Overview of Intrusion Detection in Smart Substation

Li, Zecun; Ma, Rongkuan; Xie, Yu; Li, Lü

doi:10.1109/itaic54216.2022.9836858

Cited by 3 publications

(1 citation statement)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Moussa et al [46] stated that a delay attack on PTP can highly impact smart grids. Recently, Li et al [47] have highlighted that smart substations are the potential targets of new types of coordinated attacks, including substation trip attacks aimed directly at the substation automation systems. Such attacks can have a severe impact on the stability and reliability of smart grids and the power grid system and can also cause safety risks.…”

Section: Related Workmentioning

confidence: 99%

Attacking IEC 61850 Substations by Targeting the PTP Protocol

et al. 2023

View full text Add to dashboard Cite

Digital substations, also referred to as modern power grid substations, utilize the IEC 61850 station and process bus in conjunction with IP-based communication. This includes communication with switch yard equipment within the substation as well as the dispatch center. IEC 61850 is a global standard developed to standardize power grid communications, covering multiple communication needs related to modern power grid substations or digital substations. Unlike the legacy communication standards, IEC 60870-5-104 and DNP3, IEC 61850 is specifically designed for IP-based communication. It comprises several communication models and supports real-time communication by introducing the process bus to replace traditional peer-to-peer communication with standard network communication between substation equipment and the switch yard. The process bus, especially Sampled Measured Values (SMV) communication, in modern power grid substations relies on extremely accurate and synchronized time to prevent equipment damage, maintain power grid system balance, and ensure safety. In IEC 61850, time synchronization is provided by the Precision Time Protocol (PTP). This paper discusses the significance and challenges of time synchronization in IEC 61850 substations, particularly those associated with PTP. It presents the results of a controlled experiment that subjects time synchronization and PTP to cyber-attacks and discusses the potential consequences of such attacks. The paper also provides recommendations for potential mitigation strategies. The contribution of this paper is to provide insights and recommendations for enhancing the security of IEC 61850-based substations against cyber-attacks targeting time synchronization. The paper also explores the potential consequences of cyber-attacks and provides recommendations for potential mitigation strategies.

show abstract

Section: Related Workmentioning

confidence: 99%

Attacking IEC 61850 Substations by Targeting the PTP Protocol

et al. 2023

View full text Add to dashboard Cite

show abstract

Two-stage advanced persistent threat (APT) attack on an IEC 61850 power grid substation

Akbarzadeh,

Erdodi,

Houmb

et al. 2024

Int. J. Inf. Secur.

View full text Add to dashboard Cite

Advanced Persistent Threats (APTs) are stealthy, multi-step attacks tailored to a specific target. Often described as ’low and slow’, APTs remain undetected until the consequences of the cyber-attack become evident, usually in the form of damage to the physical world, as seen with the Stuxnet attack, or manipulation of an industrial process, as was the case in the Ukraine Power Grid attacks. Given the increasing sophistication and targeted nature of cyber-attacks, especially APTs, this paper delves into the substantial threats APTs pose to critical infrastructures, focusing on power grid substations. Through a detailed case study, we present and explore a 2-stage APT attack on an IEC 61850 power grid substation, employing a Hardware-in-the-Loop (HIL) testbed to simulate real-world conditions. More specifically, this paper discusses two significant experiments conducted to assess vulnerabilities in the control protocols used in IEC 61850 substations: IEC 60870-5-104 and IEC 61850. The integration of findings from these experiments revealed a number of previously undiscussed potential threats to power grid infrastructure that could arise from attacking one or more substations. To better address these potential threats, the paper proposes an extension to the Industrial Control System (ICS) kill chain that explicitly accounts for the consequences of attacks on the physical aspects of Cyber-Physical Systems (CPSs).

show abstract

An Automated Wavelet Generation Tool for Cyberattack Detection in Substation Automation Systems

Oinonen,

Morsi

2024

2024 IEEE Canadian Conference on Electrical and Computer Engineering (CCECE)

View full text Add to dashboard Cite

Overview of Intrusion Detection in Smart Substation

Cited by 3 publications

References 23 publications

Attacking IEC 61850 Substations by Targeting the PTP Protocol

Attacking IEC 61850 Substations by Targeting the PTP Protocol

Two-stage advanced persistent threat (APT) attack on an IEC 61850 power grid substation

An Automated Wavelet Generation Tool for Cyberattack Detection in Substation Automation Systems

Contact Info

Product

Resources

About