8/22/2019 How IDEs From Variety of Vendors Exchange Information

1/15

How IDEs from variety of vendors exchange information? Do these IDEs require

secure transaction to acquire data from others IDEs?

How IDEs from variety of vendors exchange information? Do these IDEs require

secure transaction to acquire data from others IDEs?

What will happen if these data for online usage!

2 months ago

Close viewer Like Comment Follow Flag

o Flag as Promotiono Flag as Jobo Flag as Inappropriate

Moreo Reply Privately

Darshan Patel,Dhiren Thakkerand1 otherlike this

You,Darshan Patel,Dhiren Thakkerand1 otherlike this

22 commentsJump to most recent comments

GeoffUnfollow Follow Geoff

Geoff Garber Data exchange between IED's (rather than between one IED and a data gatherer

or SCADA RTU) has become popular over the last dozen or so years. SEL has been usingmirrored bits to send very fast and highly reliable digital messages over a serial link between

relays. Other manufacturers have similar systems. In the last few years, IEC 61850 protocol has

been using Ethernet to send similar (in function, at least) messages between IED's.

In theory, these messages should be able to be sent (published) to IED's of any manufacturer. As

long as each manufacturer complies with the IEC 61850 protocol profile, the transaction should

be easy and seamless. In fact, this has proven difficult. I've made this work, but never without a

http://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/groupItem?setLike=&gid=119621&type=member&item=242104860&csrfToken=ajax%3A0727308874102823049http://www.linkedin.com/groupItem?setLike=&gid=119621&type=member&item=242104860&csrfToken=ajax%3A0727308874102823049http://www.linkedin.com/groupItem?view=&gid=119621&type=member&item=242104860&commentID=-1#lastCommenthttp://www.linkedin.com/groupItem?view=&gid=119621&type=member&item=242104860&commentID=-1#lastCommenthttp://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=98837873&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=98837873&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=3939348&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=3939348&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=40023385&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=40023385&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=40023385&goback=%2Egde_119621_member_242104860http://www.linkedin.com/?trk=group_item_detail-b-show_lks-dischttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-dischttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-dischttp://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=3939348&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=3939348&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=3939348&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=40023385&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=40023385&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=40023385&goback=%2Egde_119621_member_242104860http://www.linkedin.com/?trk=group_item_detail-b-show_lks-dischttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-dischttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-dischttp://www.linkedin.com/groupItem?view=&gid=119621&type=member&item=242104860&commentID=-1#lastCommenthttp://www.linkedin.com/groupItem?view=&gid=119621&type=member&item=242104860&commentID=-1#lastCommenthttp://www.linkedin.com/groupItem?view=&gid=119621&type=member&item=242104860&commentID=-1#lastCommenthttp://www.linkedin.com/groupfollowing?unfollow=&followee=12985023&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=12985023&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=12985023http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=12985023http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=12985023http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=12985023http://www.linkedin.com/groupfollowing?unfollow=&followee=12985023&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=12985023&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupItem?view=&gid=119621&type=member&item=242104860&commentID=-1#lastCommenthttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-dischttp://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=40023385&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=3939348&goback=%2Egde_119621_member_242104860http://www.linkedin.com/?trk=group_item_detail-b-show_lks-dischttp://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=40023385&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=3939348&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=98837873&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/groupItem?view=&gid=119621&type=member&item=242104860&commentID=-1#lastCommenthttp://www.linkedin.com/groupItem?setLike=&gid=119621&type=member&item=242104860&csrfToken=ajax%3A0727308874102823049http://www.linkedin.com/groups

8/22/2019 How IDEs From Variety of Vendors Exchange Information

2/15

lot of adjustment. I'd like to use this for many more substation automation functions. Perhaps the

technology or the protocol needs more maturity.

2 months ago Unlike Like

Reply privately Flag as inappropriate Flag as promotion

1

GrantUnfollow Follow Grant

Grant Gilchrist Do you mean IEDs, Intelligent Electronic Devices? If so, the reason IEDs from

a variety of vendors can communicate using IEC 61850 is that IEC 61850 is a set of documentsthat specifies the format of the data and how it is to be transmitted. Most communications

standards do this. IEC 61850 is special because it also specifies text names for all the data that a

power system IED is likely to transmit, a file format for configuring IEDs, and a process forengineering groups of IEDs, such as those found in a substation.

