Multiple layers are necessary to ensure the cybersecurity of substations. Cryptography allows authentication of devices, but not all attacks can be prevented with these measures. Firewalls and “air gaps” can be circumvented through existing remote access tunnels, or through maintenance computers directly attached to IEDs or the station bus. Therefore, measures are needed to detect threats in the substation to enable quick response and to minimize consequences. This paper will describe the security requirements of IEC 61850 substations and a new approach for detecting threats in these networks. Subsequently, an approach specifically developed for the IEC 61850 station and process bus will be described.

Join for free to read