A flexible OT testbed for evaluating on-device implementations of IEC-61850 GOOSE

Authors

Matthew Boeding, University of Nebraska-Lincoln
Michael Hempel, University of Nebraska LincolnFollow
Hamid Sharif, University of Nebraska-LincolnFollow
Juan Lopez Jr., Oak Ridge National Laboratory
Kalyan Perumalla, Oak Ridge National Laboratory

Date of this Version

6-21-2023

Citation

international journal of critical infrastructure protection 42 (2023) 100618. https://doi.org/10.1016/j.ijcip.2023.100618

Comments

Used by permission.

Abstract

The growing convergence of Information Technology and Operational Technology has enhanced communication and visibility across power grids. This, coupled with the growing use of Distributed Energy Resources in power grids, has enhanced the grid capabilities while also creating a larger attack surface for malicious actors. A common protocol vulnerable to these attacks is the IEC-61850 GOOSE protocol due to its low-latency requirements, multicast packet delivery method, and lack of encryption. In this paper, we evaluate the security implications of different hardware implementations of this protocol by contrasting device response and recovery of two commercial off-the-shelf Intelligent Electronic Devices from separate manufacturers. The cyberattacks utilized in this paper are research-established GOOSE attacks with results measured in device latency and GOOSE endpoint response success.