Enhancing Data Privacy in Substations: An Analysis of Data Sharing Anonymization for the Iec61850 Protocols, with a Special Focus on Goose

Abstract

IEC61850-adopted substation datasets contain data about power flows, equipment statuses, and network configurations. This sensitive data can reveal vulnerabilities and operational patterns for knowledge-based attacks. However, it is also vital for cybersecurity researchers to develop robust security solutions. While encryption standards like IEC 62351 improve security, they often hinder the utility of data for research. To bridge the gap between security and utility, we introduce an anonymization technique for IEC61850 standard, demonstrated on GOOSE protocol. Our technique comprises two methods namely, the anonymization of sensitive and quasi-identifying fields within packets, maintaining data utility while protecting privacy; and the injection of dummy packets using one of our two proposed algorithms to obscure network topology effectively. Using method 1, we publish an anonymized sample dataset comprising typical substation communications captured from our testbed to facilitate ongoing research. We evaluated our framework’s effectiveness through a comprehensive communication pattern analysis, encompassing time, flow, statistical, and entropy analyses, and field anonymization testing, offering both adversary and research use cases for comparative analysis. Our study highlights the critical need for maintaining privacy in substation data sharing and paves the way for future research to extend our framework’s applicability across multiple substation protocols.