A Testbed for Evaluating Performance and Cybersecurity Implications of IEC-61850 GOOSE Hardware Implementations

Abstract

The IEC-61850 standard introduced multiple protocols to increase data visibility across various power grid systems. The Generic Object Oriented Substation Events (GOOSE) protocol in particular is designed for bay-level communications, distributing high-priority messages across a power grid through the use of Intelligent Electrical Devices (IEDs). However, the protocol's multicast messaging and time requirements create cybersecurity concerns that can be exploited by a malicious actor. While the literature has examined the protocol's cybersecurity vulnerabilities, there is limited research on the consequences for performance and cybersecurity of the protocol's implementation on physical IEDs. In this paper, we introduce a flexible and practical testbed for GOOSE implementation evaluations performed on different devices, and to enable the demonstration of how different implementations on physical devices aim to mitigate GOOSE's vulnerabilities. We show the results of our testbed generating GOOSE traffic at variable data rates, with varying packet sizes. These results are then compared and verified against an IED with GOOSE protocol functionality to validate protocol generation. While this paper focuses on IEC-61850 GOOSE, the testbed presented herein is not limited to a single protocol, however, and can easily be utilized to expand the evaluation scope to a variety of Operational Technology (OT) communications protocols.