Some IEC 61850 IEDs do require secure communications with other IEDs. For these devices,

IEC 61850 specifies the use of IEC 62351 parts 3, 4 and 6. The IEC 62351 standards specifyhow to use digital signatures, TLS and other security mechanisms to ensure IEC 61850

communications are secure.

In general, the risk in using IEC 61850 without security measures will vary depending what you

mean by "online". Most utilities deploy a "nested" topology in which more critical systems like

IEC 61850 are protected from Internet access behind several layers of firewalls, or sometimes byan "air gap". In these cases the IEC 61850 network is often not authenticated or encrypted at all.

So although the data is "online" in the sense it is on a WAN or LAN, it is nowhere near any

public network, and usually protected from the corporate network.

2 months ago Unlike Like

Reply privately Flag as inappropriate Flag as promotion

1

http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=138779378&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=138779378&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=138779378&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=12985023&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=12985023&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=138779378&flagReason=INAhttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=138779378&flagReason=INAhttp://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/groupfollowing?unfollow=&followee=3880066&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=3880066&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=3880066http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=3880066http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=138787401&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=138787401&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=138787401&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=3880066&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=3880066&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=138787401&flagReason=INAhttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=138787401&flagReason=INAhttp://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=3880066http://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/groupshttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=138787401&flagReason=INAhttp://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=3880066&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=138787401&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=138787401&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=3880066http://www.linkedin.com/groupfollowing?unfollow=&followee=3880066&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=3880066&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/groupshttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=138779378&flagReason=INAhttp://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=12985023&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=138779378&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=138779378&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860

8/22/2019 How IDEs From Variety of Vendors Exchange Information

3/15

AhmedUnfollow Follow Ahmed

Ahmed ALTAHER Thanks Grant for this explanation, but considering the WAN connectivity

for remote transactions to read IEDs data. Does IEC standards guarantee secure communication?,

or that is require special countermeasures.

2 months ago Unlike Like

Reply privately Flag as inappropriate Flag as promotion

0

GrantUnfollow Follow Grant

Grant Gilchrist To use IEC 61850 over an untrusted WAN would require the use of IEC 62351,

as I noted, which would include TLS and other counter-measures. So yes, I guess you could saythat IEC 62351 "guarantees" secure communication for IEC 62850. Although not even your bank

"guarantees" that you will have secure communications with their on-line site. Your IEC 61850vendor must commit to implementing IEC 62351 as specified in the standards. This "secure IEC

61850" is beyond "normal" IEC 61850 implementation.

I will also point out that standards have not yet been released for the use of IEC 61850 between

control centers and substations, if that is why you are planning to use IEC 61850 over a WAN.

2 months ago Unlike Like

Reply privately Flag as inappropriate Flag as promotion

0

http://www.linkedin.com/groupfollowing?unfollow=&followee=98837873&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=98837873&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=98837873http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=98837873http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=138854649&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=138854649&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=138854649&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=98837873&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=98837873&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=138854649&flagReason=INAhttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=138854649&flagReason=INAhttp://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/groupfollowing?unfollow=&followee=3880066&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=3880066&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=3880066http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=3880066http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=138856808&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=138856808&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=138856808&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=3880066&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=3880066&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=138856808&flagReason=INAhttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=138856808&flagReason=INAhttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=138856808&flagReason=INAhttp://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=3880066http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=98837873http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=3880066http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=98837873http://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/groupshttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=138856808&flagReason=INAhttp://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=3880066&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=138856808&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=138856808&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=3880066http://www.linkedin.com/groupfollowing?unfollow=&followee=3880066&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=3880066&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/groupshttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=138854649&flagReason=INAhttp://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=98837873&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=138854649&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=138854649&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=98837873http://www.linkedin.com/groupfollowing?unfollow=&followee=98837873&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=98837873&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_l

8/22/2019 How IDEs From Variety of Vendors Exchange Information

4/15

AhmedUnfollow Follow Ahmed

Ahmed ALTAHER Well, our main work is for research target. We try to define framework that

would force secure and safe applications for SAS systems (particularly IEC 61850). The issue,

many power and control engineers know how to configure, protect and manage power systems,but they have less knowledge about information security dealing with data and communication

networks.

