2017 the 5th IEEE International Conference on Smart Energy Grid Engineering
A Review of Security in Electrical Power Information System
Tianyang Mao, Liang Zhao
Faculty of Electronic Information and Electrical Engineering
Dalian University of Technology
Dalian, China
e-mail: mty1209@mail.dlut.edu.cn, zliang@dlut.edu.cn
Abstract—In order to provide a reference for the establishment
of power information system, this paper reviewed electrical
power information system including security model,
communication mechanism and risk assessment. Security
model including OSI and P2DR, communication mechanism
including IEC 62351 and IEC 61850, risk assessment including
Fault Tree and Attack Tree were introduced. In each section,
literature of related work are presented to strengthen the
background of the research, and the drawbacks of each model
are also mentioned. In addition, this paper proposed
requirements of the power information system design, that
information security is a moment of change in the process. the
design needs to grasp this feature.
Keywords-electrical power information system; OSI; P2DR;
IEC 62351; IEC 61850; fault tree; attack tree
I. INTRODUCTION
Over the past decade, the rapid development of
information technology and communication technology has
penetrated into all walks of life, and the information security
has been paid unprecedented attention. The information
system will also be widely used in the power system. Not
only will the external electromagnetic interference affect the
reliability, authenticity, consistency and integrity of the
power information system, but the power information system
is also vulnerable to malicious code threat when in the
maintenance and Debugging process, affecting the normal
operation of the power information system. The safe
operation of power system is more dependent on the security
of information system. How to promote the development of
information security in power industry has become the focus
of attention of academia and electric power enterprises.
Li et al (2003) [1] proposed a model and method based
on SSE-CMM power system information security
assessment, which makes the research of power system
information security assessment a step further and has been
applied in a power system enterprise in a province. Han et al
(2004) [2] proposed that with the development of
information technology, power systems, information systems
and communication systems have been integrated into a
hybrid system. Therefore, the security of power information
system is different from that of pure communication system.
To ensure the safety of power system business, it is
necessary to put the widely distributed and interrelated
business system and its interaction with communication
system into consideration.
978-1-5386-1776-2/17/$31.00 ©2017 IEEE
II. INFORMATION SYSTEM SECURITY MODEL OF POWER
SYSTEM
A. OSI Standard Model
OSI (Open System Interconnect) was developed and
published by the International Organization for
Standardization in 1985. The architecture standard defines
the seven-layer framework of network interconnection, from
bottom to top, namely physical layer, data link layer,
network layer, transport layer, session layer, presentation
layer and application layer [3]. On this basis, the general
elements related to the security architecture are established,
including five types of security services and eight types of
security mechanisms.
Shiroshita (1990) [4] presented a data processing
performance model in the Presentation layer and developed
an evaluation method for Application protocols data
structures in OSI. It shows that the method is applicable.
Lowe (1994) [5] described a method for running OSI
applications over the Internet and running Internet
applications over an OSI network, which is very efficient,
with low overhead and small code size. Ge et al (1995) [6]
discussed the functional implementation of the
connectionless network layer protocol of the OSI gateway in
the state of network interconnection, and proposed an
address mapping protocol from the network address to the
physical address and the reverse address mapping protocol
from the physical address to the network address. Based on
the OSI management object identification, Chen et al (1996)
[7] proposed a method of establishing the information model
based on LAN which reveals the flexibility and uniformity of
establishing the OSI network management information
model. Shi et al (2013) [8] presented a new model for
distributed intelligent management networks, which is
combined with Open Systems Interconnection(OSI)
management model.
OSI standard model has drawbacks. The session layer is
rarely used in most applications, and the presentation layer is
almost empty. There are many sublayers inserted between
the data link layer and the network layer, and each sublayer
has different functions. At the same time, addressing, flow
control and error control in each layer are repeated, will
inevitably reduce system efficiency. In terms of data security,
encryption and network management issues are also
overlooked in the early stages of reference model design.

B. P2DR Model
The P2DR model includes four main parts: security
policy, protection, detection and response. Under the
guidance of the security policy, the protection, detection and
response form a complete and dynamic security cycle to
ensure the safety of information systems.
