Security Analysis and Auditing of IEC61850-Based Automated Substations

This paper proposes a scheme for auditing the security of an IEC61850-based network based upon a novel security metric for intelligent electronic devices (IEDs). A detailed security analysis on an IEC61850 automated substation is peformed initially with a focus on the possible goals of the attacker. This is followed by the development of a scheme to audit the security of such a network. Security metrics are considered since they provide a tangible means of quantifying the security of a network. The proposed auditing scheme is tested by using it to audit the security of an IEC61850 network. The results are then compared with two other metric schemes-the mean time to compromise (MTTC) metric and the VEA-bility metric, which are used for auditing conventional computer networks. The input data for both metrics are obtained by using a network security tool to scan the IEDs of the network. The impact of using high-traffic generating network security tools on a time-critical IEC61850 network is also investigated.