Zeek from Home: Detecting False Data Injection Attacks on GOOSE Protocol

On Wednesday, September 9, 2020 at 2pm eastern, as part of the “Zeek from Home” series, Dr. Atul Bohara presents part of his recent PhD work from University of Illinois at Urbana-Champaign: a Zeek-based system for real-time detection of false data injection attacks on the generic object-oriented substation events (GOOSE) protocol for Industrial Control Systems.


The GOOSE protocol is used in IEC 61850 substations for the high-speed exchange of protection-related events. Because of its lack of authentication and encryption, GOOSE is vulnerable to man-in-the-middle attacks. This recent research, performed at UIUC under the Department of Energy’s Cyber Resilient Energy Delivery Consortium (CREDC), with guidance from Reservoir Labs, will discuss design and implementation of analytics and layers addressing this vulnerability.



Sign up for the September 9 Zeek From Home webinar