Basing on the P2DR security model, Zhang et al (2005)
[9] designed and implemented an intrusion detection system,
using the combination of knowledge-based IDS and
anomaly-based IDS, with the distributed architecture, to
overcome the disadvantages of general system such as high
leakage rate and poor scalability. The practical application
shows that the system has a good effect. Huang et al (2007)
[10] detailed the security strategy of the P2DR model, and
then use the existing network security technology to achieve
different levels of security on the Internet dynamic security
solutions. Based on the P2DR security model, Huang (2008)
[11] puts forward the principle of information security
construction for all kinds of systems. Based on the threat
analysis and network partition protection, the paper puts
forward the detailed construction plan of the information
security system of the banking system by using the idea of
P2DR closed-loop security model. Xu et al (2013) [12]
proposed a kind of new active dynamic security model AD-
RPPDRRM based on P2DR and designed a defense in-depth
system of a typical network, which can adapt to suit new
attacks and security techniques. Based on the theory and
architecture of the security model P2DR, Han and Wu (2013)
[13] analyze the current security risks and hidden dangers of
hospital information system (HIS), and discusses how to use
the P2DR model for the construction of HIS to ensure the
reliable, safe and efficient operation of HIS.
P2DR model puts intrusion detection time, strain time
and other time factors into consideration, forming a complete
security architecture. The model emphasizes the dynamic
nature of the system, with particular emphasis on
management factors. However, the P2DR model has a
significant drawback, that is, ignore the internal changes in
factors, such as the quality of personnel and the
implementation of the instability of the strategy. In fact, the
security issues involved in a wide range. Except for the
design of protection, detection and response, the security
model does not take system security immunity, system and
the entire network optimization and personnel quality
improvement into account.
III. INFORMATION COMMUNICATION MECHANISM OF
POWER SYSTEM
A. IEC 62351 Standard
The IEC 62351 series of international standards
developed by the WG15 are composed of seven parts, which
are intended to provide a safety solution for SCADA-related
power system communications. In this standard, the third,
fourth, fifth and sixth part of the standards are related to the
power system security communication mechanism.
IEC62351-3 ensures the security of TCP / IP-based
communication protocols in power systems. The security

standards do not propose new security mechanisms, but
rather use the Transport Layer Security Protocol, which is
widely used on the Internet, to provide information security
exchanges, including authentication, encryption and integrity.
IEC62351-4 provides security for communication protocols
based on Manufacturing Message Specification in power
systems such as TASE.2 (ICCP) and IEC61850.
Hu et al (2002) [14] introduced several common types of
network attacks and demonstrated the information theft
process, introduced the SSL protocol in the negotiation layer
and record layer. based on IEC 62351 standard, they
proposed a scheme of using software configuration, proxy
mechanism and SSL development kit to achieve the goal of
strengthening the power system network security. Chen et al
(2013) [15] proposed a protocol used between IED safety
authentication-Secure Remote Password SRP protocol,
which provide with reference value to the implementation of
IEC 62351 in smart substation. Wang et al (2014) [16]
designed a MMS-based security message format, which is
determined by IEC 62351 standard. Analysis shows that
security and interoperability of telecontrol communication
can be improved to a large extent using different modes of
AES-CCM algorithm for security message transmission
under distinct security requirements. Hu et al (2016) [17]
first introduced the IEC 62351 standard, and then introduced
the contents of the substation security system, including TCP
/ IP protocol set security, MMS protocol set security,
GOOSE and SMV, and finally designed based on IEC 62351
substation communication system. The test shows that the
system improves network security. Based on the study of
IEC62351 standard, Cong et al (2016) [18] presents a
mechanism for adaptive IEC62351 standard for intelligent
substation automation system data communication. The
interoperability and interchangeability of existing equipment
and IEC62351 standard equipment are realized through the
construction of SCD file certificate management center, self-
identification of equipment communication codec in station.
B. IEC 61850 Standard
IEC61850 is the power system communication system
and network standard. Aiming to the power system
automation function, the standard defines a detailed
communication model, and as needed, gradually extended to
other applications of power systems. IEC 61850 and other
communication standards that follow its ideas represent the
communication infrastructure of various types of power
monitoring systems in the future production and control
areas of the power industry.
