Share

WG B4.78 Cyber Asset Management for HVDC/FACTS Systems

Background:
Control & Protection (C&P) of HVDC and FACTS including the valve electronics are unique since they are complex and responsible for the control of large quantities of power transmission and/or AC system stability. The C&P systems are integrated with the power electronic main circuit equipment and are increasingly reliant on off-the-shelf IT products and IP addressable components. Currently a C&P system could consist of vendor specific devices with proprietary firmware and software, combined with common IT hardware and software as servers, NAS, workstations, routers, etc. Different parts of the C&P system have different expected lifecycles, both from a cyber security and operational lifecycle perspective. The regulatory framework applicable to a HVDC/FACTS C&P system will change during specification, design and operational stages. This approach has raised the following concerns by HVDC/FACTS system owners worldwide:
1. HVDC/FACTS Cyber security vulnerability and impacts of changing regulatory requirements
2. HVDC/FACTS Cyber asset reduced life expectancy and replacement timelines
3. HVDC/FACTS Cyber asset technical resource availability, training requirements and vendor supplied continuous cyber asset security and maintenance programs
4. Specification of responsibilities for a HVDC/FACTS cyber security asset, divided among product vendor, system integrator and asset owner
The goal of this WG is to provide a roadmap to addressing these concerns.

Scope:
1. Gather cyber security best practices and regulatory requirements worldwide and summarize key design considerations. The work of WG D2.40 will be considered and valuable in this regard. Further liaison with SC D2 and SC B5 will be established.
2. Analyze options for addressing cyber security design considerations and formulate guidelines to be used when producing technical specifications for HVDC and FACTS
3. Gather HVDC/FACTS C&P cyber asset obsolescence information and identify key design considerations for replacements, post platform support operability and future system development.
4. Analyze options for addressing HVDC/FACTS C&P cyber asset obsolescence design considerations and formulate lifecycle management and vendor support guidelines to be used when producing technical specifications. These guidelines will also include software
Page 2 / 3
WG form 2017-V5
version management and replacement system verification testing requirements.
5. Gather and summarize HVDC/FACTS C&P Cyber technical resource availability, training requirements and vendor supplied continuous cyber asset security programs for operations and maintenance.
6. Outline HVDC/FACTS cyber security responsibilities of owners, vendors and system integrators for the whole lifecycle of a project; starting with specification, design, implementation, commissioning, operation and ending with decommissioning and upgrades of control system.

Terms of Reference