Energy delivery systems are critical to the effective and reliable operation of North America’s energy infrastructure. Our twenty-first-century way of life is made possible by the vast network of processes enabled by these systems, as well as the interconnected electronic components, communication devices, and people who monitor and control those processes. Energy delivery systems are used to monitor and control the production, transfer, and distribution of energy. These systems include Supervisory Control and Data Acquisition (SCADA) systems, Energy Management Systems (EMSs), Distribution Management Systems (DMSs), and Distributed Control Systems (DCSs). Energy delivery systems comprise the following:
- The sensors and actuators used for monitoring and controll ing energy delivery processes .
- The computer-based systems that analyze and store data .
- The communication pathways and networks that interconnect the various computer systems.
Cyber security threats, whether malicious or unintentional, pose a serious and ongoing challenge for the energy sector. Today’s highly reliable and flexible energy infrastructure depends on the ability of energy delivery systems to provide timely, accurate information to system operators and automated control over a large, dispersed network of assets and components.
A cyberattack on an energy delivery system can have significant impacts on the availability of a system to perform critical functions as well as the integrity of the system and the confidentiality of sensitive information. This, in turn, could impact national security, public safety, and the economy.
A variety of steps need to be taken throughout the life cycle of energy delivery systems to protect them from cyber threats. Embedding cybersecurity in the procurement of energy delivery systems is an important step for protecting these systems and is the focus of this document. Including cybersecurity in the procurement process can ensure that those purchasing and supplying energy delivery systems consider cybersecurity starting from the design phase of system development. This further ensures that cybersecurity is implemented throughout the testing, manufacturing, delivery, installation, and support phases of the product life cycle, improving overall reliability and reducing cybersecurity risks. To assist with embedding cybersecurity in the procurement of energy delivery systems , this document provides baseline cybersecurity procurement language for use by asset owners, operators, integrators, and suppliers during the procurement process...(Read more...)