Security of Process Bus in Digital Substation

Abstract

Cyber security attacks in substations have been a issue for a very long time [1]. It is necessary to secure the communication between devices in substation automation system. Generally, Substation Automation Systems uses Intelligent Electronic devices (IED) for monitoring, control and protection of substation. In the past, single purpose and mostly hard-wire interconnected devices were safety and control devices. More and more features have been built into multi-function intelligent electronic devices (IEDs) over time. The need for contact between the devices in the scheme has increased by increasing the number of functions per unit. The lack of wide-ranging knowledge of data communication technologies, protocols, remote access and risks to cybersecurity would improve the prospects for cyber-initiated events. Enabling support for authentication and authorization, auditability and logging as well as product and system hardening are critical features for safeguarding electric power grids and power networks.

The introduction of a centralized account management system in the substation automation system is a simple solution for adding and removing users who have or are deprived of access. For utilities that have to stick to laws, this is a big advantage. The security logging mechanisms are a must in the case of intrusion prevention, finding unexpected use patterns and for safety forensics. It has to be precise, readily distributed and easily gathered [2]. Adopting new solutions for substations. These systems are following standards and trends, as of which one of them is in particular Ethernet and TCP/IP based communication protocols. The substation automation multicast messages are Generic Object Driven Substation Event (GOOSE) and Sampled Measured Value (SMV), Manufacturing Message Specification (MMS). The two recent standards published to protect the systems are IEC 61850 and IEC 62351. The mainstream development for substation automation is IEC61850. It provides an integrated solution for ensuring communication in substation automation between intelligent electronic devices (IED). On the one side, these standard mandates that GOOSE and SV messages must be used by the RSA cryptosystem to provide source authenticity.

This report provides a realistic consideration and review of the implementation in a substation automation system of a stable sampled measured value (SeSV) message. IEC Working Group 15 of Technical Committee 57 released IEC62351 on protection for IEC61850 profiles because of the lack of security features in the standard. However, the use of IEC62351 standards-based SV authentication methods is still not integrated and computational capabilities and performance are not validated and checked with commercial-grade devices. Therefore this report demonstrates the performance of SeSV allowed security feature packets transmitted between security and control devices by appending the extended IEC61850 packets to a message authentication code (MAC). A prototype implementation on a low-cost embedded commodity device has shown that with negligible time delay, the MAC-enabled SV message can completely protect the process bus communication in the digital substation.