This technical update describes the requirements, risks, benefits, vulnerabilities, and potential North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) standards compliance issues that utilities might face when migrating their supervisory control and data acquisition (SCADA) systems from serial-based communications to communications based on the Internet Protocol (IP) suite. The report is based on two surveys—performed with a two-year interval between them—of several utilities that have taken different approaches to this issue.
This report is an update of a similar report produced by EPRI in 2012, Security Implications and Considerations for Serial to IP-Based SCADA Migration (1025674). This report compares the viewpoints of the utilities surveyed in 2014 with those consulted in 2012. Three of the five utilities surveyed in 2014 were also included in the 2012 report.
This update is intended to be a guideline for making decisions related to IP migration, including assisting utilities in deciding whether to migrate and providing options for how to accomplish their decision.
This report documents the issues considered and the decisions made by several utilities regarding their migration to IP networks from dial-up and dedicated serial networks, particularly noting the way in which the migration affected their security strategies. It is intended that other utilities can use this report to provide context and guidelines when making their own decisions about migration. The report summarizes the responses of the surveyed utilities on the following topics:
Perceived benefits of migration
Perceived risks of migration
Security compliance issues
Organizational and training impacts
Preparation for future technologies such as IEC 61850 and synchrophasors
Potential cost factors
This report is an update to a similar survey and report produced in 2012. In both surveys, representatives from several utilities were interviewed and asked questions roughly corresponding to the main section headings of this report. Six utilities participated in the first survey; five participated in the second. Three of the utilities from the first survey were also interviewed in the second survey. The representatives interviewed were in charge of developing SCADA systems, applying the NERC CIP standards, and/or managing IT departments that are responsible for SCADA networks.
In the first survey, the responses of the utilities varied considerably. Some were deploying IP at all their most important stations while others were determined to continue using serial. In the intervening two years, serial technology has increased significantly in cost and decreased in availability, and the exception for serial protocols in the NERC CIP standards has been removed. In addition, utilities have gained more experience with IP technology. As a result, more utilities are planning to migrate their networks toward IP. Furthermore, utilities that have already installed IP are deploying it into more of their networks and are using IP to implement new applications.
This technical update describes in a generic manner each of various IP deployment scenarios, the migration and security strategies used by the surveyed utilities, and the lessons learned. It also provides general information on the relative benefits and risks of migrating to IP networks based on the comments of the surveyed utilities. Specific details and attributions relating to each utility have been removed to help protect the security of the utilities that have generously contributed to this effort.
Applications, Value, and Use
Utilities that are considering deployment of IP networks can benefit from the experience of other utilities that have already made decisions, regardless of whether those utilities chose to migrate. This update provides options and strategies related to migrating to IP networks. The updated report guidelines can be used for making decisions related to IP migration, including assisting utilities in deciding whether to migrate and providing IP migration options.