Vulnerabilities and countermeasures in electrical substations

https://doi.org/10.1016/j.ijcip.2020.100406Get rights and content

Abstract

The impending and continued threat of cyberattacks on modern utility grids has called for action from the different stakeholders of the electricity sector. This calls for a thorough investigation and review of the weaknesses present in the distribution substations – the backbone of the grid – that can attract attackers to achieve their malicious objectives. The present survey deals with this issue and identifies both the common and specific vulnerabilities present in substations that can be exploited by potential attackers. This work approaches the topic, for the first time, from an attacker's perspective, in order to categorize the possible attack vectors that could be used to first access the substation network, and then disrupt the substation operations under the purview of IEC standards. The reported literature in the field was critically analyzed from an attacker's perspective to highlight the potential threats that can become a liability in cyberattacks on substations. Countermeasures pertaining to these cyberattacks are then detailed and the main elements required for a comprehensive electrical substation cybersecurity solution are finally outlined.

Introduction

The conventional power system began its journey with generation of alternating current (AC) which was widely accepted over direct current (DC) mainly due to its capacity of safely reaching longer distances with more power. The power plants utilize various sources of energy such as hydral, thermal and nuclear to convert mechanical energy into electricity through AC generators. The generated electricity is then transmitted towards the consumers through transmission lines over towers and poles. At substations, transformers step up and step down voltage levels at generation and distribution sides respectively. The distribution substations step down the voltage levels according to the requirements of different types of consumers such as industrial, commercial and residential. In order to keep the entire operation running smoothly, system operators used to communicate on telephones across generation, transmission and distribution sections of power system.

The electrical power system has now transitioned to smart grids, which include advanced technology for remote and real-time monitoring, control and protection of the grid [1]. With the advancement of technology, both the electrical equipment and communication network have evolved nowadays. The system components have shifted from telephones to computers, from copper cables to ethernet/fiber-optic cables and from simple relays to intelligent controllers [2]. The monitoring and control is possible from remote locations in real time due to internet relying on fiber optic cables. Presently, the communication network of electric grids has enlarged in the form of transmission and distribution control centers. They monitor and control the events and actions from the substations. Moreover, there are growing awareness and continuous shift worldwide to adopt and increase reliance on clean energy. Hence, energy producers are incorporating renewable energy sources (RESs) such as solar and wind into the grid both at generation and distribution levels. As a result, the electric grid is becoming more complex (e.g., bidirectional power flows) and distributed in nature [3].

Future utilities will be even more advanced in the integration of power system with communication technology [4,5] as shown in Fig. 1. The communication network of electric grid today is expanding over the consumers enabling them to contribute their excess energy to the grid, from renewable installations. Moreover, the electric vehicles and energy storage devices at generation and distribution levels will be incorporated in future grids, making the grid more flexible and distributed. Both the electric vehicles and energy storage devices will be scheduled to consume energy from the grid in off peak hours and will be allowed to deliver energy to the grid in peak hours. This remote real-time monitoring and control is beneficial for the system operators in control centers, and to accommodate evolving and distributed technology. However, such advanced communication networks also increase the attack surface and could be exploited by hackers with malicious intent. While smart grids greatly improve the efficiency and operations of electrical distribution, they are also prone to cyberattacks and other new challenges [6,7]. To cope with such challenges and issues related to the cyber security of smart grids, new standards have been developed to achieve safe grids with secure communications [8], [9], [10]. We therefore believe that it is important to simultaneously study the current and future standards, the cyberattacks methodology and the existing countermeasures in order to develop a cybersecurity solution compatible with the evolving electrical substations in the smart grids.

The literature already features several surveys and position papers on smart grids cybersecurity [8,[11], [12], [13], [14]] that we have considered. The literature also includes vulnerability analyses, various attacks on network and data with their modeling, detection of these attacks and their mitigation methods [15], [16], [17], [18], [19]. Researchers have even analyzed the standards related to smart grids and cybersecurity and identified the gaps in them [9,10,20]. The standards associated with power system involves both the legacy and recent standards such as IEC-101/104 and IEC-61850 respectively [12,29]. In modern smart grids, especially with the integration of renewables, IEC-61850 has been widely adopted as de facto standard and it is continuously evolving. The standard was originally developed for interoperability and automation inside a substation but has now extended its scope to microgrids with distributed generation. The protocols involved in any standard are initially designed exclusively for communication purposes, without security in mind. Due to this reason, there is a huge amount of work in present literature on cybersecurity of smart grids in general [21], [22], [23], [24]. However, a thorough investigation of vulnerabilities targeting modern electrical substations based on IEC-61850 automation protocols is seldom addressed. This work has insightful contribution in this direction and apart from background and evolution of electrical substations, its novelty can be summarized by the following points:

  • 1)

    Our survey discusses in detail the vulnerabilities, exploitations, cyberattacks and countermeasures with focus on electrical substations evolving with ICT.

