DNV has published new guidelines for power system companies planning to improve the cyber security of protection devices and digital technologies within substations.
Power system protection technologies are essential to maintaining the stability of a grid. They aim to isolate a faulty section of an electrical power system, leaving the rest of the live system to function acceptably without severe damage from the fault.
National power grids are becoming increasingly network controlled. While this brings greater control and efficiency to transmission and distribution systems, it also exposes infrastructure to new cyber threats. A high-profile attack on a series of Ukraine’s power grid substations in 2015 left a quarter of a million people without power and set a precedent for the vulnerabilities facing the world’s grids. By 2019, more than half of utilities had encountered a cyber-attack, according to research by Siemens and the Ponemon Institute.
“Threats to the cyber security of power grid substations are becoming more common, complex and creative. However, there is a lack of best practice guidance on how operators, manufacturers and regulatory authorities can build an effective force of defence. DNV’s new Recommended Practice helps to fill that gap. Working in partnership with national transmission system operators in Norway, Sweden and Finland, we have outlined 45 practical measures to secure power grid protection devices,” said Trond Solberg, Managing Director, Cyber Security at DNV.
The measures outlined in the Recommended Practice cover people, processes and technology. They apply to organizations involved in operating, managing, and securing protection devices and the digital technologies in substations. They are based on a comprehensive review of current EU and US legislation, and a range of applicable standards and guidelines on cyber security of operational technologies. The Recommended Practice also discusses future substation infrastructure.
You can read the full report here.