Critical infrastructure is becoming increasingly automated. For example, many electrical power grids are joined to a communication network, allowing for remote and/or autonomous control over their components, such as the various equipment located in a power substation. By networking critical infrastructure, the provider can quickly adapt to changes and failures, often without requiring the deployment of a technician to a remote location. However, by connecting critical infrastructure to a communication network, cybersecurity must also be taken into account to protect the infrastructure, in addition to the physical security of the infrastructure.
With the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) initiative, the United States government has defined and enforced an electronic security perimeter for all equipment used for electrical transmission and distribution. These new rules have been applied since 2015. Basically, all communications regarding mission critical functions must be contained within a security perimeter, and all communications in and out of this perimeter must go through an Access Point ruled by strict authorization and encryption mechanisms. However, the NERC CIP initiatives provide only the target requirements for a network, leaving the specific implementation details up to the end user.