Electrical & Computer Engineering, Department of


First Advisor

Hamid R. Sharif-Kashani

Date of this Version

Summer 8-2022


title={A Novel Testbed For Evaluation Of Operational Technology Communications Protocols And Their On-Device Implementations},
author={Boeding, Matthew},
school={University of Nebraska-Lincoln}



A THESIS Presented to the Faculty of The Graduate College at the University of Nebraska In Partial Fulfillment of Requirements For the Degree of Master of Science, Major: Telecommunications Engineering, Under the Supervision of Professor Hamid R. Sharif-Kashani. Lincoln, Nebraska: August, 2022

Copyright © 2022 Matthew Boeding


Operational Technology (OT) and Infrastructure Technology (IT) systems are converging with the rapid addition of centralized remote management in OT systems. Previously air-gapped systems are now interconnected through the internet with application-specific protocols. This has led to systems that had limited access points being remotely accessible. In different OT sectors, legacy protocols previously transmitted over serial communication were updated to allow internet communication with legacy devices. New protocols such as IEC-61850 were also introduced for monitoring of different OT resources. The IEC-61850 standard’s Generic Object Oriented Substation Event (GOOSE) protocol outlines the representation and communication of a variety of different components through Publisher and Subscriber roles. Each publisher and subscriber are defined specifically on Intelligent Electronic Devices (IEDs), which may differ in manufacturer and capabilities. Each defined publisher and subscriber are network specific, so the different topologies and data types sent can vary between networks. To support the different objects represented in the protocol, customizable configurations for GOOSE supporting components is required. In this thesis, an effective, flexible, and practical testbed is introduced for evaluating OT protocols, with a case study in the implementation of the GOOSE protocol on IEDs. Common cyberattacks on the GOOSE protocol are identified and implemented on the testbed with variable data rate generation. The tests are executed on three separate GOOSE devices, two devices from reputable manufacturers, and a Raspberry Pi running an open source library, libiec61850. Each device is configured in accordance with manufacturer instruction to ensure the test operated under valid operating conditions.

Advisor: Hamid R. Sharif-Kashani