DNV has published new guidelines for power system companies planning to improve the cyber security of protection devices and digital technologies within substations.
Power system protection technologies are essential to maintaining the stability of a grid.
They aim to isolate a faulty section of an electrical power system, leaving the rest of the live system to function acceptably without severe damage from the fault.
DNV Recommended Practice DNV-RP-0575 Cyber security for power grid protection devices describes cyber-attack surfaces relevant for substations, potential cyber threats, and possible countermeasures for companies to consider.
National power grids are becoming increasingly network controlled.
While this brings greater control and efficiency to transmission and distribution systems, it also exposes infrastructure to new cyber threats.
A high-profile attack on a series of Ukraine’s power grid substations in 2015 left a quarter of a million people without power and set a precedent for the vulnerabilities facing the world’s grids. By 2019, more than half of utilities had encountered a cyber-attack, according to research by Siemens and the Ponemon Institute.
“Threats to the cyber security of power grid substations are becoming more common, complex and creative.
“However, there is a lack of best practice guidance on how operators, manufacturers and regulatory authorities can build an effective force of defence.
“DNV’s new Recommended Practice helps to fill that gap. Working in partnership with national transmission system operators in Norway, Sweden and Finland, we have outlined 45 practical measures to secure power grid protection devices,” said Trond Solberg, managing director, cyber security at DNV.
Recommended Practice DNV-RP-0575 was published following a joint research project conducted by DNV and Nordic transmission system operators Fingrid, Statnett SF, and Svenska Kraftnat.
It offers industry-reviewed guidance on planning and implementation of cyber security measures and controls in power system protection devices.
The measures outlined in the recommended practice cover people, processes and technology. They apply to organizations involved in operating, managing and securing protection devices and the digital technologies in substations.