Search

Premium Membership ♕

Experience matters. Learn from experienced electrical engineers. Study specialized LV/HV technical articles, papers and courses.

Home / Technical Articles / Security for Substation Communications
Security for Substation Communications
Security for Substation Communications

Until recently the term “security,” when applied to SCADA communication systems, meant only the process of ensuring message integrity in the face of electrical noise and other disturbances to the communications. But, in fact, “security” also has a much broader meaning. Security, in the broader sense, is concerned with anything that threatens to interfere with the integrity of the business.

Our focus here will be to examine issues related more narrowly to SCADA security.
.

In an earlier section we discussed the role of the OSI reference model (ISO 7498-1) in defining a communications architecture. In similar fashion, ISO 7498-2, Information Processing Systems, Open Systems Interconnection, Basic Reference Model – Part 2: Security Architecture, issued in 1989, provides a general description of security services and related mechanisms that fit into the reference model, and it defines the positions within the reference model where they can be provided.

It also provides useful standard definitions for security terms.

ISO 7498-2 defines the following five categories of security service:

  1. Authentication: the corroboration that an entity is the one claimed
  2. Access control: the prevention of unauthorized use of a resource
  3. Data confidentiality: the property that information is not made available or disclosed to unauthorized individuals, entities, or processes
  4. Data integrity: the property that data has not been altered or destroyed in an unauthorized manner
  5. Nonrepudiation: data appended to, or a cryptographic transformation of, a data unit that allows a recipient of the data unit to prove the source and integrity of the unit and protect against forgery, e.g., by the recipient


Note that ISO 7498-2 provides standard definitions and an architecture for security services but leaves it to other standards to define the details of such services. It also provides recommendations on where the requisite security services should fit in the seven-layer reference model in order to achieve successful, secure interoperability between open systems.

Security functions can generally be provided alternatively at more than one layer of the OSI model. Communication channels that are strictly point-to-point – and for which no externally visible device addresses need to be observable — can employ encryption and other security techniques at the physical and data-link layers. If the packets need to be routable, messages either need to be encrypted at or above the network layer (the OSI recommendation), or the security wrapper needs to be applied and removed at each node of the interconnected network.

This is a bad idea because of the resultant complexities of security key management and the resultant probability of security leaks.

SOURCE: Daniel E. Nordell

Premium Membership

Get access to premium HV/MV/LV technical articles, electrical engineering guides, research studies and much more! It helps you to shape up your technical skills in your everyday life as an electrical engineer.
More Information
Edvard Csanyi - Author at EEP-Electrical Engineering Portal

Edvard Csanyi

Hi, I'm an electrical engineer, programmer and founder of EEP - Electrical Engineering Portal. I worked twelve years at Schneider Electric in the position of technical support for low- and medium-voltage projects and the design of busbar trunking systems.

I'm highly specialized in the design of LV/MV switchgear and low-voltage, high-power busbar trunking (<6300A) in substations, commercial buildings and industry facilities. I'm also a professional in AutoCAD programming.

Profile: Edvard Csanyi

One Comment


  1. Tobias Shivolo Endjala
    Jan 22, 2021

    I would like to get more information on this.

    Thank you

Leave a Comment

Tell us what you're thinking. We care about your opinion! Please keep in mind that comments are moderated and rel="nofollow" is in use. So, please do not use a spammy keyword or a domain as your name, or it will be deleted. Let's have a professional and meaningful conversation instead. Thanks for dropping by!

  ×  7  =  seven

Learn How to Design Power Systems

Learn to design LV/MV/HV power systems through professional video courses. Lifetime access. Enjoy learning!

EEP Hand-Crafted Video Courses

Check more than a hundred hand-crafted video courses and learn from experienced engineers. Lifetime access included.
Experience matters. Premium membership gives you an opportunity to study specialized technical articles, online video courses, electrical engineering guides, and papers written by experienced electrical engineers.