Juan Lozano

Computer Science & Engineering PhD Student

Description: Power grid infrastructure is critical for human societies at almost every level. Current stages from generation, transmission, and distribution implement intermediary facilities to change or stabilize electrical parameters using specialized equipment: electrical Substations. Implementing Computational technology to enhance this infrastructure's operations transformed them, reduced the time for specific tasks, and introduced quality tools. The IEC 61850 Standard is the result of agreeing on the best of several industrial protocols already implemented for substations; it provides an Object Oriented abstraction model to represent the devices and their relations within a substation. Being a vital element of the Power System that focuses on performance and protection, substations are a target for malicious interests, as seen in Ukraine's 2016 Industroyer malware attack and the newer version deployed in April 2022 known as Industroyer2.

Despite the advantages, technology adoption introduces novel problems, especially from the security point of view. Substation Automation Systems (SAS) reflect a complex dynamic of entangled physical and virtual elements. Furthermore, the Standard defines substations models consisting of three levels, covering the sensors and actuators on the field up to the operations room; the Standard also segments the information transmission depending on the urgency of the operation, thus simultaneously utilizing two communication models: Connection-oriented and connectionless. Additionally, most of the current security suggested measures, such as encryption, pose a tension between slower transmission and a fast-time response needed to trigger safety mechanisms and successfully minimize the impact of hazardous conditions. This work comprehensively explores the effects of the IEC 61850 Standard adoption using a cyber-physical system perspective. The proposed approach to improve security on SAS consists of detailed measurement of its operational data, analyzing the consequences of prior malware attacks as resources for an Intrusion Detection System.