Professional Documents
Culture Documents
Substations
Adam Hahn, Chih-Che Sun, and Chen-Ching Liu
Washington State University, Pullman, WA, USA
1 Overview
Substations provide the main interface between the physical grid and the cyber control of bulk power
systems. Recent innovations have substantially changed how substations are monitored and controlled,
increasingly relying on digital communication and computation. Unfortunately, these technologies signifi-
cantly increase the grid’s risk of cyber attack. Advanced cyber-based threats, such as terrorists and nation
states, are increasingly focusing on the power grid as a target of attack (U.S. Government Accountability
Office (GAO), 2015). Therefore, substations must implement strong cybersecurity protections to ensure the
reliability of the bulk power system.
This chapter provides an overview of the communications and control architectures found in modern sub-
stations, including the network protocols and devices commonly used to support these functions. It then
explores cyber threats to each of these components, emphasizing the various power system control applica-
tions that could be manipulated by the attacker. The chapter then identifies security mechanisms that can be
used to protect substations, including encryption, authentication, firewalls, and intrusion detection systems
(IDSs). It also reviews current cybersecurity standards that influence the security posture of the grid, such as
NERC CIP (North American Electric Reliability Corporation critical infrastructure protection), IEC 62351,
and IEEE C37.240.
Smart Grid Handbook, Online © 2016 John Wiley & Sons, Ltd.
This article is © 2016 John Wiley & Sons, Ltd.
This article was published in the Smart Grid Handbook in 2016 by John Wiley & Sons, Ltd.
DOI: 10.1002/9781118755471.sgd055
2 Smart Grid Handbook
frequency, power angle, protection settings, and fault records). A basic understanding of common substation
power applications is important to understanding how a cyber attack against various systems could perturb
the power grid.
Table 1 identifies some key substation components that are described and referenced throughout this
chapter. The table differentiates the physical components (also called primary plant) that are used to control
and monitor the physical power flow in the grid, along with the cyber components (also called elements
belonging to substation automation, i.e., secondary plant) used to manage and support the substation com-
munication and digital control functions. Figure 1 provides an overview of the physical and cyber com-
ponents within a digital substation architecture. The architecture can be viewed as a layered approach,
comprised of the station, bay, and process layers.
The station level incorporates all of the central systems that are used to support the various processes
throughout the substation. The substation usually has a wide-area supervisory control and data acquisition
(SCADA) network to the control center, which is used for measurements, control, and other system
management functions. This communication often occurs over an array of physical networks, including
fiber, leased lines, wireless, or even power line carrier (PLC) communication. The substation may often
have another remote access point that can be accessed for management and administrative connections.
The substation will generally have a substation gateway, or remote terminal unit (RTU), to aggregate
communications between all the various low-level devices in the substation. The station level will also
have some human–machine interface (HMI), GPS (global positioning system) timing devices, and security
devices.
The bay level incorporates devices that are used to control and monitor the grid. This includes various
types of intelligent electronic devices (IEDs) including phasor measurement units (PMUs), digital fault
recorders (DFRs), and protection relays. Much of the distributed control functions of the substation occur
at this level. These devices commonly communicate over fiber Ethernet to both the station level and process
level.
The process level contains the lower level devices that directly measure and manipulate the grid. Merging
units can collect measurements from voltage and current transformers (CTs/PTs) and send those measure-
ments to the bay level. In addition, this level contains intelligent control units that can control actuators,
such as circuit breakers and reclosers.
Smart Grid Handbook, Online © 2016 John Wiley & Sons, Ltd.
This article is © 2016 John Wiley & Sons, Ltd.
This article was published in the Smart Grid Handbook in 2016 by John Wiley & Sons, Ltd.
DOI: 10.1002/9781118755471.sgd055
Cybersecurity of SCADA within Substations 3
Control center
Firewall/ Firewall
Station level router
Intelligent Merging
Process level
control unit unit
3-Phase
transmission line
Circuit Electronic
breakers CT/PT
current transmission system) devices], and supporting the grid’s various protection schemes. Understanding
the criticality of the substation components and their need for security depends heavily on the various power
applications supported by the devices.
