S-TR-CPS-ICS (Rev.0-2023)

POWER STANDARD TECHNICAL SPECIFICATIONS FOR ELECTRIC WORKS
CONTROL-PROTECTION-SUPERVISION
( Specification )
OPERATIONAL TECHNOLOGY CYBER SECURITY REQUIREMENTS FOR INDUSTRIAL

CONTROL SYSTEMS
TRANSCO STANDARD : S-TR-CPS-ICS (REV. 0-2023)
S-TR-CPS-ICS (Rev.0-2023) Page 1 of 50

Operational Technology Cyber Security Requirements for Industrial Control Systems
CONTENTS
1 PURPOSE ........................................................................................................................ 3
2 SCOPE .............................................................................................................................. 4
3 DEFINITIONS AND ACRONYMNS ............................................................................ 5
4 REFERENCES .............................................................................................................. 10
5 RESPONSIBILITY ....................................................................................................... 10
6 GENERAL REQUIREMENTS TO THE CONTRACTOR...................................... 11
7 CYBER SECURITY PROCESS REQUIREMENTS ................................................ 12
7.1 General ............................................................................................................................ 12
7.2 Secured Physical Systems and Actions ........................................................................... 13
7.3 Media Control .................................................................................................................. 13
7.4 Contractor Development Environment Requirements..................................................... 14
7.5 Risk Management ............................................................................................................ 15
7.6 Vulnerability Management .............................................................................................. 16
7.7 Incident Management ...................................................................................................... 17
7.8 Documentation and Training ........................................................................................... 17
8 CYBER SECURITY DESIGN REQUIREMENTS ................................................... 19
8.1 General ............................................................................................................................ 19
8.2 Secure Network and Network Architecture Design ........................................................ 20
8.3 Cryptography ................................................................................................................... 24
8.4 Secure Time Synchronization.......................................................................................... 24
8.5 Role Based Access Control (RBAC) ............................................................................... 25
8.6 System Integrity............................................................................................................... 27
8.7 Data Confidentiality ........................................................................................................ 27
8.8 Asset Management .......................................................................................................... 27
8.9 Log Management ............................................................................................................. 28
8.10 Antimalware .................................................................................................................... 29
8.11 Backup and Restore ......................................................................................................... 30
8.12 Network Monitoring ........................................................................................................ 31
8.13 Network Intrusion Detection (NIDS) .............................................................................. 32
8.14 Secure Remote Access Connection to Substation L2.5 DMZ ......................................... 34
8.15 Patch Management .......................................................................................................... 34
8.16 Hardening ........................................................................................................................ 35
9 HARDWARE CYBER SECURITY REQUIREMENTS........................................... 37
10 SOFTWARE CYBER SECURITY REQUIREMENTS ............................................ 38
APPENDIX A: PURDUE REFERENCE MODEL ...................................................................... 41
APPENDIX B: ICS ACCEPTABLE AND UNACCEPTABLE USE ......................................... 46
APPENDIX C: INCIDENT REPORT FORM ............................................................................. 49
OPERATIONAL TECHNOLOGY CYBER SECURITY FOR INDUSTRIAL CONTROL
SYSTEMS

1 PURPOSE
The purpose of this document is to provide Transco Contractors with cyber security requirements
for Industrial Control Systems (ICS) when delivering ICS assets and/or services to Transco.
This compliance will also guide Contractors to ensure alignment with the United Arab Emirates
(UAE) Information Assurance Standards and UAE ICS Cybersecurity Framework for systems
delivered to Transco.
In general terms, compliance with Transco security policies and processes help ensure compliance
with national and international standards. Figure 1 represents a hierarchy of the international,
national, company local documents for cyber security governance of Operational Technology (OT)
systems.
• ISO 27001
• IEC 62443
International
Standards • Energy Sector Specific: NERC-CIP, NISTIR 7628, IEC62351, IEEE 1686
• UAE DoE Framework

National Standards
• Transco Cyber Security Polices

TRANSCO • Transco Cyber Security Processes
Requirements
• Operational Technology Cyber Security Requirements for Industrial

Cyber security
Requirements for
Control Systems
ICS
Figure 1 – Transco hierarchy of international, national, company local documents for cyber security governance of OT
systems

2 SCOPE
The cyber security requirements for ICS outlined in this document are applicable to all ICS assets
and services delivered to Transco by Contractor in scope of greenfield development, and other
applicable projects on Transco facilities.
This cyber security requirements document consists of two major sections:
• Process Requirements describes general requirements to the Contractor (and any
associated sub-contractors or other 3rd parties) compliance to the Transco cyber security
procedures. This part includes behavioral requirements, agreements for security measures
for data exchange during the project execution phases, obligations to follow risk-oriented
model to manage cyber security risks during the project execution phases and obligations
to take responsibility for the vulnerability management for solutions delivered to Transco.
This part of the cyber security requirements also contains obligations for cyber security
incident management during project execution phases. The Contractor shall familiarize
themselves with these process requirements and assess their compliance to these
requirements. The Contractor shall confirm their commitment to follow Transco cyber
security requirements.
• Cyber Security Design Requirements describes cyber security requirements for the
systems and solutions which will be designed and procured by Contractor for power
systems and facilities. This part of the document contains requirements for network design,
substation perimeter protection, detection and monitoring systems and endpoint protection
solutions including configurations. Based on the design of SCMS, FMS, WAMS, PQMS,
Partial Discharge, TCAMC physical protection systems and other process control systems
in the substation Contractor shall follow current cyber security requirements and provide
and integrate cyber security solutions for the substations systems and network. The scope
of work based on current cyber security requirements shall be implemented at the
substation level and include substation cyber security systems integration to the cyber
security management system in THQZ.

3 DEFINITIONS AND ACRONYMNS
AAA – Authorization, Authentication and Accounting

AADC – Al Ain Distribution Company
ACL – Access Control List
AD – Active Directory
ADDC – Abu Dhabi Distribution Company
AVR – Automatic Voltage Regulation
BCU – Bay Control Unit
BIOS – Basic Input Output System
BYOD – Bring Your Own Device
CISSP – Certified Information Systems Security Professional
CIS – Center for Internet Security
CMC – Central Management Computer
CSMS – Cyber Security Management System
ERP – Enterprise Resource Planning
ETCAMC – Emergency Transco Coordination and Management Center
DNS – Domain Name System
DoE – Department of Energy
EDR – Endpoint Detection and Response
EWS – Engineering Work Station
FAC – Final Acceptance Certificate
FAT – Factory Acceptance Testing
FMS – Fault Monitoring System
GIAC – Global Information Assurance Certification
GICSPC – Global Industrial Cyber Security Professional Certification
GRID – GIAC Response and Industrial Defense
GPL – General Public License
GPO – Group Policy Object
HIDS – Host Intrusion Detection System
IACS – Industrial Automation and Control System
ICS – Industrial Control System
IDS – Intrusion Detection Systems
IEC – International Electrotechnical Commission
IED – Intelligent Electronic Device
IEEE – Institute of Electrical and Electronics Engineers
IOS – Internetworking Operating System
IP – Internet Protocol
IPS – Intrusion Protection System
ISA – International Society of Automation
IWPP – Independent Water and Power Plant
LAN – Local Area Network
LDAP – Lightweight Directory Access Protocol

LDC – Load Dispatch Center

L-FW – Substation firewall for LDC communications
MAC – Machine Address Code
NAS – Networked Attached Storage
NIC – Network Interface Card
NIDS – Network Intrusion Detection System
NIST – National Institute of Standards and Technology
NTP – Network Time Protocol
OEM – Original Equipment Manufacturers
OS – Operating System
OSCP – Offensive Security Certified Professional
OSI – Open Systems Interconnection
OT – Operation Technology
PCN – Process Control Network
PLC – Programmable Logic Controller
PQMS – Power Quality Monitoring System
PTP – Precision Time Protocol
RADIUS – Remote Authentication Dial-In User Service
RAID – Redundant Array of Independent Disks
RBAC – Role Based Access Control
ROS – Robot Operating System
RSPAN – Remote Switch Port Analyzer
RTU – Remote Terminal Unit
SAT – Site Acceptance Testing
SCMS – Substation Control and Monitoring System
SIEM – Security Information and Event Management
SNMP – Simple Network Management Protocol
SQL – Structured Query Language
SPAN – Switch Port Analyzer
SRA – Secure Remote Access
SL – Security Level
SL-A – Security Level Achieved
SL-C – Security Level Capability
S -FW – L2.5 DMZ Substation Firewall for
SL-T – Security Level Target
SDH – Synchronous Digital Hierarchy
TAP – Test Access Point
TAQA – Abu Dhabi National Energy Company
TCC – Transmission Coordination Center
TCP – Transmission Control Protocol
TCAMC – Transco Coordination and Management Center
THQZ – Transco Head Quarters Zone
UDP – User Data Protocol
UPS – Uninterruptible Power Supply

USB – Universal Serial Bus

VAC – Voltage Alternative Current
VDC – Voltage Direct Current
VLAN – Virtual Local Area Network
VM – Virtual Machine
WAMS – Wide Area Monitoring System
WMI – Windows Management Instrumentation
WSUS – Windows Services Update Server
Table 1 – Acronyms used in this Specification

Term Definition
This term refers to personal devices (i.e. devices that are not
Bring Your Own Device provided by the contractor or Transco) and software that is not
(BYOD) approved by Transco. The use of BYOD is forbidden on the
Transco OT network.
This refer to the set of cyber security solutions such as RBAC,
firewall management, intrusion detection, Secure Remote Access,
Cyber Security
Antimalware, Backup & Restore, Network Management, Patch
Management System
management and other systems that are deployed via central
(CSMS)
management consoles in the Transco HQ2 (THQZ) for the cyber
security monitoring of substation systems in real time.
This refers to any control system and the devices it is composed
of deployed on Transco premises that are OT assets. Examples
Industrial Control
include: SCMS, FMS, PQMS systems with components such as
System(s) (ICS)
IEDs, relays, AVR, switches, operator workstations, relay access
workstation gateway, etc.
These are redundant firewalls that are used for segmenting the
L-FW Firewall for LDC communication between the substation LDC gateway and LDC
centralized systems.
This is the communications network layer that is a part of ICS
Process Control Network systems in the substation such as SCMS, FMS, PQM, WAMS,
(PCN) TCAMC, cyber security services and other OT devices and
systems that are part of this network.
This is a combination of the technical systems, network
configuration, firewall configurations, RBAC and Transco
Secure Remote Access
administrative controls that allow authorized Transco personnel
(SRA)
to have time-limited remote connection from the Transco HQ2
engineering room to the substation DMZ.
These are redundant firewalls that are used for traffic
segmentation between substation systems on Level 2. In addition,
this firewall is used for the segmentation of Level 2 and substation
S-FW Substation Firewall
DMZ L2.5. This firewall is also used for the connection between
substation and THQZ. Other connections such as connections to
LDC, ADDC, IWPP shall not be made through firewall S-FW.
Segmentation is the process of dividing up a computer network
into smaller parts. The purpose is to improve network security and
performance. Different networks can be segmented from each
Segmentation
other but are still able to communicate with each other. Network
segmentation for the purposes of this specification applies to
layers 2 and 3 of OSI model.