2 months ago Unlike Like

Reply privately Flag as inappropriate Flag as promotion

0

IlanUnfollow Follow Ilan

Ilan Barda Indeed once you have an Ethernet network its easy to expand its usage creating a

cyber security problem to the critical SCADA traffic.For that reason we believe that you need to deploy security also in internal sub-station networks

and we have implemented a SCADA firewall in our sub-station switches.

We will have a booth in the upcoming Smart-Grid Paris event. In case you visit this event we cancontinue discussing the subject.

2 months ago Unlike Like

Reply privately Flag as inappropriate Flag as promotion

2

http://www.linkedin.com/groupfollowing?unfollow=&followee=98837873&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=98837873&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=98837873http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=98837873http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=138870289&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=138870289&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=138870289&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=98837873&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=98837873&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=138870289&flagReason=INAhttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=138870289&flagReason=INAhttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=138870289&flagReason=INAhttp://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/groupfollowing?unfollow=&followee=1794007&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=1794007&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=1794007http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=1794007http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=139810316&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=139810316&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=139810316&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=1794007&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=1794007&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=139810316&flagReason=INAhttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=139810316&flagReason=INAhttp://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=50655572http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=1794007http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=98837873http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=50655572http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=1794007http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=98837873http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=50655572http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=1794007http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=98837873http://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/groupshttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=139810316&flagReason=INAhttp://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=1794007&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=139810316&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=139810316&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=1794007http://www.linkedin.com/groupfollowing?unfollow=&followee=1794007&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=1794007&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/groupshttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=138870289&flagReason=INAhttp://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=98837873&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=138870289&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=138870289&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=98837873http://www.linkedin.com/groupfollowing?unfollow=&followee=98837873&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=98837873&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_l

8/22/2019 How IDEs From Variety of Vendors Exchange Information

5/15

Juan EstebanUnfollow Follow Juan Esteban

Juan Esteban Hoyos So sorry to said that but actually there is no secure transactions betweenIEDs.

part of and article that I wrote last summer... you can find it complete inhttp://markdehus.com/SGCOMM.pdf

The Problem of Encryption & Message Authenticationversus Latency

Latency is one of the primary barriers to implementing security

for peer-to-peer communications between IEDs. For

instance, IEC 61850-5 specifies a 4ms maximum delay forclass P1 type 1A GOOSE messages related to breaker trip

functions [12]. As a result, encryption or other security

measures, which increase the delay or latency, are avoided.

The IEC 62351 standard defines a mechanism that requireslow computational power to authenticate the data adding a digital

signature. The digital signature is created via mathematicaltechniques to validate the authenticity of a digital message usingasymmetrical cryptography. This kind of scheme uses public

and private keys to authenticate the message. The public

key is shared with everyone to decrypt a hash of the message,while the private key is kept private by the publisher to sign the

message. In the IEC 62351 standard part 6 states for applications

using GOOSE and IEC 61850-9-2 and requiring 4ms response

times, multicast configurations and low CPU overhead,encryption is not recommended [9]. Nevertheless the standard

does not say anything about authentication and its limitation.

Based on the ambiguity of authentication or encryption some

manufacturers do not implement any security in their IEDs,arguing that any security mechanism will increase the processing

time decreasing the speed of action against a fault.

At present it is difficult to reconcile the needs for securityand low latency. One study conducted by Cambridge University

and ABB in 2010 showed that processing (encoding and

decoding) digital signatures required intense CPU consumption.

Therefore, 32-bit Intel and ARM cores are generally incapableof computing and verifying a digital signature using the Rivest,