Smart Grid Handbook, Online © 2016 John Wiley & Sons, Ltd.
This article is © 2016 John Wiley & Sons, Ltd.
This article was published in the Smart Grid Handbook in 2016 by John Wiley & Sons, Ltd.
DOI: 10.1002/9781118755471.sgd055
4 Smart Grid Handbook
system operations. SCADA measurements and PMUs are two of the main techniques used to collect system
measurements from substations.
• SCADA measurements commonly include data about the grid’s currents and voltages from CTs and PTs.
This data is obtained by periodically polling the IEDs that monitor these devices, typically on a 2- to 4-s
interval. Timing for SCADA measurements is usually poorly correlated because the clocks for the various
measurements are not synchronized, often resulting in measurements errors.
• PMUs collect synchronized real-time measurements (e.g., voltage, current, power flow, frequency, and
power angle) from power grids and align them with granular time reference data obtained from GPS
signals, or any other reliable timing source. PMUs are able to provide accurate measurements with time
stamps up to 60 samples per second (North American Electric Reliability Corporation, 2010). The place-
ment of PMUs should be determined carefully since PMUs and their installation are expensive. Very often,
a criterion for optimal PMU placement determines optimal PMU locations in the grid. The primary task
of PMU deployment is to determine the minimum number of strategic locations for PMUs that provide
sufficient observability of the power system.
• Circuit breakers are deployed within substations at both terminals of a transmission line. Their functions
include isolating transmission lines and transformers during a fault or during line maintenance to protect
workers. Operators can remotely send commands to modern IEDs to directly control circuit breakers.
• Transformer taps can be used to help regulate appropriate bus or line voltage by adjusting the number of
windings to raise or reduce the voltage. Operators can remotely specify the transformer tap positions to
regulate the voltage.
• FACTS implement power electronic components in substations so that operators can remotely control
voltage and power flow in transmission systems.
Smart Grid Handbook, Online © 2016 John Wiley & Sons, Ltd.
This article is © 2016 John Wiley & Sons, Ltd.
This article was published in the Smart Grid Handbook in 2016 by John Wiley & Sons, Ltd.
DOI: 10.1002/9781118755471.sgd055
Cybersecurity of SCADA within Substations 5
over a serial connection (RS-232) for non-routable communication or over TCP/IP (Transmission Con-
trol Protocol/Internet Protocol) for routable communications. DNP3 utilizes a master/slave communication
paradigm. The master is commonly the control center and the slave is the RTU or substation gateway. There-
fore, the master sends commands and receives measurements from the substation. The type of measurement
or control data transmitted by a DNP3 message is indicated by the message’s application service data unit
(ASDU). The ASDU’s type is dictated by the function code; each function code is associated with a set
of objects for the binary or analog values associated with that function code. Some ASDU types that can
be used to control substation functions include (i) write and (ii) operate, while those used to monitor data
values include (iii) read, and (iv) confirm. Function codes then have associated data objects that specify the
types of data associated with them, including analog values (e.g., current and voltage) or binary values (e.g.,
breaker status).
Unauthorized Access. Substations rely on remote communications for the maintenance, administration,
monitoring, and control functions since they are geographically dispersed. Physical access is also needed
occasionally for field engineers who work in the substation. Both remote and physical access functionality
provides opportunities for the attackers to gain substation access. The substation must be able to authen-
ticate both physical and remote users to ensure that malicious actors cannot log in to send malicious
commands, measurements, or perform other system manipulations.
Denial of Services (DoS). The communications with the substation often require that messages be received
within a fixed timeframe. If an attacker can either delay to drop authorized communications they can
disrupt various substation applications. This attack would be especially impactful if the grid is in an
emergency or alerted state, where timely information is needed to prevent a grid outage. The denial of
Smart Grid Handbook, Online © 2016 John Wiley & Sons, Ltd.
