TB762-2019

This Technical Brochure describes the security requirements for remote services to access intelligent electronic devices on an electric power utility’s operational network. A model-based system engineering methodology based on Zachman’s lifecycle framework was used to assess the risks and potential means to mitigate these risks. The analysis stressed the need to combine role-based and attribute-based access control to protect the integrity and confidentiality of the sensitive data. If sensitive data is compromised, a trusted platform is needed to securely collect and safeguard the evidence needed for forensic analysis.