Li et al (2012) [19] modeled the new arc protection
device on the bus and analyze the relationship of ACSI
mapping to MMS based on the international standards of
IEC 61850. Lee et al (2013) [20] proposed the efficient
model-driven testing technology and a test design system
built based on the proposed model. Wang et al (2014) [21]
proposed a hierarchical information architecture for battery
energy storage system and general design methods for device
information model to realize the battery energy storage
system based on IEC 61850. Ali et al (2016) [22] used IP
tunnels and/or mapping over IP layer for transferring IEC
61850 messages to demonstrates the modelling of
information and services needed for control, management
and protection of distribution systems with integrated DERs.
Netto et al (2016) [23] presented the development of a
forecast approach to manage IED networks using the IEC
61850 Standard. The tests revealed that IED functions may
be deteriorated when the network parameter surpasses 5–
15% of the available bandwidth, depending on the IED
manufacturer and model.
IV. SAFETY ASSESSMENT METHOD OF POWER SYSTEM
A. Fault Tree
Fault tree analysis is one of the methods that cannot be
ignored in safety system engineering. The fault tree analysis
begins with a possible accident, from top to bottom, step by
step to find the direct and indirect cause of the top event,
until the basic cause of the event, and uses the logic diagram
to express the logical relationship between these events.
SANTIAGO et al (2005) [24] proposed a method
enabling to state formal properties of a logic controller from
a fault-tree analysis taking into account both the controlled
process and the controller. Chen et al (2008) [25] proposed a
testing approach of component security based on dynamic
fault tree. The experimental results show that the approach is
effective and can trigger lots of component exceptions by
using fewer test-cases. Li et al (2012) [26] established a fault
tree of an aero-engine rotor using the descending method to
determine the minimal cut sets and analyzed the resulting
fault tree. Wang et al (2013) [27] introduced the risk theory
into dispatching operation quantitative assessment, and a
real-time dispatching operation risk analysis method is
proposed. Fault tree is used to simulate dispatching operation
process and comprehensively analyze the system risk in both
under-successful and failure state of the operation. Ge et al
(2015) [28] put forward using an adapted K.D. Heidtmann
algorithm to analyze the reliability of a complex dynamic
fault tree. The experiment shows the proposed method is
reasonable and efficient.
Fault tree analysis also has some drawbacks. Mainly to
construct the fault tree is too heavy, the difficulty is also
large, the requirements of the analyst is also high, thus
limiting its promotion and popularization. At the same time,
the reliability of the conclusions is different because each
analyst has a different range of research.
B. Attack Tree
The attack tree uses a tree diagram to represent the attack
on the system, where the root node represents the node that
has been attacked and the leaf node indicates the way to
reach the purpose of the attack. The attack tree provides a
formal and straightforward way to describe the security
threats that the system faces and the multiple attacks that the
system may be exposed to.
Basing on the defense tree model of the attack tree,
combining with the evidence network reasoning algorithm,
Liu (2013) [29] evaluated the safety of the power SCADA
transmission network. The feasibility of the proposed safety
assessment method is verified by the example analysis,

which is of practical value to the power SCADA
transmission network. Bobbio et al (2013) [30] proposed an
analysis technique based on the representation of a WADT
by means of an extension of Binary Decision Diagrams and a
running example illustrates the methodology. Shen et al
(2014) [31] present a method of network attack training
simulation based on attack tree. The result shows that the
method make trainee operate efficient and get target quickly.
Garg et al (2014) [32] discusses the usage of game theory
and fuzzy logic in analysis of the attack and defense
equilibrium. Li et al (2015) [33] proposed an extended attack
tree model to identify RFID system’s flaws and
vulnerabilities. Analysis shows that the scheme can calculate
the overall risk evaluation result value.
When the attack tree is applied in a concrete instance, its
structure may become large and complex. A complete attack
tree is likely to include hundreds of leaf nodes, which greatly
limits its application
V. POWER INFORMATION SYSTEM DESIGN
REQUIREMENTS
The normal operation of the power information system is
related to the vital interests of the people, and now put
forward the requirements of power information system
security model design:
(1) comprehensive: power information system includes
personnel, equipment, data and other elements, which plays a
very important role in protecting the system in the process of
security, only from the overall point of view and analysis
may we get effective, comprehensive and viable security
measures. And the safety of power information systems can
not rely solely on safety technology and products, but also
must take full account of the physical environment, security
organizations, security management, related laws and
regulations and other aspects.
