Innovating additional Layer 2 security requirements for a protected stack

Security is only as good as the weakest link and if the weakness is at a low level in the communication stack then every other Layer has potential to inherit the problem. The OSI Layer model has defined the theoretical architecture for network communications (ISO/IEC 7498-1). Standardisation assures that each element of an internetwork uses the same model and hence a message can be moved intelligibly and correctly between participants. The OSI model divides communications into seven hierarchical Layers that provide the necessary services from the application Layer through to the physical Layer of electricity (ISO/IEC 7498-2). Each Layer is dependent on the one below to provide the more primitive functions and is hence interconnected from top to bottom in a communication chain. The four Layer TCP/IP pragmatic model conveys a similar relationship of dependant services for communication that have inter-dependence (Comer, 1995). The consequence is that no matter how a communication stack is looked at – theoretically or in practice – problems low down impact higher Layers. In this research we looked specifically at the OSI Data Link Layer (2) not only because so much has been written on security issues at this Layer, but also because it is the first Layer where serious abstraction in terms of logics and protocols is made from the primitive physical impulses (Altunbasak et al., 2005; NIST, 2013). These theoretical abstractions offer opportunity for proper and improper manipulation that may either better facilitate communication or impede effective communication. The data link Layer also gives opportunity for a range of logical attacks that may exploit the effective communication but not always for the intended purposes. Such vulnerabilities occur elsewhere in the communication stack but Layer 2 is the first real opportunity for logical attacks (Shanmug et al, 2010; Altunbasak, et al., 2005). This paper is structured to briefly review current literature and define the implications of OSI Layer 2 security vulnerabilities. The OSI model is selected in preference over the TCP/IP model as it has greater clarity around specific layers and reference detail. Two gaps in the literature are identified and theoretical solutions proposed for Layer 2 security

A Survey of Protocol-Level Challenges and Solutions for Distributed Energy Resource Cyber-Physical Security

The increasing proliferation of distributed energy resources (DERs) on the smart grid has made distributed solar and wind two key contributors to the expanding attack surface of the network; however, there is a lack of proper understanding and enforcement of DER communications security requirements. With vendors employing proprietary methods to mitigate hosts of attacks, the literature currently lacks a clear organization of the protocol-level vulnerabilities, attacks, and solutions mapped to each layer of the logical model such as the OSI stack. To bridge this gap and pave the way for future research by the authors in determining key DER security requirements, this paper conducts a comprehensive review of the key vulnerabilities, attacks, and potential solutions for solar and wind DERs at the protocol level. In doing so, this paper serves as a starting point for utilities, vendors, aggregators, and other industry stakeholders to develop a clear understanding of the DER security challenges and solutions, which are key precursors to comprehending security requirements

Networks and Network Security

The purpose of this thesis is to increase awareness of network security in the office and at home by educating the public, reinforcing business decisions, and providing guidelines for network security