Emerging cybersecurity vulnerabilities in supervisory control and data acquisition (SCADA) systems are becoming urgent engineering issues for modern substations. This paper proposes a novel intrusion detection system (IDS) tailored for cybersecurity of IEC 61850 based substations. The proposed IDS integrates physical knowledge, protocol specifications and logical behaviours to provide a comprehensive and effective solution that is able to mitigate various cyberattacks. The proposed approach comprises access control detection, protocol whitelisting, model-based detection, and multi-parameter based detection. This SCADA-specific IDS is implemented and validated using a comprehensive and realistic cyber-physical test-bed and data from a real 500kV smart substation.
Yang, Y., Gao, L., Yuan, Y-B., McLaughlin, K., Sezer, S., & Gong, Y-F. (2016). Multidimensional Intrusion Detection System for IEC 61850 based SCADA Networks. Ieee Transactions On Power Delivery. https://doi.org/10.1109/TPWRD.2016.2603339