A Testbed for Evaluating Performance and Cybersecurity Implications of IEC-61850 GOOSE Hardware Implementations

Matthew Boeding; Michael Hempel; Hamid Sharif; Juan Lopez; Kalyan Perumalla

doi:10.1109/CCNC51644.2023.10060534

A Testbed for Evaluating Performance and Cybersecurity Implications of IEC-61850 GOOSE Hardware Implementations

Matthew Boeding
, Michael Hempel
, Hamid Sharif
, Juan Lopez
, Kalyan Perumalla

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

4 Scopus citations

Abstract

The IEC-61850 standard introduced multiple protocols to increase data visibility across various power grid systems. The Generic Object Oriented Substation Events (GOOSE) protocol in particular is designed for bay-level communications, distributing high-priority messages across a power grid through the use of Intelligent Electrical Devices (IEDs). However, the protocol's multicast messaging and time requirements create cybersecurity concerns that can be exploited by a malicious actor. While the literature has examined the protocol's cybersecurity vulnerabilities, there is limited research on the consequences for performance and cybersecurity of the protocol's implementation on physical IEDs. In this paper, we introduce a flexible and practical testbed for GOOSE implementation evaluations performed on different devices, and to enable the demonstration of how different implementations on physical devices aim to mitigate GOOSE's vulnerabilities. We show the results of our testbed generating GOOSE traffic at variable data rates, with varying packet sizes. These results are then compared and verified against an IED with GOOSE protocol functionality to validate protocol generation. While this paper focuses on IEC-61850 GOOSE, the testbed presented herein is not limited to a single protocol, however, and can easily be utilized to expand the evaluation scope to a variety of Operational Technology (OT) communications protocols.

Original language	English
Title of host publication	2023 IEEE 20th Consumer Communications and Networking Conference, CCNC 2023
Publisher	Institute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)	9781665497343
DOIs	https://doi.org/10.1109/CCNC51644.2023.10060534
State	Published - 2023
Event	20th IEEE Consumer Communications and Networking Conference, CCNC 2023 - Las Vegas, United States Duration: Jan 8 2023 → Jan 11 2023

Publication series

Name	Proceedings - IEEE Consumer Communications and Networking Conference, CCNC
Volume	2023-January
ISSN (Print)	2331-9860

Conference

Conference	20th IEEE Consumer Communications and Networking Conference, CCNC 2023
Country/Territory	United States
City	Las Vegas
Period	01/8/23 → 01/11/23

Funding

This manuscript has been authored by UT-Battelle, LLC, under contract DE-AC05-00OR22725 with the US Department of Energy (DOE). The publisher acknowledges the US government license to provide public access under the DOE Public Access Plan (http://energy.gov/downloads/doe-public-access-plan). This research has been supported in part by the Department of Energy Cybersecurity for Energy Delivery Systems program, and the Oak Ridge National Laboratory, under grants 4000175929 and 4000193048. It has also been supported in part by the University of Nebraska-Lincoln’s Nebraska Center for Energy Sciences Research (NCESR) under Cycle 16 Grant 20-706.

Keywords

Cybersecurity
GOOSE
ICS
IEC-61850
Testbed

Access to Document

10.1109/CCNC51644.2023.10060534

Cite this

Boeding, M., Hempel, M., Sharif, H., Lopez, J., & Perumalla, K. (2023). A Testbed for Evaluating Performance and Cybersecurity Implications of IEC-61850 GOOSE Hardware Implementations. In 2023 IEEE 20th Consumer Communications and Networking Conference, CCNC 2023 (Proceedings - IEEE Consumer Communications and Networking Conference, CCNC; Vol. 2023-January). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/CCNC51644.2023.10060534

Boeding, Matthew ; Hempel, Michael ; Sharif, Hamid et al. / A Testbed for Evaluating Performance and Cybersecurity Implications of IEC-61850 GOOSE Hardware Implementations. 2023 IEEE 20th Consumer Communications and Networking Conference, CCNC 2023. Institute of Electrical and Electronics Engineers Inc., 2023. (Proceedings - IEEE Consumer Communications and Networking Conference, CCNC).

@inproceedings{4fda7aaeedce48f5a9a358b513135b2e,

title = "A Testbed for Evaluating Performance and Cybersecurity Implications of IEC-61850 GOOSE Hardware Implementations",

abstract = "The IEC-61850 standard introduced multiple protocols to increase data visibility across various power grid systems. The Generic Object Oriented Substation Events (GOOSE) protocol in particular is designed for bay-level communications, distributing high-priority messages across a power grid through the use of Intelligent Electrical Devices (IEDs). However, the protocol's multicast messaging and time requirements create cybersecurity concerns that can be exploited by a malicious actor. While the literature has examined the protocol's cybersecurity vulnerabilities, there is limited research on the consequences for performance and cybersecurity of the protocol's implementation on physical IEDs. In this paper, we introduce a flexible and practical testbed for GOOSE implementation evaluations performed on different devices, and to enable the demonstration of how different implementations on physical devices aim to mitigate GOOSE's vulnerabilities. We show the results of our testbed generating GOOSE traffic at variable data rates, with varying packet sizes. These results are then compared and verified against an IED with GOOSE protocol functionality to validate protocol generation. While this paper focuses on IEC-61850 GOOSE, the testbed presented herein is not limited to a single protocol, however, and can easily be utilized to expand the evaluation scope to a variety of Operational Technology (OT) communications protocols.",

keywords = "Cybersecurity, GOOSE, ICS, IEC-61850, Testbed",

author = "Matthew Boeding and Michael Hempel and Hamid Sharif and Juan Lopez and Kalyan Perumalla",

note = "Publisher Copyright: {\textcopyright} 2023 IEEE.; 20th IEEE Consumer Communications and Networking Conference, CCNC 2023 ; Conference date: 08-01-2023 Through 11-01-2023",

year = "2023",

doi = "10.1109/CCNC51644.2023.10060534",

language = "English",

series = "Proceedings - IEEE Consumer Communications and Networking Conference, CCNC",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

booktitle = "2023 IEEE 20th Consumer Communications and Networking Conference, CCNC 2023",

