The IEC 61850 Sampled Measured Values Protocol: Analysis, Threat Identification, and Feasibility of Using NN Forecasters to Detect of Spoofed Packets

As contemporary smart grid operation is expected to be heavily reliant on distributed microprocessor-based control, a strong need arises for interoperability standards to address the heterogeneous nature of the data in the smart grid. With the emergence of IEC 61850 as a strong industry-accepted interoperability standard, electronic instrument transformers and merging units are being utilized to digitize and transmit current and voltage measurements as Sampled Measured Values. Realizing the importance of feedback measurements for the reliable operation of the smart grid, firstly, this paper presents a detailed analysis of the Sampled Measured Values protocol and its benefits, then, it identifies its vulnerabilities and derives the associated cyber threats. Secondly, current security measures are outlined and, thirdly, the feasibility of using neural network forecasters to detect spoofed sampled values is investigated. It was shown that although neural network forecasters have high spoofed data detection accuracy, their performance decreases with the accumulation of forecasting error.

[1]  Yoseba K. Penya,et al.  Evaluating Combined Load Forecasting in Large Power Systems and Smart Grids , 2013, IEEE Transactions on Industrial Informatics.

[2]  Thomas H. Morris,et al.  Developing a Hybrid Intrusion Detection System Using Data Mining for Power Systems , 2015, IEEE Transactions on Smart Grid.

[3]  G. Manimaran,et al.  Integrated Anomaly Detection for Cyber Security of the Substations , 2014, IEEE Transactions on Smart Grid.

[4]  Mohamad El Hariri,et al.  The IEC 61850 Sampled Measured Values Protocol: Analysis, Threat Identification, and Feasibility of Using NN Forecasters to Detect Spoofed Packets , 2019, Energies.

[5]  Thomas Peyrin,et al.  Generic Related-Key Attacks for HMAC , 2012, ASIACRYPT.

[6]  N. Radhika,et al.  A big data framework for intrusion detection in smart grids using apache spark , 2017, 2017 International Conference on Advances in Computing, Communications and Informatics (ICACCI).

[7]  Kun-Lin Tsai,et al.  An Internal Intrusion Detection and Protection System by Using Data Mining and Forensic Techniques , 2017, IEEE Systems Journal.

[8]  Rui Fan,et al.  Command authentication via faster than real time simulation , 2016, 2016 IEEE Power and Energy Society General Meeting (PESGM).

[9]  Osama A. Mohammed,et al.  Development and application of a real-time testbed for multiagent system interoperability: A case study on hierarchical microgrid control , 2017, 2017 IEEE Power & Energy Society General Meeting.

[10]  Timothy X. Brown,et al.  Exploiting the GOOSE protocol: A practical attack on cyber-infrastructure , 2012, 2012 IEEE Globecom Workshops.

[11]  William Remus,et al.  Neural Networks for Time-Series Forecasting , 2001 .

[12]  T S Sidhu,et al.  Performance of IEC 61850-9-2 Process Bus and Corrective Measure for Digital Relaying , 2011, IEEE Transactions on Power Delivery.

[13]  Pubudu E Weerathunga,et al.  Security Aspects of Smart Grid Communication , 2012 .

[14]  Ross J. Anderson,et al.  The Protection of Substation Communications , 2009 .

[15]  J. Visumathi,et al.  A Secured Key Distribution for Effective File Transfer Using HMAC-SHA Algorithm with Self-Healing Property , 2015 .

[16]  Anna Scaglione,et al.  A hybrid network IDS for protective digital relays in the power transmission grid , 2014, 2014 IEEE International Conference on Smart Grid Communications (SmartGridComm).

[17]  Johannes Schneider,et al.  Assessing the Security of IEC 62351 , 2015, ICS-CSR.

[18]  O. A. Mohammed,et al.  IEC 61850: Technology standards and cyber-threats , 2016, 2016 IEEE 16th International Conference on Environment and Electrical Engineering (EEEIC).

[19]  A. Lapedes,et al.  Nonlinear Signal Processing Using Neural Networks , 1987 .

[20]  Junbo Zhao,et al.  Short-Term State Forecasting-Aided Method for Detection of Smart Grid General False Data Injection Attacks , 2017, IEEE Transactions on Smart Grid.

[21]  Chen-Ching Liu,et al.  Anomaly Detection for Cybersecurity of the Substations , 2011, IEEE Transactions on Smart Grid.

[22]  O. A. Mohammed,et al.  A targeted attack for enhancing resiliency of intelligent intrusion detection modules in energy cyber physical systems , 2017, 2017 19th International Conference on Intelligent System Application to Power Systems (ISAP).

[23]  Duncan A. Campbell,et al.  Performance Analysis of IEC 61850 Sampled Value Process Bus Networks , 2013, IEEE Transactions on Industrial Informatics.

[24]  Ehab Al-Shaer,et al.  Two-tier data-driven intrusion detection for automatic generation control in smart grid , 2014, 2014 IEEE Conference on Communications and Network Security.

[25]  Mohamad El Hariri,et al.  On the Implementation of the IEC 61850 Standard: Will Different Manufacturer Devices Behave Similarly under Identical Conditions? , 2016 .

[26]  Siddharth Sridhar,et al.  Model-Based Attack Detection and Mitigation for Automatic Generation Control , 2014, IEEE Transactions on Smart Grid.

[27]  Vladimiro Miranda,et al.  Spatial-Temporal Solar Power Forecasting for Smart Grids , 2015, IEEE Transactions on Industrial Informatics.

[28]  Ravishankar K. Iyer,et al.  Runtime Semantic Security Analysis to Detect and Mitigate Control-Related Attacks in Power Grids , 2018, IEEE Transactions on Smart Grid.

[29]  Nei Kato,et al.  An early warning system against malicious activities for smart grid communications , 2011, IEEE Network.

[30]  Wei Zhao,et al.  Bad Data Detection Using Linear WLS and Sampled Values in Digital Substations , 2018, IEEE Transactions on Power Delivery.

[31]  K. McLaughlin,et al.  Multiattribute SCADA-Specific Intrusion Detection System for Power Networks , 2014, IEEE Transactions on Power Delivery.

[32]  H. Vincent Poor,et al.  Machine Learning Methods for Attack Detection in the Smart Grid , 2015, IEEE Transactions on Neural Networks and Learning Systems.

[33]  Gaëtan Leurent,et al.  Full Key-Recovery Attacks on HMAC/NMAC-MD4 and NMAC-MD5 , 2007, CRYPTO.

[34]  Biplab Sikdar,et al.  Securing Substations through Command Authentication Using On-the-fly Simulation of Power System Dynamics , 2018, 2018 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm).

[35]  John R. Williams,et al.  Data-Stream-Based Intrusion Detection System for Advanced Metering Infrastructure in Smart Grid: A Feasibility Study , 2015, IEEE Systems Journal.