Power system DNP3 data object security using data sets

Power system cyber security demand is escalating with the increased number of security incidents and the increased stakeholder participation in power system operations, specifically consumers. Rule-based cyber security is proposed for Distributed Network Protocol (DNP3) outstation devices, with a focus on smart distribution system devices. The security utilizes the DNP3 application layer function codes and data objects to determine data access authorization for outstations, augmenting other security solutions that include firewalls, encryption, and authentication. The cyber security proposed in this article protects outstation devices when masters are compromised or attempt unauthorized access that bypass the other security solutions. In this article, non-utility stakeholder data access is limited through DNP3 data sets rather than granting direct access to the data points within an outstation. The data set utilization greatly constrains possible attack methods against a device by reducing the interaction capabilities with an outstation. The data sets also decrease the security complexity through rule reduction, thereby increasing the security applicability for retrofitted or process constrained devices. Temporal security constraints are supported for the data sets, increasing security against denial of service attacks.

[1]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008, RFC.

[2]  S. Borlase,et al.  The evolution of distribution , 2009, IEEE Power and Energy Magazine.

[3]  A. Nourai,et al.  Changing the electricity game , 2009, IEEE Power and Energy Magazine.

[4]  Jonathan Pollet The Past, Present, and Future of Securing Electric Power Systems , 2009, 2009 42nd Hawaii International Conference on System Sciences.

[5]  Lin Wang,et al.  Data Object Based Security for DNP3 Over TCP/IP for Increased Utility Commercial Aspects Security , 2007, 2007 IEEE Power Engineering Society General Meeting.

[6]  Xinghuo Yu,et al.  SCADA system security: Complexity, history and new developments , 2008, 2008 6th IEEE International Conference on Industrial Informatics.

[7]  J. Douglas,et al.  Electric utility responses to grid security issues , 2006, IEEE Power and Energy Magazine.

[8]  Tim Dierks,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008 .

[9]  F.M. Cleveland,et al.  Cyber security issues for Advanced Metering Infrasttructure (AMI) , 2008, 2008 IEEE Power and Energy Society General Meeting - Conversion and Delivery of Electrical Energy in the 21st Century.

[10]  Chang Xiaofeng,et al.  THE FUNCTIONAL SPECIFICATION , 2009 .

[11]  F. Cleveland Enhancing the Reliability and Security of the Information Infrastructure Used to Manage the Power System , 2007, 2007 IEEE Power Engineering Society General Meeting.

[12]  Chen-Ching Liu,et al.  Vulnerability Assessment of Cybersecurity for SCADA Systems Using Attack Trees , 2007, 2007 IEEE Power Engineering Society General Meeting.

[13]  T. Kropp System threats and vulnerabilities [power system protection] , 2006, IEEE Power and Energy Magazine.

[14]  A. Vojdani,et al.  Smart Integration , 2008, IEEE Power and Energy Magazine.