Segregation is the process of isolating different networks from

each other but still allowing only approved data to be
communicated between them. When segregation is referred to in
Segregation this specification it applies to layer 3-7 of the OSI model.
Segregation shall be applied for all connections to 3rd party
systems from Transco OT networks and if necessary to internal
zones based on the risk assessment and SLs.
This zone specifically defines OT infrastructure in the Transco
HQ2 building which accommodates necessary power & water
Transco Head Quarters
data processing systems, TCC control and monitoring systems,
Zone (THQZ)
TCAMC data collection systems and the cyber security
management system.
Table 2 - Definitions of Terms Used in This Specification

4 REFERENCES
The following is a list of informative references which may be referred to as a source of relevant
best practice to support achieving compliance with the requirements specified in this document:
• ISO 27001- Information Security Management - Requirements
• IEC 62443 - Security Standards for The Secure Development of Industrial Automation
and Control Systems (IACS)
• IEC 62531 - Cyber Security Series for the Smart Grid
• IEEE 1686 - Standard for Intelligent Electronic Devices Cyber Security Capabilities
• NERC-CIP - North American Electric Reliability Corporation Critical Infrastructure
Protection
• NISTIR 7628 - Guidelines for Smart Grid Cybersecurity
• NIST SP 800-82 - Guide to Operational Technology (OT) Security
• UAE Department of Energy (DoE) Cyber Security Framework
5 RESPONSIBILITY
These cyber security requirements apply to all personnel involved in the procurement, engineering,
commissioning, operations, maintenance and decommissioning of any ICS asset, information and
data and the information and data stored, transmitted, and processed and by any ICS system or
asset.
These requirements also apply to all vendors, contractors, sub-contractors and consultants
responsible for handling ICS assets, information and data during ICS systems and asset lifecycles.

6 GENERAL REQUIREMENTS TO THE CONTRACTOR

These are Transco requirements for the Contractor, and any sub-contractor, and 3rd party
companies that are nominated to provide any type of works, services or deliverables for Transco
substations, THQZ or any other OT assets. The potential or actual supplier shall be compliant or
exceed the requirements listed below. These requirements are applicable for all stages of project
related activities and agreements.
1. The Contractor shall have relevant experience of ICS cyber security solutions. If an ICS
system provider does not have in its own portfolio of completed projects OT cyber security
projects or solutions, the Contractor shall subcontract an organization/s with relevant
experience.
2. The Contractor shall have experience for providing ICS cyber security solutions in the
Energy sector. The Contractor may have experience in ICS cyber security projects or
solutions for other industrial sectors.
3. The Contractor shall demonstrate staff certification in the relevant ICS cyber security
domain and solutions (e.g. CISSP, GICSP, GRID, OSCP and product specific
certifications) for all staff who will be handling ICS asset and related cyber security scope.
4. The Contractor shall follow Transco requirements for cyber security hygiene while
working in Transco OT environment and follow due diligence when making decisions
during all project phases.
5. The Contractor shall provide physical protection measures for the equipment and systems
to prevent unauthorized access and possible malicious actions with ICS or cyber security
system (e.g., installation of malicious firmware or installation of backdoors into ICS
systems). Contractor shall maintain the assets integrity and provide evidence of asset
integrity to Transco during all project phases.
6. The Contractor is responsible for cyber incident handling and management during all stages
of the project (e.g. incident handling if ICS system has been affected by malware during
procurement, FAT, SAT, Commissioning, discovered vulnerabilities). The Contractor
shall inform Transco about any cyber security incidents during all project phases until final
acceptance of the system using the form provided in APPENDIX C: INCIDENT REPORT
FORM.
7. The Contractor shall provide product support during all warranty periods.
8. The Contractor shall assign a full-time project manager as a primary focal point for all
interactions with Transco team and project stakeholders (stakeholders may include:
equipment/system Original Equipment Manufacturers (OEM), equipment/system support
Contractors, and sub-Contractors).
9. The Contractor shall be able to provide a suitable and sufficient level of the data security
and confidentiality. Sensitive and confidential information (such as Transco asset details,
login/passwords, configuration files and templates, confidential documentation, financial
documentation) shall be processed, stored or transmitted using agreed encryption
techniques (e.g. via encrypted emails).

10. The Contractor shall not publish descriptions of Transco ICS systems or architecture as
publicly available sources of information without prior risk assessment and approval by
Transco.
7 CYBER SECURITY PROCESS REQUIREMENTS

The Contractor shall follow cyber security controls and rules that are described in this section of
this document while working at Transco facilities. These rules require the Contractor to maintain
a suitable and sufficient level of cyber security hygiene, data security and confidentiality to protect
Transco assets.
7.1 General
1. The Contractor shall submit a request for approval from Transco before commencing work
for any type of activities, related to the ICS systems in Transco.
2. The Contractor shall ensure that all integration, commissioning, acceptance testing and
maintenance activities related to cyber security are performed in accordance with
predefined, approved and documented procedures and criteria.
3. The Contractor shall put in place administrative and technical controls to ensure that all
information is suitably and sufficiently protected during digital transmission (e.g. email,
phone, messenger, ICS systems, remote control and monitoring, etc.) or offline methods
(correspondence, media storages, printed documents, verbal information sharing). Security
controls shall be suitable and sufficient and shall be based on the information classification
level of the information/data to be handled.
4. The corporate information exchange systems for project data transfer (e.g. Enterprise
Resource Planning (ERP) systems, document controller etc.) shall be agreed by both sides.
The Contractor shall follow Transco rules and requirements while using information
systems and uploading data related to the project.
5. The Contractor shall adopt suitable and sufficient security controls to ensure the security
and integrity of information during transmission. The Contractor shall implement
alternative controls where an asset cannot support suitable and sufficient transmission
security and/or integrity. The Contractor shall document the details and justification for
any alternative countermeasures used.
6. The Contractor shall protect physical media and any device in transit carrying ICS
information/data, according to the highest level of information sensitivity it will contain.
This may include physical locking mechanisms, digital encryption and/or packaging that
is suitable and sufficient to prevent data loss or theft.
7. The Contractor shall maintain suitable and sufficient records about data transferred using
physical media.

8. During projects the Contractor shall agree and establish an method for information
exchange with Transco and sub-contractors and other stakeholders involved in the project.
9. The Contractor shall support and improve the prevention measures against data leakage
during of the project and/or service delivery. After project completion Contractor shall keep
all data about the project and/or service delivery secured and confidential.
10. The Contractor shall follow a Configuration and Change Management process agreed with
and approved by Transco.
7.2 Secured Physical Systems and Actions

1. The Contractor shall obtain relevant Transco authorization for connection/disconnection of
assets to the Process Control Network (PCN). (e.g. adding or removing OT assets adding
or removal on the site, configuration change.
2. The Contractor shall not use GPS-enabled, photographic, video, audio or other recording
equipment in secure areas unless formally authorized by Transco.
3. The Contractor shall be responsible during all project stages for supply chain security of
all equipment and systems, related to the project and/or service delivered.
7.3 Media Control

1. The Contractor shall not connect Bring Your Own Device (BYOD) and removable devices
to Transco’s PCN. This is prohibited at all project stages, during operation and maintenance
or service activities.
2. Before using on any system or device connected to Transco’s PCN The Contractor shall
use registered removable media only if approved by the Transco cyber security team.
3. The Contractor shall use suitable and sufficient encryption techniques. The use of custom
Contractor/vendor developed encryption protocols are prohibited.
4. The Contractor shall ensure that ICS removable media shall be sanitized and scanned prior
to, and after use on any ICS system or ICS asset on Transco’s PCN.
5. The Contractor shall ensure that all removable media with installed applications (e.g. PLC
memory cards) or removable media which contains application license information (e.g.
dongle keys) shall be properly inventoried prior to installation. Cyber security risk for this
use of removable devices shall be evaluated by the Contractor, and suitable and sufficient
countermeasures shall be determined and implemented before using removable media
6. The Contractor shall provide justification of the necessity to use removable media and
obtain approval from the Transco cyber security team prior to the use of any removable
media.

7.4 Contractor Development Environment Requirements

1. The Contractor shall ensure that products they provide (including software and hardware),
or services and any actions associated with them shall not impact the data availability,
integrity, confidentiality of existing Transco ICS systems and networks.
2. The Contractor shall ensure that the testing environment is protected from any malicious
devices or software. The Contractor shall ensure that any testing environment infrastructure
(e.g. laptops, switches, workstations, servers etc.) used during system configuration,
assembly and FAT stages shall be properly patched and protected against backdoors,
malicious software and unauthorized access. Testing environment infrastructure shall not
be connected to any external networks.
3. The Contractor shall ensure that access to the testing environment where Transco systems
are assembled shall only be granted only to authorized personnel who have completed
suitable and sufficient cyber security awareness sessions and training.
4. Remote access to Transco systems (e.g. via the Internet or intranet, from office network,
etc.), during assembling, configuration or FAT activities is prohibited.
5. The Contractor shall ensure that distribution, delivery, and warehousing is suitable and
sufficiently secured to reduce supply chain risks.
6. A backup process for the systems configurations and snapshots shall be established by
Contractor for all system delivery stages. Outdated backups shall be securely deleted from
storages. After all system configuration activities are finished, storage used for the backups
shall be sanitized through overwriting of data to exclude any possibility of data restoration
and recovery. Transco retains the right to request suitable and sufficient evidence of the
Contractors data sanitization process and the correct implementation of this process.
7. The Contractor shall securely delete all operational information and data from test
environments immediately after assembly, configuration, or testing is completed.
8. Where the Contractor outsources any work on Transco systems to a sub-Contractor or any
other 3rd party, the Contractor shall require the sub-Contractor or any other 3rd party to
follow the same cyber security requirements applicable to the Contractor. The Contractor
shall be responsible for ensuring these requirements are adhered to. Transco retains the
right to request suitable and sufficient evidence from the Contractor about the cyber
security controls established by sub-contractor or any other 3rd party during system
assembling, configuration and supply activities.
9. The Contractor shall provide evidence to Transco that all Contractor access (including sub-
contractor and any other 3rd parties) to any Transco systems has been revoked prior
completion of the Contractor’s contractual obligations to Transco.
10. Prior to the deployment of the Contractor’s solution to Transco infrastructure the
Contractor shall ensure that all devices have been tested using the latest available versions
of software and firmware. This includes but is not limited to software and firmware for:
Printers, intelligent Uninterruptible Power Supplies (UPS), ICS components,
Workstations, Servers, Switches, Routers, Firewalls, etc.