Shamir and Adleman (RSA) algorithm with 1024-bit keys

1 month ago Unlike Like

Reply privately Flag as inappropriate Flag as promotion

http://www.linkedin.com/groupfollowing?unfollow=&followee=50655572&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=50655572&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=50655572http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=50655572http://www.linkedin.com/redirect?url=http%3A%2F%2Fmarkdehus%2Ecom%2FSGCOMM%2Epdf&urlhash=2Hko&_t=tracking_dischttp://www.linkedin.com/redirect?url=http%3A%2F%2Fmarkdehus%2Ecom%2FSGCOMM%2Epdf&urlhash=2Hko&_t=tracking_dischttp://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=142053352&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=142053352&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=50655572&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=50655572&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=142053352&flagReason=INAhttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=142053352&flagReason=INAhttp://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=142053352&flagReason=INAhttp://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=50655572&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=142053352&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=142053352&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/redirect?url=http%3A%2F%2Fmarkdehus%2Ecom%2FSGCOMM%2Epdf&urlhash=2Hko&_t=tracking_dischttp://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=50655572http://www.linkedin.com/groupfollowing?unfollow=&followee=50655572&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=50655572&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_l

8/22/2019 How IDEs From Variety of Vendors Exchange Information

6/15

4

Juan EstebanUnfollow Follow Juan Esteban

Juan Esteban Hoyos within 4ms [11]. The time for a digital signature to be generated

at the sender and verified at the receiver is shown in Table I

as well as other similar algorithms such as the Digital SignatureAlgorithm (DSA), the Elliptic Curve DSA (ECSDA), and the

Boneh, Lynn, Shacham (BLS) scheme [13]. Although RSA is

the fastest (8.3ms), this time is not enough to comply with the

4ms time constraint. In fact NIST in a report of 2011 qualifiedthe RSA 1024-bits keys as acceptable through 2011, deprecated,

from 2011 through 2013, and disallowed after 2013. After2013 it is recommended to use 2048-bit keys, which will make

the 4ms time restriction more difficult to meet [14].The central processor unit (CPU) embedded in the IEDs has

some restriction due to the power dissipation. The IEDs are

fan-less; installed commonly in closed cases to avoid environmentalissues like dust, water, or insects. Thus, many embedded

processors are slower than the 1.0 GHz processor used in

this table and times will be even longer. New technologies like

multiple cores may enable faster times within the same heatdissipation budget. However, there are many IEDs already installed

in the market with slower CPUs.Currently neither the IEC 62351 recommendation nor proprietarymanufacturer solutions have been implemented extensively

to improve the security of GOOSE messages. In November

2011 Siemens published a patent to implement a newmethod of group key generation and management for the

GOOSE model that could help to address the need for low latency

security [15]. Meanwhile there is little clarity on how to

implement security for fast GOOSE messages without degradingthe actual performance of the IEDs.

1 month ago Unlike Like

Reply privately Flag as inappropriate Flag as promotion

3

http://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/groupfollowing?unfollow=&followee=50655572&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=50655572&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=50655572http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=50655572http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=142053561&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=142053561&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=50655572&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=50655572&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=142053561&flagReason=INAhttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=142053561&flagReason=INAhttp://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=50655572http://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/groupshttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=142053561&flagReason=INAhttp://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=50655572&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=142053561&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=142053561&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=50655572http://www.linkedin.com/groupfollowing?unfollow=&followee=50655572&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=50655572&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmt

8/22/2019 How IDEs From Variety of Vendors Exchange Information

7/15

Juan EstebanUnfollow Follow Juan Esteban

Juan Esteban Hoyos the proposal in 62351 it is some nice concepts, but nowone has any real

implementation that support 62351.

1 month ago Unlike Like

Reply privately Flag as inappropriate Flag as promotion

3

DavidUnfollow Follow David

David Ingram Juan, I think encryption ASICs or code executing in FPGAs will significantly

improve encryption or signing performance. Here is a link to a recent PhD thesis from the

University of Cork: "Hardware design of cryptographic accelerators"http://cora.ucc.ie/handle/10468/1112

65231-6 does not suggest encrypting the entire GOOSE or SV message, just the hash of the

message. This provides authenticity and prevents replay attacks. The standard states that the

overhead of fully encrypting and decrypting messages is likely to be too high. Perhaps astechnology improves this will be feasible.

It is a worry to see the number patents being applied for by manufacturers that cover system

integration and interoperability. Whether this is key management, network design or testing, itindicates to me that despite the benefits of a standard like 61850 the major manufacturers would

prefer to build automation systems where each box has the same logo on the front.

