Combining IEC 61850 and TSN for smart grid security

Technology News |
By Nick Flaherty

Researchers in Spain have proposed using time sensitive networking technology to provide more secure power smart grids.

As the power grid is critical infrastructure, it needs to be protected against cyberattacks. IEC 61850 has been the standard to digitize power substations, independent of underlying protocols, and provides flexibility, reconfigurability, and interoperability, but it does not include specific cyber protection.

On the other hand, Time-sensitive networking (TSN), the deterministic Ethernet solution has merged operational and information technologies in those digitized substations. Nevertheless, both standards have open the door to new specific vulnerabilities in this critical energy sector, such as potential cyberattacks on the synchronization plane and the real-time traffic.

The researchers at the University of the Basque Country (UPV/EHU) in Bilbao and System-on-Chip Engineering in Erandio have used the security mechanisms from IEC 62351-, and applied to time-sensitive networking.

However, TSN has some particularities that need to be taken into account. The synchronization is the base of its functionality, and this depends on IEEE 1588. The security of IEEE 1588 is not straightforward, and the current commercial equipment cannot ensure adequate protection over the multiple vulnerabilities of this standard.

Moreover, some TSN traffic, such as the scheduled type, is strict real time that requires arriving at the listener before a definite time boundary. Therefore, the latency introduced by every node must be minimized (and globally deterministic). If encryption and authentication need to be applied to this traffic, the performance of regular microprocessor-based embedded systems is an issue

This tunnelling through the scheduled traffic minimises the latency in delivering messages but creates problems for cybersecurity as the messages cannot be thoroughly analyzed before been forwarded. This means non-authenticated, hostile traffic could be injected into the network for malicious purposes.

As TSN separates real-time data from the rest, it allows for the exploitation of usual security resources on non-critical traffic, in addition to its normal redundancy, as another protection. IEC 62351 sets some security features as optional “encryption”, not to delay critical traffic and offers specific measures. The measures in IEC 62351-6 are compatible with TSN, as Ethernet standard making the integration straightforward, for example, in wire-speed cryptography and strong security key management

Digitising power grids leads to the need to use different kinds of standards. IEC 61850 provides the data interoperability layer while TSN provides the ability to isolate time critical from non-time-critical traffic. This combined approach allows IT resources can protect non-time-critical traffic while the smart-grid-related time-critical traffic, on the other hand, can be protected by the use of IEC 62351.

Related articles

Other articles on eeNews Power


Linked Articles
eeNews Power