7.5 Risk Management

Risk management in Transco is considered as an ongoing process of identifying, analyzing,
evaluating and addressing cyber security threats.
1. For any of the solutions provided, the Contractor shall conduct an Initial Risk Assessment,
as defined in IEC62443-3-2. Following completion of the Initial Risk Assessment, the
Contractor shall conduct sessions with the Transco cyber security team to demonstrate risk
assessment results and remediation actions for it. This shall be conducted as a minimum of
two sessions. The first session shall be conducted prior to approval of the final system
design. The second session shall be conducted following the final system commissioning.
All results shall be officially documented by the Contractor and submitted to Transco.
2. The Contractor shall be responsible for risk elimination and mitigation for the solutions
provided by them or their subcontractor.
3. The Contractor shall identify and inform Transco about all risks related to the provided
solution as well as any new risks arising for existing Transco systems as a consequence of
the implementation of the new solution.
4. The Contractor shall participate in the assessment of security risks. for the ICS solution
during the integration, commissioning or maintenance phases or shall use the results of
such an assessment provided by Transco during any of these phases. The Contractor shall
suitably and sufficiently address identified risks in their products and/or solutions before
being commissioned in Transco environment.
5. The Contractor shall identify any deviation between ICS system design and system
implementation and security risk assessment shall be conducted to determine mitigation
strategies.
6. The Contractor shall provide a risk assessment report. The level of detail of the Risk
Assessment report shall be done based on the DoE framework requirements, IEC 62443-
3-2 and NIST recommendations.
The main steps are the following:
- Identify threats and vulnerabilities;
- Identify impacts and calculate risk ratings;
- Identify all cyber risks, related to currently running project and affected existing
Transco systems;
- Provide recommended countermeasures for approval by Transco.
7. The Contractor shall reduce High and Medium risks identified by the risk assessment study
to tolerable levels. Transco shall define the risk tolerability criteria. The approach and
methods of risk elimination shall be agreed with Transco. If an identified risk cannot be

eliminated, a mitigation plan shall be provided by the Contractor and suitable and sufficient
actions shall be agreed with Transco and be undertaken by the Contractor.
7.6 Vulnerability Management

Transco follows best practices for vulnerability management to control existing system and new
deliverables against existing and well-known vulnerabilities. The Contractor shall demonstrate that
they have in place a vulnerability management process during all project phases and shall be
responsible for system patching for vulnerability remediation.
1. The Contractor shall maintain a cyber security vulnerability management plan for all their
supplied systems to identify, investigate and mitigate vulnerabilities and perform any
required recovery actions to reduce its impact to Transco.
2. The Contractor shall inform Transco about the status of vulnerabilities in systems which
are in the Contractor’s scope of work.
3. The Contractor shall be responsible for the remediation of any cyber security vulnerability,
identified during any stage of the project.
4. Prior to installation the Contractor shall provide a statement of applicability for the
installation of updates, hotfixes or deployment of secure configurations on ICS systems for
vulnerability mitigation actions.
5. The Contractor shall provide to the Transco cyber security team relevant documentation
(e.g. guidance, white papers, method statements, etc.) containing the methodology and
techniques required for the vulnerability mitigation process.
6. Only tested and qualified by vendor security updates or configurations shall be approved
for deployment by Transco.
7. In exceptional cases Transco can agree to the installation of security updates or
configurations that are not qualified by vendor if the risk of vulnerability exploitation is
higher than the impact from the use of non-qualified security updates or configurations.
8. If security patch for a critical or high risk vulnerability is not available or cannot be
deployed due to incompatibility with an existing system, mitigation actions and/or another
solution shall be provided to Transco within 15 calendar days maximum.
9. Transco retain the right to perform independent penetration testing as part of system tests
during the FAT and SAT stages and warranty period. The Contractor shall mitigate all
identified critical, high and medium risks based on the vulnerability scanning results and/or
penetration testing, conducted during FAT, SAT and/or warranty period. Transco retain the
right to determine the criteria for what constitutes a critical, high and medium risk.
10. The Contractor shall not disclose information about vulnerabilities in Transco ’s
environment without written authorization from Transco.

11. The Contractor shall perform system patching for critical and high vulnerabilities during
the warranty period for delivered systems. Transco retain the right to define what
constitutes a critical and high vulnerability.
12. The Contractor shall perform regular system patching twice a year during the warranty
period until the FAC certificate is issued. The patching schedule shall be approved by
Transco.
7.7 Incident Management

The Transco Incident Management process shall be followed by the Contractor, any sub-
contractors and partner companies.
1. The Contractor shall have incident response and incident management capabilities to be
able to manage cyber security incidents and their consequences.
2. On all project phases and at all times during the provision of a service, the Contractor shall
be responsible for handling cyber security incidents and shall have an incident management
process to handle security incidents. The consequences and impact of cyber security
incidents are the responsibility of the contractor to mitigate.
3. At the beginning of the project the Contractor shall nominate an experienced person to be
a primary contact in the case of a cyber incident who will be responsible for the mitigation
of any consequences and impacts of any cyber security incidents. The person nominated
by the Contractor shall communicate with the Transco cyber security team for incident
handling and incident response related issues.
4. The nominated person shall use the contractor’s incident management process until a
system is handed over to Transco at system commissioning. Following system
commissioning, the contractor shall follow Transco’s incident management procedures
should any incidents occur in the system during contractor activities (e.g. if the Contractor
was performing SAT snag-list elimination activities and this lead to a cyber incident they
should follow Transco’s incident management procedures)
5. Information about cyber security incident shall be recorded in the form that is provided in
APPENDIX C: INCIDENT REPORT FORM. All possible evidence and artifacts shall be
collected, documented, and transferred to the Transco cyber security team.
6. Information about a cyber incident shall be confidential and shall be suitably and
sufficiently secured before it is transmitted.
7.8 Documentation and Training

1. For all systems that are procured for the project scope of work, the Contractor shall ensure
that required project, legal, financial and all other documentation has been developed to a
suitable and sufficient level of quality and with reference to international and UAE
standards.

2. The Contractor shall provide comprehensive and understandable documentation about the
overall design of products. This documentation shall describe its architecture,
functionalities and protocols, their realization in hardware or software components, the
interfaces and interactions of components with each other and with internal and external
services and the configuration baseline in order to be able to implement and use the product
in the most secure way possible.
3. All documents related to cyber security implementations in substations (procedures,
manual, drawings, as-built diagrams, etc.) shall follow the same template, fonts, style,
colors, drawings and symbols.
4. The Contractor shall document all data flows that provided ICS systems and assets use to
communicate. Data flow characterization shall include, at least: the purpose of the data
flow, the impact on the overall ICS solution if data flow is interrupted or inhibited, the
communication protocol utilized, the TCP/UDP port where an IP-based protocol is used,
and the typical bandwidth needed. Contractors shall also provide delay requirements
associated with data flows.
5. The Contractor shall document all network components (e.g. hosts, servers, network
equipment, etc.), and provide detailed network diagrams at the physical, logical and
network levels (Open Systems Interconnection (OSI) layers 1, 2, and 3)
6. The dataflows for all substation systems and OT assets network shall be documented and
reflected on the dataflow diagrams. Dataflow information for each
system/device/application in the substation shall provide the following as minimum:
- Source and destination for the dataflow mapped onto the Purdue model diagram
(see APPENDIX A: PURDUE REFERENCE MODEL).
- Explicit network paths from the source to the destination.
- Protocols that are required to be enabled for the communication.
- Port numbers that are required to be enabled.
7. All network components shall be documented in the project documentation and detailed
network diagrams. These network diagrams shall show the physical, logical and network
levels, interconnections within substations, and external communications.
8. The Contractor shall provide summary documentation of a product’s security features and
security-focused instructions on product maintenance, support, and reconfiguration of
default settings.
9. The Contractor shall provide knowledge transfer to Transco personnel for any implemented
solution.

8 CYBER SECURITY DESIGN REQUIREMENTS

Transco follows the security by design approach. Transco cyber security requirements for OT
networks, systems and services are to have robust and secure design unified across substations
supported by a central monitoring system in the THQZ. The systems security configuration,
patching level, management, and monitoring shall be unified and monitored centrally.
This section of this document provides an overview of requirements to be met and quoted by the
Contractor in the supply of ICS solutions to Transco. The full scope as well as detailed technical
requirements are dealt with in the remaining sections of this document. The Contractor shall
provide a complete and fully functioning solution that implements suitable and sufficient levels of
security for all OT assets within substation, including all necessary supplies and services to ensure
safe and proper function, even if not explicitly included in this document.
8.1 General
1. Substation ICS cyber security design shall be based on the requirements of IEC62443,
NIST, ISO27001/2, UAE DoE Cyber Security Framework and follow a defense-in-depth
approach.
2. A low-level design of the systems shall be submitted to Transco prior to FAT. This is
applicable to the single system/network/hardware/software as well for overall substation
network architecture.
3. The proposed solution shall incorporate a scalable architecture that enables low-cost
expansion to multiple control rooms/remote locations (substations & regional hubs). The
solution functionalities shall operate as one integrated environment, not a collection of
individual tools.
4. The security design shall be consistent across all systems within substations, shall provide
an optimized amount of hardware and number of solutions, shall be cost-optimized and
only due-diligent solutions shall be proposed.
5. Security design shall be harmonized with existing Transco telecommunication and cyber
security systems, solutions and infrastructure that are implemented in the THQZ.
6. A System under Consideration shall be defined in accordance with IEC62443-3-2 for the
scope of work of work being supplied to Transco. This shall include consideration of
implementation of the following:
- Secure network design for substation systems with consideration of segmentation
and segregation between substation systems and 3rd party companies;
- Endpoint security based on antimalware, Host Based Intrusion Detection (HIDS),
Endpoint Detection and Response (EDR) solutions;
- A centrally managed Role-Based Access Control (RBAC) solution for all
substation systems and devices;