I think it is up to customers (the utilities that pay for these systems) to insist that interoperabilityis maintained from a technical perspective and with regards to licensing. There is no point having

a 61850 substation automation system from Vendor X that could take a new bay from Vendor Y

(meeting Vendor X's obligations for extensibility), but the lawyers stop it because Vendor Ydoes not have a licence for some patent that Vendor X holds).

http://www.linkedin.com/groupfollowing?unfollow=&followee=50655572&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=50655572&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=50655572http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=50655572http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=142053780&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=142053780&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=50655572&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=50655572&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=142053780&flagReason=INAhttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=142053780&flagReason=INAhttp://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/groupfollowing?unfollow=&followee=33120497&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=33120497&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=33120497http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=33120497http://www.linkedin.com/redirect?url=http%3A%2F%2Fcora%2Eucc%2Eie%2Fhandle%2F10468%2F1112&urlhash=qkzx&_t=tracking_dischttp://www.linkedin.com/redirect?url=http%3A%2F%2Fcora%2Eucc%2Eie%2Fhandle%2F10468%2F1112&urlhash=qkzx&_t=tracking_dischttp://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=33120497http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=50655572http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=33120497http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=50655572http://www.linkedin.com/redirect?url=http%3A%2F%2Fcora%2Eucc%2Eie%2Fhandle%2F10468%2F1112&urlhash=qkzx&_t=tracking_dischttp://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=33120497http://www.linkedin.com/groupfollowing?unfollow=&followee=33120497&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=33120497&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/groupshttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=142053780&flagReason=INAhttp://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=50655572&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=142053780&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=142053780&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=50655572http://www.linkedin.com/groupfollowing?unfollow=&followee=50655572&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=50655572&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_l

8/22/2019 How IDEs From Variety of Vendors Exchange Information

8/15

1 month ago Unlike Like

Reply privately Flag as inappropriate Flag as promotion

1

NishchalUnfollow Follow Nishchal

Nishchal Kush Dr. Ingram is correct in that Section 7.2.2.1 in Part 6 of the IEC 62351 standard

specifies only the signing of a SHA256 hash of the extended PDU is required.

However the recommended signing scheme is RSASSA-PSS (spelling error in standard

"RSASA-PSS"), which requires the server to produce an X.509 certificate (see 7.2.2.2 in Part 6of the IEC 62351 standard) to be installed on (or made accessible in some way to) clients to

access the "AES 128 bit public Key". We should note that AES is a symmetric cipher :) so there

is an anomaly in this part of the standard.

I suspect the point Mr. Hoyos is making is that existing IEDs may not be computationally robust

to handle such computation within the time constraints.

1 month ago Unlike Like

Reply privately Flag as inappropriate Flag as promotion

0

GrantUnfollow Follow Grant

Grant Gilchrist Hi folks, Please note that the performance concerns that many vendors havewith IEC 62351-6 are well-known to the members of IEC TC57 Working Group 15, which . A

draft Edition 2 has been submitted to the working group which will provide less

computationally-intense options.

http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=142308714&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=142308714&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=33120497&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=33120497&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=142308714&flagReason=INAhttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=142308714&flagReason=INAhttp://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/groupfollowing?unfollow=&followee=19812322&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=19812322&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=19812322http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=19812322http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=142457641&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=142457641&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=19812322&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=19812322&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=142457641&flagReason=INAhttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=142457641&flagReason=INAhttp://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/groupfollowing?unfollow=&followee=3880066&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=3880066&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=3880066http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=3880066http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=3880066http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=19812322http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=3880066http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=19812322http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=3880066http://www.linkedin.com/groupfollowing?unfollow=&followee=3880066&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=3880066&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/groupshttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=142457641&flagReason=INAhttp://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=19812322&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=142457641&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=142457641&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=19812322http://www.linkedin.com/groupfollowing?unfollow=&followee=19812322&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=19812322&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/groupshttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=142308714&flagReason=INAhttp://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=33120497&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=142308714&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=142308714&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860

