Power system DNP3 data object security using data sets

Power system cyber security demand is escalating with the increased number of security incidents and the increased stakeholder participation in power system operations, specifically consumers. Rule-based cyber security is proposed for Distributed Network Protocol (DNP3) outstation devices, with a focus on smart distribution system devices. The security utilizes the DNP3 application layer function codes and data objects to determine data access authorization for outstations, augmenting other security solutions that include firewalls, encryption, and authentication. The cyber security proposed in this article protects outstation devices when masters are compromised or attempt unauthorized access that bypass the other security solutions. In this article, non-utility stakeholder data access is limited through DNP3 data sets rather than granting direct access to the data points within an outstation. The data set utilization greatly constrains possible attack methods against a device by reducing the interaction capabilities with an outstation. The data sets also decrease the security complexity through rule reduction, thereby increasing the security applicability for retrofitted or process constrained devices. Temporal security constraints are supported for the data sets, increasing security against denial of service attacks. a 2009 Elsevier Ltd. All rights reserved.