Site Navigation:

OSECS 61850 Secure SCADA Toolkit Background
The OSECS Toolkit
Toolkit components
Example products and solutions
SCL management capability
Benefits
Support

BACKGROUND

In electric power systems, computer-based protective devices and controllers are replacing older electromechanical technology, enabling more sophisticated utility automation.  The downside to this advance is the risk of malicious cyberattack.  

New and emerging international (IEC) monitoring and control (SCADA) standards and related technology offer significant cost, operational, and security improvements.  IEC-61850, the core standard for substations, is becoming the focus for all advanced utility automation.  IEC-61850 is being extended for monitoring and control of alternative energy systems, such as wind power (IEC-61400-25).

Cybersecurity in electric power systems has received focus from the Department of Homeland Security (DHS) and others.  Security requirements are being made enforceable through standards mandated under the 2005 Energy Policy Act.

THE OSECS TOOLKIT

OSECS 61850 Secure SCADA (OS3) Toolkit provides core components to build IEC-61850 products and customized solutions, enabling utilities to achieve major cost, operational, and security benefits, and comply with emerging standards and mandates.  

The Toolkit introduces a pioneering implementation of 61850 using broadly-based Web Services protocols, and provides conversion to the older industrial automation protocol (MMS) currently used by 61850 for device communications.  Wind power will use 61850 Web Services as an alternative protocol, and the European Commission has been sponsoring research to advance Web Services for SCADA applications in a variety of industries.

The Toolkit supports defense-in-depth through encryption, firewalls, role-based-access-control, one-way corporate data "push," non-disruptive shift-change GUI, intrusion detection, correlation of cybersecurity logs with power system multi-contingency attack vulnerabilities, and change-control/surveillance of substation device configuration settings, among other measures.  Leading edge open-source software technology is leveraged in the design.  Toolkit modules integrate with numerous open source tools for enhanced functionality.  Modules are available under either open source or commercial license.

TOOLKIT COMPONENTS

Toolkit components include:

• Open source 61850 MMS client stack
• Core 61850 Web Services (SOAP) messaging Server, MMS interface, and message access control
• Workstation 61850 SOAP messaging client
• Workstation 61850 object model and GUI (dialog, tabular, and graphic displays)
• Role based access control (RBAC) security policy management
• Security-Enhanced Linux platform and secure network environment
• Substation intelligent electronic device (IED) settings management process, upload, and surveillance system
• Power System Attack Warning System (PSAWS) correlation of cybersecurity logs and power system multi-contingency (cascading line outage) attack vulnerabilities
• SCL management functionality
• Additional SCADA functions (polling, persistent database, topology)
• Interface to advanced application functions (e.g., power flow, contingency analysis)

EXAMPLE PRODUCTS AND SOLUTIONS

Example products and solutions that can be constructed around the OS3 Toolkit include:

• Substation Configuration Language (SCL) preparation and management tools
• Maintenance HMI workstations
• SCADA systems for small utilities and research
• Control systems for distributed generation, including wind power
• Security appliances for substations and control centers
• Power System Attack Warning System (PSAWS) workstations

SCL MANAGEMENT CAPABILITY

A crucial Toolkit capability is SCL management featuring:

• Auto-generation of equipment and object names based on utility-defined naming conventions for switches, breakers, connectivity nodes, and external lines for breaker-and-a-half, double bus double breaker, main and transfer bus, single bus with bypass switch, sectionalized bus, and ring bus substation configurations
  
• User definition and placement of other equipment, and linking to 61850 IEDs
  
• User override of all constructed names and and user input of all others
  
• Utility-defined/selected Critical Infrastructure Protection (CIP) categories for equipment, category based access controls, and NERC CIP 002/003 documentation
  
• Both SCL file and SVG one-line diagram files produced for substation
  
• Both partial and complete SCL files accepted as input

BENEFITS

Benefits of these solutions include:  

• Defense-in-depth for emerging security mandates
• Readiness for alternative energy integration
• Technology commonality between corporate IT and real-time operations
• Addressing CEO-level security concerns throughout the utility entity
• Meeting need for cost and operational improvements

SUPPORT

Toolkit support, including installation, training, consulting, development, customization, and documentation, is available from OSECS. For further information you can call us at 301-565-4025 or email us at .