Categories 1-4:

Interface between control systems and equipment

• With or without high availability, and
• With or without compute and/or bandwidth constraints

Real-time data:

• power system status,
• measurements,
• settings, and
• control commands

Standards:

• IEC 61850
• DNP3
• IEC 62351

Cyber requirements::

• Availability = H
• Integrity = H
• Confidentiality = L
• Privacy = L

Cyber-Physical Requirements:

• Prevent attacks
• Deter / defer attacks
• Detect attacks
• Cope during attacks
• Recover from attacks
• Capture attack information

Cybersecurity Concerns & Failures:

• Denial of service
• Lost data
• Modified data
• Unvalidated data
• Late data
• Lack of data quality information
• Lack of alarms or event notifications
• Lack of alternate sources of critical information
• Invalid commands

Functional Operational Policies

• Establish a communications architecture for SCADA operations that meets both functional and cyber requirements (SG.CM-1)
• Establish physically and/or logically separate networks for power system operations (SG.CM-1)
• Establish which types of personnel may have what types of access to SCADA systems and their applications (SG.PS-2)
• Establish role-based access control categories for personnel accessing SCADA systems and their applications (SG.AC-1)
• Establish role-based access control categories for personnel managing the information exchanges with Field Equipment (SG.AC-1)
• Establish access capabilities for each RBAC category based on “least privilege” concepts (SG.AC-7)
• Require adequate training of engineers on SCADA applications and information exchange systems with Field Equipment (SG.CP-1)
• Establish system, application, and information exchange testing policies (??)
• Establish system, application, and information exchange maintenance (SG.MA-1) and upgrade policies (SG.MA-2)
• Establish incident response policy between the utility and the Field Equipment (SG.IR-1)
• Develop policies for alternate or manual methods for var support if the SCADA applications or Field Equipment fail (SG.CP-1) (SG.SI-1)

Functional Operational Procedures

• Perform complete factory and field testing of SCADA applications and Field Equipment information exchange implementations
• Require trained engineers and SCADA applications to assess the reasonableness of information exchanged with Field Equipment
• Require validation of information exchanges between SCADA and Field Equipment
• Ensure adequate time accuracy, synchronization of systems, and update frequency for all systems
• Require periodic assessment of the accuracy of the SCADA application results
• Periodically require alternate or manual methods for data assessment to ensure user familiarity and adequacy of the results
• Develop SCADA system and application patching, maintenance, and upgrade procedures
• Ensure backup sources for critical systems and data
• Ensure that Field Equipment has default settings in cases of failed communications or failed associated equipment
• Ensure that communication failures are detected at all OSI layers, with appropriate notifications and resulting actions

Functional Operational Technologies

• Validate the reasonability of data and settings to be exchanged between the SCADA and Field Equipment
• Compare data against baseline settings to detect missing or inconsistent data
• Notify appropriate users if Field Equipment do not receive necessary or valid input, cannot respond correctly to the information exchange, or fail
• Implement a validation process to trigger notifications on possible unreasonable or extreme SCADA var requests for Field Equipment
• Implement IEC 61850 over DNPs with IEC 62351-5 security between the SCADA and Field Equipment
• Log and timestamp significant application events
• Log and timestamp each SCADA request for vars from Field Equipment
• Log and timestamp each Field Equipment response to var requests
• Log any system, application, and information exchange errors and failures

Cybersecurity Policies

• Require assurance from Field Equipment that they have established adequate security policies (and vice versa) (SG.SA-2)
• Establish supply chain policy between the utility and Field Equipment to ensure security of services (SG.SA-11)
• Perform a risk assessment on possible threats associated with interactions between the SCADA and the Field Equipment (SG.RA-4)
• Establish a security architecture for interactions between the SCADA and Field Equipment (SG.PM-4)
• Establish security policy requirement for authentication of information exchanged between the SCADA and Field Equipment (SG.IA-1)
• Establish role-based access control requirements including for interactions between the SCADA and Field Equipment (SG.AC-1)
• Establish cross-organization testing policies for procedures, systems, applications, and data exchanges (SG.SA-10)
• Establish audit and accountability policies and procedures between the utility and Field Equipment (SG.AU-1)
• Establish security awareness and training policies (SG.AT-1)
• Establish policy that all interactions between EMS and SCADA use isolated paths networks (SG.SC-2)

Cybersecurity Procedures

• Establish password requirements for personnel (SG.AC-21) (SG.IA-4)
• Establish strong (multifactor) authentication requirements for critical interactions (SG.IA-3)
• Establish certificate management requirements (SG.SC-1)
• Require timestamped login of all personnel accessing the EMS and SCADA systems (SG.AC-3) (SG.AU-8)
• Log all successful and unsuccessful logins (SG.AU-3)
• Establish procedures to detect multiple invalid login attempts and notify excessive failures (SG.AC-8)
• Establish and manage cryptographic keys, including revocation (SG.SC-11)

Cybersecurity Technologies

• Implement role-based access control (SG.AC-4)
• Implement a firewall between SCADA and Field Equipment systems (SG.AC-5)
• Ensure a trusted path is maintained at all times (SG.SC-10)
• Implement non-repudiation capabilities (SG.AU-16)
• Use validated cryptography (SG.SC-12)
• Implement intrusion detection and/or prevention systems (SG.SI-4)