Digitalization of the power system eventually led to the implementation of the IEC 61850 standard for communication networks and systems for power utility automation, creating the digital substation. The combination of the substation equipment and its communication network and the ICT system for non-operational aspects together forms an interdependent Cyber-Physical Power System (CPPS). This system is prone to cyber attacks because mitigation strategies were designed for ICT systems and do not account for OT system requirements. As cyber attacks on CPPSs become more frequent and global tensions rise, research into cyber security vulnerabilities of the IEC 61850 Generic Object-Oriented Substation Event (GOOSE) protocol is becoming more pressing, as is the development of mitigation strategies for cyber attacks on this protocol.

This work proposes a Hardware-in-the-Loop (HiL) test setup to execute various GOOSE cyber attacks and thereby simulate a hacker's actions. This setup consists of a simple power system simulated on a Real-Time Digital Simulator (RTDS), a physical Intelligent Electronic Device (IED), and a communication network connecting all. The simulated power system communicates node voltages and breaker currents to the IED via IEC 61850 Sample Values (SV), and the IED responds by sending GOOSE traffic. An additional workstation is connected to the communication network to launch cyber attacks that cause physical impact on the simulated power system.

Secondly, the HiL setup is used to evaluate which alterations to the GOOSE packet will result in a physical impact on the simulated power system. Several attributes in the GOOSE PDU are modified, and together with changes in AllData (for circuit breaker tripping), the circuit breaker in the simulated power system should be tripped. An attempt is also made to block legitimate traffic during a fault, with an attack. Based on these findings, a cyber-physical dataset was constructed containing GOOSE communication network traffic recorded during normal operation, faults, and the examined cyber attacks that yielded physical impact.

Furthermore, an anomaly-based deep packet inspection (DPI) intrusion detection system (IDS) is proposed for the mitigation of cyber attacks. This DPI-IDS uses features from the GOOSE PDU attributes and a long short-term memory (LSTM) model to distinguish GOOSE packets from normal operation, faults, and cyber attacks. The LSTM's hyperparameters were optimized, and the complete DPI model was trained on primarily GOOSE traffic from normal operation and fault conditions. The performance of the DPI-IDS on the collected dataset was evaluated using several metrics. For all attacks in the dataset, the performance is evaluated separately to identify which attacks the DPI-IDS model performs best for.

The goal of the DPI-IDS is to classify legitimate traffic from malicious traffic. Normal operation traffic and traffic during faults should be classified correctly as legitimate traffic. Correct classification of malicious traffic would cause the traffic to be flagged, indicating to an operator to take action. Overall, the results of legitimate traffic identification (normal operation and faults) show that the DPI-IDS performs well on separating these two classes. However, the classification of malicious traffic is more difficult, due to the limited availability of malicious traffic in the training data. This underlines the importance of developing an effective mitigation strategy for cyber attacks on GOOSE communication traffic. ... Read more

Over the years, care givers in nursing homes have seen their workload gradually increase. With no end of this trend in sight, the need for smart support systems increases. Especially systems which decrease the time spent on menial tasks are valued highly, because this frees more time for high quality and personal care.
To achieve this, Momo Medical is expanding on its nurse support system. This is a network of integrated smart solutions aiming at supporting care givers in nursing homes to provide better, faster and more personal care. The backbone of this nurse support system consists of the BedSenses, sensors which are placed under mattresses of each resident and can measure a variety of things.
This thesis describes the process of designing and creating a localization algorithm for this nurse support system. This algorithm can find residents by tracking the panic buttons they wear, so that in case of an emer- gency or whenever a care giver wants to know where a resident is located, they do not need to undertake a time consuming search in order to find them. These panic buttons send out an alive signal once every minute as well as a signal whenever the button is pressed. These signals are received by any nearby BedSenses. The algorithm looks at the signal strength with which each BedSense receives these signals and uses this to per- form localization. ... Read more