In August 2021, DNV published DNV-RP-0575, “Recommended Practice, Cyber security for power grid protection devices”. The Recommended Practice is important as it was developed based on the results of a joint research and development project with Fingrid (Finland), Stattnet SF (Norway), and Svenska Kraftnet (Sweden) and used by T&D India following the Chinese cyberattacks. The NIST 800-82, NERC CIP, and the ISA IEC 62443 series of standards are public. Consequently, the DNV Recommended Practice is similar to the one issued by Mojtaba S. who is an industrial security specialist for the Electric Industry of Iran. The DNV Recommended Practice is valuable in having another set of recommendations for the OT networks and programs that serve as the front end of the electric grids’ facilities. But it’s not sufficient as the Recommended Practice does not address grid physics issues nor does it address the components that directly operate the grid. This gap can lead to critical grid vulnerabilities being exploited without adequate forensics which is unacceptable.
Power grid cyber security recommendations still don’t address key grid cyber vulnerabilities