}

Boeding, M, Hempel, M, Sharif, H, Lopez, J & Perumalla, K 2023, A Testbed for Evaluating Performance and Cybersecurity Implications of IEC-61850 GOOSE Hardware Implementations. in 2023 IEEE 20th Consumer Communications and Networking Conference, CCNC 2023. Proceedings - IEEE Consumer Communications and Networking Conference, CCNC, vol. 2023-January, Institute of Electrical and Electronics Engineers Inc., 20th IEEE Consumer Communications and Networking Conference, CCNC 2023, Las Vegas, United States, 01/8/23. https://doi.org/10.1109/CCNC51644.2023.10060534

A Testbed for Evaluating Performance and Cybersecurity Implications of IEC-61850 GOOSE Hardware Implementations. / Boeding, Matthew; Hempel, Michael; Sharif, Hamid et al.
2023 IEEE 20th Consumer Communications and Networking Conference, CCNC 2023. Institute of Electrical and Electronics Engineers Inc., 2023. (Proceedings - IEEE Consumer Communications and Networking Conference, CCNC; Vol. 2023-January).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - A Testbed for Evaluating Performance and Cybersecurity Implications of IEC-61850 GOOSE Hardware Implementations

AU - Boeding, Matthew

AU - Hempel, Michael

AU - Sharif, Hamid

AU - Lopez, Juan

AU - Perumalla, Kalyan

PY - 2023

Y1 - 2023

N2 - The IEC-61850 standard introduced multiple protocols to increase data visibility across various power grid systems. The Generic Object Oriented Substation Events (GOOSE) protocol in particular is designed for bay-level communications, distributing high-priority messages across a power grid through the use of Intelligent Electrical Devices (IEDs). However, the protocol's multicast messaging and time requirements create cybersecurity concerns that can be exploited by a malicious actor. While the literature has examined the protocol's cybersecurity vulnerabilities, there is limited research on the consequences for performance and cybersecurity of the protocol's implementation on physical IEDs. In this paper, we introduce a flexible and practical testbed for GOOSE implementation evaluations performed on different devices, and to enable the demonstration of how different implementations on physical devices aim to mitigate GOOSE's vulnerabilities. We show the results of our testbed generating GOOSE traffic at variable data rates, with varying packet sizes. These results are then compared and verified against an IED with GOOSE protocol functionality to validate protocol generation. While this paper focuses on IEC-61850 GOOSE, the testbed presented herein is not limited to a single protocol, however, and can easily be utilized to expand the evaluation scope to a variety of Operational Technology (OT) communications protocols.

AB - The IEC-61850 standard introduced multiple protocols to increase data visibility across various power grid systems. The Generic Object Oriented Substation Events (GOOSE) protocol in particular is designed for bay-level communications, distributing high-priority messages across a power grid through the use of Intelligent Electrical Devices (IEDs). However, the protocol's multicast messaging and time requirements create cybersecurity concerns that can be exploited by a malicious actor. While the literature has examined the protocol's cybersecurity vulnerabilities, there is limited research on the consequences for performance and cybersecurity of the protocol's implementation on physical IEDs. In this paper, we introduce a flexible and practical testbed for GOOSE implementation evaluations performed on different devices, and to enable the demonstration of how different implementations on physical devices aim to mitigate GOOSE's vulnerabilities. We show the results of our testbed generating GOOSE traffic at variable data rates, with varying packet sizes. These results are then compared and verified against an IED with GOOSE protocol functionality to validate protocol generation. While this paper focuses on IEC-61850 GOOSE, the testbed presented herein is not limited to a single protocol, however, and can easily be utilized to expand the evaluation scope to a variety of Operational Technology (OT) communications protocols.

KW - Cybersecurity

KW - GOOSE

KW - ICS

KW - IEC-61850

KW - Testbed

UR - https://www.scopus.com/pages/publications/85150650255

U2 - 10.1109/CCNC51644.2023.10060534

DO - 10.1109/CCNC51644.2023.10060534

M3 - Conference contribution

AN - SCOPUS:85150650255

T3 - Proceedings - IEEE Consumer Communications and Networking Conference, CCNC

BT - 2023 IEEE 20th Consumer Communications and Networking Conference, CCNC 2023

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 20th IEEE Consumer Communications and Networking Conference, CCNC 2023

Y2 - 8 January 2023 through 11 January 2023

ER -

Boeding M, Hempel M, Sharif H, Lopez J, Perumalla K. A Testbed for Evaluating Performance and Cybersecurity Implications of IEC-61850 GOOSE Hardware Implementations. In 2023 IEEE 20th Consumer Communications and Networking Conference, CCNC 2023. Institute of Electrical and Electronics Engineers Inc. 2023. (Proceedings - IEEE Consumer Communications and Networking Conference, CCNC). doi: 10.1109/CCNC51644.2023.10060534

A Testbed for Evaluating Performance and Cybersecurity Implications of IEC-61850 GOOSE Hardware Implementations

Abstract

Publication series

Conference

Funding

Keywords

Access to Document

Other files and links

Fingerprint

Cite this