Improved Role Based Access Control for Intelligent Electronic Devices

Call
ICA-24-07
Improved Role Based Access Control for Intelligent Electronic Devices

The Opportunity

The objective of this Opportunity is to shortlist the submissions that best answer the brief, with the aim of attending a presentation day with the EIC Industry Partners, where it can be discussed in greater detail with a technical panel.
The EIC welcomes submissions from individual companies or companies working in collaboration with each other.

 

What is the problem?

Electricity substations house essential Intelligent Electronic Devices (IEDs) which provide the control of power systems equipment such as circuit breakers, transformers, and capacitor banks. 
Many IEDs are manufactured and supplied as 'set-and-forget’ devices that cause minimal concern to energy networks. In many cases, IEDs have general settings that allow control of power systems equipment that the majority of personnel can access. However, in some cases, IED access is restricted to specialist job roles. 
Access to selected IEDs must be restricted to appropriately authorised personnel to maintain security. Unauthorised changes to these power systems may lead to problems such as unplanned outages for customers. 
Current security methods include, but are not limited to:
•    The housing of equipment in lockable control cabinets
•    Restricting access to control cabinets by issuing physical keys to authorised personnel (this method has limitations as keys can be lost or duplicated) 
•    Use of built-in passwords can be problematic due to the management required and they do not necessarily cater for the required level of access to one device.    

 

Preferred Output

This call for innovation is searching for a mechanism that provides access to different functionalities and settings for a range of IEDs based on the authorisation level of the operational personnel. The aim would be to have the ability to digitally grant access to appropriately authorised personnel directly onsite. The credentials, however, would need to be managed centrally. The system should be able to verify the operator’s identity and current authorisations in real time. Please see below a suggested straw-man schematic of the desired approach.