- Next generation and industry specific firewalls and unidirectional data diodes for
inbound and outbound connections;
- System & network hardening for all OT assets in the substation;
- Asset status monitoring & asset health status;
- Intrusion Detection System (IDS) with OT capabilities;
- Patch management solution and system integration;
- Secure remote access system to the substation OT environment from THQZ OT
environment (jump server, secure remote access solution, etc.)
- Secure file transfer system from OT systems in the substation to Transco
engineering laptops and/or THQZ engineering workstations
- Encrypted multi-layered backup and restore solution.
- System & network hardening for all OT assets in the substation
7. A flat network model shall not be implemented.
8. All supplied cyber security products shall be compatible with ICS systems, including but
not limited to the SCMS, FMS, PQM and WAMS and any other system that is located in
the substation and/or THQZ. Relevant proof of system compatibility shall be provided by
the Contractor. The sizing details for the hosting platform used for cyber security solutions
shall be calculated during the design stage and submitted for Transco review.
9. System and devices on the substation shall have interfaces with and capabilities for
integration with the Transco Cyber Security Management System (CSMS) located in the
THQZ.
10. The sizing details for the hosting of cyber security solutions shall be provided by the
Contractor and submitted for Transco approval.
11. The overall substation network design, each ICS system network design, and cyber security
systems and their components shall be scalable and allow for system growth over the time.
8.2 Secure Network and Network Architecture Design

This chapter provides a minimum scope for the secure design of the network and network
architecture
1. The system design shall partition the system into zones and conduits in accordance with
IEC62443-3-2 using the results of the Initial Risk Assessment. A Security Level Target
(SL-T) shall be assigned to each zone and conduit in accordance with the requirements of
IEC62443-3-2 and the results of the Initial Risk Assessment.
2. Requirements from IEC62443-3-3 shall be assigned for devices in each zone and conduit
from the SL-T assigned above.

3. In accordance with the requirements of IEC62443-3-2 the Security Level Capability (SL-
C) for each zone and conduit shall be established for all components within a zone or
conduit.
4. Where the SL-C is below the SL-T for a zone, Detailed Risk Assessment shall be performed
by the Contractor to establish further countermeasures that may be required.
5. The system shall be designed to meet requirements derived from the clauses above and
evidence shall be provided that the Security Level Achieved (SL-A) meets the SL-T
requirements.
6. The following levels shall be considered in the substation network architecture:
- Level 0 – This zone contains sensors, actuators, bus bars, transformers,
disconnectors/ isolators, transducers, smart meters etc.
- Level 1 – This is the basic control zone containing bay level equipment (all IEDs,
BCU, relays, AVR, GPS, PLC etc.).
- Level 2 – This is the supervisory control zone containing SCMS, FMS, PQM
systems components (e.g. servers/workstation/RTUs) and related monitoring and
power regulation.
- Level 2.5 – This is the substation DMZ zone, which is used to segment substation
internal L1, L2 networks from external communications to the
LDC/ADDC/ECC/TCC/TC&MC. It is also used to deploy cyber security systems
local to the substation.
- Level 3 – This is the master supervisory zone containing THQZ, TCC and CSMS
(Cyber Security Management System) and related master supervisory control
systems (e.g. SCADA, NMS, Network Manager, centralized consoles and servers
etc.),
- Level 3.5 – This contains Transco’s TCAMC data processing systems and data hub
in the THQZ along with connections to substation systems and cyber security
monitoring systems.
7. The Contractor shall provide a network design for the whole substation that shall include
the following:
- A Network IP plan;
- Detailed of PCN logical and physical segmentation based on the results of the Initial
Risk Assessment;
- Communication protocol details;
- Network redundancy schema for L1, L2 and L2.5 infrastructure;
- Network security details;
- Explicit dataflow between substation systems and dataflow from substation system
to the THQZ, LDC, ADDC, IWPP.

8. The design shall include a substation Demilitarized Zone (DMZ) (level 2.5) to segment the
THQZ centralized L3 process environment from substation L2 devices.
9. The process data exchange between L2 station controllers and L2.5 data gateways HMIs
to the TCAMC and other systems located on levels L3, L3.5 of the THQZ shall not be
mapped directly from L2 to L3.
10. A next generation firewall shall be used to provide network segmentation between level L3
and L2.5.
11. The firewall shall be used to provide network segmentation between level L2.5 and L2.
12. The firewall shall be used to provide segmentation between management and process
traffic.
13. The firewall shall be used for SCMS, FMS, PQMS, WAMS, Partial Discharge, TCAMC,
and all other external communication and interconnections needs for the substation
systems.
14. The firewall shall support advanced threat protection, industrial protocols and protection
of industrial systems.
15. The substation L2.5 zone shall be configured to be used for secured remote access
communication from the THQZ engineering room. This shall be used to provide access for
cyber security specialists and authorized Transco engineers. Security for such access shall
be provided by using only dedicated thin client machines on dedicated machines within the
THQZ OT network connected to the dedicated secure remote access servers located in the
OT network. Sessions and actions shall be recorded, and phishing resistant two-factor
authentication shall be used for connection authorization. Firewall rules for remote access
to the TCAMC to the substation L2.5 zone shall allow such communication only during
requested and approved time frames. At all other times, the firewall rule shall deny any
remote communication from zones external to the substation.
16. Data gateway devices located in substations shall be configured with dataflow allowed only
to dedicated devices. Mesh connections shall be excluded. Substation gateway devices for
the ADDC and/or LDC shall be segregated from the substation L1, L2 process control
network, since the substation gateway connections to LDC and/or ADDC are considered
as communication with 3rd party systems (i.e. systems in the L3.5 zone are considered to
be 3rd party systems).
17. Network and device IP address assignments shall be designed to exclude utilization of the
same IP range as already used on existing Transco assets. IP address schema shall be
optimized, and proper subnet masks shall be used to avoid unreasonable IP address space
overutilization.
18. Design of segmentation between substation core PCN and 3rd party systems or networks
(e.g. power plant, water plant, other partners’ systems such as ADDC, AADC, TAQA)
shall be achieved using industrial firewalls, next-generation firewalls and data diodes, as
appropriate, to provide a suitable and sufficient level of security.

19. Detailed design of network connectivity from substation L2.5 to the Transco SDH shall be
provided. This shall include interface IP addresses, routing protocols, reliability
configuration, and security configuration.
20. Detailed design of the connectivity from the substation to the THQZ and shall be provided.
The design shall be unified with the existing Transco OT network and shall utilize the same
routing and/or switching protocols. If at the contract award of a project, there are no unified
routing protocols between remote sites and the THQZ, the Contractor shall design and
propose the solution to Transco.
21. Explicit network dataflow shall be defined and documented for all systems on L1, L2, L2.5
and their communications to the THQZ, TCAMC, LDC, ADDC and IWPP.
22. Substations shall have only a single external connection to the Transco THQZ via a single
point connection on redundant routers and firewalls within the substation. This shall be
implemented using two dedicated ethernet channels for redundancy purposes.
23. Substations shall have only a single external connection to the Transco DR Center via a
single point connection on redundant routers and firewalls within the substation. This shall
be implemented using two dedicated ethernet channels for redundancy purposes.
24. The connections from a substation to 3rd party networks (e.g. power generation plants,
water generation plants or LDC/ADDC, AADC) shall be established through firewalls (L-
FW) or data diodes. This shall be a physically separate device from the substation firewalls.
25. The firewall for 3rd party systems shall be specified based on the type of industrial protocol,
used for the data transfer and/or exchange. Advanced threat protection and industrial
protocols and systems protection shall be supported by firewalls.
26. Where there is a requirement to have unidirectional connection due to the criticality of an
OT asset, on Transco’s or a 3rd party’s side, a unidirectional data diode shall be designed
and delivered.
27. Advanced threat protection and industrial protocols and systems protection shall be
supported by all firewalls.
28. Network design shall include network traffic aggregation switches and required network
connections for traffic mirroring to the IDS sensor. Traffic mirroring shall cover mirroring
for L1, L2, L2.5 network flow and for the egress and ingress traffic from external
communications.
29. 2.4 and 5Ghz Wi-Fi solutions for the PCN, substation and the THQZ OT systems are
prohibited unless requested by Transco.
30. ICS systems, which utilize any other radio channel range, which is different from Wi-Fi
range, shall be designed for secure communication.
31. Industrial protocols shall be implemented in line with best security practice such as those
contained in IEC 62351 and IEC 62443.

32. TCP/IP and any other non-industrial protocols shall be implemented in line with relevant
best practice.
33. If non-TCP/IP protocol or any other proprietary communication protocol is designed to be
used by the solution, suitable and sufficient cyber security measures shall be deployed to
protect it. Respective evidence of protocol security shall be provided to Transco as well the
assurance that this solution is going to be supported by vendor and user support will be
available for the agreed lifetime of the system. This shall be officially confirmed to
Transco.
34. All cyber security network equipment (switches, firewalls, servers) shall have redundancy
on the following levels: platform, interface and appliance (if applicable).
35. The Design shall include redundant uplink interfaces for all network equipment on levels
L1, L2 and L2.5.
36. The Contractor shall not implement cloud-based solutions for Transco ICS systems.
37. Data from ICS systems is prohibited to be transferred, processed and/or stored in cloud-
based solutions.
8.3 Cryptography
1. The Contractor shall ensure that cryptography provided as part of the system and enabled
during commissioning or maintenance complies with relevant UAE laws, regulations and
agreements.
2. The Contractor shall use cryptographic algorithms, key sizes and mechanisms for key
establishment and management according to commonly accepted security industry
practices and recommendations.
3. The Contractor shall ensure that suitable and sufficient levels of secure key management
are implemented and that any keys generated by the Contractor are securely deleted when
they are no longer required by the Contractor.
8.4 Secure Time Synchronization

1. All devices, connected to the Transco OT network, shall be configured to time
synchronization with Transco OT environment time server.
2. For system devices where time synchronization is critical to TRASNCO operations or
security the Contractor shall implement suitable and sufficient countermeasures to mitigate
this risk.
3. The Contractor shall ensure that systems do not prevent the future use of Precision Time
Protocol (PTP).

