Power Utility Automation Cybersecurity: IEC 61850 Specification of an Intrusion Detection Function

The IEC 61850 standard defines a global framework for designing power utility automation systems. The main goal of IEC 61850 being interoperability, it brings information and tools for both system modelling and communication architecture. But cybersecurity measures and propositions are scarce. They should be a priority. To help fill this lack of cybersecurity, we specify a fully IEC 61850-compatible intrusion detection function. This paper explains the procedure of defining functions and necessary model objects consistent with the standard requirements. We then detail our intrusion detection function.

[1]  Igor Nai Fovino,et al.  Critical State-Based Filtering System for Securing SCADA Network Protocols , 2012, IEEE Transactions on Industrial Electronics.

[2]  J. Samarabandu,et al.  Evidence Theory based Decision Fusion for Masquerade Detection in IEC61850 Automated Substations , 2008, 2008 4th International Conference on Information and Automation for Sustainability.

[3]  Ulf Lindqvist,et al.  Using Model-based Intrusion Detection for SCADA Networks , 2006 .

[4]  J. Bigham,et al.  ANOMALY DETECTION IN ELECTRICITY CYBER INFRASTRUCTURES , 2006 .

[5]  G. Manimaran,et al.  Integrated Anomaly Detection for Cyber Security of the Substations , 2014, IEEE Transactions on Smart Grid.

[6]  Milos Manic,et al.  Fuzzy logic based anomaly detection for embedded network security cyber sensor , 2011, 2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS).

[7]  R. Sekar,et al.  Specification-based anomaly detection: a new approach for detecting network intrusions , 2002, CCS '02.

[8]  Xianggen Yin,et al.  Analysis on IEC 61850 Interoperability Support , 2007, 2007 IEEE Power Engineering Society General Meeting.

[9]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1987, IEEE Transactions on Software Engineering.