Detecting cyber intrusions in substation networks

Multiple layers of protection are necessary to ensure the cyber security of substations. Cryptography allows for the authentication of devices, but not all attacks can be prevented with these measures. Firewalls and ‘air gaps’ can be circumvented through existing remote access tunnels, or through maintenance computers directly attached to intelligent electronic devices (IEDs) or the station bus. Therefore, measures are needed to detect threats in the substation to enable a quick response and to minimize consequences. This paper describes the security requirements of international standard IEC 61850 for substations, and the different approaches for detecting threats in these networks. An approach specifically developed for the IEC 61850 station and process bus is presented here.

Back to search

Order the full article

Get a copy of this back issue article in digital PDF format

Buy Now

Print Journal

Go in-depth with the international journal on hydropower & dams

Learn more

Detecting cyber intrusions in substation networks

All your interactions with our website are protected by strong 256-bit encryption. Learn more about how we safeguard your personal data in our Privacy Policy.