Manufacturing Message Specification

Abstract: Cyber-attacks against Smart Grids have been found in the real world. Malware such as Havex and BlackEnergy have been found targeting industrial control systems (ICS) and researchers have shown that cyber-attacks can exploit vulnerabilities in widely used Smart Grid communication standards. This paper addresses a deep investigation of attacks against the manufacturing message specification of IEC 61850, which is expected to become one of the most widely used communication services in Smart Grids. We investigate how an attacker can build a custom tool to execute man-in-the-middle attacks, manipulate data, and affect the physical system. Attack capabilities are demonstrated based on NESCOR scenarios to make it possible to thoroughly test these scenarios in a real system. The goal is to help understand the potential for such attacks, and to aid the development and testing of cyber security solutions. An attack use-case is presented that focuses on the standard for power utility automation, IEC 61850 in the context of inverter-based distributed energy resource devices; especially photovoltaics (PV) generators.

Abstract: Modern and future substations are aimed to be more interconnected, leveraging communication standards like IEC 61850-9-2, and associated abstract data models and communication services like generic object oriented substation event, manufacturing message specification, and sampled measured value. Such interconnection would enable fast and secure data transfer, sharing of the analytics information for various purposes like wide area monitoring, faster outage recovery, blackout prevention, distributed state estimation, etc. This would require strong focus on communication security, both at system level as well as at embedded device level. Although communication level security is dealt in IEC 62351, implementation attack on the embedded system is not considered. Since the embedded system makes the core of the smart grid, in this paper, we take a deeper look into impact of implementation attacks on substation security. An overview of potential exploits is first provided. This is followed by a case study, where implementation attacks like malicious fault injection attacks and hardware Trojan are used to compromise a substation level intelligent electronic device. The studied scenario extends implementation attacks beyond its usual exploit of confidentiality to affect power grid integrity and availability.

Abstract: Tampering, forgery and theft of the measurement and control messages in a smart grid could cause one breakdown in the power system. However, no security measures are employed for communications in intelligent substations. Communication services in an intelligent substation have high demands for real-time performance, which must be considered when deploying security measures. This paper studies the security requirements of communication services in intelligent substations, analyzes the security capabilities and shortages of IEC 62351, and proposes a novel security scheme for intelligent substation communications. This security scheme covers internal and telecontrol communications, in which the real-time performance of each security measure is considered. In this scheme, certificateless public key cryptography (CLPKC) is used to avoid the latency of certificate exchange in certificate-based cryptosystem and the problem of key escrow in identity-based cryptosystem; the security measures of generic object-oriented substation event, sampled measure value and manufacturing message specification in IEC 62351 are improved to meet the real-time requirements of the messages as well as to provide new security features to resist repudiation and replay attacks; and the security at transport layer is modified to fit CLPKC, which implements mutual authentication by exchanging signatures. Furthermore, a deployment of CLPKC in an intelligent substation is presented. We also evaluate the security properties of the scheme and analyze the end-to-end delays of secured services by combining theoretical calculation and simulation in this paper. The results indicate that the proposed scheme meets the requirements of security and real-time performance of communications in intelligent substations.