Access Control and Availability Vulnerabilities in the ISO/IEC 61850 Substation Automation Protocol

James Wright, Stephen Wolthusen

Research output: Chapter in Book/Report/Conference proceedingConference contribution

237 Downloads (Pure)


The ISO/IEC 61850 protocol for substation automation is a key component for the safe and efficient operation of smart grids, whilst offering a substantial range of functions. While extension standards, particularly ISO/IEC 62351 provide further security controls, the baseline protocol offers the assurances of access control and availability. In this paper a systematic study of selected aspects of the basic ISO/IEC 61850 protocol demonstrates that protocol-level vulnerabilities exist. The main finding is the development of a credential interception attack allowing an adversary, without credentials, to hijack a session during an initial association; the feasibility of this attack is proven using a formal language representation. A second attack based on a workflow amplification attack which relies on the assumptions in the protocol’s substation event model, which is independent of layered security controls and only relies on the protocol’s communication patterns is shown.
Original languageEnglish
Title of host publicationCritical Information Infrastructures Security
Subtitle of host publication11th International Conference, CRITIS 2016, Paris, France, October 10–12, 2016, Revised Selected Papers
EditorsGrigore Havarneanu, Roberto Setola, Hypatia Nassopoulos, Stephen Wolthusen
Number of pages13
ISBN (Electronic)978-3-319-71368-7
ISBN (Print)978-3-319-71367-0
Publication statusPublished - 2017

Publication series

NameLecture Notes in Computer Science
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Cite this