|
Secure Intelligent Electronic Device (SIED) |
|
Networked Sensors and Control
|
|
Control systems began many years ago to replace electro-mechanical devices with networked computers for improved flexibility and reduced cost. The trend in power substations is the widely deployment of Intelligent Electronic Devices (IEDs). IEDs are often attached to a substation data network, which itself is connected via SCADA to a control system. Such devices are incorporating increasingly sophisticated automation such as the IEC 61850 standard (See Figure 1), which is a migration from the analog world to the digital world for substation.
Figure 1 IEC61850-enabled Substation Communication Architecture
Just like other network systems, cyber security is always a critical issue to SCADA and substation network. So far, many experts fear for exposing IEDs to Internet and advocate isolating IEDs or hiding them behind a perimeter. However, this approach sacrifices potential defense in depth, increases the complexity mediated access and makes access control decisions complicated. For the worse, the perimeter becomes the single point of failure.
A SIED is an IED that has sufficient security capabilities to be on the Internet. Our aim in this project is to explore architectures that would make IED robust enough to operate with real-time guarantees on the substation network while also communicating directly with the Internet concerned with cyber-security issues. A major benefit of this openness are improved data sharing capabilities and improved configuration control such as the propogation of patches.
Our initial studies are focused on determing the capabilities of stock network protocols on state-of-art platforms. For example, we design the experiments on Linux establishing communication channels in various network layers using non-secure or secure protocols including Ethernet frame, raw IP, UDP/TCP and IPSec/SSL with and without load. We are also working on the problems about adaptive secure LAN. All these technologies are cornerstone for future substation network.
Our test bed (see Figure 2) consists of a configuration with a pair of communicating SIEDs that provide power grid functions and information such as a meter and a protective relay. The aim is to show that these can communicate with real-time guarantees when we add to the network machines that emulate the other substation nodes and the gateway/Internet.
Figure 2 Test bed IEC61850-enabled Substation Network
People
Reading List - Papers, Books and Presentations
- Secure Intelligent Electronic Devices (SIEDs)
Gunter, C.A.; King, S.T.; Zhang, J.
Power Systems Engineering Research Center (PSERC) Industrial Advisory Board (IAB) Meeting, May 16-18, 2007
- Power System Control Centers: Past, Present, and Future
Wu, F.F.; Moslehi, K.; Bose, A.
Proceedings of the IEEE, Volume 93, Issue 11, Nov. 2005 Page(s): 1890 - 1908
- Ethernet in substation automation
Skeie, T.; Johannessen, S.; Brunner, C.
Control Systems Magazine, IEEE, Volume 22, Issue 3, Jun 2002 Page(s):43 - 51
- IEEE Std. 1646: Communication Delivery Time Performance Requirements for Electric Power Substation Automation
Publication Date: 2005,Page(s): 0_1 - 24
- Tunable Trust: Surveying Security for Resource Limited Scenarios
Allen G. Harvey Jr
A senior thesis submitted to the Dartmouth College, Department of Computer Science, May 30th, 2006
This page is maintained by Jianqing Zhang
|
|
Last Updated ( Wednesday, 06 June 2007 )
|
|
|
© 2008 Illinois Security Laboratory
|
