TY - GEN
T1 - Substation-Aware. An intrusion detection system for the IEC 61850 protocol.
AU - Lopez, Jose Antonio
AU - Angulo, Iñaki
AU - Martinez, Saturnino
N1 - Publisher Copyright:
© 2022 Owner/Author.
PY - 2022/8/23
Y1 - 2022/8/23
N2 - The number of cyberattacks against the Smart Grid has increased in the last years. Considered as a critical infrastructure, power system operators must improve the cybersecurity countermeasures of their installations. Intrusion Detection Systems (IDS) appears as a promising solution to detect hidden activity of the hackers before launching the attack. Most detection tools are generalist, designed to find predefined patterns such as frequency of messages, well-known malware packets, source and destination of the messages or the content of each packet itself. These tools also allow plugging modules for different protocols, offering a better understanding of the analysed data, such as the protocol action (read, write, reset...) or data model/schema understanding. However, the semantics of the data transmitted cannot be inferred. The Substation-Aware (SBT-Aware) tool adds the latest feature for primary and secondary substations, taking into account not only the protocols defined in the IEC 61850 standard, but the substation topology as well. In this paper we present the SBT-Aware, an IDS that has been developed and tested in the course of the H2020 SDN-microSENSE project.
AB - The number of cyberattacks against the Smart Grid has increased in the last years. Considered as a critical infrastructure, power system operators must improve the cybersecurity countermeasures of their installations. Intrusion Detection Systems (IDS) appears as a promising solution to detect hidden activity of the hackers before launching the attack. Most detection tools are generalist, designed to find predefined patterns such as frequency of messages, well-known malware packets, source and destination of the messages or the content of each packet itself. These tools also allow plugging modules for different protocols, offering a better understanding of the analysed data, such as the protocol action (read, write, reset...) or data model/schema understanding. However, the semantics of the data transmitted cannot be inferred. The Substation-Aware (SBT-Aware) tool adds the latest feature for primary and secondary substations, taking into account not only the protocols defined in the IEC 61850 standard, but the substation topology as well. In this paper we present the SBT-Aware, an IDS that has been developed and tested in the course of the H2020 SDN-microSENSE project.
KW - IEC 61850
KW - Substation protection
KW - Cybersecurity
KW - IEC 61850
KW - Substation protection
KW - Cybersecurity
UR - http://www.scopus.com/inward/record.url?scp=85136994587&partnerID=8YFLogxK
U2 - 10.1145/3538969.3543818
DO - 10.1145/3538969.3543818
M3 - Conference contribution
SN - 978-145039670-7
T3 - ACM International Conference Proceeding Series
SP - 1
EP - 7
BT - unknown
PB - Association for Computing Machinery
T2 - 17th International Conference on Availability, Reliability and Security, ARES 2022
Y2 - 23 August 2022 through 26 August 2022
ER -