go to top scroll for more


Projects: Projects for Investigator
Reference Number NIA_NGTO054
Title Cyber Security Solutions for Legacy Equipment
Status Completed
Energy Categories Other Cross-Cutting Technologies or Research 50%;
Other Power and Storage Technologies(Electricity transmission and distribution) 50%;
Research Types Applied Research and Development 100%
Science and Technology Fields PHYSICAL SCIENCES AND MATHEMATICS (Computer Science and Informatics) 75%;
ENGINEERING AND TECHNOLOGY (Electrical and Electronic Engineering) 25%;
UKERC Cross Cutting Characterisation Not Cross-cutting 100%
Principal Investigator Project Contact
No email address given
National Grid Electricity Transmission
Award Type Network Innovation Allowance
Funding Source Ofgem
Start Date 01 September 2020
End Date 01 April 2021
Duration ENA months
Total Grant Value £92,000
Industrial Sectors Power
Region London
Programme Network Innovation Allowance
Investigators Principal Investigator Project Contact , National Grid Electricity Transmission (100.000%)
  Industrial Collaborator Project Contact , National Grid Electricity Transmission (0.000%)
Web Site https://smarter.energynetworks.org/projects/NIA_NGTO054
Objectives In order to address the challenge of securing legacy protection, automation and control equipment we will carry out a desktop based investigation into cyber security risk and risk assessment methodologies. The study will particularly consider the different vintages of equipment and investigate new ways of establishing a risk assessment framework as well as options for overall risk mitigation and management. Some laboratory based testing and validation of risk mitigation methods may be included if the opportunity arises. This would require access restrictions to lab space to be lifted and some collaboration from our supply chain partners. Deliverables:Review and report on literature dealing with cyber security, including cyber security issues and the existing potential cyber solutions for legacy equipment, including assessment of commercially available products in the field, and experience of deployment by other utilities. Review of current population of Protection, Automation and Control (PAC) solutions and relevant technologies used in NGET, and develop and carry out risk assessment for current legacy equipment, Develop methods, including options of using off-the-shelf products as well as novel ideas in terms of technology, processes and configurations to address cyber security issues for legacy equipment, considering in particular the implementation of IEC62351 and 62443 and providing implementation guidance Option assessment and ranking considering residual risks, asset lifecycle and cost benefit,Main report on project, including sub-reports, presentations and dissemination of results (as far as appropriate) delivered during the project. The aim of this project is to investigate and develop methodologies for cyber risk assessment assess risk levels for P&C equipment, in particular legacy equipment understand the currently available options to improve security and develop new ideas and concepts capable of improving security for legacy equipment in a cost-effective way. assess options and make recommendations based on a CBA The investigation will refer to and build on the ongoing work in the CREST project (NGTO020) and in particular the cyber security requirements and implementation guidance for IEC standards 62351 and 62443. The project will provide guidance on how to apply these standards to the relevant vintages of P&C equipment.
Abstract While it is well recognised that IEC61850 based fully digital substation technologies can deliver great benefits to power utilities and their customers, the existing legacy equipment will continue to play a crucial role to support the critical power infrastructure for the remainder of its service lifetime, especially substation protection and control systems. Since legacy equipment was originally designed for use on dedicated or closed networks and therefore contains little or no cyber security features. Even though they perform critical functions managing power grid and communication networks, most are lacking crucial features for access control and device hardening. Many of these devices cannot be easily updated with new firmware to include security and replacing them with new secure versions will take years. Hence a risk assessment and detailed review of options for improved cyber security for legacy equipment to stop any cyber-attack are urgently required. In this context, we consider legacy equipment all assets that have been delivered prior to the implementation of our architecture for secondary substation systems.
Publications (none)
Final Report (none)
Added to Database 02/11/22