1 Abstract-- Like any other industry sector, the electrical power industry is facing challenges involved with the increasing demand for interconnected system operations and control under the restructured electrical industry due to deregulation of the electrical market and the trend of the Smart Grid . This moves automation networks from outdated, proprietary, closed networks to the more current arena of Information Technology (IT). However, while gaining all of the cost and performance benefits of IT, existing IT security challenges are acquired as well. The power grid automation network has inherent security risks due to the fact that the systems and applications in the network were not originally designed for the general IT environment. In this paper, we propose a conceptual layered framework for protecting power grid automation systems against cyber attacks. The following factors are taken into account: 1) integration with existing, legacy systems in a non-intrusive fashion; 2) desirable performance in terms of modularity, scalability, extendibility, and manageability; 3) alignment to the “Roadmap to Secure Control Systems in the Energy Sector” [12] and the future intelligent power delivery systems [2,3,11]. The on-site test result of the system prototype is briefly presented as well. Index Terms — power grid, cyber attacks, network security, vulnerability, power grid automation system, QoS (Quality-of- Service) I. INTRODUCTION he recent discovery that hackers have inserted software into the US electrical grid [1], which would allow the grid to be disrupted at a later date from a remote location, clearly demonstrates the fact that the utility infrastructure is quite vulnerable and that its overall mission of serving the population could be severely compromised as a result of unexpected man-made or natural disasters. As other industry sectors are already experienced with arming automation systems with modern IT technology, electrical power industry is also facing the trend of integrating the electrical infrastructure with information infrastructure, This work is part of the project “Protecting Intelligent Distributed Power Grids against Cyber Attacks”, which was conducted for the Department of Energy Office of Electricity Delivery and Energy Reliability under Contract DE-FC26-07NT43313. Dr. Dong Wei and Dr. Yan Lu are with Siemens Corporate Research, Inc, 755 College Road East, Princeton, NJ 08540 (e-mails: dong.w@siemens.com and yanlu@siemens.com ). Dr. Mohsen Jafari is with Rutgers University, New Brunswick, NJ 08854 (e-mail: jafari@rci.rutgers.edu ). Paul Skare is with Siemens Energy, Inc., Minnetonka, MN 55305 (e-mail: paul.skare@siemens.com ). Kenneth Rohde is with the Idaho National Laboratory, Idaho Falls, ID 83415 (e-mail: kenneth.rohde@inl.gov ). which is so-called “Smart Grid” [2,3,11]. This integration not only moves power automation systems from outdated, proprietary technology to the use of common technologies – personal computers, Microsoft Windows and TCP/IP/Ethernet, but also brings the closed network of power control system to the public network. The integration brings in tremendous cost and performance benefit to the power industry, as well as arduous challenges of protecting the automation systems from security threats from hackers. It is misleading to suggest that IT people take the full responsibility for power grid network security including automation and control networks. Compared with regular IT systems, power automation systems have definite different goals, objectives and assumptions concerning what needs to be protected. It is important to understand what “real time performance” and “continuous operation” of a power automation system really means and to recognize that power automation systems and applications were not originally designed for the general IT environment. Therefore, it is necessary to embrace and use existing IT security solutions where they fit, such as communication within a control center, and develop unique solutions to fill the gaps where IT solutions do not work or apply. This paper presents an in-depth analysis on the current power automation system’s configurations, communication specifications and associated vulnerabilities, as well as the potential cyber attack sources, scenarios and the adverse impacts on power grid. A novel framework of security system is proposed, the design principles are disclosure, and the on- site vulnerability test of the prototype system at the INL (Idaho National Lab) is discussed as well. II. BACKGROUND The power grid system physically connects power generation (such as fossil fuelled power plants) and power consumers. The major function of the power grid is to deliver electricity economically subject to the constraints of capacity and reliability of power equipment and power lines. The power grid system includes two parts – transmission and distribution. Power transmission is the bulk transfer of electrical power, which operates at a high voltage (100 kv or above) and delivers electrical power from power plants to substations close to populated centers. Power distribution delivers electricity from the substations to consumers, and operates at medium and low voltage levels (less than 100 kv). A typical grid automation system, as shown in Fig. 1, is a horizontal integration of one or more control centers, with each center supervising the operation of multiple substations. An Integrated Security System of Protecting Smart Grid against Cyber Attacks Dong Wei, Member, IEEE, Yan Lu, Mohsen Jafari, Member, IEEE, Paul Skare, and Kenneth Rohde T 978-1-4244-6266-7/10/$26.00 ©2010 IEEE