IEEE C37.240-2014 IEEE Standard Cybersecurity Requirements for Substation Automation, Protection, and Control Systems.
4. Use of this standard Cybersecurity in substation automation, protection, and control systems is widely recognized as a critical component in overall reliability of electricity supply. The North American Electric Reliability Corporation (NERC) critical infrastructure protection (CIP) standards have addressed a number of objectives that are to be accomplished in a cybersecurity program but have left the technical details and methods to the individual implementer. It can, however, be deduced that any cybersecurity program for the electric utility substation environment must have certain characteristics:  Technical Feasibility: The cybersecurity of a substation must be technically feasible in a substation environment. There are many aspects of substation operation that may preclude the use of cybersecurity technologies that are employed in other environments, such as commercial, financial, and military aaspects. Additionally, the program must be able to be deployed in a timely manner. A cybersecurity program that requires the replacement of a massive amount of automation, protection, and control equipment is not feasible, as the deployment might take many years, leaving the utility vulnerable through the deployment period.  Economic Feasibility: A cybersecurity program must take into account the size of the deployment and the ability of the utility to accomplish deployment at a cost acceptable to the stakeholders, which includes both shareholders and ratepayers of the utility.  Operational Feasibility: Utility substations have specific operational and maintenance requirements that must be considered in the development of the cybersecurity program. For example, a cybersecurity program that relies solely on having a local-area/wide-area network (LAN/WAN) connection to the substation may be impractical as loss of communications to the substation is likely under a number of typical fault scenarios.
5. Description of cybersecurity 5.1 Problem statements from utilities and operational challenges Utilities have a wide variety of components that utilize communication, varying from vacuum tube power- line carriers to multifunction microprocessor relays utilizing a high-speed WAN. The “channel” or “communication medium” used varies from utility-owned dedicated-pilot wires, microwave, or fiber networks to leased infrastructure, including dial up and cellular, which is basically shared with the public. Because of the variability in communication systems, using a standardized approach comes with some level of difficulty. Either the standards need to provide direction for each type of communication or multiple standards need to exist. Clearly, applying a one-size-fits-all approach for cybersecurity will not be effective and may limit the ability of the utility to do its job—namely, keeping the lights on.
IEEE C37.240 pdf download.