A survey on intrusion detection and prevention systems in digital substations

Abstract

Smart Grids integrate the traditional power grid with information processing and communication technologies. In particular, substation intelligent devices can now communicate with each other digitally to enable remote information gathering, monitoring, and control. There have been many efforts to promote global communication standards. The IEC–61850 international standard addresses substation communication networks and systems. Despite the many benefits, this standardized communication poses new cyber-security challenges. Also, traditional Intrusion Detection Systems (IDSs) may not be suitable for digital substations, given their critical components and stringent time requirements. We present an in-depth analysis of attacks exploiting IEC–61850 substations and recent research efforts for detecting and preventing them. Our main contribution is an original taxonomy comprising design and evaluation aspects for substation-specific IDSs. This taxonomy includes IDS’s architectures, detection approaches, analysis, actions, data sources, detection range, validation strategies, and metrics. Additionally, we present a compilation of the detection rules deployed by the state-of-art IDSs and assess their resiliency to five types of attacks. Our assessment reveals that some attacks are covered by currently-deployed IDSs, but, particularly, further advancement is necessary to deal with masquerade attacks. Finally, we discuss trends, open issues, and future research topics.