This article is © 2016 John Wiley & Sons, Ltd.
This article was published in the Smart Grid Handbook in 2016 by John Wiley & Sons, Ltd.
DOI: 10.1002/9781118755471.sgd055
6 Smart Grid Handbook
services (DoS) attack could target the WAN (wide area network) communication between the control
center and substations, or potentially affect inter-substation communication if the attacker previously
gained access to the substation.
Malware. An attacker could potentially leverage software vulnerabilities or missing authentication to
install malicious software on various substation systems (e.g., IEDs, HMIs, RTUs). This would allow
the attacker to perform complex manipulations of the various control functions used for substation
operations. Substation-specific functions performed by the malware include injection of malicious
control commands or grid measurements.
Eavesdropping. Many of the substation communications could include sensitive information, such as authen-
tication data (e.g., username and passwords) or data about the grid’s status (e.g., SCADA measurements).
If attackers can view this data, they could potentially use this information to gain further access to sub-
station components.
Cyber Physical Attack. Because substations have geographically remote locations, they are also vulnerable
to coordinated cyber physical attacks. In this attack, cyber attacks can be launched in coordination with a
physical attack to cause increased damage. An example occurred in San Jose, California, in 2013 where
multiple attackers damaged the communication system and physical system sequentially. First, the attack-
ers cut off the AT&T communication line near the targeted substation to paralyze the cell phone service.
After the first attack, the snipers shot several transformers at a distance. It took 27 days to repair the
targeted substation since 17 major transformers had been damaged. The area faced an increased danger
of power outage during the attack as the damage in communication system delayed the response time for
operators (Smith, 2014).
Smart Grid Handbook, Online © 2016 John Wiley & Sons, Ltd.
This article is © 2016 John Wiley & Sons, Ltd.
This article was published in the Smart Grid Handbook in 2016 by John Wiley & Sons, Ltd.
DOI: 10.1002/9781118755471.sgd055
Cybersecurity of SCADA within Substations 7
more stringent security controls, which is discussed later in the chapter. Note that no substation system is cat-
egorized as high, while systems that meet a certain voltage level or could impact interconnection reliability
operating limits (IROLs) are categorized as medium.
The remainder of the section explores various NERC CIP technical controls that apply to substations,
specifically those identified in CIP-007-7 “Systems Security Management” and CIP-005-5 “Electronic Secu-
rity Perimeter (ESP).”
NERC CIP-007-7 provides requirements on how systems are configured and managed to help reduce the
system’s attack surface and prevent vulnerabilities. It also identifies various security technologies that should
be incorporated within various systems to provide additional security. Key requirements include (i) restrict-
ing the network’s TCP/UDP (Transmission Control Protocol/User Datagram Protocol) ports and services,
(ii) implementing patch management procedures on all systems, (iii) employing mechanisms to monitor
for malicious code on systems, (iv) implementing logging and monitoring techniques for security-related
events, and (v) authenticating remote connections and limiting access to authenticated users.
Another key NERC CIP technical requirement for substations is CIP-005-5, 3.1.1, “ESP.” This standard
mandates the deployment of an ESP to secure devices, such as those within a substation. The ESP is a
concept to protect critical cyber assets by encapsulating them behind an electronic access point (EAP). The
EAP should provide various security features that can help protect the devices within the perimeter. This
helps address security concerns resulting in the substation’s dependencies on legacy devices that often lack
the necessary security protections. The EAPs should filter both inbound and outbound traffic, authenticate
and encrypt remote connections to the ESP, and perform intrusion detection on remote communication.
Smart Grid Handbook, Online © 2016 John Wiley & Sons, Ltd.
This article is © 2016 John Wiley & Sons, Ltd.
This article was published in the Smart Grid Handbook in 2016 by John Wiley & Sons, Ltd.
DOI: 10.1002/9781118755471.sgd055
8 Smart Grid Handbook
guidance for substations components (e.g., switches, routers, wireless base stations, IEDs) (IEEE Std
C37.240TM-2014, 2014). The following list identifies some key requirements from this document.
