Skip to main content
OSTI.GOVU.S. Department of Energy Office of Scientific and Technical Information
U.S. Department of Energy
Office of Scientific and Technical Information
 

Alerga: Alert Aggregation and Reasoning in GOOSE Simulation Pipeline

Conference ·
; ; ;

IEC 61850 specifies the Generic Object Oriented Substation Event (GOOSE) protocol as one option for low latency communication of substation-related events. Due to its strict timing requirements, GOOSE lacks any form of encryption or authentication and has only minimal integrity guarantees. These absences render the protocol vulnerable to a variety of communication anomalies, including adversarial action. In particular, an adversary with access to the substation network can launch man in the middle (MITM) attacks. We propose Alerga, a set of tools to allow operators to mitigate some of the risks of the protocol while retaining its strengths. To that end, we have developed first a GOOSE simulation pipeline including data generation, anomaly detection, alert handling, causal reasoning and data visualization components. The simulator is designed to be modular, allowing operators to swap components to better fit their network capabilities. The volume of alert traffic on a substation network threatens operators with alert fatigue. In order to combat this, we secondly present a novel form of alert aggregation and processing, offering operators a condensed view of any threats to the system. Thirdly, to facilitate the handling of these threats, our causal reasoning system traces the alerts back to their most likely cause, generating an initial hypothesis for operators to investigate.

Research Organization:
National Renewable Energy Laboratory (NREL), Golden, CO (United States)
Sponsoring Organization:
U.S. Department of Energy (DOE)
DOE Contract Number:
AC36-08GO28308
OSTI ID:
2293497
Report Number(s):
NREL/CP-5T00-88766; MainId:89545; UUID:1a06be3a-c786-42fc-96ce-e7d8bd0d0094; MainAdminId:71774
Resource Relation:
Conference: Presented at the 2023 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm), 31 October - 3 November 2023, Glasgow, Scotland
Country of Publication:
United States
Language:
English

References (8)

CAPTAR: Causal-Polytree-based Anomaly Reasoning for SCADA Networks October 2019
Detection of DoS Attacks Using ARFIMA Modeling of GOOSE Communication in IEC 61850 Substations October 2020
ACRE: Abstract Causal REasoning Beyond Covariation June 2021
Exploiting the GOOSE protocol: A practical attack on cyber-infrastructure December 2012
EDMAND: Edge-Based Multi-Level Anomaly Detection for SCADA Networks October 2018
ED4GAP: Efficient Detection for GOOSE-Based Poisoning Attacks on IEC 61850 Substations November 2020
Denial-of-Service Attack on IEC 61850-Based Substation Automation System: A Crucial Cyber Threat towards Smart Substation Pathways September 2021
An Intrusion Detection System for IEC61850 Automated Substations October 2010

Similar Records

Related Subjects

MATHEMATICS AND COMPUTING
alert aggregation
causal reasoning
GOOSE
network simulation