  • 2)

    Our analysis further classifies the methodology, scenarios and impact of cyberattacks in the substation domain according to a security taxonomy . This helps in identifying gaps in current research that will be addressed in future work.

In order to design an efficient cyber security solution for electrical substations, the vulnerabilities that can represent a potential cybersecurity threat have first to be identified and categorized. The main contribution of this work is an analysis of electrical distribution substation architecture, in particular from the perspective of cyber security, in order to frame the attack surface, and identify vulnerabilities that could be exploited by an attacker through accessing and remotely disrupting the operations of such substations. To this end, after the introduction in Section 1, we begin the review with background of electrical substations, cyberattacks and countermeasures in Section 2. This is followed by explaining the differences between conventional and modern substations, SASs and the related IEC standards in Section 3. The common security requirements for the electrical sector are described in Section 4, along with the general cyberattack methodology, attack scenarios and impact of cyberattacks on electrical substations. Section 5 focuses on the instantiation of the aforementioned general principles to the particular case of distribution substations, and shows the attack vectors used by attackers to disrupt the operations of substations. Section 6 describes rationale and categorization of countermeasures development with various problem specific countermeasures reported in the literature. Section 7 illustrates a cybersecurity solution based on sections 6 intended for electrical substations and finally, Section 8 concludes the paper.

Section snippets

Electrical substations

Electrical distribution substations are the building blocks of the grid distribution system. Given the vast volume of substations, and their geographical dispersion, remote operations have become a must for efficient operations. Market research studies [25], [26], [27] have indicated that distribution automation (DA) and advanced metering infrastructure (AMI) are currently the two smart grid technologies most adopted by utility companies.

Distribution substations are composed of devices that may

Traditional substations

A substation is a node in a power system that connects transmission and distribution lines by switching equipment and transformers. The monitoring and control equipment, such as current transformers (CTs), voltage transformers (VTs), phasor measurement units (PMUs), circuit breakers (CBs), is usually housed indoors in switchgears [12]. The interconnection of these devices used to go through parallel copper wires in the 1980s, but evolved through communication protocols such as Modbus, the

Cyber security concerns in the energy sector

In this section, we discuss the main cyber security issues and security requirements in the energy sector. We then explain the general methodology used by cyber attackers to launch sophisticated and targeted attacks.

Cyberattacks on electrical substations

In the case of electrical substations, the attackers mainly target the control of the relays in the substation in order to disrupt their normal operation and affect the consumers. This requires knowledge of the telecommunication single-line diagram (SLD) in order to tamper with the network protocols in a targeted way. The attacker can also hack the HMI through malware, or even attempt to take over the control center to magnify the attack level. Depending on the defense mechanism of the

Countermeasures development for electrical substations

In order to come up with effective counter measures to the aforementioned attacks, it is vital to identify the critical attack paths on the substation with their effects, in a risk assessment fashion. This process is well explained by the terminology of the RAIM framework [68,69] which identifies the following four areas to design a cyber security solution for substation and / or the power grid:

  • 1.

    Real-time monitoring

  • 2.

    Anomaly detection

  • 3.

    Impact analyses

  • 4.

    Mitigation

A semantic analysis framework [43,81]

Cybersecurity solution for electrical substations

The lifecycle of cybersecurity consists of prediction, protection, detection and reaction cycles [91]. Prediction and detection is done by collecting intelligence / risk assessment and intruder detection of the considered system. The remaining two active cycles i.e. protection and reaction are achieved by software and hardware based on mitigation and recovery techniques to neutralize such threats. In power system and electrical substations, SCADA and SAS are the most favorite targets of the

Conclusion

In this work, we investigated smart grid security with a focus on electrical substations from the perspective of a cyberattacker. We gave examples of cyberattacks in the energy sector and clarified the differences between traditional and modern substations. We discussed, in particular, the standards that are (or will soon be) implemented and how they encompass security. We then summarized the general steps of a cyberattack, and classified them in terms of a main attack vector. Moreover, the

Declaration of Competing Interest

None.

Acknowledgement

This publication was supported by Qatar University Internal Grant no. QUCG-CENG-2018/2019-2. The findings achieved herein are solely the responsibility of the authors.

This publication is supported by Iberdrola S.A. as part of its innovation department research studies.

Its contents are solely the responsibility of the authors and do not necessarily represent the official views of Iberdrola Group.

References (95)

  • M.Z. Gunduz et al.

    Cyber-security on smart grid: Threats and potential solutions

    Comput. Netw.

    (2020)
  • S. Nazir et al.

    Assessing and augmenting SCADA cyber security: a survey of techniques

    Comput. Secur.

    (2017)
  • Y. Kabalci

    A survey on smart metering and smart grid communication

    Renew. Sustain. Energy Rev.

    (2016)
  • R.H. Khan et al.