In addition, the document describes high-level guidance relating to security testing incident response, and
configuration management.
4.1 Encryption
As identified in Section 3.1, NERC CIP requires the use of encryption on all remote connections to the sub-
station. Remote communications typically include both SCADA data protocols (e.g., DNP3 and Modbus)
and administrative/management data [e.g., SNMP (simple network management protocol), HTTP (hyper-
text transfer protocol), SSH (secure shell), FTP (file transfer protocol)]. In general, the latter has stronger
confidentiality requirements since it could include user passwords or other authentication information that
could be used by an attacker to directly gain additional access to substation devices. While being able to read
SCADA data could give an attacker an understanding of the system’s state, it will not provide the attacker
with the direct ability to control devices. Substations usually have physical protections, such as locked gates
and cabinets, so it is assumed that communications within the substation cannot be easily eavesdropped.
Smart Grid Handbook, Online © 2016 John Wiley & Sons, Ltd.
This article is © 2016 John Wiley & Sons, Ltd.
This article was published in the Smart Grid Handbook in 2016 by John Wiley & Sons, Ltd.
DOI: 10.1002/9781118755471.sgd055
Cybersecurity of SCADA within Substations 9
Therefore, encryption is required for remote communications, but not for intra-substation communication.
In addition, inter-substation communications are often used for near real-time control with low latency
requirements. Table 3 provides an overview of the message types and acceptable latencies for substation
functions as defined in IEC 61850 (Mohagheghi, Stoupis, and Wang, 2009). Notice that fault isolation and
protection functions have very small allowable latency, and therefore, introduce performance constraints
during authentication and encryption.
While there are techniques and protocols that can perform encryption at each layer of the TCP/IP model
(e.g., network, Internet, transport, application), this chapter highlights approaches at the Internet and trans-
port layers. NERC CIP identifies both TLS and Internet protocol security (IPSec) as prominent options
for protecting remote communications to substations (North American Electric Reliability Corporation
(NERC), 2011).
At the transport layer, TLS is the predominant method for providing both encryption and authentication for
communications. Multiple standards such as IEC 62351 and NERC CIP identify TLS as an acceptable proto-
col to protect substation communications. IEC 62351 suggests that TLS should be used to protect the MMS
protocol since it is commonly used to support communication outside of the substation, unlike GOOSE
and SV. While the TLS protocol supports a wide array of cryptographic ciphers, IEC 62351 recommends
that devices should utilize either 128- or 256-bit Advanced Encryption Standard (AES) for encryption,
Diffie–Hellman-based key exchange, and either RSA or Digital Signature Algorithm (DSA) for authentica-
tion (Cleveland, 2012). Additional SCADA protocols, such as IEC 60870-5-104, DNP3, and Modbus, can
also operate over TLS to provide the necessary security.
Smart Grid Handbook, Online © 2016 John Wiley & Sons, Ltd.
This article is © 2016 John Wiley & Sons, Ltd.
This article was published in the Smart Grid Handbook in 2016 by John Wiley & Sons, Ltd.
DOI: 10.1002/9781118755471.sgd055
10 Smart Grid Handbook
within substations because of computational overhead. Table 4 explores the latency introduced by popular
cryptographic algorithms based on work performed by Hauser, Manivannan, and Bakken (2012). These
results were computed on a 2.8 GHz processor in publisher/subscriber architecture. Notice that RSA and
DSA algorithms may introduce excessive delay for any control application that requires millisecond-level
latencies, such as those described for protection and fault isolation functions in Table 3.
Smart Grid Handbook, Online © 2016 John Wiley & Sons, Ltd.
This article is © 2016 John Wiley & Sons, Ltd.
This article was published in the Smart Grid Handbook in 2016 by John Wiley & Sons, Ltd.
