Cyber-security in substation automation systems

The cyber-security of several industrial plants has been compromised for last years by some worms and viruses, such as Stuxnet, which was able to take control of the Supervisory Control And Data Acquisition (SCADA) system of a nuclear plant in Iran. The research community and the international standardization committees raised their awareness about protecting information in Substation Automation Systems (SAS). IEC 61850-5 and IEC 62351-6 standards respectively describe communication models and the security mechanisms to be deployed in current substations, but they present some inconsistencies. On the one hand, this standard mandates that RSA cryptosystem must be used to provide source authenticity of GOOSE and SV messages. However, despite expensive processors with crypto accelerators were utilized, execution times would exceed the maximum transfer times stated in the standard for most time critical applications. On the other hand, the recommended synchronization solution is the Precision Time Protocol (PTP), as defined in IEEE 1588-2008, which introduced an optional security extension based on old keyed hash algorithms that has also been demonstrated to be suboptimal due to latency times and required resources. The aim of this paper is to explore current available security solutions and study their applicability to the substation environment. Furthermore, as part of the future security framework, a MACsec-based security approach that allows different communication services with diverse performance and security requirements to live together within the substation network is proposed.

[1]  J. A. Araujo,et al.  Duplicate and circulating frames discard methods for PRP and HSR (IEC62439-3) , 2013, IECON 2013 - 39th Annual Conference of the IEEE Industrial Electronics Society.

[2]  Ilia Voloh,et al.  Reviewing smart grid standards for protection, control, and monitoring applications , 2012, 2012 IEEE PES Innovative Smart Grid Technologies (ISGT).

[3]  Göran N Ericsson,et al.  Cyber Security and Power System Communication—Essential Parts of a Smart Grid Infrastructure , 2010, IEEE Transactions on Power Delivery.

[4]  H. Kirrmann,et al.  Security improvements for IEEE 1588 Annex K: Implementation and comparison of authentication codes , 2012, 2012 IEEE International Symposium on Precision Clock Synchronization for Measurement, Control and Communication Proceedings.

[5]  Jim McGhee,et al.  Smart High Voltage Substation Based on IEC 61850 Process Bus and IEEE 1588 Time Synchronization , 2010, 2010 First IEEE International Conference on Smart Grid Communications.

[6]  Albert Treytl,et al.  Security flaws and workarounds for IEEE 1588 (transparent) clocks , 2009, 2009 International Symposium on Precision Clock Synchronization for Measurement, Control and Communication.

[7]  Kang B. Lee,et al.  Standard for a Precision Clock Synchronization Protocol for Networked Measurement and Control Systems , 2004 .

[8]  Christian Riesch,et al.  IEEE 1588 for time synchronization of devices in the electric power industry , 2010, 2010 IEEE International Symposium on Precision Clock Synchronization for Measurement, Control and Communication.

[9]  Alessandra Flammini,et al.  On the Use of IEEE 1588 in Existing IEC 61850-Based SASs: Current Behavior and Future Challenges , 2011, IEEE Transactions on Instrumentation and Measurement.

[10]  Jesus Lazaro,et al.  IEEE 1588 Transparent Clock architecture for FPGA-based network devices , 2013, 2013 IEEE International Symposium on Industrial Electronics.

[11]  Amin Abdul,et al.  Integration of HSR and IEEE1588 over Ethernet networks , 2010, 2010 IEEE International Symposium on Precision Clock Synchronization for Measurement, Control and Communication.

[12]  Lars Richter,et al.  Untersuchung und Bewertung von Netzzugangssteuerungen auf Basis des Standards 802.1x (Port-Based Network Access Control) , 2005 .

[13]  T.S. Sidhu,et al.  Control and automation of power system substation using IEC61850 communication , 2005, Proceedings of 2005 IEEE Conference on Control Applications, 2005. CCA 2005..

[14]  Nada Golmie,et al.  NIST Framework and Roadmap for Smart Grid Interoperability Standards, Release 1.0 , 2010 .

[15]  Hans Weibel,et al.  Seamless and low-cost redundancy for substation automation systems (high availability seamless redundancy, HSR) , 2011, 2011 IEEE Power and Energy Society General Meeting.

[16]  Karlheinz Schwarz,et al.  The Standard Message Specification for Industrial Automation Systems -ISO 9506 (MMS) , 2005, The Industrial Information Technology Handbook.

[17]  H. Kirrmann,et al.  Performance of a full-hardware PTP implementation for an IEC 62439-3 redundant IEC 61850 substation automation network , 2012, 2012 IEEE International Symposium on Precision Clock Synchronization for Measurement, Control and Communication Proceedings.

[18]  D. Kushner,et al.  The real story of stuxnet , 2013, IEEE Spectrum.

[19]  G. Gaderer,et al.  Traps and pitfalls in secure clock synchronization , 2007, 2007 IEEE International Symposium on Precision Clock Synchronization for Measurement, Control and Communication.