Designing SCADA Architectures for Scalability, Cybersecurity and Digital Resilience

The ongoing transformation of the power sector, driven by increased integration of renewable energy sources, liberalisation of electricity markets, and rapid digitalisation, has fundamentally changed operational requirements and exposed SCADA systems to new cyber risks. As the sector evolved, SCADA and other operational technologies (OT) increasingly adopted widely used information technology (IT) components, leading to convergence between IT and OT environments. While this shift enabled greater interoperability, scalability, and data exchange, it also expanded the cybersecurity attack surface and increased system complexity.

Consequently, the need for a more dynamic and comprehensive approach to cybersecurity became evident.

The European Union (EU) responded by introducing the NIS2 Directive, which significantly strengthens cybersecurity obligations for operators. In parallel, ENTSO-E (European Network of Transmission System Operators for Electricity) adopted the Network Code on Cybersecurity

(NCCS), establishing a unified regulatory framework aimed at improving the resilience of the interconnected European power system.

Upgrading SCADA architectures is inherently complex, slow, and resource-intensive compared to typical IT modernisation processes. Field environments often comprise a heterogeneous mix of modern and legacy systems, many of which remain in long-term operation. Replacing or redesigning such systems requires extensive technical expertise, financial investment, and careful planning. As a result, modernisation efforts must begin with a comprehensive analysis of existing architectures, supported by risk assessments and clearly defined functional, performance, and security requirements. The long-term sustainability of applied solutions must also be carefully evaluated.

Key principles of modern SCADA architectures should include cybersecurity controls and procedures tailored to OT environments, ensuring that real-time performance and system availability are not compromised. Testing plays a critical role in SCADA upgrades: Factory

Acceptance Testing (FAT) and Site Acceptance Testing (SAT) must verify not only core functionality but also cybersecurity protections, including vulnerability scanning, penetration testing, and functional validation before and after security measures are applied.

Once operational, SCADA cybersecurity must follow a continuous, lifecycle-oriented approach aligned with IEC 62443 standards. This includes timely patching, documented maintenance procedures, regular testing of disaster recovery strategies, continuous monitoring, and periodic vulnerability and penetration assessments. Only through systematic and ongoing security management can modern SCADA systems remain resilient within an increasingly digitalised and interconnected energy landscape.

This paper presents lessons learned from the design and evolution of flexible, secure, and resilient SCADA/Energy Management Systems (EMS)/Distribution Management Systems

(DMS) environments, drawing on the authors’ long-term practical experience in OT system deployment and modernisation. In addition to outlining state-of-the-art technical solutions and established implementation practices, the paper addresses practical challenges arising from the coexistence of diverse technologies with differing lifecycle characteristics, where extended OT lifecycles are often misaligned with the significantly shorter lifecycles of supporting IT technologies.