DOI: 10.1002/9781118755471.sgd055
Cybersecurity of SCADA within Substations 11
Auth. response
ASDU response
(a) (b)
The challenge–response algorithm can introduce additional overhead as it essentially doubles the round
trip latency of the message. This may not be acceptable in certain substation operations with either long com-
munication latencies or with very fast communication requirements (e.g., protection operations). Therefore,
DNP3 SA also provides an aggressive authentication approach that does not use the challenge–response.
With the aggressive approach (Figure 2b), the responder computes the MAC before sending the original
ASDU and then transmits the MAC in the same transmission as the ASDU. The challenger can then imme-
diately verify the message and send its response.
The session keys are only used for actual authentication during the length of a DNP session. An update key
is also used to support the generation of new session keys for each new session. This means that if a session
is compromised the attacker cannot manipulate later session keys. The protocol also supports changing the
update key so that it can be refreshed periodically to prevent a compromise. This can be done with both
symmetric and asymmetric approaches. With a symmetric key approach, both ends of the connections must
utilize a trusted third party that they share keys with. Then the trusted third party can distribute keys to
each DNP3 client. Asymmetric keys can be used in place of the trusted third party. In this approach, each
device has a public/private key pair that they can use to encrypt and transmit new update keys between
systems.
Smart Grid Handbook, Online © 2016 John Wiley & Sons, Ltd.
This article is © 2016 John Wiley & Sons, Ltd.
This article was published in the Smart Grid Handbook in 2016 by John Wiley & Sons, Ltd.
DOI: 10.1002/9781118755471.sgd055
12 Smart Grid Handbook
Smart Grid Handbook, Online © 2016 John Wiley & Sons, Ltd.
This article is © 2016 John Wiley & Sons, Ltd.
This article was published in the Smart Grid Handbook in 2016 by John Wiley & Sons, Ltd.
DOI: 10.1002/9781118755471.sgd055
Cybersecurity of SCADA within Substations 13
Privileges
Roles View Read Control Reporting Dataset
Viewer ✓ – – – –
Operator ✓ ✓ ✓ – –
Engineer – ✓ – ✓ ✓
Smart Grid Handbook, Online © 2016 John Wiley & Sons, Ltd.
This article is © 2016 John Wiley & Sons, Ltd.
This article was published in the Smart Grid Handbook in 2016 by John Wiley & Sons, Ltd.
DOI: 10.1002/9781118755471.sgd055
14 Smart Grid Handbook
Remote access
WAN
DMZ
Firewall
Remote
access server
VPN Firewall
performance requirements within substations require more tailored technologies. Numerous IDS meth-
ods have been explored for their applications to modern substations, including signature, anomaly, and
specification-based approaches. Each approach has trade-offs in the ease of use, along with the propensities
to false negatives (type-I) and false negative (type-II) errors.
Signature-based IDS techniques, such as Snort (Roesch, 1999), work by comparing all network activity
against a database of known attack patterns (or “signatures”). This approach is extremely common in tra-
ditional IT environments because it generally produces low false-positive rates. However, in order to use
signature-based approaches within a substation, new signatures need to be developed specific to the substa-
tion communication protocols and devices. Some initial work has been done exploring special signatures
for common substation protocols, such as DNP3 and Modbus (QuickDraw SCADA IDS. DigitalBond Inc.,
2011). While this work provides initial protocol signatures, they are not directly tailored toward common
substation implementations. The following list provides examples of DNP3 protocol misuses that can be
detected by these signatures.
While signature-based approaches provide low-false positives, they are largely ineffective against new
attacks that do not yet have a signature. Anomaly-based approaches, which monitor unusual system behav-
iors in an attempt to categorize attacks, have been explored as a means to overcoming the limitations of
signature-based approaches. The detection of anomalies is often done through some statistical analysis or
machine learning approach (e.g., clustering, neural networks, support vector machines). This technique
could be very useful in substations environments, which often see fewer anomalies than traditional IT
environments.
Smart Grid Handbook, Online © 2016 John Wiley & Sons, Ltd.
This article is © 2016 John Wiley & Sons, Ltd.
This article was published in the Smart Grid Handbook in 2016 by John Wiley & Sons, Ltd.
