Search Results (6)

Digital substations, also referred to as modern power grid substations, utilize the IEC 61850 station and process bus in conjunction with IP-based communication. This includes communication with switch yard equipment within the substation as well as the dispatch center. IEC 61850 is a global standard developed to standardize power grid communications, covering multiple communication needs related to modern power grid substations or digital substations. Unlike the legacy communication standards, IEC 60870-5-104 and DNP3, IEC 61850 is specifically designed for IP-based communication. It comprises several communication models and supports real-time communication by introducing the process bus to replace traditional peer-to-peer communication with standard network communication between substation equipment and the switch yard. The process bus, especially Sampled Measured Values (SMV) communication, in modern power grid substations relies on extremely accurate and synchronized time to prevent equipment damage, maintain power grid system balance, and ensure safety. In IEC 61850, time synchronization is provided by the Precision Time Protocol (PTP). This paper discusses the significance and challenges of time synchronization in IEC 61850 substations, particularly those associated with PTP. It presents the results of a controlled experiment that subjects time synchronization and PTP to cyber-attacks and discusses the potential consequences of such attacks. The paper also provides recommendations for potential mitigation strategies. The contribution of this paper is to provide insights and recommendations for enhancing the security of IEC 61850-based substations against cyber-attacks targeting time synchronization. The paper also explores the potential consequences of cyber-attacks and provides recommendations for potential mitigation strategies. Full article

Rapid progress of computing and info-communication technologies (ICT) has changed the ecosystem of power production and delivery. Today, an energy network is a complex set of interrelated devices and information systems covering all areas of electric power operations and applying ICT based on open standards, such as IEC 60870, IEC 61850, and IEC 61970. According to IEC 62351, the energy networks are faced with high cybersecurity risks caused by open communications, security requirements rarely considered in the energy facilities, partial and difficult upgrades, and incompatibility of secure tools with industrial solutions. This situation results in new security challenges, e.g., denial of service attacks on the connected controllers, dispatching centers, process control systems, and terminals. IEC 62351 describes possible ways to comprehensive security in the energy networks. Most of them used in traditional networks (e.g., firewalls, intrusion detection systems) can be adapted to the energy networks. Honeypot systems as a protection measure help us to mitigate the attacks and maintain necessary security in the networks. Due to the large scale of an energy network and heterogeneity of its components, a new design, deployment, and management strategy for the honeypot systems are required. The paper suggests a new method for organizing a virtual network infrastructure of a hybrid honeypot system and a dynamic management method that adapts the network topology to the attacker’s actions according to the development graph of potential attacks. This technique allows us to dynamically build virtual networks of arbitrary scale. Because of the similarity of the virtual network to the virtualized origin and providing the level of interactivity of its nodes corresponding to real devices, this technique deploys an energy network indistinguishable from the real one for the attackers. A prototype of our honeypot system has been implemented, and experiments on it have demonstrated the more efficient use of the computing resources, the faster reaction to the attacker’s actions, and the deployment of different sizes of virtual networks for the given limits of the computing resources. Full article

Multi-station integration is motivated by the requirements of distributed energies interconnection and improvements in the efficiency of energy systems. Due to the diversity of communication services and the complexity of data exchanges between in-of-station and out-of-station, multi-station integrated systems have high security requirements. However, issues related to cyber security for multi-station integrated systems are seldom explored. Hence, this paper designs the secondary system architecture and proposes cyber security protection solutions for smart energy stations (SESt) that integrate the substation, photovoltaic station, energy storage station, electric vehicle charging station, and data center station. Firstly, the composition of SESt and functions of each substation are presented, a layered architecture of SESt is designed, and data exchanges of SESt are analyzed. Then, the cyber security threats and requirements of SESt are illustrated. Moreover, the cyber security protection principle and a cyber security protection system for SESt are proposed. On this basis, a security zoning and isolation scheme for SESt is designed. Finally, a traffic isolation scheme based on virtual local area networks (VLANs), a real-time guarantee scheme for communications based on service priority, and an enhancing cyber security scheme based on improved IEC 62351 are proposed for SESt. Full article

Increased connectivity is required to implement novel coordination and control schemes. IEC 61850-based communication solutions have become popular due to many reasons—object-oriented modeling capability, interoperable connectivity and strong communication protocols, to name a few. However, communication infrastructure is not well-equipped with cybersecurity mechanisms for secure operation. Unlike online banking systems that have been running such security systems for decades, smart grid cybersecurity is an emerging field. To achieve security at all levels, operational technology-based security is also needed. To address this need, this paper develops an intrusion detection system for smart grids utilizing IEC 61850’s Generic Object-Oriented Substation Event (GOOSE) messages. The system is developed with machine learning and is able to monitor the communication traffic of a given power system and distinguish normal events from abnormal ones, i.e., attacks. The designed system is implemented and tested with a realistic IEC 61850 GOOSE message dataset under symmetric and asymmetric fault conditions in the power system. The results show that the proposed system can successfully distinguish normal power system events from cyberattacks with high accuracy. This ensures that smart grids have intrusion detection in addition to cybersecurity features attached to exchanged messages. Full article

As the number of active components increase, distribution networks become harder to control. Microgrids are proposed to divide large networks into smaller, more manageable portions. The benefits of using microgrids are multiple; the cost of installation is significantly smaller and renewable energy-based generators can be utilized at a small scale. Due to the intermittent and time dependent nature of renewables, to ensure reliable and continuous supply of energy, it is imperative to create a system that has several generators and storage systems. The way to achieve this is through an energy management system (EMS) that can coordinate all these generators with a storage system. Prior to on-site installation, validation studies should be performed on such controllers. This work presents a standardized communication modeling based on IEC 61850 that is developed for a commercial microgrid controller. Using commercial software, different terminals are set up as intelligent electronic devices (IEDs) and the operation of the EMS is emulated with proper message exchanges. Considering that these messages transmit sensitive information, such as financial transactions or dispatch instructions, securing them against cyber-attacks is very important. Therefore; message integrity, node authentication, and confidentiality features are also implemented according to IEC 62351 guidelines. Real-message exchanges are captured with and without these security features to validate secure operation of standard communication solution. Full article

In the increasingly complex cyber-environment, appropriate sustainable maintenance of substation auto systems (SASs) can lead to many positive effects on power cyber-physical systems (CPSs). Evaluating the cybersecurity risk of power CPSs is the first step in creating sustainable maintenance plans for SASs. In this paper, a mathematical framework for evaluating the cybersecurity risk of a power CPS is proposed considering both the probability of successful cyberattacks on SASs and their consequences for the power system. First, the cyberattacks and their countermeasures are introduced, and the probability of successful cyber-intruding on SASs is modeled from the defender’s perspective. Then, a modified hypergraph model of the SAS’s logical structure is established to quantitatively analyze the impacts of cyberattacks on an SAS. The impacts will ultimately act on the physical systems of the power CPS. The modified hypergraph model can describe more information than a graph or hypergraph model and potentially can analyze complex networks like CPSs. Finally, the feasibility and effectiveness of the proposed evaluation method is verified by the IEEE 14-bus system, and the test results demonstrate that this proposed method is more reasonable to assess the cybersecurity risk of power CPS compared with some other models. Full article