Abstract
Information and Communications Technology (ICT) supports the development of novel control and communication functions for monitoring, operation, and control of power systems. However, the high-level deployment of ICT also increases the risk of cyber intrusions for Supervisory Control And Data Acquisition (SCADA) systems. Attackers can gain access to the protected infrastructures of the grid and launch attacks to manipulate measurements at the substations. The fabricated measurements can mislead the operators in the control center to take undesirable actions. The Intrusion Detection System (IDS) proposed in this paper is deployed in IEC 61850 based substations. The proposed IDS identifies falsified measurements in Manufacturing Messaging Specification (MMS) messages. By cross-checking the consistency of electric circuit relationships at the substation level in a distributed manner, the falsified measurements can be detected and discarded before the malicious packets are sent out of the substations through DNP3 communication. A cyber-physical system testbed is used to validate the performance of the proposed IDS. Using the IEEE 39-bus test system, simulation results demonstrate high accuracy of the proposed substation-based intrusion detection system.
Highlights
As complex cyber-physical systems, modern power grids utilize layers of Information and Communications Technology (ICT) to maintain system reliability and efficiency
The results show that the Intrusion Detection System (IDS) is able to detect the falsified data in the mixed data stream
The performance of the proposed IDS has been validated by simulation with realistic measurement attacks
Summary
As complex cyber-physical systems, modern power grids utilize layers of ICT to maintain system reliability and efficiency. SV messages are used for sharing measurements of Current Transformers (CTs)/Voltage Transformers (VTs) with protective IEDs. Since there is a built-in security mechanism in SV streams, e.g., Message Authentication Code (MAC) in IEC 62351-6, for ensuring integrity, the proposed method to detect and mitigate measurement-based attacks against MMS messages does not affect the substation protection scheme. As a new function for cyber security, the proposed IDS is focused on MMS messages to prevent falsified measurements from being sent out of the substations. As a line of defense to detect the measurement attack at SAS, the proposed IDS is configured to detect/mitigate the falsified measurements within MMS messages before they are sent to the control center through DNP3 communication. TECHNICAL APPROACH AT SUBSTATION LEVEL This section describes the potential measurement attack path on MMS messages and implementation of the proposed IDS at the substations. IEC 61850-90-5 will map the measurement data onto
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
