Security Analysis and Auditing of IEC61850-Based Automated Substations

This paper proposes a scheme for auditing the security of an IEC61850-based network based upon a novel security metric for intelligent electronic devices (IEDs). A detailed security analysis on an IEC61850 automated substation is peformed initially with a focus on the possible goals of the attacker. This is followed by the development of a scheme to audit the security of such a network. Security metrics are considered since they provide a tangible means of quantifying the security of a network. The proposed auditing scheme is tested by using it to audit the security of an IEC61850 network. The results are then compared with two other metric schemes-the mean time to compromise (MTTC) metric and the VEA-bility metric, which are used for auditing conventional computer networks. The input data for both metrics are obtained by using a network security tool to scan the IEDs of the network. The impact of using high-traffic generating network security tools on a time-critical IEC61850 network is also investigated.

[1]  David John Leversage,et al.  Estimating a System's Mean Time-to-Compromise , 2008, IEEE Security & Privacy.

[2]  Ken Fodero,et al.  Cyber Security Issues for Protective Relays T , 2022 .

[3]  Tomas Olovsson,et al.  A Quantitative Model of the Security Intrusion Process Based on Attacker Behavior , 1997, IEEE Trans. Software Eng..

[4]  T. Ohta,et al.  Network security model , 1993, Proceedings of IEEE Singapore International Conference on Networks/International Conference on Information Engineering '93.

[5]  J. Samarabandu,et al.  Evidence Theory based Decision Fusion for Masquerade Detection in IEC61850 Automated Substations , 2008, 2008 4th International Conference on Information and Automation for Sustainability.

[6]  Gen-Yih Liao,et al.  Toward Authenticating the Master in the Modbus Protocol , 2008, IEEE Transactions on Power Delivery.

[7]  William Stallings,et al.  Cryptography and Network Security: Principles and Practice , 1998 .

[8]  A. Nur Zincir-Heywood,et al.  VEA-bility Security Metric: A Network Security Analysis Tool , 2008, 2008 Third International Conference on Availability, Reliability and Security.

[9]  Ka-Ping Yee,et al.  Aligning Security and Usability , 2004, IEEE Secur. Priv..

[10]  Salim Hariri,et al.  Impact Analysis of Faults and Attacks in Large-Scale Networks , 2003, IEEE Secur. Priv..

[11]  Fred B. Schneider,et al.  Enforceable security policies , 2000, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[12]  Ryan Spangler Packet Sniffing on Layer 2 Switched Local Area Networks , 2003 .

[13]  S. Evans,et al.  Risk-based security engineering through the eyes of the adversary , 2005, Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop.

[14]  Matt Bishop,et al.  What Is Computer Security? , 2003, IEEE Secur. Priv..

[15]  R.E. Mackiewicz,et al.  Overview of IEC 61850 and Benefits , 2006, 2005/2006 IEEE/PES Transmission and Distribution Conference and Exhibition.