4. The Contractor shall implement provision of NTP and/or PTP to devices via a separate
secure logical network zone.
5. NTP and/or PTP servers shall incorporate anti-jamming and anti-spoofing protection.
8.5 Role Based Access Control (RBAC)

1. Access to the substation systems/devices shall be unified, standardized and secured. This
shall be achieved by implementing RBAC Domain and by the configuration of all
substation devices to be authenticated through RBAC system.
2. The RBAC system may be deployed as a virtual machine or as a bare metal server and shall
be redundant.
3. VM recourse calculation and hardware recourses calculation for the Windows-based
domain controllers shall be done with 40% spare capacity.
4. OEM vendor expertise shall be considered for the implementation of L2 domain controller
This shall include the analysis of the process for implementation of domain controllers for
substations, designing an OEM approved domain controller and Active Directory
architecture and, group policies configuration.
5. Design of the substation OT Domain architecture, low level design for domain controllers,
DNS, Active Directory configuration, user accounts, user groups and assigned permissions
shall be agreed and approved by Transco.
6. Local accounts on the SCMS/FMS/PQM/TCAMC devices in the substation shall be
suitably and sufficiently secured and kept enabled for emergency purposes. However, the
primary authentication and login into the system shall be based on the RBAC server
authentication.
7. The substation level domain controllers shall have a RADIUS server deployed for client
authentication. All clients in the substation OT network that support RADIUS
authentication shall be configured to be integrated into the RADIUS server for
authentication and access control.
8. Services and processes running on substation systems shall be configured to use domain
service accounts for authentication.
9. Configuration of the Active Directory and Group Policy Objects shall be done based on
OEM vendor qualified baselines for SCMS devices. For the cyber security systems and
non-process control systems a configuration based on the most robust CIS Benchmark
baselines and Transco approved baselines shall be implemented.
10. All domain controllers shall have a Transco approved antivirus and antimalware agent with
correctly configured antivirus policies.
11. All Domain Controllers shall have backup and restore agents installed with a configured
backup schedule based on the Transco backup strategy.

12. Domain Controller logs and events shall be transmitted to the substation log management
system.
13. All Domain Controllers shall have latest systems and security patches installed in prior to
connection to the Transco PCN.
14. Authorization, Authentication and Accounting (AAA) and RBAC mechanisms shall be
implemented to suitably and sufficiently secure management access to critical hosts
substation servers and network equipment.
15. Devices shall require identity authentication to take place prior to any other form of user-
initiated interaction, including remote interaction, with the system. Specifically,
unauthenticated, repudiable user interaction with the system shall be prohibited.
16. Substation systems and devices shall be capable of supporting multiple user accounts.
17. Substation systems and devices shall provide the capability to manage user accounts
(including default accounts). Management capability shall include the following as a
minimum:
- Account creation;
- Ability to disable accounts;
- Account deletion;
- Ability to change account passwords;
- Ability to change account privileges.
18. The ability to manage user accounts shall be restricted to specific accounts. Account
management actions shall be logged.
19. All default administrator and/or root, user and service accounts on substation devices shall
be capable of being disabled, deleted, renamed, or have their passwords changed.
Hardcoded, non-configurable default accounts and passwords are prohibited.
20. By default, all passwords shall be obfuscated on the screen during input to prevent
disclosure of the password to any by-standers.
21. Where systems utilize auto-login accounts or where user accounts are used to provide
continuous operations or monitoring for essential functions, these accounts shall never
expire or become disabled automatically.
22. Temporary shared accounts shall be configured for use during FAT & SAT stages and shall
be removed from all devices and systems before substation energization.
23. Personal accounts for Transco authorized personnel shall be configured in the system at
the SAT stage as per Transco guidelines and under Transco supervision.

8.6 System Integrity

1. The integrity of OT assets shall be maintained in both operational and non-operational
states, such as during operation, when in storage or during a maintenance shutdown. The
integrity of logical assets shall be maintained while in transit and at rest, such as being
transmitted over a network or when residing in a data repository.
2. Systems shall verify security functions are operating as intended and report when
anomalies are discovered.
3. Systems shall protect security audit logs and security audit tools (if present) from
unauthorized access, modification, and deletion.
4. Devices shall restrict running applications to only those that are required to allow the
system to perform its function.
5. Systems shall be protected against malware, using technical and/or non-technical malware
protection mechanisms, such as anti-malware, whitelisting, and physical or logical
isolation.
6. Systems shall be supplied free of known malware and vulnerabilities prior to their
connection to and use in the substation networks. This includes portable devices that may
be connected to systems for commissioning and maintenance purposes.
8.7 Data Confidentiality

1. Some system-generated information is of a confidential or sensitive nature. Where this is
the case, communication channels and data-stores shall be protected against eavesdropping
and unauthorized access.
2. Identified confidential information, whether at rest or in transit, shall be protected.
8.8 Asset Management

1. The system and the devices it is composed of provided by the Contractor shall be
compatible with the centralized Transco NMS & IDS systems which are to be used for
asset management.
2. The system shall be capable of reporting or being monitored for changes in hardware or
software configuration to the centralized Transco NMS & IDS systems (e.g. the system
shall report replacement of hardware, removal or installation of software, etc.).
3. The Contractor shall ensure that ICS devices are capable of providing required information
to the centralized Transco NMS & IDS systems.

8.9 Log Management

1. All OT assets, software and systems in substations shall be capable of generating security
events and shall have the option to be configured to provide suitable and sufficient levels
of information.
2. Logs shall be provided from all devices on L1, L2, L2.5, from applications on L2, L2.5,
from operating systems on L2, L2.5 and all network devices on L1, L2, L2.5.
3. Following minimal, but not limited activities/events and alarms shall be logged:
- User and service accounts authentication/authorization (success and failure);
- Grant, modify, or revoke access rights, including adding a new user or group;
- Unauthorized system access attempts;
- Unauthorized data and/or resource access attempts;
- Changing user privilege levels;
- User and/or service accounts password change;
- Changing file permissions, changing database object permissions etc.;
- Creation and deletion of system level objects;
- Changing device/system configuration;
- All privileged operations (administrator, root, engineer, operator);
- Removal and/or installation of software;
- Application process start up, shutdown, restart, failure;
- Hardware startup, reboot and shutdown;
- Initialization, stopping or pausing of the logs;
- Invalid control commands detected by end device application;
- Status of all network connections to an end device, including availability,
overloads;
- Status of any “keep-alive” heartbeats, including any missed heartbeats;
- Status of backup or failover mechanisms, such as numbers and times these
mechanisms were unavailable.
4. ICS systems and devices provided to Transco shall have the capability to provide access to
security related data and events using open log format standards.
5. The use of monitoring tools and techniques shall not adversely affect the operational
performance of ICS systems.
6. The log management capabilities of the substation devices shall be compliant with Transco
requirements for logging and monitoring and shall be capable of being integrated into
Transco’s existing log collection system.

7. The substation OT systems shall log user activities as well as security relevant events and
errors in a format that can be evaluated and analyzed during operations or afterwards. The
log files shall be protected against tampering.
8. Where possible and required devices shall be configured to use SNMPv3. A unique login
and password shall be defined for each category of device and system.
9. If SNMPv2 and/or SNMPv1 is used because a device or system is not compatible with
SNMPv3, these shall be configured using a private unique community name for each
category of device. Passwords shall exclude the use of dictionary words, any company
related words, or any other combination of characters which are easy to guess or brute
force. Devices shall be configured to have ability to only send to the monitoring device for
traps and shall be configured to only be read by the monitoring device.
10. Log management system shall be deployed on the separate VM or hardware-based node
and reside at the substation L2.5 DMZ.
11. The log management system shall be capable of being fully integrated with the CSMS in
the THQZ and Transco’s Splunk SIEM.
12. The log files from ICS, cyber security and log collector systems shall be transmitted to the
substation log management system for pre-processing and onwards transmission to the
central log management system in the THQZ. In the event of network disruption, the onsite
log manager shall store logs whilst the network is unavailable and shall be configured to
forward them to the THQZ following restoration of the network connection.
8.10 Antimalware
1. Antivirus & antimalware solution shall be used to protect computers that run Windows and
Linux Operating Systems. The Antimalware solution shall include antivirus and
application whitelisting.
2. The Antivirus & antimalware solution shall be qualified to be compatible with SCMS/
systems by OEMs and vendors if applicable.
3. The antivirus & antimalware system shall support all versions of Windows & Linux
systems that are delivered as part of the substation scope of work.
4. In case the antivirus & antimalware system cannot support a version of an OS (e.g. due to
compatibility issues, functionality issues, installation issues, etc.) The contractor shall
demonstrate and agree a solution with the Transco cyber security team.
5. The proposed solution shall deliver the capability to employ protection mechanisms to
prevent, detect, report, and mitigate the effects of malicious code or unauthorized software.
6. The proposed solution shall deliver the capability to whitelist all approved software and
restrict use of any forms of unapproved scripts, software, batch files and all other forms of
executable instructions or software.

7. The proposed solution shall deliver the capability to detect, record, report, and protect
against unauthorized changes to critical software and supporting information at rest to
preserve the integrity of the delivered system.
8. Approved antivirus and antimalware systems shall be compatible with OT networks and
systems and shall not have any functional impact on OT systems.
9. The right quantity of antivirus and antimalware client licenses shall be considered based
on the substation systems design.
10. Antivirus and antimalware system shall have the capability to be integrated with the
Transco centralized antivirus and antimalware console located in the THQZ.
11. The Contractor shall test the integration, performance and connectivity of the deployed
antivirus and antimalware systems with the centralized Transco antivirus and antimalware
console located in the THQZ.
12. Antivirus & antimalware solution agent on the client node to have the option to be disabled
locally. This mechanism shall be protected by a password.
13. Antivirus and antimalware system shall be capable to send real-time, event-based logs to
the log management system at the substation level.
14. Application whitelisting shall be implemented on each Windows or Linux based device in
the substation. The application whitelisting configuration shall not have an exclusion for
file formats or file types. All files shall be inventoried, and their status shall be defined
(approved/unapproved). If exclusions are required to be applied based on the operational
process requirements or OEM vendor recommendations this shall be approved by Transco.
15. Antivirus and application whitelisting policies shall be configured in the way to ensure that
policies are pushed to antivirus & antimalware agents. This shall also include required
policies for removable media prevention.
16. Antimalware agents shall be able to operate on the client node without connectivity to the
central antimalware server. This shall not have impact on the SCMS, FMS, WAMS,
PQMS, and other systems in the substation, running on the client node with no connection
to the central antimalware server.
17. The Contractor shall verify that devices do not have any malicious files before deploying
and configure the application whitelisting system.
8.11 Backup and Restore

The Transco approach towards backup and restore is to have 3 independent layers of backups.
These are:
• 1st level backup – A local backup copy held at the substation including all physical
device configurations and data and copies of all virtual devices.