DOI: 10.1002/9781118755471.sgd055
Cybersecurity of SCADA within Substations 15
Work by Hong, Liu, and Govindarasu (2014) explored anomaly detection techniques for substations
based on device and network events. Network-specific properties incorporated in the IDS include common
substation protocols (e.g., GOOSE, SV), along with the communication patterns used to change breaker
status or update voltage and current measurements. This approach collects indicator information across
a wide array of host and network parameters, which are identified in Table 7. The work then computes
substation vulnerability indices and alerts on the basis of the anomalies observed from the indicator
data sets.
Specification-based IDS approaches have also been explored to protect substation communication. This
approach differs from anomaly and signature-based approaches as its functionality is based on the design of
a specification for the intended system behavior. This specification is then used as a basis to compare all new
network events. For example, work by Lin et al. (2013) demonstrated a specification-based IDS for DNP3
SCADA communications based on the Bro platform. The security policies defined in this work explore both
the structure and the temporal sequences of packets. First, a parser validates the packet when it is initially
received to ensure it does not have any structural violations. The policy also then specifies some temporal
sequences of packets based on the DNP3 function codes and objects.
Smart Grid Handbook, Online © 2016 John Wiley & Sons, Ltd.
This article is © 2016 John Wiley & Sons, Ltd.
This article was published in the Smart Grid Handbook in 2016 by John Wiley & Sons, Ltd.
DOI: 10.1002/9781118755471.sgd055
16 Smart Grid Handbook
While this chapter provides a brief overview of substation cybersecurity, much more information is avail-
able on this topic. Here is a list of additional reading material that can provide a more in-depth overview of
the various topics addressed in the chapter.
• A Survey on Cyber Security for Smart Grid Communications (Yan et al., 2012)
• Cyber Security in the Smart Grid: Survey and Challenges (Wang and Lu, 2013)
• Authentication and Authorization Mechanisms for Substation Automation in Smart Grid Network
(Vaidya, Makrakis, and Mouftah, 2013)
• NISTIR 7628, Guidelines for Smart Grid Cybersecurity (NISTIR 7628, 2010)
References
Cleveland, F. (2012) IEC TC57 WG15: IEC 62351 Security Standards for the Power System Information Infrastructure.
Hauser, C., Manivannan, T., and Bakken, D. (2012) Evaluating Multicast Message Authentication Protocols for Use in Wide Area
Power Grid Data Delivery Services. 2012 45th Hawaii International Conference on System Science (HICSS), pp. 2151–2158, 4–7
Jan.
Hong, J., Liu, C.-C., and Govindarasu, M. (2014) Integrated anomaly detection for cyber security of the substations. IEEE Transactions
on Smart Grid, 5 (4), 1643–1653.
IEEE 1815-2010 (2010) DNP3 Version 5, Secure Authentications. Institute of Electrical and Electronics Engineers (IEEE), https://www
.dnp.org/Lists/Announcements/Attachments/7/Secure%20Authentication%20v5%202011-11-08.pdf (accessed 24 October 2015).
IEEE-1815 (2012) Standard for Electric Power Systems Communications Distributed Network Protocol (DNP).
IEEE Std C37.240TM-2014 (2014) Standard Cybersecurity Requirements for Substation Automation, Protection, and Control Systems.
IEEE Power and Energy Society.
Khurana, H., Bobba, R., Yardley, T., et al. (2010) Design Principles for Power Grid Cyber-Infrastructure Authentication Protocols.
Proceeding of the 43rd Hawaii International Conference on System Sciences.
Lee, B., Kim, D.-K., Yang, H., et al. (2015) Role-based access control for substation automation systems using XACML. Information
Systems, 53, 237–249, ISSN 0306-4379, 10.1016/j.is.2015.01.007.
Lin, H., Slagell, A., Di Martin, C., et al. (2013) Adapting Bro into SCADA: Building a Specification-Based Intrusion Detection Sys-
tem for the DNP3 Protocol. Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop
(CSIIRW ’13), 4 pages.
