According to the IEC 62351-7 standard, data collection using network and system management (NSM) can be used to support the security monitoring of the smart grid. In this article, an NSM security monitoring platform for a realistic IEC 61850 substation model is developed using the specifications provided in IEC 62351-7. In the developed model, grid measurements are ready to take operative decisions, whereas collected NSM data are leveraged to detect cyberattacks and/or identify anomalies. The model includes power components (e.g., transformers, lines, and generators), controllers (e.g., voltage control), protection devices (e.g., overcurrent, distance, differential, and under/overvoltage), communication protocols (e.g., sampled value and generic object-oriented substation event), and NSM (e.g., agents and managers) applications. Moreover, a two-step deep learning framework is proposed for anomaly detection and cyberattack identification with enhanced accuracy. The first step can apply long short-term memory, recurrent neural network, and gated recurrent units, each in combination with an autoencoder. Then, the ensemble learning technique is used in the second step to augment the outputs of these deep learning models. To evaluate the effectiveness of the proposed cyberattack and anomaly detection framework, we detail and simulate potential cyberattacks targeting the performance of the IEEE 9-bus system. The proposed anomaly detection scheme can identify these threats using NSM data in a hardware-in-the-loop testbed. Finally, based on our assessment results, recommendations are provided for cybersecurity guidelines concerning IEC 62351-7.
Read full abstract