• 2nd level backup – A copy of all physical device configurations and data and copies of
all virtual devices is replicated on the THQZ centralized backup system.
• 3rd level backup – A duplicate copy of all physical device configurations and data and
copies of all virtual devices is held on long term storage medium and saved in two
locations: the THQZ and the DR site.
1. The substation level backup and restore solution shall be designed with the capability to
recover and reconstitute to a known secure state after a disruption or failure. Protected NAS
storage shall be part of the backup and restore system design to save substation systems
backups locally.
2. The proposed solution shall have the capability to take secure reliable backups of user-
level and system-level files and data (including system state information) without affecting
normal operations. The solution shall provide further capability to restore system backup
archives on dissimilar system hardware or virtual machines.
3. The solution shall deliver the capability to verify the reliability of backup file archives and
the backup mechanisms.
4. The solution shall have a user-friendly and intuitive interface.
5. The Contractor shall integrate the secure backup solution with Transco centralized backup
and restore solution and shall ensure that the required data can be provided for the 2nd and
3rd levels of backup.
6. The proposed solution shall have options for configuration that will ensure that a suitable
and sufficient level of independence between local and centralized backup locations exists
and configured to prevent malicious damage or non-malicious corruption of one level of
backup spreading to another.
7. The backup and restore solution shall provide real-time, continuous backup and restore
infrastructure for all devices and create an online backup of all devices and will be capable
of restoring devices in the event of hardware or software system failure.
8. The backup and restore solution shall have ransomware prevention mechanisms to protect
the backup and restore server operating system and software and backup storage files.
9. Documentation that describes manual backup and restoration procedures that include
detailed step-by-step backup and restoration activities for all devices in the substation shall
be developed and submitted as part of Operation and Maintenance Manual.
8.12 Network Monitoring

1. An agentless network monitoring system shall be provided for the substation systems to
provide comprehensive OT infrastructure health and performance monitoring. The NMS
shall be able to detect bandwidth and availability degradation in the form of clear, detailed
graphs, reports, and lists.

2. The NMS shall be deployed in the substation for monitoring of the health status of the OS
based PC`s, network devices and other supported devices on L1-L2.5.
3. The NMS system shall support all SNMP protocol versions for data collection, WMI for
Windows based nodes data collection, applicable protocols for Linux based machines and
applicable protocols for SQL database performance monitoring.
4. The NMS system shall use separate SNMP communities to deliver asset details.
5. SNMPv3 shall be used for all compatible devices using the User Security Model with the
auth and priv configuration parameter enabled.
6. For SNMPv2, SNMPv1, these shall be configured using a private unique community name
for each category of device. This shall exclude dictionary words, or any company related
words which easy to guess or brute force. Devices shall be configured to only send to the
monitoring device for traps and shall be configured to be read-only.
7. All substation devices (switches, routers, firewalls, Windows based nodes, Linux based
nodes, etc.) in the substation shall be configured and added to the substation NMS system
for monitoring.
8. The Substation NMS system shall have proxy interface and shall be capable of being linked
with NMS console in the THQZ.
9. Traffic from substation NMS server in the THQZ shall be sent through a dedicated port
(use of ephemeral ports is prohibited). The required port configuration and rules
configuration on the firewalls and switches shall be implemented by contractor
10. The NMS server shall be a member of an RBAC domain and respective GPO and security
configuration shall be applied to the server.
11. The NMS solution shall have a perpetual license model. For a solution under a GPL, or
other open-source license, shall be obtained Transco cyber security team approval in
advance.
12. NMS event and alarm logging subsystem shall be linked to the substation log management
system.
8.13 Network Intrusion Detection (NIDS)

1. To perform continuous network activity analysis and threat monitoring IDS system sensors
shall be deployed at the substation level and linked with central monitoring and correlation
console in the THQZ.
2. The Substation shall be equipped with a ruggedized multiservice platform with ability to
deploy virtual instances of the IDS sensor. The IDS, switch and hardware for virtual
appliance shall be submitted for Transco approval at the design stage.
3. The vendor of the IDS sensor shall be approved by Transco prior to delivery.

4. By exception it is permitted to use a PC-based virtual sensor if this solution is approved or

requested by Transco.
5. An additional IDS aggregation switch shall be deployed if it is required based on the
network connection numbers for traffic mirroring and network design in the substations.
6. All required hardware, software, licenses, and installation materials shall be offered by
Contractor for the IDS sensor.
7. The Contractor shall provide all necessary cabling design and implementation between all
switches in the substation (SCMS/FMS/WAMS/PQM etc.) to the IDS aggregation switch
for traffic mirroring and monitoring. The Contractor shall link the IDS sensor to the
aggregation switch.
8. The Contractor shall provide all necessary configuration of SPAN and RSPAN interfaces
on switches in the substation to mirror network traffic to the IDS sensor.
9. The serial interface from the SCMS gateways to the LDC shall be monitored by an IDS
through a TAP device and shall mirror the IEC60870-5-101/104 flow to the IDS for
analysis.
10. The IDS sensor shall execute the network traffic for mirroring and pre-processing. All data
from substation IDS sensors shall be sent to the IDS CMC in the THQZ for storing,
processing and visualization.
11. The Contractor is responsible for the complete IDS implementation in the substation and
sensor integration to the CMC console in the THQZ.
12. All IDS configuration at the substation level and THZQ CMC shall be performed by
Contractor. All rules and behavior patterns configuration of the substation IDS sensors is
within the Contractor’s scope of work.
13. The IDS detailed design specification shall include details about configured rules, policies,
use cases and playbooks. This design specification shall be submitted for Transco review
and approval during detailed design stage.
14. The substation level IDS sensor deployment shall include configuration, training mode and
final tuning of the rules, based on the energy sector industry requirements and best cyber
security practices.
15. Customized IDS rules applicable to the Transco environment and systems, applicable to
the energy sector industry and actual cyber threats shall be configured in the IDS sensor.
These rules shall provide a comprehensive analysis of the processes in the network and
trigger an alarm/event when a violation is detected.
16. Transco reserves the right to supplement up to ten (10) additional use cases and playbooks
to be configured by Contractor during the project's implementation phase.
17. The IDS shall obtain details of all substation assets based on Transco’s requirements. The
IDS system shall function as an Asset Inventory. The system shall automatically perform

asset type identification (OT/IT) and assign a Purdue level where this asset located. Asset
configuration changes shall be monitored and alarmed.
18. The IDS sensors in the substation shall be connected to the CMC in the THQZ. Remote
access from THQZ shall only be available through the Management network and shall be
monitored. Phishing resistant two-factor authentication shall be deployed for management
access to the IDS sensors.
8.14 Secure Remote Access Connection to Substation L2.5 DMZ

1. A Secure Remote Access (SRA) service shall be implemented for remote connection from
the THQZ to substation L2.5 only.
2. Remote access shall be unidirectional from the THQZ to the substations.
3. The SRA service shall allow connections to the substation L2.5 only for the purpose of
cyber security systems remote maintenance.
4. The SRA solution shall be capable of being integrated to the central SRA in the THQZ.
5. Solution shall allow access only substations SRA node (direct access from central SRA
server to the substations infrastructure bypassing substation SRA node shall be prohibited).
6. The SRA solution shall not utilize connections between the THQZ and lower levels (i.e.
substations) through the Internet or any other external communication channels, apart from
the Transco SDH.
7. SRA shall support configuration of access lists to allow remote connection only from
dedicated trusted nodes in the THQZ and only for authorized user accounts.
8. The SRA system shall allow access only to Transco approved systems in substations. The
relevant devices configuration and network configuration shall be implemented by the
Contractor.
9. Dedicated client machine shall be available at the substation for access to the L2.5 systems
and management network. These shall be implemented using thin clients/KVM and shall
have secure access via user authentication and secure system configuration. The MAC/IP
based ACLs shall be configured on the network devices for network access control for the
Thin Client. The hardware running the Thin Client shall have the latest firmware, drivers
and OS updates installed.
8.15 Patch Management

1. The patch management system shall provide patch management services for Windows and
Linux based devices in the substation.
2. Patch management system shall have proper configuration that allows to deploy only
qualified patches.

3. Secure managed services solution for updates delivery shall be available during warranty
period for uploading new patches to the patch management system. This shall be only from
trusted resources.
4. The patch deployment process on the endpoints shall be done in silent invisible mode with
no system reboot or shutdown.
5. The Contractor shall provide solution for secure patching of air gapped systems in the
substation.
6. The patch management system shall have extended reporting system using graphs and shall
be able to show discrepancies between previous and current status of the patches in the
system.
7. In case of failure or errors in patch installation, the system shall revert back to its previous
state without impact on the Transco substation, operational process.
8. Substation endpoints shall be connected to the patch management system.
9. Any hardware, system, software or solution component being connected to the Transco
PCN shall have installed latest security patches and systems updates. Patching shall be
done prior to the system being connected to the PCN.
8.16 Hardening
Hardening is a method of securing systems and network devices by using a collection of tools,
techniques, and best practices to reduce vulnerability in applications, systems, and networks. The
goal of systems hardening is to reduce security risk by eliminating potential attack vectors and
condensing the system’s attack surface.
1. Comprehensive network and systems hardening shall be deployed on OT assets starting
from preparation for the FAT stage of the project.
2. A detailed design document with components and phases of system hardening shall be
developed and submitted to Transco prior to FAT.
3. Necessary written justification shall be provided to Transco in case where hardening steps
or options cannot be applied to the system.
4. The Contractor shall follow requirements from control system OEM for the hardening of
devices at levels L1, L2, L2.5 with industrial software installed.
5. CIS benchmarks and cyber security best practices for hardening non process operation
devices and networks on L1-2.5 layers shall be used for system hardening.
6. System hardening shall be applied to the software, firmware and hardware of all system
devices not limited to but including ICS devices (e.g. IED, PLC, Digital Relays,
Workstations, Servers, Switches, Routers, Firewalls) and other components that have
configurable settings.