8/22/2019 How IDEs From Variety of Vendors Exchange Information

9/15

1 month ago Unlike Like

Reply privately Flag as inappropriate Flag as promotion

0

Vinoo SUnfollow Follow Vinoo S

Vinoo S Warrier The 4ms timeline is only for use within the station LANs. It should be quite

possible and feasible to secure the station LAN from external traffic using firewalls or other

mechanisms and then IEDs within the "trusted" zone do not need to use encryption orauthentication. It would be the responsibility of external CPUs (in the firewall or other intrusion

detection systems) to handle the isolation of the station LAN.For communicating GOOSE messages to external world (outside the substation) the 4ms

deadline is ir-relevant. I believe there is no use case for sending a GOOSE requiring such latency

restrictions outside the substations. The performance classes for messaging outside the station

LAN have much higher allowed latencies and in those cases we may be able to use encryptionand authentication technologies. For that, we can avoid loading the IED CPUs, by having an

external gateway device, that performs the encryption and authentication.

In all cases therefore we can probably avoid implementing encryption and authentication insidethe IEDs themselves.

1 month ago Unlike Like

Reply privately Flag as inappropriate Flag as promotion

0

RodneyUnfollow Follow Rodney

Rodney Hughes Allow me to jump back to the three original questions ... assuming we are

talking about GOOSE and SV here since it is talking about IEDs getting data from other IEDs

http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=142619265&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=142619265&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=3880066&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=3880066&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=142619265&flagReason=INAhttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=142619265&flagReason=INAhttp://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/groupfollowing?unfollow=&followee=34936759&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=34936759&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=34936759http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=34936759http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=142669457&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=142669457&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=34936759&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=34936759&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=142669457&flagReason=INAhttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=142669457&flagReason=INAhttp://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/groupfollowing?unfollow=&followee=12601172&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=12601172&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=12601172http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=12601172http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=12601172http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=34936759http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=12601172http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=34936759http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=12601172http://www.linkedin.com/groupfollowing?unfollow=&followee=12601172&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=12601172&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/groupshttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=142669457&flagReason=INAhttp://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=34936759&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=142669457&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=142669457&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=34936759http://www.linkedin.com/groupfollowing?unfollow=&followee=34936759&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=34936759&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/groupshttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=142619265&flagReason=INAhttp://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=3880066&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=142619265&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=142619265&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860

8/22/2019 How IDEs From Variety of Vendors Exchange Information

10/15

Firstly GOOSE itself has no transmitted semantic - it is just a 1 or a 0 as the status of a function.

However in the engineering process, that 1 or 0 is configured as part of a DataSet - the

engineering of the data set is where the semantics makes our human efforts much much easier.What is transmitted is the Identifiers of the dataset so we can work out what is happening, but in

principle the other IED only needs to know it has to Subscribe to a particualr GOOSE message

identifier, and extract one (or more) elements - each element being a 1 or a 0So to encrypt a single bit (or series of bits as a dataset) which can be 1 or a 0 will simply slowdown communication immensely.

So the next part of the question relates to security of that GOOSEAs a heartbeat, yes someone could inject a false dataset message - but they first have to know

what the next message sequence number is going to be (ok they have a full one second to

monitor the network to work that out)

In changing one bit and advancing the sequence number, they then have to initiate the fast

repetition cycle

and then don't forget that there would still be the correct heartbeat at some point which would be

a lower sequence number than the spoofed message so some detection would be possible in less

than 1 second - OK a lot can happen in a substation in 1 second but you would have an alarm

that something was wrong

But simply seeing a dataset with a bunch of 1's or 0's say a data set of 1100001101010100101 -

how do they know which element is the bit that could cause the CB to trip if it was changed from1 to 0 or vice versa?? Only if they have access to all the semantics of the engineering process,

otherwise it is guess work.

Perhaps they could just invert all the bits - but then if there is a quality bit as part of the dataset, itwould also be reversed from healthy to unhealthy so the message would be ignored

So there is a bit of work to do to upset a GOOSE message exchange - it can be done but has to bedone very carefully so arguably you have some time to manage access and monitor activity

1 month ago Unlike Like

Reply privately Flag as inappropriate Flag as promotion

1

NishchalUnfollow Follow Nishchal

http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=142867244&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=142867244&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=12601172&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=12601172&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=142867244&flagReason=INAhttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=142867244&flagReason=INAhttp://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/groupfollowing?unfollow=&followee=19812322&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=19812322&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=19812322http://www.linkedin.com/groupfollowing?unfollow=&followee=19812322&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=19812322&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/groupshttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=142867244&flagReason=INAhttp://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=12601172&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=142867244&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=142867244&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860

8/22/2019 How IDEs From Variety of Vendors Exchange Information

11/15

Nishchal Kush Hello Mr. Hughes,

If I am not mistaken aren't the GOOSE datasets specified as ASN.1 in the standard and shouldfollow the format of having a Tag, Length, and then value (TLV) ? Therefore they should not

just be a bit stream, but instead encoded in this (TLV) format?

