Abstract
IEC 61850 specifies the Generic Object Oriented Substation Event (GOOSE) protocol as one option for low latency communication of substation-related events. Due to its strict timing requirements, GOOSE lacks any form of encryption or authentication and has only minimal integrity guarantees. These absences render the protocol vulnerable to a variety of communication anomalies, including adversarial action. In particular, an adversary with access to the substation network can launch man in the middle (MITM) attacks. We propose Alerga, a set of tools to allow operators to mitigate some of the risks of the protocol while retaining its strengths. To that end, we have developed first a GOOSE simulation pipeline including data generation, anomaly detection, alert handling, causal reasoning and data visualization components. The simulator is designed to be modular, allowing operators to swap components to better fit their network capabilities. The volume of alert traffic on a substation network threatens operators with alert fatigue. In order to combat this, we secondly present a novel form of alert aggregation and processing, offering operators a condensed view of any threats to the system. Thirdly, to facilitate the handling of these threats, our causal reasoning system traces the alerts back to their most likely cause, generating an initial hypothesis for operators to investigate.
Original language | American English |
---|---|
Number of pages | 6 |
DOIs | |
State | Published - 2023 |
Event | IEEE SmartGridComm - Glasgow, Scotland Duration: 31 Oct 2023 → 3 Nov 2023 |
Conference
Conference | IEEE SmartGridComm |
---|---|
City | Glasgow, Scotland |
Period | 31/10/23 → 3/11/23 |
NREL Publication Number
- NREL/CP-5T00-88766
Keywords
- alert aggregation
- causal reasoning
- GOOSE
- network simulation