TY - GEN
T1 - Alerga
T2 - 14th IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids, SmartGridComm 2023
AU - Battista, Jude
AU - Nahrstedt, Klara
AU - Valdes, Alfonso
AU - McFly, Shane
N1 - This research was supported by the Department of Energy under award number DE-OE0000780
PY - 2023
Y1 - 2023
N2 - IEC 61850 specifies the Generic Object Oriented Substation Event (GOOSE) protocol as one option for low latency communication of substation-related events. Due to its strict timing requirements, GOOSE lacks any form of encryption or authentication and has only minimal integrity guarantees. These absences render the protocol vulnerable to a variety of communication anomalies, including adversarial action. In particular, an adversary with access to the substation network can launch man in the middle (MITM) attacks. We propose Alerga, a set of tools to allow operators to mitigate some of the risks of the protocol while retaining its strengths. To that end, we have developed first a GOOSE simulation pipeline including data generation, anomaly detection, alert handling, causal reasoning and data visualization components. The simulator is designed to be modular, allowing operators to swap components to better fit their network capabilities. The volume of alert traffic on a substation network threatens operators with alert fatigue. In order to combat this, we secondly present a novel form of alert aggregation and processing, offering operators a condensed view of any threats to the system. Thirdly, to facilitate the handling of these threats, our causal reasoning system traces the alerts back to their most likely cause, generating an initial hypothesis for operators to investigate.
AB - IEC 61850 specifies the Generic Object Oriented Substation Event (GOOSE) protocol as one option for low latency communication of substation-related events. Due to its strict timing requirements, GOOSE lacks any form of encryption or authentication and has only minimal integrity guarantees. These absences render the protocol vulnerable to a variety of communication anomalies, including adversarial action. In particular, an adversary with access to the substation network can launch man in the middle (MITM) attacks. We propose Alerga, a set of tools to allow operators to mitigate some of the risks of the protocol while retaining its strengths. To that end, we have developed first a GOOSE simulation pipeline including data generation, anomaly detection, alert handling, causal reasoning and data visualization components. The simulator is designed to be modular, allowing operators to swap components to better fit their network capabilities. The volume of alert traffic on a substation network threatens operators with alert fatigue. In order to combat this, we secondly present a novel form of alert aggregation and processing, offering operators a condensed view of any threats to the system. Thirdly, to facilitate the handling of these threats, our causal reasoning system traces the alerts back to their most likely cause, generating an initial hypothesis for operators to investigate.
KW - GOOSE
KW - alert aggregation
KW - causal reasoning
KW - network simulation
UR - http://www.scopus.com/inward/record.url?scp=85180769106&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85180769106&partnerID=8YFLogxK
U2 - 10.1109/SmartGridComm57358.2023.10333915
DO - 10.1109/SmartGridComm57358.2023.10333915
M3 - Conference contribution
AN - SCOPUS:85180769106
T3 - 2023 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids, SmartGridComm 2023 - Proceedings
BT - 2023 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids, SmartGridComm 2023 - Proceedings
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 31 October 2023 through 3 November 2023
ER -