(2) systematic: The design of the security model of the
power information system is not simply the use of security
technology, or a combination of various security elements,
but the use of security engineering process of thinking, the
entire security process planning and implementation.
(3) dynamic: One important feature of the security of
power information systems is dynamic, so security is not
done overnight or immutable.
(4) Universal: the current security for power information
systems using a variety of security technology, security
measures, security products are basically from a narrow
perspective to analyze and solve the problem, which is lack
of far-sighted ideas for the safety of power information
systems. We need to consider the problem from a macro
point of view, so that the application of the model would be
more universal.
(5) Practical: Although the protecting object of power
information system security is the information system, but
most of the process requires the participation of people. if the
operation process is too complex, then the model doesn’t
have universal significance.
VI. CONCLUSION
This paper introduces the safety model, communication
mechanism and safety assessment method commonly used in
power information system, and puts forward the design
requirements of power information system security model on
the existing basis. Information security is not a static process,
which requires the design of the security model to be a
dynamic, circular, continuous improvement process. The
power information system based on this can be quickly
adapted to the risk change, personnel adjustment, technical
update and other conditions, so that being eliminated by the
times.
ACKNOWLEDGMENT
The present research is supported by National Power
Grid Corp's Technology Project˖2017YF-36.
REFERENCES
[1] Z.-M. Li, L. Cong, Y. Zheng, M.-H. Pan, and R.-Q. Pian,
“Information security assessment of power systems based on SSE-
CMM,” Automation of Electric Power System. vol. 27, pp. 37-40,
December 2003.
[2] Z.-X. Han, and Y.-J. Cao, “Power system security and its
prevention,” Power System Technology. Vol. 28, pp. 1-6, May 2004.
[3] Y. Xiao, “OSI security architecture,” Science Mosaic. No. 9, pp.253-
254, September 2009.
[4] T. Shiroshita, “A data processing performance model for the OSI
application layer protocols,” ACM SIGCOMM Computer
Communication Review, vol.20, pp. 60-68, 1990.
[5] H. Lowe, “Internet/OSI application migration/portability,” Standard
View, vol. 2, pp. 46-49, 1994.
[6] F. Ge, and Y.-B. Zhao, B. Du, Y.-X. Zhang, “Design and
implementation of connectionless mode network layer protocol in
OSI interconnection environment,” Computer Engineering and
Design, vol. 16, pp. 41-46, 1995.
[7] B. Chen, and Y.-L. Zhong, “Network management information model
based on OSI,”JOURNAL OF SHANGHAI JIAOTONG
UNIVERSITY. vol. 30, pp. 124-127, 1996.
[8] Y.-Q. Shi, and Y.-L. Zhu,” A framework for development the Open
Systems Interconnection of integrated intelligent knowledge for
management of networks,” Applied Mechanics and Materials. vols.
411-414, pp. 795-798, 2013.
[9] Y.-P. Zhang, F. Hu, Y.-C. Ma, W. Lu, and M. Li, “Design and
implementation of distributed intrusion detection system based on
P2DR model, ” Computer Engineering and Applications. No. 35, pp.
141-144, 2005.
[10] Z.-B. Huang, “Study on security solution based on P2DR model,”
Science & Technology Information. No.29, pp. 79-80, 2007.
[11] Y. Huang, “Research and design of the banking information security
system which is based upon P2DR model,” Information Security and
Communications Privacy. vols. 6, pp.115-118, 2008
[12] S.-P. Xu, Y.-H. Zhang, Y. Zhou, Y.-Q. Bai, and H.-P. Fu, “Design
and application of a network security model,” Applied Mechanics
and Materials. vols. 347-350, pp. 2773-2776, 2013.
[13] R. Han and J. Wu, “Application of P2DR model in security of HIS,”
China Medical Devices. vol. 7, pp.81-83, 2013.
[14] Y. Hu, and M.-C. Dong, “Strengthening the security of network
application with SSL protocol,” Automation of Electric Power
Systems. vol. 26, pp. 70-77, August 2002.
