A flexible OT testbed for evaluating on-device implementations of IEC-61850 GOOSE

• Published in: International journal of critical infrastructure protection Vol. 42; no. C; p. 100618
• Main Authors: Boeding, Matthew, Hempel, Michael, Sharif, Hamid, Lopez, Juan, Perumalla, Kalyan
• Format: Journal Article
• Language: English
• Published: Netherlands Elsevier B.V 01.09.2023; Elsevier
• Subjects: Cyber-physical systems; GOOSE; IEC-61850; Industrial control systems; Operational technology; Smart grid; Vulnerability; Industrial control systems; IEC-61850; GOOSE; Cyber-physical systems; Vulnerability; Operational technology; Smart grid
• ISSN: 1874-5482; 2212-2087
• DOI: 10.1016/j.ijcip.2023.100618

The growing convergence of Information Technology and Operational Technology has enhanced communication and visibility across power grids. This, coupled with the growing use of Distributed Energy Resources in power grids, has enhanced the grid capabilities while also creating a larger attack surface for malicious actors. A common protocol vulnerable to these attacks is the IEC-61850 GOOSE protocol due to its low-latency requirements, multicast packet delivery method, and lack of encryption. In this paper, we evaluate the security implications of different hardware implementations of this protocol by contrasting device response and recovery of two commercial off-the-shelf Intelligent Electronic Devices from separate manufacturers. The cyberattacks utilized in this paper are research-established GOOSE attacks with results measured in device latency and GOOSE endpoint response success. •A flexible OT testbed is demonstrated with the GOOSE protocol vulnerability-tested against production IEDs.•Device implementations show varied responses to sustained cyberattacks.•A device vulnerability was found with replicable tests, which was resolved by the manufacturer.