The IEC 61850 Sampled Measured Values Protocol: Analysis, Threat Identification, and Feasibility of Using NN Forecasters to Detect Spoofed Packets

The operation of the smart grid is anticipated to rely profoundly on distributed microprocessor-based control. Therefore, interoperability standards are needed to address the heterogeneous nature of the smart grid data. Since the IEC 61850 emerged as a wide-spread interoperability standard widely accepted by the industry, the Sampled Measured Values method has been used to communicate digitized voltage and current measurements. Realizing that current and voltage measurements (i.e., feedback measurements) are necessary for reliable and secure noperation of the power grid, firstly, this manuscript provides a detailed analysis of the Sampled Measured Values protocol emphasizing its advantages, then, it identifies vulnerabilities in this protocol and explains the cyber threats associated to these vulnerabilities. Secondly, current efforts to mitigate these vulnerabilities are outlined and the feasibility of using neural network forecasters to detect spoofed sampled values is investigated. It was shown that although such forecasters have high spoofed data detection accuracy, they are prone to the accumulation of forecasting error. Accordingly, this paper also proposes an algorithm to detect the accumulation of the forecasting error based on lightweight statistical indicators. The effectiveness of the proposed methods is experimentally verified in a laboratory-scale smart grid testbed.

Download Full-text

Power-Based Non-Intrusive Condition Monitoring for Terminal Device in Smart Grid

Sensors ◽

10.3390/s20133635 ◽

2020 ◽

Vol 20 (13) ◽

pp. 3635 ◽

Cited By ~ 1

Author(s):

Guoming Zhang ◽

Xiaoyu Ji ◽

Yanjie Li ◽

Wenyuan Xu

Keyword(s):

Smart Grid ◽

Power Consumption ◽

Real Time ◽

Condition Monitoring ◽

Resource Constraints ◽

Detection System ◽

Stable Operation ◽

Detection Accuracy ◽

Monitoring Method ◽

Dsp Processors

As a critical component in the smart grid, the Distribution Terminal Unit (DTU) dynamically adjusts the running status of the entire smart grid based on the collected electrical parameters to ensure the safe and stable operation of the smart grid. However, as a real-time embedded device, DTU has not only resource constraints but also specific requirements on real-time performance, thus, the traditional anomaly detection method cannot be deployed. To detect the tamper of the program running on DTU, we proposed a power-based non-intrusive condition monitoring method that collects and analyzes the power consumption of DTU using power sensors and machine learning (ML) techniques, the feasibility of this approach is that the power consumption is closely related to the executing code in CPUs, that is when the execution code is tampered with, the power consumption changes accordingly. To validate this idea, we set up a testbed based on DTU and simulated four types of imperceptible attacks that change the code running in ARM and DSP processors, respectively. We generate representative features and select lightweight ML algorithms to detect these attacks. We finally implemented the detection system on the windows and ubuntu platform and validated its effectiveness. The results show that the detection accuracy is up to 99.98% in a non-intrusive and lightweight way.

Download Full-text

A Survey on Vulnerabilities and Countermeasures in the Communications of the Smart Grid

Electronics ◽

10.3390/electronics10161881 ◽

2021 ◽

Vol 10 (16) ◽

pp. 1881

Author(s):

Jesús Lázaro ◽

Armando Astarloa ◽

Mikel Rodríguez ◽

Unai Bidarte ◽

Jaime Jiménez

Keyword(s):

Smart Grid ◽

Real Time ◽

International Electrotechnical Commission ◽

Communication Infrastructure ◽

Iec 61850 ◽

Best Effort ◽

Electrical Grid ◽

Informational Technology ◽

Iec 62351 ◽

Time Critical

Since the 1990s, the digitalization process has transformed the communication infrastructure within the electrical grid: proprietary infrastructures and protocols have been replaced by the IEC 61850 approach, which realizes interoperability among vendors. Furthermore, the latest networking solutions merge operational technologies (OTs) and informational technology (IT) traffics in the same media, such as time-sensitive networking (TSN)—standard, interoperable, deterministic, and Ethernet-based. It merges OT and IT worlds by defining three basic traffic types: scheduled, best-effort, and reserved traffic. However, TSN demands security against potential new cyberattacks, primarily, to protect real-time critical messages. Consequently, security in the smart grid has turned into a hot topic under regulation, standardization, and business. This survey collects vulnerabilities of the communication in the smart grid and reveals security mechanisms introduced by international electrotechnical commission (IEC) 62351-6 and how to apply them to time-sensitive networking.

Download Full-text