a smart grid environment, including steady state operations and optimization. This document addresses concerns related to using communications and automation in field equipment that controls the configuration and operation of the electric distribution system. Other electric system operation scenarios may also be addressed using this profile, as the various roles defined herein have been abstracted in such a way as to support mapping to different environments.
This document defines a set of use cases and a corresponding set of security controls for systems and components that implement the use cases. The security controls in this document are based in part on the controls from the Department of Homeland Security Catalog of Control Systems Security (U.S. Department of Homeland Security, March 2010). The underlying approach is to define the function of DM systems through abstract roles and use cases; define broad security objectives for DM systems; identify potential failures for each role in the context of the use cases; define security controls to address the failures; and assign controls to the roles. The roles have been designed abstractly to ensure applicability across a range of DM applications. Likewise, the use cases have been designed to be modular in order to facilitate combining them in different arrangements to describe different business models.
The primary audience of this document is organizations that are developing or implementing solutions providing various aspects of distribution management. This document is written at the normal level of utility security experience for system owners, system implementers and security engineers.