Also, in your comments above, I think you may be referring to the status number and not thesequence number. Is that correct?

SincerelyKush

1 month ago Unlike Like

Reply privately Flag as inappropriate

Flag as promotion

0

NishchalUnfollow Follow Nishchal

Nishchal Kush Hello Mr. Gilchrist,

Is the draft available outside the TC57 working group? If so then could you direct me to it, if not,then is there some way for me to join the TC57 working group?

I am a PhD candidate at the Queensland University of Technology and am working on intrusiondetection, particularly IEC 61850 based substations, and am presently looking at the security of

the GOOSE protocol

SincerelyKush

1 month ago Unlike Like

Reply privately Flag as inappropriate Flag as promotion

0

http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=19812322http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=19812322http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=143036665&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=143036665&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=19812322&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=19812322&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=143036665&flagReason=INAhttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=143036665&flagReason=INAhttp://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/groupfollowing?unfollow=&followee=19812322&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=19812322&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=19812322http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=19812322http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=143037018&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=143037018&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=19812322&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=19812322&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=143037018&flagReason=INAhttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=143037018&flagReason=INAhttp://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=19812322http://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/groupshttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=143037018&flagReason=INAhttp://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=19812322&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=143037018&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=143037018&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=19812322http://www.linkedin.com/groupfollowing?unfollow=&followee=19812322&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=19812322&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/groupshttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=143036665&flagReason=INAhttp://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=19812322&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=143036665&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=143036665&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=19812322

8/22/2019 How IDEs From Variety of Vendors Exchange Information

12/15

RodneyUnfollow Follow Rodney

Rodney Hughes @Nishchal there is a lot of stuff in the total message format definition for a

GOOSE - I picked on one

The point is that the intruder does need to sort out some general stuff according to therequirements of the GOOSE message format definition so they can properly format a spoof

message to look and be accepted as a valid new GOOSE - it includes other things like having a

valid GoID etc etc - all those things are defined by the Standard so they can easily work that stuff

out because see this nice repetitive message which is identified as GOOSE.

but the meaning of the dataset itself is only known to the Systems Integrator (and the vendor in

the case of vendor-fixed datasets)

1 month ago Unlike Like

Reply privately Flag as inappropriate Flag as promotion

0

Juan EstebanUnfollow Follow Juan Esteban

Juan Esteban Hoyos We had this discussion before and I agree with Nishchal. All the

parameters in the GOOSE message except the meaning of each data sets could be known from

the message. Also you can know if the data inside each data set is analog or digital.

If the principal use of GOOSE is to transfer important signals between IEDs. This isinterlocking, fast trips, or important variable.

Then inverting the status " changing a 0 by 1 or viceversa" for each single bit the probability to

create a miss-operation in the substation is incredibly high. The more probable scenario is thatyou will hit some variables that could create possibles false trips.

Also in one second you can create at leats 250 types messages with different combination of 0sand 1s. This is the easiest attack that could be performed.

http://www.linkedin.com/groupfollowing?unfollow=&followee=12601172&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=12601172&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=12601172http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=12601172http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=143043306&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=143043306&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=12601172&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=12601172&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=143043306&flagReason=INAhttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=143043306&flagReason=INAhttp://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/groupfollowing?unfollow=&followee=50655572&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=50655572&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=50655572http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=50655572http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=50655572http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=12601172http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=50655572http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=12601172http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=50655572http://www.linkedin.com/groupfollowing?unfollow=&followee=50655572&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=50655572&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/groupshttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=143043306&flagReason=INAhttp://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=12601172&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=143043306&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=143043306&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=12601172http://www.linkedin.com/groupfollowing?unfollow=&followee=12601172&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=12601172&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_l

8/22/2019 How IDEs From Variety of Vendors Exchange Information

13/15

1 month ago Unlike Like

Reply privately Flag as inappropriate Flag as promotion

1

RodneyUnfollow Follow Rodney

Rodney Hughes and so we agree that the Systems Integrator needs to include various levels of

security (starting with intrusion detection/prevention at firewalls etc) because it is very possible

to send a bunch of spoofed GOOSE between one normal repetition and the next real GOOSE 1second later.

