Enhancing the Security of Wind power Systems using the IEC 62531 standards

Abstract

The lucrative wind energy market has led to the rapid and large scale development of wind power systems in recent times. The wind power infrastructure today can be regarded as complex architectures that are distributed and span over wide geographical areas. The rapid growth of wind power energy contributed to a haphazard development of protocols which constrained communication between diverse operators and thus resulting in increased complexity to the wind power infrastructure. The distributed location of wind power systems and the sheer size of the wind power infrastructure encompassing several of these wind power plants makes it difficult to control and monitor them by manual means as was the scenario when wind power systems initially evolved. This has resulted in the need for control and monitoring of these components remotely over the internet. The wind power industry is also seeing several developments such as the development of standards to facilitate communication between these components in a manufacturer independent manner. However, exposing wind power systems to the internet has made them vulnerable to attacks from various malicious entities from the external world also. Standardization also makes it much easier to launch attacks as knowledge about structures and communication frameworks used in the industry are no longer secretive as was the case earlier when manufactures had their own customized protocols which had been kept secretive. In order to mitigate attacks from the external entities the Internal Energy Commission (IEC) had introduced the IEC 62531 standards defining security measures for the protecting the communication infrastructure used to control and monitor these wind power plant components remotely over the internet. However, the standard does not offer a complete mitigation of these threats since the standard does not address the issue of access control. In the absence of an access control policy, an entity can claim more privileges than it is entitled to and this can be disasstourous. Regulating the access to the elements of a wind power infrastructure is thus crucial to minimize the impact of attacks and also to ensure a secure and accountable operation of wind power systems.The purpose of this report is to find and describe a suitable software framework that can help implement the concept of generic access control model to regulate access in the wind power system architecture based on IEC 61400-25 and the IEC 62531`standards.This access control model is based on the premise that all entities that communicate/attempt to communicate with the wind power system infrastructure do not have equal access rights nor can all these entities be trusted. In this report, design of a model that can perform both access control and improved authentication mechanism is presented and its functionality of the model is testing by implementing a simple prototype to ascertain its suitability in the wind power domain.