IEC 61850.

An international standard for communications inside electrical substations, covering object-oriented data models (LNs), high-speed messaging (GOOSE), sampled-values measurements (SV), and MMS-based client/server traffic. It belongs to the OT / ICS / IoT category of cybersecurity.

An international standard for communications inside electrical substations, covering object-oriented data models (LNs), high-speed messaging (GOOSE), sampled-values measurements (SV), and MMS-based client/server traffic.

IEC 61850 is the international standard family for communications in electrical substation automation, first published in 2003 and now the dominant protocol stack in modern substations. It specifies an object-oriented data model — Intelligent Electronic Devices (IEDs) expose Logical Nodes (LNs) such as PIOC (overcurrent protection), XCBR (circuit breaker), MMXU (measurements) — independent of the underlying transport. On the wire it defines three communication services: MMS-based client/server traffic (e.g. SCADA reads), GOOSE multicast peer-to-peer messages used for time-critical protection signaling (trip commands within milliseconds), and Sampled Values (SV) for digital instrument transformer measurements. IEC 61850 typically runs on dedicated process and station Ethernet networks inside a substation, with the corresponding IEC 62351 standard adding authentication, integrity, and (more rarely) encryption. Security concerns include unauthenticated GOOSE/SV by default, denial of service against the protection bus, malicious IED firmware, and inadequate segmentation between the substation LAN and corporate IT. Compromise of IEC 61850 traffic is the engineering primitive behind the 2016 Industroyer attack and remains a primary OT threat model for utilities.

Defences for IEC 61850 typically combine technical controls and operational practices, as detailed in the full definition above.

Common alternative names include: IEC 61850 substation, GOOSE / MMS / SV.