Information Security Analysis and Auditing of IEC61850 Automated Substations

This thesis is about issues related to the security of electric substations automated by IEC61850, an Ethernet (IEEE 802.3) based protocol. It is about a comprehen­ sive security analysis and development of a viable method of auditing the security of this protocol. The security analysis focuses on the possible threats to an electric substation based on the possible motives of an attacker. Existing methods and met­ rics for assessing the security of computer networks are explored and examined for suitability of use with IEC61850. Existing methods and metrics focus on conven­ tional computers used in computer networks which are fundamentally different from Intelligent Electronic Devices (IED’s) of substations in terms of technical composition and functionality. Hence, there is a need to develop a new method of assessing the security of such devices. The security analysis is then used to derive a new metric scheme to assess the security of IED’s that use IEC61850. This metric scheme is then tested out in a sample audit on a real IEC61850 network and compared with two other commonly used security metrics. The results show that the new metric is good in assessing the security of IED’s themselves. Further analysis on IED security is done by conducting simulated cyber attacks. The results are then used to develop an Intrusion Detection System (IDS) to guard against such attacks. The temporal risk of intrusion on an electric substation is also evaluated

Bandwidth Reduction and Convergence Analysis of Extremum Seeking Control with Feedback Encoding

Frequently a physical plant of a control system has an optimum operating point such as the spark (or injection) time of an internal combustion engine that results in maximum torque. Extremum Seeking Control (ESC) is a method of adaptive control capable of locating and maintaining a plant at such an optimum operating point in real time. It is capable of doing so with minimal a priori knowledge of the plant and can also track slowly varying changes. Input perturbed ESC schemes that use periodic dither signals have the disadvantage of requiring a high bandwidth for sampling and correlating the plant output with the dither signal. If the feedback path were to be implemented over a packet switched communication network, the high bandwidth requirement could result in increased congestion and consequently packet delays and dropouts. As a solution encoding using sporadic (aperiodic) sampling techniques can be used in the feedback path of the ESC scheme to reduce the required bandwidth. However, in order to ensure convergence of the ESC scheme with encoding, the effect of the signal reconstruction error due to encoding on the critical correlation stage has to be investigated. The contribution of this paper is an investigation of the convergence requirements and bandwidth performance of two encoding schemes; Memory Based Event Triggering (MBET) and Event Triggered Adaptive Differential Modulation (ETADM). The results show that MBET can fail for objective functions with plateaus. ETADM fails when the number of ETADM steps used for reconstructing the plant output per perturbation cycle are too low to allow correlation. In terms of bandwidth reduction MBET performs better than ETADM (97% and 70% respectively). However, the use of MBET results in a longer convergence time