Independent energy expert and assurance provider DNV has published new guidelines for power system companies planning to improve the cybersecurity of protection devices and digital technologies within substations, a release from DNV said.
Power system protection technologies are essential to maintaining the stability of a grid. They aim to isolate a faulty section of an electrical power system, leaving the rest of the live system to function acceptably without severe damage from the fault. DNV Recommended Practice DNV-RP-0575 Cybersecurity for power grid protection devices describes cyber-attack surfaces relevant for substations, potential cyber threats, and possible countermeasures for companies to consider.
DNV Recommended Practice DNV-RP-0575 outlines 45 risk-reducing measures to improve the cyber security of protection devices and digital technologies in power system substations
“National power grids are becoming increasingly network controlled. While this brings greater control and efficiency to transmission and distribution systems, it also exposes infrastructure to new cyber threats,” the release noted.
Citing an example, the release said that a high-profile attack on a series of Ukraine’s power grid substations in 2015 left a quarter of a million people without power and set a precedent for the vulnerabilities facing the world’s grids.
By 2019, more than half of utilities had encountered a cyber-attack, according to research by Siemens and the Ponemon Institute.
“Threats to the cybersecurity of power grid substations are becoming more common, complex and creative. However, there is a lack of best practice guidance on how operators, manufacturers and regulatory authorities can build an effective force of defence. DNV’s new Recommended Practice helps to fill that gap. Working in partnership with national transmission system operators in Norway, Sweden and Finland, we have outlined 45 practical measures to secure power grid protection devices,” said Trond Solberg, Managing Director, Cybersecurity at DNV. (pictured)
Download DNV’s new recommended practice on cyber security for power grid protection devices here.
Recommended Practice DNV-RP-0575 was published following a joint research project conducted by DNV and Nordic transmission system operators Fingrid, Statnett SF, and Svenska Kraftnät. It offers industry-reviewed guidance on planning and implementation of cybersecurity measures and controls in power system protection devices.
The measures outlined in the Recommended Practice cover people, processes and technology. They apply to organizations involved in operating, managing and securing protection devices and the digital technologies in substations. They are based on a comprehensive review of current EU and US legislation, and a range of applicable standards and guidelines on cybersecurity of operational technologies. The Recommended Practice also discusses future substation infrastructure.
Featured technical drawing, sourced from DNV, is for representation only.