Measuring the security posture of IEC 61850 substations with redundancy against zero day attacks

Onur Duman; Mengyuan Zhang; Lingyu Wang; Mourad Debbabi

doi:10.1109/SmartGridComm.2017.8340727

Measuring the security posture of IEC 61850 substations with redundancy against zero day attacks

Onur Duman, Mengyuan Zhang, Lingyu Wang, Mourad Debbabi

Research output: Chapter in Book / Report / Conference proceeding › Conference contribution › Academic › peer-review

Abstract

As one of the most critical components of the smart grid, substations are responsible for distributing the energy to end users. According to the substation automation standard, IEC 61850-90-4, substations contain highly complex and interconnected networks, which are typically designed with redundancy to improve the availability in case of failures. The redundancy usually takes the form of multiple subsystems with identical functionality, such that one failed subsystem would not affect the normal operation of the entire substation. However, we show that such redundant subsystems are not always effective against malicious attacks, because, unlike natural faults, attackers may deliberately target the weakest link, i.e., common vulnerabilities found in multiple subsystems. In this paper, we first present a detailed substation configuration designed based on IEC 61850 and industrial practices. We then devise a novel security metric, namely, the factor of security, to measure the effectiveness of redundant subsystems against unknown zero day attacks. We apply the metric to two concrete attacks scenarios, time delay attack, and the tripping circuit breakers attack. Finally, we evaluate the metric through simulations.

Original language	English
Title of host publication	2017 IEEE International Conference on Smart Grid Communications, SmartGridComm 2017
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	108-114
ISBN (Electronic)	9781538640555
DOIs	https://doi.org/10.1109/SmartGridComm.2017.8340727
Publication status	Published - 2 Jul 2017
Externally published	Yes
Event	2017 IEEE International Conference on Smart Grid Communications, SmartGridComm 2017 - Dresden, Germany Duration: 23 Oct 2017 → 26 Oct 2017

Conference

Conference	2017 IEEE International Conference on Smart Grid Communications, SmartGridComm 2017
Country/Territory	Germany
City	Dresden
Period	23/10/17 → 26/10/17

Funding

The authors thank the anonymous reviewers for their valuable comments. The research reported in this paper is supported by the NSERC/Hydro-Québec Thales Research Chair in Smart Grid Security.

Funders	Funder number
NSERC/Hydro-Québec Thales Research Chair

Access to Document

10.1109/SmartGridComm.2017.8340727

Persistent URL (handle)

Persistent link

Cite this

@inproceedings{a8d66bd9bd054103a24d4ad7cfd21865,

title = "Measuring the security posture of IEC 61850 substations with redundancy against zero day attacks",

abstract = "As one of the most critical components of the smart grid, substations are responsible for distributing the energy to end users. According to the substation automation standard, IEC 61850-90-4, substations contain highly complex and interconnected networks, which are typically designed with redundancy to improve the availability in case of failures. The redundancy usually takes the form of multiple subsystems with identical functionality, such that one failed subsystem would not affect the normal operation of the entire substation. However, we show that such redundant subsystems are not always effective against malicious attacks, because, unlike natural faults, attackers may deliberately target the weakest link, i.e., common vulnerabilities found in multiple subsystems. In this paper, we first present a detailed substation configuration designed based on IEC 61850 and industrial practices. We then devise a novel security metric, namely, the factor of security, to measure the effectiveness of redundant subsystems against unknown zero day attacks. We apply the metric to two concrete attacks scenarios, time delay attack, and the tripping circuit breakers attack. Finally, we evaluate the metric through simulations.",

author = "Onur Duman and Mengyuan Zhang and Lingyu Wang and Mourad Debbabi",

year = "2017",

month = jul,

day = "2",

doi = "10.1109/SmartGridComm.2017.8340727",

language = "English",

pages = "108--114",

booktitle = "2017 IEEE International Conference on Smart Grid Communications, SmartGridComm 2017",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

address = "United States",

note = "2017 IEEE International Conference on Smart Grid Communications, SmartGridComm 2017 ; Conference date: 23-10-2017 Through 26-10-2017",

