An active command mediation approach for securing remote control interface of substations

Electrical substation is a crucial component in power grids. A number of international standards, such as IEC 60870 and 61850, have emerged to digitize and automate substations for efficient and timely control. However, owing to insufficient security consideration and implementation, the resulting systems could be vulnerable to cyber attacks. In fact, the digitization and automation of a large number of connected substations can dramatically increase the scale of potential damage on power grids. In this paper, we focus on attacks that inject malicious remote control commands targeting substations and discuss a practical, standards-based design of an active command mediation mechanism deployed in each substation to offer an additional layer of defense against attacks that somehow bypass other cyber security measures. Furthermore, as a concrete example of mitigation mechanism implemented on the command mediation system, we discuss autonomous command-delaying and evaluate its effectiveness. The simulation results show that our approach can significantly reduce the attack impact on power grid stability.

[1]  Jagath Samarabandu,et al.  An Intrusion Detection System for IEC61850 Automated Substations , 2010, IEEE Transactions on Power Delivery.

[2]  Ravishankar K. Iyer,et al.  Runtime Semantic Security Analysis to Detect and Mitigate Control-Related Attacks in Power Grids , 2018, IEEE Transactions on Smart Grid.

[3]  M. Caramanis,et al.  Tractable Transmission Topology Control Using Sensitivity Analysis , 2012, IEEE Transactions on Power Systems.

[4]  Mulukutla S. Sarma,et al.  Power System Analysis and Design , 1993 .

[5]  Ravishankar K. Iyer,et al.  Adapting Bro into SCADA: building a specification-based intrusion detection system for the DNP3 protocol , 2013, CSIIRW '13.

[6]  Peter Maynard,et al.  Investigating cyber-physical attacks against IEC 61850 photovoltaic inverter installations , 2015, 2015 IEEE 20th Conference on Emerging Technologies & Factory Automation (ETFA).

[7]  Peter Maynard,et al.  Towards Understanding Man-in-the-middle Attacks on IEC 60870-5-104 SCADA Networks , 2014, ICS-CSR.

[8]  David K. Y. Yau,et al.  Optimal False Data Injection Attack against Automatic Generation Control in Power Grids , 2016, 2016 ACM/IEEE 7th International Conference on Cyber-Physical Systems (ICCPS).

[9]  Dong Wei,et al.  Protecting Smart Grid Automation Systems Against Cyberattacks , 2011, IEEE Transactions on Smart Grid.

[10]  Ying Chen,et al.  Cyber-Physical Security Testbed for Substations in a Power Grid , 2015 .

[11]  Binbin Chen,et al.  Delay makes a difference: Smart grid resilience under remote meter disconnect attack , 2013, 2013 IEEE International Conference on Smart Grid Communications (SmartGridComm).

[12]  Chen-Ching Liu,et al.  Anomaly Detection for Cybersecurity of the Substations , 2011, IEEE Transactions on Smart Grid.