7. Host-based firewalls shall be implemented and configured with explicit rules that allows
only approved communications on devices running the Windows and Linux Operating
Systems.
8. Workstations and server hardware shall have the latest version of firmware, drivers and
BIOS updates approved by the relevant vendor.
9. Network devices (e.g. switches, routers, firewalls, etc.) shall have the latest version of
firmware, ROS, IOS, etc. approved by vendor.
10. Unused Network Interface Cards (NIC) or any other forms of unused connectivity (e.g.
Bluetooth, Wi-Fi, cellular, etc.) shall be disabled at the BIOS level.
11. Hardening of Windows devices in SCMS and FMS systems shall be done based on the
OEM recommendations and best cyber security practices. A minimal hardening
configuration shall be agreed with Transco which shall be aligned with Transco cyber
security requirements and the DoE cyber security framework.
12. Hardening for Windows devices, which are not a part of the SCMS and FMS systems shall
be done as per the most robust CIS Benchmarks and Transco requirements.
13. Unnecessary or temporary accounts created in Operating Systems, switches, routers
firewalls, IEDs, BCUs, GPS, software applications, or any other device shall be removed
from the system.
14. Factory-default accounts shall be renamed and disabled wherever this is applicable and not
prevented by OEM vendor.
15. USB ports shall be disabled in the BIOS unless there is an operational need for them.
16. Non-required user accounts, services, applications, daemons and servers shall be disabled.
17. For Offline and Non-Real Time PCs (such as EWS), antivirus shall be configured for real
time monitoring and on-demand scans.
18. For real time PCs (such as Gateways) antivirus shall be configured for real time monitoring
and on-demand scans with malware prevention completed by whitelisting software.
19. For substation IEDs the follow requirements are mandatory:
- All unused IED features (e.g. earlier versions of SNMP) shall be disabled via
software and/or firmware configuration.
- USB ports shall be protected using a physical cap and shall be disabled using device
settings by default. The option must be available to reenable USB ports if and when
required (e.g. for maintenance purposes). User session shall automatically
terminate after a configurable time out.
20. Authentication shall be required to access the substation LAN remotely by configuring the
firewall as a proxy authentication.
21. The Contractor shall provide the following evidence of the above requirement being
correctly implemented:

- Scan Reports (Baseline and Hardening);

- AD/Domain configuration settings;
- Current Group Policies (GPO) (Only collected if required);
- Details on the nodes hardened and the nodes that are exempt from Hardening.
9 HARDWARE CYBER SECURITY REQUIREMENTS

This section contains cyber security requirements to the hardware supplied as part of the substation
OT environment. These requirements are applicable for the hardware for substations.
1. Hardware shall be ruggedized for deployment in harsh environments. For facilities where
hardware will be deployed with a regulated microclimate, standard ingress protection
requirements may be used with agreement from Transco. The power supply system of the
delivered equipment shall consider having 110VDC to 220VAC power converter if
procured hardware for security system does not operate on 110VDC. Non-standard power
requirements shall be negotiated with Transco in advance.
2. All provided hardware shall have an appropriate level of resiliency. For example, hardware
shall support hot swappable and redundant hard drives (e.g. RAID), fans, power supplies
and have no single point of failure.
3. All hardware within substations shall support full data protection upon power failure.
4. Hardware related to cyber security systems shall allow for normal operations with minimal
downtime to occur in the event of failure.
5. All OT assets and devices that are part of a substation (e.g. Relays, IEDs, AVRs, interface
converters, PLCs, RTUs, switches, routers, firewalls, servers, workstations, thin clients,
etc.) shall be capable of generating security events in the standard syslog format but not
limited to providing security events only in this format.
6. All devices on the substation network shall have capabilities to enforce approved
authorizations that have been assigned to all human users of the system. This shall be
achieved by the implementation of user access levels or roles. At a minimum, access levels
shall be defined in line with the following:
- Read Only access
- Operator access
- Engineering access
- Full Control / Administrator
7. All devices on the substation network shall have capabilities to restrict the connection of
portable and removable devices (e.g. USB drives) to only those which serve a defined
system function. i.e. Physical and logical ports shall be disabled where they are not required
for the ongoing function or maintenance of a device.

8. All devices on the substation network shall have capabilities for the configuration minimize
their attack surface. The reduction in the systems attack surface shall not impede the
required functionality of the system as defined by the systems functional requirements
specification. To achieve this the following shall be undertaken:
- Remove unrequired connectivity
- Disable unrequired network protocols
- Disable unrequired system services or resources
- Disable unrequired device ports and interfaces.
9. Devices shall be capable of storing security audit logs for a minimum period of 3 months.
10. Devices shall use authoritatively sourced timestamps for all generated logs.
11. Network hardware on the substation such as switches, routers must support SPAN and
RSPAN configuration. Unmanaged switches shall not be used in the substation network.
12. All OT assets and devices that are part of a substation (Relays, IED, AVR`s interface
converters, PLC`s, RTU`s, switches, routers, firewalls, servers, workstations, thin clients,
etc.) shall support RBAC authentication through RADIUS/LDAP/KERBEROS
authentication protocols and integration.
13. All devices within substation shall have respective configured settings to log transferring
to the log management system on the substation.
14. The Contractor shall be responsible for the configuration of hardware security event
reporting systems, to provide relevant information to the cyber security management and
monitoring systems.
15. Country-of-origin information for hardware shall be submitted to Transco prior to the
hardware procurement process.
16. Supply chain security for the equipment shall be provided during the whole equipment
delivery process.
17. Necessary security certifications for the hardware shall be provided as part of the
procurement process and shall be based on Transco’s request.
18. No backdoors or hardcoded user accounts shall exist in the substation devices. The
information about such backdoors, hardcoded user accounts or any other not-documented
features in the substation’s devices shall be provided to Transco.
10 SOFTWARE CYBER SECURITY REQUIREMENTS

This section contains cyber security requirements to the software, supplied for cyber security
needs, software, supplied for any other needs and operated in OT environment. These requirements
are applicable for the software for substations, the THQZ and other Transco assets.

1. Available cyber security certifications for supplied software shall be provided where
needed for cyber security purposes.
2. The Contractor shall ensure all final documents, licenses, tools, and media are provided to
Transco utilizing suitably and sufficiently secure means of (electronic or physical)
communication.
3. The Contractor shall be responsible for all software licenses (own licenses as well as third
party licenses) for the entire system with prices and details of license (single user, multi-
user, etc.).
4. Suitable and sufficient licenses for all third-party libraries and components shall be part of
project cope and shall be provided to Transco during the project commissioning stage.
5. Only latest version of OS, which is compatible with ICS and (or) qualified by ICS vendor
shall be used on Transco OT infrastructure. The Contractor shall provide a compatibility
matrix from OEM vendors for OSs and ICS systems with information and/or justification
for any case of OS selection and implementation process. This shall be provided during the
material submittal stage.
6. Software shall be capable of storing security audit logs for a minimum period of 6 months
or must have configurable option for log size, retention policy, etc.
7. Software shall use authoritatively sourced timestamps for all generated logs.
8. Systems shall be able to trace whether a given user, user group or user type have carried
out a particular action
9. Service account passwords or application hard-coded passwords that cannot be changed
shall be documented and additional compensating controls shall be identified to protect and
monitor such systems.
10. ICS and cyber security software in substations shall have functions and event reporting in
formats that provide compatibility with as wide a range of products as possible. The
Contractor shall clarify with the Transco security team the details report logging
requirements to the supplied software.
11. All cyber security system related software must be procured with required licenses. The
licenses should be perpetual, however if the OEM does not have perpetual model of a
license, a subscription-based license shall be provided with validity for the next 3 years
starting from the system commissioning.
12. An official letter from the software OEM shall be provided with confirmation that perpetual
model of the licensing is not supported by the OEM.
13. For the software that is under a GPL, or other open-source license, approval shall be
obtained from the Transco cyber security team in advance of it being used on a system or
as part of system design.
14. Installation of any freeware products is not allowed unless agreed and approved by
Transco.

15. Unnecessary software that is not belonging to scope of work shall not be installed on any
system.
16. Licenses for the cyber security systems shall be registered under a Transco account in the
OEM database (service portal). The registration shall be done using the clsdb@taransco.ae
email address. The Transco cyber security team shall be informed about the registration
process in advance.
17. No backdoors or hardcoded user accounts shall exist in the substation software. The
information about such backdoors, hardcoded user accounts or any other not-documented
features in the substation’s software shall be provided to Transco.

APPENDIX A: PURDUE REFERENCE MODEL

The term "Level" refers to the position in the Purdue Reference Model as standardized by
International Society of Automation (ISA) 95 and IEC 62443:
Figure 2 – Purdue Architecture Reference Model
• Level 0 – Actual physical process.

• Level 1 – Functions involved in sensing and manipulating the physical process. PLCs, DCS
controllers, SIS controllers, and RTUs are found at this level.
• Level 2 – Functions involved in monitoring and controlling of the physical process. As an
example, HMIs are found at this level
• Level 2.5 – Functional level for data flow segmentation between systems, running on L2
and L3.
• Level 3 – Functions involved in managing the workflows to produce the desired end-
products. As an example, Data historians are found at this level.
• Level 3.5 – DMZ between OT & IT Enterprise system.
• Level 4 – Corporate & Enterprise systems; not part of the process control network and is
responsible for the company's business activities.
• Level 5 – Corporate Cloud services and Corporate external communications.

Communications and Data Flows
Level 3.5
ECC 1
Emergency Control Center
LDC IWPP/ADDC/ Details of 3rd party firewalls on IWPP / LDC side is out of
Load Dispatch Center Zone & 3rd Party Partners Zone
Transco responsibility.
2
Please refer to figure 3 for details.
3
1 Each system have independent connection to time source
3rd party firewalls
-Network topology and switches for each substation systems
does not shown on current diagram and subject of detailed
design.
DR THQZ
FMS Regional Transco Disaster Recovery Transco Head Quarters Zone -DMZ access switches does not shown on current diagram
Monitoring Site Zone (TCAMC, WAMS, -All connections Except PQM system, shown are dual
Level 3
(ETCAMC) PQM, CSMS, etc. systems)

redundant connections.
-Connections between different substations are not shown.
- Non Transco systems
FMS Regional DR site Central - Transco systems

Firewalls Firewalls Firewalls
S-FW
L-FW IWPP/ADDC
Substation
LDC Firewall Firewall
DMZ Firewall
Level 2.5
Substation Local
Cyber Security
Services2
Level 2
FMS PQM SCMS WAMS
GPS System Clock

Provided
via VLAN3
Level 1
DAU Meters IED/relays

Transco Substation (Detailed View)
Transco Note: Current diagram reflect high level architecture for substation systems and
interconnections towards systems that reside in LDC/ECC, TCAMC and 3rd
parties. Revision
Initial Date: 09/04/2023 10/04/2023 Rev: 0.1
Date:
Figure 3 - High Level System Architecture Diagram Showing Connections and Segmentation Between Transco Systems

Communications and Data Flows
Level 3.5
1. Domain Controroller#2 should be bare metal server that is

physically and logically located on the Level 2 but must belong to the
same Domain name.
2. Switches in the ICS systems network are not reflected on the current
drawing.
3. DMZ access switches are not reflected on the current drawing.
4. IDS sensor position is abstract. The traffic mirroring

Level 3
communications is subject of detailed design.
- Virtual Machine based system
- Physical Machine based system
Substation Local Cyber Security Services

S-FW
Cyber security physical server#1
Substation
Patch DMZ Firewall
Domain
Contoller#1 Management
This is abstract connection
Level 2.5
Server
Antimalware
Log that combine necessary
Management
physical and logical links
Server
between substation ICS
Cyber security physical server#2 systems
Backup & Secure
Restore Remote
Access
Network
management
IDS Sensor
Level 2
Substation ICS systems

Domain
Controller#2
GPS System Clock

Provided
Level 1
via VLAN
ICS systems IED /DAU /
relays /PLC`s etc Transco Substation
Note: Current diagram reflect interconnection details between cyber security
S-TR-CPS-ICS (Rev.0-2023) Transco Page 44 of 50
systems in substation DMZ zone and ICS systems.
Revision
Initial Date: 09/04/2023 Rev: 0
Date:
Figure 4 – Substation DMZ and Local Cyber Security Services
Diagrams are provided for reference only to give an overall idea of the substation architecture levels as per the Purdue mode.