}

Duman, O, Zhang, M, Wang, L & Debbabi, M 2017, Measuring the security posture of IEC 61850 substations with redundancy against zero day attacks. in 2017 IEEE International Conference on Smart Grid Communications, SmartGridComm 2017. Institute of Electrical and Electronics Engineers Inc., pp. 108-114, 2017 IEEE International Conference on Smart Grid Communications, SmartGridComm 2017, Dresden, Germany, 23/10/17. https://doi.org/10.1109/SmartGridComm.2017.8340727

Measuring the security posture of IEC 61850 substations with redundancy against zero day attacks. / Duman, Onur; Zhang, Mengyuan; Wang, Lingyu et al.
2017 IEEE International Conference on Smart Grid Communications, SmartGridComm 2017. Institute of Electrical and Electronics Engineers Inc., 2017. p. 108-114.

Research output: Chapter in Book / Report / Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - Measuring the security posture of IEC 61850 substations with redundancy against zero day attacks

AU - Duman, Onur

AU - Zhang, Mengyuan

AU - Wang, Lingyu

AU - Debbabi, Mourad

PY - 2017/7/2

Y1 - 2017/7/2

N2 - As one of the most critical components of the smart grid, substations are responsible for distributing the energy to end users. According to the substation automation standard, IEC 61850-90-4, substations contain highly complex and interconnected networks, which are typically designed with redundancy to improve the availability in case of failures. The redundancy usually takes the form of multiple subsystems with identical functionality, such that one failed subsystem would not affect the normal operation of the entire substation. However, we show that such redundant subsystems are not always effective against malicious attacks, because, unlike natural faults, attackers may deliberately target the weakest link, i.e., common vulnerabilities found in multiple subsystems. In this paper, we first present a detailed substation configuration designed based on IEC 61850 and industrial practices. We then devise a novel security metric, namely, the factor of security, to measure the effectiveness of redundant subsystems against unknown zero day attacks. We apply the metric to two concrete attacks scenarios, time delay attack, and the tripping circuit breakers attack. Finally, we evaluate the metric through simulations.

AB - As one of the most critical components of the smart grid, substations are responsible for distributing the energy to end users. According to the substation automation standard, IEC 61850-90-4, substations contain highly complex and interconnected networks, which are typically designed with redundancy to improve the availability in case of failures. The redundancy usually takes the form of multiple subsystems with identical functionality, such that one failed subsystem would not affect the normal operation of the entire substation. However, we show that such redundant subsystems are not always effective against malicious attacks, because, unlike natural faults, attackers may deliberately target the weakest link, i.e., common vulnerabilities found in multiple subsystems. In this paper, we first present a detailed substation configuration designed based on IEC 61850 and industrial practices. We then devise a novel security metric, namely, the factor of security, to measure the effectiveness of redundant subsystems against unknown zero day attacks. We apply the metric to two concrete attacks scenarios, time delay attack, and the tripping circuit breakers attack. Finally, we evaluate the metric through simulations.

UR - https://www.scopus.com/pages/publications/85050948600

UR - https://www.scopus.com/inward/citedby.url?scp=85050948600&partnerID=8YFLogxK

U2 - 10.1109/SmartGridComm.2017.8340727

DO - 10.1109/SmartGridComm.2017.8340727

M3 - Conference contribution

SP - 108

EP - 114

BT - 2017 IEEE International Conference on Smart Grid Communications, SmartGridComm 2017

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 2017 IEEE International Conference on Smart Grid Communications, SmartGridComm 2017

Y2 - 23 October 2017 through 26 October 2017

ER -

Measuring the security posture of IEC 61850 substations with redundancy against zero day attacks

Abstract

Conference

Funding

Access to Document

Persistent URL (handle)

Other files and links

Fingerprint

Cite this