IEC 62443 Standard for Hydro Power Plants

This study approaches cyber security in industrial environments focusing on hydro power plants, since they are part of the critical infrastructure and are the main source of renewable energy in some countries. The theoretical study case follows the standard IEC 62443-2-1 to implement a cyber security management system (CSMS) in a hydro power plant with two generation units. The CSMS is composed of six steps: (1) initiate CSMS, (2) high level risk assessment, (3) detailed risk assessment, (4) establish policies, procedures, and awareness, (5) select and implement countermeasures, and (6) maintain the CSMS. To perform the high-level risk assessment, an overview of the most common activities and vulnerabilities in hydro power plants systems is presented. After defining the priorities, the detailed risk assessment is performed based on a HAZOP risk analysis methodology focusing on hackable digital assets (cyber-HAZOP). The analysis of the cyber-HAZOP assessment leads to mitigations of the cyber risks that are addressed proposing modifications in the automation architecture, and this also involves checking lists to be used by the stakeholders during the implementation of the solution, emphasizing security configurations in digital assets groups.