U117 Interface: Distribution SCADA and Distribution RTUs/IEDs

Logical Interface Characteristics

Type of Interface Type of Data Communication Standards Cybersecurity Requirements Cybersecurity Concerns and Failures

Categories 1-4:

Interface between control systems and equipment

  • With or without high availability, and
  • With or without compute and/or bandwidth constraints

 

Real-time data:

  • power system status,
  • measurements,
  • settings, and
  • control commands

Standards:

Cyber requirements::

  • Availability = H
  • Integrity = H
  • Confidentiality = L
  • Privacy = L

Cyber-Physical Requirements:

  • Prevent attacks
  • Deter / defer attacks
  • Detect attacks
  • Cope during attacks
  • Recover from attacks
  • Capture attack information

Cybersecurity Concerns & Failures:

  • Denial of service
  • Lost data
  • Modified data
  • Unvalidated data
  • Late data
  • Lack of data quality information
  • Lack of alarms or event notifications
  • Lack of alternate sources of critical information
  • Invalid commands

Cyber-Physical Functional Policies, Procedures, and Technologies

The following table describes cyber-physical policies, procedures, and technologies that utilize power system functional and operational measures to mitigate the likelihood and impact of cyber attacks, while coping with any on-going attacks. The SG.XX-X items are references to the Smart Grid Catalog of Security Requirements in the NISTIR 7628.

Functional Operational and Safety Policies, Procedures, and Technologies to Minimize Vulnerabilities and Cope with Attacks

Functional Operational Policies

  • Establish a communications architecture for SCADA operations that meets both functional and cyber requirements (SG.CM-1)
  • Establish physically and/or logically separate networks for power system operations (SG.CM-1)
  • Establish which types of personnel may have what types of access to SCADA systems and their applications (SG.PS-2)
  • Establish role-based access control categories for personnel accessing SCADA systems and their applications (SG.AC-1)
  • Establish role-based access control categories for personnel managing the information exchanges with Field Equipment (SG.AC-1)
  • Establish access capabilities for each RBAC category based on “least privilege” concepts (SG.AC-7)
  • Require adequate training of engineers on SCADA applications and information exchange systems with Field Equipment (SG.CP-1)
  • Establish system, application, and information exchange testing policies (??)
  • Establish system, application, and information exchange maintenance (SG.MA-1) and upgrade policies (SG.MA-2)
  • Establish incident response policy between the utility and the Field Equipment (SG.IR-1)
  • Develop policies for alternate or manual methods for var support if the SCADA applications or Field Equipment fail (SG.CP-1) (SG.SI-1)

Functional Operational Procedures

  • Perform complete factory and field testing of SCADA applications and Field Equipment information exchange implementations
  • Require trained engineers and SCADA applications to assess the reasonableness of information exchanged with Field Equipment
  • Require validation of information exchanges between SCADA and Field Equipment
  • Ensure adequate time accuracy, synchronization of systems, and update frequency for all systems
  • Require periodic assessment of the accuracy of the SCADA application results
  • Periodically require alternate or manual methods for data assessment to ensure user familiarity and adequacy of the results
  • Develop SCADA system and application patching, maintenance, and upgrade procedures
  • Ensure backup sources for critical systems and data
  • Ensure that Field Equipment has default settings in cases of failed communications or failed associated equipment
  • Ensure that communication failures are detected at all OSI layers, with appropriate notifications and resulting actions

Functional Operational Technologies

  • Validate the reasonability of data and settings to be exchanged between the SCADA and Field Equipment
  • Compare data against baseline settings to detect missing or inconsistent data
  • Notify appropriate users if Field Equipment do not receive necessary or valid input, cannot respond correctly to the information exchange, or fail
  • Implement a validation process to trigger notifications on possible unreasonable or extreme SCADA var requests for Field Equipment
  • Implement IEC 61850 over DNPs with IEC 62351-5 security between the SCADA and Field Equipment
  • Log and timestamp significant application events
  • Log and timestamp each SCADA request for vars from Field Equipment
  • Log and timestamp each Field Equipment response to var requests
  • Log any system, application, and information exchange errors and failures

Cybersecurity Policies, Procedures, and Technologies

The following table describes the cybersecurity policies, procedures, and technologies that could mitigate the likelihood and impact of cyber attacks.

Cybersecurity Policies, Procedures, and Technologies to Address Vulnerabilities and Counter Potential Attacks

Cybersecurity Policies

  • Require assurance from Field Equipment that they have established adequate security policies (and vice versa) (SG.SA-2)
  • Establish supply chain policy between the utility and Field Equipment to ensure security of services (SG.SA-11)
  • Perform a risk assessment on possible threats associated with interactions between the SCADA and the Field Equipment (SG.RA-4)
  • Establish a security architecture for interactions between the SCADA and Field Equipment (SG.PM-4)
  • Establish security policy requirement for authentication of information exchanged between the SCADA and Field Equipment (SG.IA-1)
  • Establish role-based access control requirements including for interactions between the SCADA and Field Equipment (SG.AC-1)
  • Establish cross-organization testing policies for procedures, systems, applications, and data exchanges (SG.SA-10)
  • Establish audit and accountability policies and procedures between the utility and Field Equipment (SG.AU-1)
  • Establish security awareness and training policies (SG.AT-1)
  • Establish policy that all interactions between EMS and SCADA use isolated paths networks (SG.SC-2)

Cybersecurity Procedures

  • Establish password requirements for personnel (SG.AC-21) (SG.IA-4)
  • Establish strong (multifactor) authentication requirements for critical interactions (SG.IA-3)
  • Establish certificate management requirements (SG.SC-1)
  • Require timestamped login of all personnel accessing the EMS and SCADA systems (SG.AC-3) (SG.AU-8)
  • Log all successful and unsuccessful logins (SG.AU-3)
  • Establish procedures to detect multiple invalid login attempts and notify excessive failures (SG.AC-8)
  • Establish and manage cryptographic keys, including revocation (SG.SC-11)

Cybersecurity Technologies

  • Implement role-based access control (SG.AC-4)
  • Implement a firewall between SCADA and Field Equipment systems (SG.AC-5)
  • Ensure a trusted path is maintained at all times (SG.SC-10)
  • Implement non-repudiation capabilities (SG.AU-16)
  • Use validated cryptography (SG.SC-12)
  • Implement intrusion detection and/or prevention systems (SG.SI-4)