A structured approach to cyber–physical attacks on digital substations

The electric power grid constitutes a foundational component of critical infrastructure; a sustained disruption in electrical supply could cause severe societal consequences. Among the various threats to grid reliability, cybersecurity has become increasingly prominent due to the ongoing digitalization of grid operations. As substations incorporate more digital and networked systems, forming digital substations, the potential impact of cyberattacks on grid stability grows significantly. This paper investigates the cybersecurity threat landscape from the perspective of a potential adversary. We present a novel structured methodology for identifying and formulating effective cyberattacks on digital substations, with the objective of advancing defensive capabilities through a deeper understanding of offensive techniques. Key elements of the methodology include a holistic cyber–physical approach that leverages multi-domain knowledge and utilizes iterative, simulation-based steps. To evaluate the proposed methodology, we designed and implemented three representative cyberattacks using it against a notional substation architecture (leveraging IEC 61850 sampled value (SV), and generic object oriented substation event (GOOSE); and IEEE 1588 precision time protocol (PTP)). We also proposed and developed a dedicated, real-time co-simulation testbed with hardware-in-the-loop capability, specifically designed to emulate realistic substation environments, including detailed protection functions, and subsequently tested these attacks on it. The results demonstrated specific weaknesses in digital substations; for example, a sophisticated cyberattack against PTP might result in a phase-shifted measurement as seen by the protection algorithm.