Mander, T., Cheung, R., and Nabhani, F. (2010) Power system DNP3 data object security using data sets. Computers & Security, 29 (4),
487–500, ISSN 0167-4048.
Mohagheghi, S., Stoupis, J., and Wang, Z. (2009) Communication Protocols and Networks for Power Systems – Current Status and
Future Trends. Proceedings of Power Systems Conference and Exposition (PES ’09).
NISTIR 7628 (2010) Guidelines for Smart Grid Cybersecurity. National Institute of Standards and Technology (NIST), September.
North American Electric Reliability Corporation (2010) Real-Time Application of Synchrophasors for Improving Reliability, http://
www.nerc.com/docs/oc/rapirtf/RAPIR%20final%20101710.pdf (accessed 24 October 2015).
North American Electric Reliability Corporation (NERC) (2011) Guidance for Secure Interactive Remote Access, http://www.nerc
.com/fileUploads/File/Events%20Analysis/FINAL-Guidance_for_Secure_Interactive_Remote_Access.pdf (accessed 24 October
2015).
North American Electric Reliability Corporation (NERC) (2013) Critical Infrastructure Protection (CIP) Standards, http://www.nerc
.com/pa/Stand/Pages/CIPStandards.aspx (accessed 24 October 2015).
QuickDraw SCADA IDS. DigitalBond Inc. (2011) http://www.digitalbond.com/?s=quickdraw (accessed 24 October 2015).
Roesch, M. (1999) Snort – Lightweight Intrusion Detection for Networks. Proceedings of the 13th USENIX conference on System
administration (LISA ’99). USENIX Association, Berkeley, CA, pp. 229–238.
Smith, R. (2014) Assault on California Power Station Raises Alarm on Potential for Terrorism. Wall Street Journal (Feb 5).
Thomas, M.S. and Ali, I. (2010) Reliable, fast, and deterministic substation communication network architecture and its performance
simulation. IEEE Transactions on Power Delivery, 25, 2364–2370.
U.S. Government Accountability Office (GAO) (2015) Defense Infrastructure: Improvements in DoD Reporting and Cybersecurity
Implementation Needed to Enhance Utility Resilience Planning.
Vaidya, B., Makrakis, D., and Mouftah, H.T. (2013) Authentication and authorization mechanisms for substation automation in smart
grid network. IEEE Network, 27 (1), 5–11.
Wang, W. and Lu, Z. (2013) Survey cyber security in the smart grid: survey and challenges. Computer Networks, 57 (5), 1344–1371.
Smart Grid Handbook, Online © 2016 John Wiley & Sons, Ltd.
This article is © 2016 John Wiley & Sons, Ltd.
This article was published in the Smart Grid Handbook in 2016 by John Wiley & Sons, Ltd.
DOI: 10.1002/9781118755471.sgd055
Cybersecurity of SCADA within Substations 17
Weis, B., Seewald, M., and Falk, H. (2013) IEC 62351 Security Protocol support for GDOI. Internet Engineering Task Force (IETF)
June, https://tools.ietf.org/html/draft-weis-gdoi-iec62351-9-00 (accessed 24 October 2015).
Wu, S.-S., Liu, C.-C., and Stefanov, A. (2014) Distributed Specification-Based Firewalls for Power Grid Substations. Innovative Smart
Grid Technologies Conference Europe (ISGT-Europe), 2014 IEEE PES, pp. 1–6, 12–15 Oct.
Yan, Y., Qian, Y., Sharif, H., et al. (2012) A survey on cyber security for smart grid communications. IEEE Communications Surveys
& Tutorials, 14 (4), 998–1010, Fourth Quarter.
Smart Grid Handbook, Online © 2016 John Wiley & Sons, Ltd.
This article is © 2016 John Wiley & Sons, Ltd.
This article was published in the Smart Grid Handbook in 2016 by John Wiley & Sons, Ltd.
DOI: 10.1002/9781118755471.sgd055