Electric Power Research Institute About Us
The Institute
Office Locations

2016 Corporate Social Responsibility Report

EPRI completed a full corporate social responsibility assessment in 2015 culminating in release of its first Corporate Social Responsibility report. The report (and companion video) provides a comprehensive look at EPRI's social responsibility culture and actions around four focus areas: community, employees, operations, and research.

Our Work Events Newsroom Careers EPRI Journal

Product Abstract

Security Implications and Considerations for Serial to IP-Based SCADA Migration Revisited

Product ID:3002006492
Date Published:14-Jul-2015
Pages:76
Sector Name:Power Delivery & Utilization - Distribution & Utilization
Document Type:Technical Results

This product is available at no cost to funding members only. If you are a member, you must Log in to access.

Price:$ 15,000 (US Dollars)

If you are a non-funding individual or entity and wish to purchase this document, please contact the EPRI Order Center at 1-800-313-3774 Option 2 or 650-855-2121. You may also send an e mail to orders@epri.com.

Abstract

This technical update describes the requirements, risks, benefits, vulnerabilities, and potential North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) standards compliance issues that utilities might face when migrating their supervisory control and data acquisition (SCADA) systems from serial-based communications to communications based on the Internet Protocol (IP) suite. The report is based on two surveys—performed with a two-year interval between them—of several utilities that have taken different approaches to this issue.

Background

This report is an update of a similar report produced by EPRI in 2012, Security Implications and Considerations for Serial to IP-Based SCADA Migration (1025674). This report compares the viewpoints of the utilities surveyed in 2014 with those consulted in 2012. Three of the five utilities surveyed in 2014 were also included in the 2012 report.

This update is intended to be a guideline for making decisions related to IP migration, including assisting utilities in deciding whether to migrate and providing options for how to accomplish their decision.

Objectives

This report documents the issues considered and the decisions made by several utilities regarding their migration to IP networks from dial-up and dedicated serial networks, particularly noting the way in which the migration affected their security strategies. It is intended that other utilities can use this report to provide context and guidelines when making their own decisions about migration. The report summarizes the responses of the surveyed utilities on the following topics:

  • Perceived benefits of migration
  • Perceived risks of migration
  • Security compliance issues
  • Organizational and training impacts
  • Preparation for future technologies such as IEC 61850 and synchrophasors
  • Potential cost factors
  • Migration strategies
  • Security strategies
  • Lessons learned

Approach

This report is an update to a similar survey and report produced in 2012. In both surveys, representatives from several utilities were interviewed and asked questions roughly corresponding to the main section headings of this report. Six utilities participated in the first survey; five participated in the second. Three of the utilities from the first survey were also interviewed in the second survey. The representatives interviewed were in charge of developing SCADA systems, applying the NERC CIP standards, and/or managing IT departments that are responsible for SCADA networks.

Results

In the first survey, the responses of the utilities varied considerably. Some were deploying IP at all their most important stations while others were determined to continue using serial. In the intervening two years, serial technology has increased significantly in cost and decreased in availability, and the exception for serial protocols in the NERC CIP standards has been removed. In addition, utilities have gained more experience with IP technology. As a result, more utilities are planning to migrate their networks toward IP. Furthermore, utilities that have already installed IP are deploying it into more of their networks and are using IP to implement new applications.

This technical update describes in a generic manner each of various IP deployment scenarios, the migration and security strategies used by the surveyed utilities, and the lessons learned. It also provides general information on the relative benefits and risks of migrating to IP networks based on the comments of the surveyed utilities. Specific details and attributions relating to each utility have been removed to help protect the security of the utilities that have generously contributed to this effort.

Applications, Value, and Use

Utilities that are considering deployment of IP networks can benefit from the experience of other utilities that have already made decisions, regardless of whether those utilities chose to migrate. This update provides options and strategies related to migrating to IP networks. The updated report guidelines can be used for making decisions related to IP migration, including assisting utilities in deciding whether to migrate and providing IP migration options.

Program
2015 Program 161   Information and Communication Technology
Keywords
  • Security
  • Migration
  • NERC
  • Data communications
  • CIP
  • Internet protocols
  • Serial
Report
000000003002006492
Note

For further information about EPRI, call the EPRI Customer Assistance Center at (800) 313-3774 or email askepri@epri.com

 Having Trouble Downloading?

Internet Explorer Information Bar

If using Internet Explorer the browser automatically blocks downloads by default, instead displaying an "Information Bar" at the top or bottom of the page.

Click "Download File" on Information Bar if using Internet Explorer 8 or older. If using version 9, click “Save” button on Information Bar and then select “Open” once downloaded.

Pop-up blocker software

You can hold down the CTRL key when selecting Download to bypass your pop-up blocker.

You may also configure your pop-up blocker to allow EPRI.com to open new windows.

Recommended Software

EPRI recommends using the latest version of Adobe Reader for best performance.

 Support Services

EPRI Customer Assistance Center (CAC):
800-313-3774 or 650-855-2121 Option 4
askepri@epri.com

Hours of Operation:
8:00 AM - 6:00 PM Eastern Time (GMT-5)

Order and Conference Center:
800-313-3774 or 650-855-2121 Option 2
orders@epri.com