Manual on the basic protection for operational technology in power supply

Titelseite Minimalstandard Strom d.JPG

Handbuch Grundschutz für «Operational Technology» in der Stromversorgung (PDF, 4 MB, 09.11.2020)

This manual is only available in German.

Automation has long occurred independently in commercial and industrial environments. However, standardisation (e.g. X86-based devices) and networking (e.g. internet) in information systems have increasingly found their way into industrial computing in recent years. This exposes industrial systems to the same cyber threats that are well known in business information systems.

Today, industrial control systems (ICS) form an integral part of critical infrastructures including power grids, oil, gas and water supply, transport systems, manufacturing industries and chemical plants, and facilitate their operation. The growing issue of cybersecurity and its impact on the ICS highlights basic risks to a nation's critical infrastructure. Effectively addressing ICS cybersecurity issues requires a clear understanding of current security challenges and specific defensive countermeasures.

This document addresses distribution system operators of grid levels 1 to 4 and power generation plants (producers) and provides a recommendation on how to reduce cyber risks in the critical infrastructure of the power supply to an acceptable level. It was developed jointly with the association of Swiss electricity companies (Verband Schweizerischer Elektrizitätsunternehmen - VSE). The core of the recommendation is the implementation of what is known as a defence-in-depth strategy, which is based on the military principle that it is more difficult for an enemy to overcome a complex and multilayered defence system than a single barrier.

Last modification 05.12.2023

Top of page