A Survey on Vulnerabilities and Countermeasures in the Communications of the Smart Grid

Since the 1990s, the digitalization process has transformed the communication infrastructure within the electrical grid: proprietary infrastructures and protocols have been replaced by the IEC 61850 approach, which realizes interoperability among vendors. Furthermore, the latest networking solutions merge operational technologies (OTs) and informational technology (IT) traffics in the same media, such as time-sensitive networking (TSN)—standard, interoperable, deterministic, and Ethernet-based. It merges OT and IT worlds by defining three basic traffic types: scheduled, best-effort, and reserved traffic. However, TSN demands security against potential new cyberattacks, primarily, to protect real-time critical messages. Consequently, security in the smart grid has turned into a hot topic under regulation, standardization, and business. This survey collects vulnerabilities of the communication in the smart grid and reveals security mechanisms introduced by international electrotechnical commission (IEC) 62351-6 and how to apply them to time-sensitive networking.

Cyber Security for Multi-Station Integrated Smart Energy Stations: Architecture and Solutions

Multi-station integration is motivated by the requirements of distributed energies interconnection and improvements in the efficiency of energy systems. Due to the diversity of communication services and the complexity of data exchanges between in-of-station and out-of-station, multi-station integrated systems have high security requirements. However, issues related to cyber security for multi-station integrated systems are seldom explored. Hence, this paper designs the secondary system architecture and proposes cyber security protection solutions for smart energy stations (SESt) that integrate the substation, photovoltaic station, energy storage station, electric vehicle charging station, and data center station. Firstly, the composition of SESt and functions of each substation are presented, a layered architecture of SESt is designed, and data exchanges of SESt are analyzed. Then, the cyber security threats and requirements of SESt are illustrated. Moreover, the cyber security protection principle and a cyber security protection system for SESt are proposed. On this basis, a security zoning and isolation scheme for SESt is designed. Finally, a traffic isolation scheme based on virtual local area networks (VLANs), a real-time guarantee scheme for communications based on service priority, and an enhancing cyber security scheme based on improved IEC 62351 are proposed for SESt.

S-GoSV: Framework for Generating Secure IEC 61850 GOOSE and Sample Value Messages

Standardized communication plays an important role in substation automation system (SAS). IEC 61850 is a de-facto standard in SAS. It facilitates smooth communication between different devices located in the substation by achieving interoperability. Generic Object-Oriented Substation Event (GOOSE) and Sample Value (SV) messages developed according to IEC 61850 enable efficient monitoring and operation control of SAS. IEC 61850 is very popular due to its flexible and robust modeling. As the number of critical infrastructures that employed IEC 61850 increases, it is important to study cybersecurity aspects as well. To this end, this paper develops a software framework, S-GoSV (Secure GOOSE and SV), that generates custom GOOSE and Sample Value messages. Furthermore, security features are added to protect them from different security attacks within a substation. IEC 62351-6 specifies digital signatures to achieve node authentication and messages integrity. Therefore, S-GoSV implements RSASSA-PKCS1-v1_5 digital signature algorithm based on RFC 2313. Performance studies show that digital signature algorithms based on RSA signing and verification take long times and do not conform to timing requirements stipulated by IEC 61850 for power system communication. To address this, Message Authentication Code (MAC) based digital signature algorithm, Keyed Hash-Message Authentication Code- Secure Hash Algorithm (HMAC-SHA256), is additionally implemented in S-GoSV framework for securing GOOSE messages.