What I am simply saying is that the SI needs to think about GOOSE and how the system could

detect such "chattering" of signals whilst the intruder launches a bunch of attempts to make

something happen.

As an example to prevent an attack based on a total inversion of the dataset, you could imagine a

bit which is supposed to be permanently a 1 or a 0 - it doesn't even have to have a function

behind it - but a good example would be the q bit of the IED which should normally be 1 - if itreverts to a 0 then the receiving IED should ignore the whole message and go into a graceful

degradation mode.

We can also imagine some security being afforded for say a protection function operation byrequiring the data set to have both PTOC.Op as well as PTOC.Str set as 1 - the .Op will cause

trips but only if accompanied by the .Str - if only the .Op arrives as a 1 the message could be

ignored. If it was a valid .Op but the .Str processing in the publisher IED is a bit slow, it willonly be a millisecond or so before they both arrive.

And of course a GOOSE in principle should not arrive via an external comms interface - well

certainly only specific GOOSE should arrive that way in sub2sub schemes - so some port based"where has this GOOSE come from" filtering in the firewall/switches can help.

The point of all this is that the GOOSE message itself is not inherently secure so it is arequirement of the [good] Systems Integrator thinking about the message content and how the

subscriber is going to use the signals. It may not be 100% coverage but you can minimise the

opportunities for successful spoofing by building in some measures "layer upon layer upon layer

...".

1 month ago Unlike Like

http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=143100994&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=143100994&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=50655572&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=50655572&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=143100994&flagReason=INAhttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=143100994&flagReason=INAhttp://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/groupfollowing?unfollow=&followee=12601172&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=12601172&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=12601172http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=12601172http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=143114391&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=143114391&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=12601172http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=143114391&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=143114391&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=12601172http://www.linkedin.com/groupfollowing?unfollow=&followee=12601172&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=12601172&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/groupshttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=143100994&flagReason=INAhttp://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=50655572&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=143100994&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=143100994&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2Egde_119621_member_242104860

8/22/2019 How IDEs From Variety of Vendors Exchange Information

14/15

Reply privately Flag as inappropriate Flag as promotion

1

true 23 23 groupItem?seeM

BruceUnfollow Follow Bruce

Bruce Paterson Small quibble, but I agree with Rodney's general assertion: Quality is

represented as a 13 bit-field datatype, even in a Goose, and Boolean as a single bit, so it may be

easy enough to work out which bits to try flipping to cause potential chaos.

1 month ago Unlike Like

Reply privately Flag as inappropriate Flag as promotion

0

RodneyUnfollow Follow Rodney

Rodney Hughes "13 bit-field datatype, even in a Goose"

what are you sending in your GOOSE?

1 month ago Unlike Like

Reply privately Flag as inappropriate Flag as promotion

0

http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=12601172&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupMsg?displayCreate=&contentType=MEBC&connId=12601172&groupID=119621&goback=%2Egde_119621_member_242104860http://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=143114391&flagReason=INAhttp://www.linkedin.com/groupItem?flag=&gid=119621&type=member&item=242104860&commentID=143114391&flagReason=INAhttp://www.linkedin.com/groupshttp://www.linkedin.com/groupshttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/?trk=group_item_detail-b-show_lks-cmthttp://www.linkedin.com/groupfollowing?unfollow=&followee=3324262&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groupfollowing?unfollow=&followee=3324262&csrfToken=ajax%3A0727308874102823049&goback=%2Egde_119621_member_242104860&trk=ufp_lhttp://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=3324262http://www.linkedin.com/groups?viewMemberFeed=&gid=119621&memberID=3324262http://www.linkedin.com/groupItem?setUnlike=&gid=119621&type=member&item=242104860&commentID=143647374&csrfToken=ajax%3A0727308874102823049&trk=gde_unlkcmt&goback=%2