Title: Architecture and Methods for Substation SCADA Cybersecurity: Best Practices

There are over 3000 electricity providers in the United States, encompassing investor and publicly owned utilities as well as electric cooperatives. There has been ongoing trends to increasingly automate and provide remote control and monitoring of electric energy delivery systems. The deployment of computer network technologies has increased the efficiency and reliability of electric power infrastructure. However, the increased use of digital communications has also increased the vulnerability to malicious cyber attacks [1]. In 2004 the National Research Councils (National Academies) formed a committee of specialists to address these vulnerabilities and propose possible solutions with an objective to prioritize the R&D needs for developing countermeasures. The committee addressed many potential concerns in the electric power delivery system and classified them based upon different criteria and presented recommendations to minimize the gap between the academic research directions and the needs of the electric utility industry. The complexity and diversity of the electric power delivery system in the U.S. has opened many ports for attackers and intruders [1]. This complexity and diversity is attributed to the fact that power delivery system is a network of substations, transmission and distribution lines, sub-networks of controlling, sensing and monitoring units, and human operator involvement for running the system [1]. Accordingly, any incident such as the occurrence of a fault or disturbance in this complex network cannot be deferred and should be resolved within an order of milliseconds, otherwise there is risk of large-scale outages similar to the occurrences in India and the U.S. in 2003 [2]. There are three main vulnerabilities in supervisory control and data acquisition (SCADA) systems commonly identified—physical vulnerability, cyber vulnerability and personal vulnerability [1]. In terms of cyber threats, SCADA systems are the most critical elements in the electric power grid in the U.S. Unauthorized access to a SCADA system could enable/disable unexpected equipment (such as disable the protection system or a circuit breaker) which could cause large scale disruptions of electric power delivery. This paper provides an overview of power system SCADA technologies in transmission substations (Section 2) and summarizes the best practices for implementing a cyber security program. After introducing SCADA system operations in Section 2, a description of the security challenges for SCADA systems is presented in Section 3. In Section 4, NECRC Critical Infrastructure Protection standards CIP-002 through CIP-009 are summarized. An overview of industry best practices is presented in Section 5.