Premium Membership ♕

Limited Time Offer: Save 15% on Pro Plan with discount coupon: MX15. Study specialized LV/MV/HV technical articles and studies.

Home / Technical Articles / Security for Substation Communications
Security for Substation Communications
Security for Substation Communications

Until recently the term “security,” when applied to SCADA communication systems, meant only the process of ensuring message integrity in the face of electrical noise and other disturbances to the communications. But, in fact, “security” also has a much broader meaning. Security, in the broader sense, is concerned with anything that threatens to interfere with the integrity of the business.

Our focus here will be to examine issues related more narrowly to SCADA security.

In an earlier section we discussed the role of the OSI reference model (ISO 7498-1) in defining a communications architecture. In similar fashion, ISO 7498-2, Information Processing Systems, Open Systems Interconnection, Basic Reference Model – Part 2: Security Architecture, issued in 1989, provides a general description of security services and related mechanisms that fit into the reference model, and it defines the positions within the reference model where they can be provided.

It also provides useful standard definitions for security terms.

ISO 7498-2 defines the following five categories of security service:

  1. Authentication: the corroboration that an entity is the one claimed
  2. Access control: the prevention of unauthorized use of a resource
  3. Data confidentiality: the property that information is not made available or disclosed to unauthorized individuals, entities, or processes
  4. Data integrity: the property that data has not been altered or destroyed in an unauthorized manner
  5. Nonrepudiation: data appended to, or a cryptographic transformation of, a data unit that allows a recipient of the data unit to prove the source and integrity of the unit and protect against forgery, e.g., by the recipient

Note that ISO 7498-2 provides standard definitions and an architecture for security services but leaves it to other standards to define the details of such services. It also provides recommendations on where the requisite security services should fit in the seven-layer reference model in order to achieve successful, secure interoperability between open systems.

Security functions can generally be provided alternatively at more than one layer of the OSI model. Communication channels that are strictly point-to-point – and for which no externally visible device addresses need to be observable — can employ encryption and other security techniques at the physical and data-link layers. If the packets need to be routable, messages either need to be encrypted at or above the network layer (the OSI recommendation), or the security wrapper needs to be applied and removed at each node of the interconnected network.

This is a bad idea because of the resultant complexities of security key management and the resultant probability of security leaks.

SOURCE: Daniel E. Nordell

Premium Membership

Get access to premium HV/MV/LV technical articles, electrical engineering guides, research studies and much more! It helps you to shape up your technical skills in your everyday life as an electrical engineer.
More Information

Edvard Csanyi

Electrical engineer, programmer and founder of EEP. Highly specialized for design of LV/MV switchgears and LV high power busbar trunking (<6300A) in power substations, commercial buildings and industry facilities. Professional in AutoCAD programming.

One Comment

  1. Tobias Shivolo Endjala
    Jan 22, 2021

    I would like to get more information on this.

    Thank you

Leave a Comment

Tell us what you're thinking. We care about your opinion! Please keep in mind that comments are moderated and rel="nofollow" is in use. So, please do not use a spammy keyword or a domain as your name, or it will be deleted. Let's have a professional and meaningful conversation instead. Thanks for dropping by!

three  ×  3  =  

Learn How to Design Power Systems

Learn to design LV/MV/HV power systems through professional video courses. Lifetime access. Enjoy learning!

Subscribe to Weekly Newsletter

Subscribe to our Weekly Digest newsletter and receive free updates on new technical articles, video courses and guides (PDF).
EEP Academy Courses - A hand crafted cutting-edge electrical engineering knowledge