Security and reliability analysis of a use case in smart grid substation automation systems

Substation automation systems provide high level of automation for both substation and distribution network. Communication in modern substation automation systems is based on Ethernet, TCP/IP and interoperable protocols within standard network infrastructure. Communication security and reliability become important and must be considered to ensure correct operation of substation automation systems. This paper presents an experimental lab setup in which IEC6180 standard is applied for substation communication. Designing substation LAN with Parallel Redundancy Protocol and programming proxy server supporting Transport Layer Security are proposed for reliability and security of the substation data network, respectively. Also, substation remote communication security is evaluated by testing two communication standards (IEC60870-5-104 and OPC UA) and two types of VPN: PPTP and IPsec. Test results are compared and the most secure solution is proposed. Securing remote communication assures reliable operation of the substation in the distribution network.

[1]  Hans Weibel,et al.  Seamless and low-cost redundancy for substation automation systems (high availability seamless redundancy, HSR) , 2011, 2011 IEEE Power and Energy Society General Meeting.

[2]  Chen-Ching Liu,et al.  Anomaly Detection for Cybersecurity of the Substations , 2011, IEEE Transactions on Smart Grid.

[3]  William Stallings Zhu,et al.  Network Security Essentials : Applications and Standards , 2007 .

[4]  Eduardo Jacob,et al.  Cyber-security in substation automation systems , 2016 .

[5]  Zhuo Lu,et al.  Cyber security in the Smart Grid: Survey and challenges , 2013, Comput. Networks.

[6]  Yang Xiao,et al.  A survey of communication/networking in Smart Grids , 2012, Future Gener. Comput. Syst..

[7]  Juan José González de la Rosa,et al.  Embedding Synchronized Measurement Technology for Smart Grid Development , 2013, IEEE Transactions on Industrial Informatics.

[8]  Timothy X. Brown,et al.  Exploiting the GOOSE protocol: A practical attack on cyber-infrastructure , 2012, 2012 IEEE Globecom Workshops.

[9]  Sami Repo,et al.  OPC UA security for protecting substation and control center data communication in the distribution domain of the smart grid , 2015, 2015 IEEE 13th International Conference on Industrial Informatics (INDIN).

[10]  M. Rentschler,et al.  The Parallel Redundancy Protocol for industrial IP networks , 2013, 2013 IEEE International Conference on Industrial Technology (ICIT).

[11]  Hubert D. Kirrmann,et al.  IEC 62439 PRP: Bumpless recovery for highly available, hard real-time industrial networks , 2007, 2007 IEEE Conference on Emerging Technologies and Factory Automation (EFTA 2007).

[12]  Bruce Schneier,et al.  Cryptanalysis of Microsoft's point-to-point tunneling protocol (PPTP) , 1998, CCS '98.

[13]  Ernest Foo,et al.  Formal modelling and analysis of DNP3 secure authentication , 2016, J. Netw. Comput. Appl..

[14]  Wei-Jen Lee,et al.  Electrical substation automation system modernization through the adoption of IEC61850 , 2015, 2015 IEEE/IAS 51st Industrial & Commercial Power Systems Technical Conference (I&CPS).