APPENDIX B: ICS ACCEPTABLE AND UNACCEPTABLE USE

General
a) Under no circumstances, ICS users shall not violate of the rights of any person or company
protected by copyright, trade secret, patent or other intellectual property, or similar laws or
regulations, including, but not limited to, the installation or distribution of “pirated” or
other software products that are not appropriately licensed for use by Transco.
b) For maintenance and support purposes by the system vendors and authorized personnel,
laptops or diagnostic devices may be allowed after verification and approval.
c) All portable media used in the ICS environment shall be used for its intended purposes
only and should be authorized prior to any activity.
d) The Contractor shall not use or access any ICS assets and services that they are not
authorized to. Bypassing any restriction on assets or access is strictly prohibited.
e) Transco reserves the right to monitor and audit the use of assets and services.
f) Bringing your own device (BYOD) or personal equipment and connecting any of those to
any OT network is strictly prohibited in any Transco ICS systems.
g) It is strictly prohibited to use any external program/script/command on any ICS assets or,
unless authorized.
h) It is strictly prohibited to attempt to circumvent any user authentication mechanism or
security of any host, network, or account.
i) It is strictly prohibited to reveal any ICS account password to others or allow use of
personal account by others.
Antivirus (Endpoint Protection)

a) The Contractor shall not install any an unapproved Endpoint protection or Anti-Virus
product or try to alter the configurations or disable existing product.
b) All ICS devices which are not fully scanned, or definition not updated at least once per
week should not be connected to the network.
c) External contents shall be malware or virus-scanned, using the provided endpoint
protection product.
d) If an infection is found or suspected, the machine will be disconnected from the network
until verified as clean.
e) The Contractor shall notify the AOD Cyber Security Team immediately if they suspect that
a malware or virus has been detected in any computing resources within Transco.
Use of Internet
a) Internet connections (inbound/outbound), including remote connections from vendor, sub

vendor, contractor, and subcontractor networks for remote maintenance and other is
prohibited for ICS network, unless authorized by Transco.
b) The Contractor shall not download, install, or use any unauthorized software or contents
from internet or external sources on the ICS computing devices existed on any of Transco
ICS Sites
c) Any information derived from the internet for any ongoing activity or project shall be
verified before being used for business purposes.
d) Prohibited to post any information (e.g. photos of Transco facilities, photos of the devices
or systems, project documentation, text information related to the software/hardware,
configuration files) on the any internet recourses (e.g. social media such as LinkedIn,
Instagram, professional and public forums and any other).
Use of Email, Messengers and Cloud Storage

a) The Contractor shall not use personal email or third-party email systems (such as Gmail,
Yahoo, Hotmail, Live, Outlook. iCloud, etc.) in any of Transco ICS systems and project
information exchange (e.g. send emails with project details, use cloud storage to save or
share project documentation, configuration files and other information, related to the
business with Transco).
b) Prohibited send project related files and sensitive data (e.g. IP addresses, device
configuration details, login/passwords, photos of Transco OT assets) through non corporate
messengers (e.g. WhatsApp, Telegram, Viber, etc.)
c) The Contractor should not share any Transco ICS confidential data through email, unless
authorized to, secure email controls have been implemented, and password protected prior
to being exchanged.
Use of Mobile Device

a) The Contractor shall not use or connect their personal devices for accessing ICS systems
and assets.
b) Any mobile devices used in the ICS environment shall have:
• Authorization based on a formal business need and their usage (type of work
permitted) shall be documented.
• Protective Software (e.g., antivirus definitions up to date, full scan before
connection, etc.).
• Security Patches (e.g., current patches installed)
• External Interfaces disabled (e.g., external interfaces such as wireless disabled).
c) The Contractor shall not connect their mobile phones to any ICS operational system (ex.

Monitor, Gateways, Operator Workstations, PLC’s, IEDs, etc.) for any purposes such as
charging.
Removable Media
a) The Contractor should not connect any personal owned removable media into Transco ICS
devices without contacting the AOD Cyber Security Section to scan the media and should
not plugin removable media contain Transco ICS data into their personal computing
devices.
b) Any removable media containing any Transco ICS data shall be encrypted.
c) Removable media containing sensitive ICS data shall not leave Transco premises unless
required to execute an authorized business operation with updated record inventory.

APPENDIX C: INCIDENT REPORT FORM

INCIDENT INDENTIFICATION INFORMATION
Date and Time of Notification:
Incident Detector Information:
Name: Date and time of Detection:
Title: Location:
Contract details (mobile, email): Affected system/device:
INCIDENT SUMMARY
Type of Incident Detected:
☐ Denial of Service ☐ Unauthorized Use
☐ Device/System configuration change detected ☐ Unauthorized access to the OT system
☐ Malicious software detected ☐ Lost credentials to the account/system/device
☐ Network compromised ☐ Unplanned system/network downtime
☐ Abnormal behavior of device/system ☐ Other (Unidentified)
Incident Description:
Names and contact information of all other witness of incident:
INCIDENT NOTIFICATION
☐ TRANSCO TCC ☐ TRANSCO Project manager
☐ TRANSCO Cyber security team
ACTIONS TAKEN
Identification measures:
Containment measures:
Eradication measures
Mitigation measures:

Evidence Collection:
FOLLOW-UP
Reviewed by:
☐ TRANSCO Cyber security team
Initial Report Completed by:
Follow-Up action taken by:
Note: Cyber security incident form shall be filled in and submitted to TRANSCO Cyber Security Focal point Engineer

S-TR-CPS-ICS (Rev.0-2023)

Uploaded by

Copyright:

Available Formats

You might also like

S-TR-CPS-ICS (Rev.0-2023)

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

S-TR-CPS-ICS (Rev.0-2023)

Uploaded by

Copyright:

Available Formats

POWER STANDARD TECHNICAL SPECIFICATIONS FOR ELECTRIC WORKS

OPERATIONAL TECHNOLOGY CYBER SECURITY REQUIREMENTS FOR INDUSTRIAL

TRANSCO STANDARD : S-TR-CPS-ICS (REV. 0-2023)

S-TR-CPS-ICS (Rev.0-2023) Page 1 of 50

S-TR-CPS-ICS (Rev.0-2023) Page 2 of 50

• UAE DoE Framework

• Transco Cyber Security Polices

• Operational Technology Cyber Security Requirements for Industrial

S-TR-CPS-ICS (Rev.0-2023) Page 3 of 50

S-TR-CPS-ICS (Rev.0-2023) Page 4 of 50

3 DEFINITIONS AND ACRONYMNS

AAA – Authorization, Authentication and Accounting

S-TR-CPS-ICS (Rev.0-2023) Page 5 of 50

LDC – Load Dispatch Center

S-TR-CPS-ICS (Rev.0-2023) Page 6 of 50

USB – Universal Serial Bus

Table 1 – Acronyms used in this Specification

S-TR-CPS-ICS (Rev.0-2023) Page 7 of 50

S-TR-CPS-ICS (Rev.0-2023) Page 8 of 50

Segregation is the process of isolating different networks from

S-TR-CPS-ICS (Rev.0-2023) Page 9 of 50

S-TR-CPS-ICS (Rev.0-2023) Page 10 of 50

6 GENERAL REQUIREMENTS TO THE CONTRACTOR

S-TR-CPS-ICS (Rev.0-2023) Page 11 of 50

7 CYBER SECURITY PROCESS REQUIREMENTS

S-TR-CPS-ICS (Rev.0-2023) Page 12 of 50

7.2 Secured Physical Systems and Actions

7.3 Media Control

S-TR-CPS-ICS (Rev.0-2023) Page 13 of 50

7.4 Contractor Development Environment Requirements

S-TR-CPS-ICS (Rev.0-2023) Page 14 of 50

7.5 Risk Management

S-TR-CPS-ICS (Rev.0-2023) Page 15 of 50

7.6 Vulnerability Management

S-TR-CPS-ICS (Rev.0-2023) Page 16 of 50

7.7 Incident Management

7.8 Documentation and Training

S-TR-CPS-ICS (Rev.0-2023) Page 17 of 50

S-TR-CPS-ICS (Rev.0-2023) Page 18 of 50

8 CYBER SECURITY DESIGN REQUIREMENTS

S-TR-CPS-ICS (Rev.0-2023) Page 19 of 50

8.2 Secure Network and Network Architecture Design

S-TR-CPS-ICS (Rev.0-2023) Page 20 of 50

S-TR-CPS-ICS (Rev.0-2023) Page 21 of 50

S-TR-CPS-ICS (Rev.0-2023) Page 22 of 50

S-TR-CPS-ICS (Rev.0-2023) Page 23 of 50

8.4 Secure Time Synchronization

S-TR-CPS-ICS (Rev.0-2023) Page 24 of 50

8.5 Role Based Access Control (RBAC)

S-TR-CPS-ICS (Rev.0-2023) Page 25 of 50

S-TR-CPS-ICS (Rev.0-2023) Page 26 of 50

8.6 System Integrity

8.7 Data Confidentiality

8.8 Asset Management

S-TR-CPS-ICS (Rev.0-2023) Page 27 of 50

8.9 Log Management

S-TR-CPS-ICS (Rev.0-2023) Page 28 of 50

S-TR-CPS-ICS (Rev.0-2023) Page 29 of 50

8.11 Backup and Restore