[15] L. Chen, Y.-F. Wang, and T. Zhang, “Security authentication for
smart substation communication based on IEC 62351,” Applied
Mechanics and Materials. vols. 260-261, pp. 91-96, 2013.

[16] B.-Y. Wang, X.-Y. Jin, and S.-M. Zhang, “Secure message
transmission method of MMS telecontrol communication based on
AES-CCM,” Applied Mechanics and Materials. vols. 513-517, pp.
2277-2280, 2014.
[17] W.-M. Hu, H.-G. Zhang, and Y. Hu. “Study on intelligent substation
communication system based on IEC 62351,” Electric Age. No. 10,
pp. 81-83, 2016.
[18] C.-T. Cong, F.-E. Sun, and G.-H. Liu, “Study on adaptive IEC 62351
for smart substation communication,” Information Technology and
Informatization. vol. 12, pp.115-119, 2016.
[19] D.-J. Li, and Y. Zhang, “Information model of ARC protection
system based on IEC 61850,” Advanced Materials Research. vols.
383-390, pp. 2540-2544, 2012
[20] N.-H. Lee, and B.T. Jang, “Development of the model-driven test
design system for IEC 61850 based substation automation system,”
Journal of International Council on Electrical Engineering. vol. 3, pp.
20-24, 2013.
[21] N. Wang, W. Liang, Y.-N. Cheng, and Y.-F. Mu, “Battery energy
storage system information modeling based on IEC 61850,” Journal
of Power and Energy Engineering. vol. 2, pp.233-238, 2014.
[22] I. Ali, and S.M.S. Hussain, “Control and management of distribution
system with integrated DERs via IEC 61850 based communication,”
Engineering Science and Technology. 2016.
[23] U.C. Netto, D.C. Grillo, I.D. Lonel, E.L. Pellini, and D.V. Coury,
“An ANN based forecast for IED network management using the
IEC61850 standard,” Electric Power Systems Research. vol. 130, pp.
148–155, January 2016.
[24] I.B. SANTIAGO, and J.-M. FAURE, “From fault tree analysis to
model checking of logic controllers,” IFAC Proceedings Volumes.
vol. 38, pp.86-91, 2005.
[25] J. Chen, Y. Lu, and X. Xie, “Testing approach of component security
based on dynamic fault tree,” Information Technology Journal. Vol. 7,
pp. 769, 2008.
[26] Y.-F. Li, H.-Z. Huang, S.-P. Zhu, Y. Liu, and N.-C. Xiao, “An
application of fuzzy fault tree analysis to uncontained events of an
areo-engine rotor,” Int. J. Turbo Jet-Engines. Vol. 29, pp. 309-315,
December 2012.
[27] E. Wang, W. Wei, B.-D. Wang, and Z. Liu, “Real-time dispatching
operation risk assessment based on fault tree theory,” Advanced
Materials Research. vols. 732-733, pp. 909-914, 2013.
[28] D.-C. Ge, M. Lin, Y.-H. Yang, R.-X. Zhang, and Q. Chou,
“Reliability analysis of complex dynamic fault trees based on an
adapted K.D. Heidtmann algorithm,” Journal of Risk and Reliability.
vol. 229, pp. 384, 2015.
[29] L. Liu, “SCADA service oriented security evaluation for electric
power communication networks,” North China Electric Power
University, 2013.
[30] A. Bobbio, L. Egidi, and R. Terruggia, “A methodology for
qualitative/quantitative analysis of weighted attack trees,” IFAC
Proceedings Volumes. vol. 46, pp. 133-138, 2013.
[31] J.-J. Shen, J. Yang, and G. Chen, “Research on network attack
training simulation system based on attack tree,” Applied Mechanics
and Materials. vols. 651-653, pp. 1917-1920, 2014.
[32] S. Garg, and G.S. Aujla, “An attack tree based comprehensive
framework for the risk and security assessment of VANET using the
concepts of game theory and fuzzy logic,” Journal of Emerging
Technologies in Web Intelligence. vol. 6, pp. 247-252, May 2014.
[33] P. Li, C. Xu, L. Chen, R.C. Wang, and N. Park, “RFID privacy risk
evaluation based on synthetic method of extended attack tree and
information feature entropy,” International Journal of Distributed
Sensor Networks. vol. 11, 2005.