    A comprehensive review of the application characteristics and traffic requirements of a smart grid communications network

    Comput. Netw.

    (2013)
  • S. Marzal et al.

    Current challenges and future trends in the field of communication architectures for microgrids

    Renew. Sustain. Energy Rev.

    (2018)
  • L. Shi et al.

    Cyber–physical interactions in power systems: a review of models, methods, and applications

    Electr. Power Syst. Res.

    (2018)
  • R. Kowalik et al.

    Laboratory testing of process bus equipment and protection functions in accordance with IEC 61850 standard. Part I: Electrical arrangement and basic protection functions tests

    Int. J. Electr. Power Energy Syst.

    (2017)
  • R. Kowalik et al.

    Laboratory testing of process bus equipment and protection functions in accordance with IEC 61850 standard: Part II: Tests of protection functions in a LAN-based environment

    Int. J. Electr. Power Energy Syst.

    (2018)
  • H. Hajian-Hoseinabadi

    Reliability and component importance analysis of substation automation systems

    Int. J. Electr. Power Energy Syst.

    (2013)
  • S. Poudel et al.

    Real-time cyber physical system testbed for power system security and control

    Int. J. Electr. Power Energy Syst.

    (2017)
  • C.-C. Sun et al.

    Cyber security of a power grid: state-of-the-art

    Int. J. Electr. Power Energy Syst.

    (2018)
  • Y. Xiang et al.

    Adequacy evaluation of electric power grids considering substation cyber vulnerabilities

    Int. J. Electr. Power Energy Syst.

    (2018)
  • M.J. Gonzalez-Redondo et al.

    Influence of data-related factors on the use of IEC 61850 for power utility automation

    Electr. Power Syst. Res.

    (2016)
  • E. Molina et al.

    Using software defined networking to manage and control IEC 61850-based systems

    Comput. Electr. Eng.

    (2015)
  • Y. Xiang et al.
    (2017)
  • X. Liu et al.

    False data attack models, impact analyses and defense strategies in the electricity grid

    Electr. J.

    (2017)
  • W. Wang et al.

    Cyber security in the smart grid: Survey and challenges

    Comput. Netw.

    (2013)
  • W. Wang et al.

    A survey on the communication architectures in smart grid

    Comput. Netw.

    (2011)
  • M.A. Aftab et al.

    IEC 61850 based substation automation system: a survey

    Int. J. Electr. Power Energy Syst.

    (2020)
  • S.R. Firouzi et al.

    Interpreting and implementing IEC 61850-90-5 Routed-Sampled Value and Routed-GOOSE protocols for IEEE C37. 118.2 compliant wide-area synchrophasor data transfer

    Electr. Power Syst. Res.

    (2017)
  • J. Zhao et al.

    A network scheme for process bus in smart substations without using external synchronization

    Int. J. Electr. Power Energy Syst.

    (2015)
  • L.E. da Silva et al.

    A new methodology for real-time detection of attacks in IEC 61850-based systems

    Electr. Power Syst. Res.

    (2017)
  • I.-H. Lim et al.

    A new local backup scheme considering simultaneous faults of protection IEDs in an IEC 61850-based substation

    Int. J. Electr. Power Energy Syst.

    (2016)
  • S. Lim

    A service interruption free testing methodology for IEDs in IEC 61850-based substation automation systems

    Int. J. Electr. Power Energy Syst.

    (2017)
  • Y. Xiang et al.

    A game-theoretic study of load redistribution attack and defense in power systems

    Electr. Power Syst. Res.

    (2017)
  • J. Wang et al.

    A survey on cyber attacks against nonlinear state estimation in power systems of ubiquitous cities

    Pervasive Mob. Comput.

    (2017)
  • J.E. Sullivan et al.

    How cyber-attacks in Ukraine show the vulnerability of the US power grid

    Electr. J.

    (2017)
  • N. Voropai et al.

    Intelligent control and protection in the Russian electric power system

    Application of Smart Grid Technologies

    (2018)
  • N. Ali et al.

    Performance of communication networks for Integrity protection systems based on travelling wave with IEC 61850

    Int. J. Electr. Power Energy Syst.

    (2018)
  • J. Kim et al.

    FPGA-based network intrusion detection for IEC 61850-based industrial network

    ICT Express

    (2018)
  • M.X. Cheng et al.

    A game theory approach to vulnerability analysis: Integrating power flows with topological analysis

    Int. J. Electr. Power Energy Syst.

    (2016)
  • P. Eder-Neuhauser et al.

    Cyber attack models for smart grid environments

    Sustain. Energy Grids Netw.

    (2017)
  • J. Jarmakiewicz et al.

    Cybersecurity protection for power grid control infrastructures

    Int. J. Crit. Infrastruct. Prot.

    (2017)
  • G.N. Sorebo et al.

    Smart Grid Security: an End-to-End View of Security in the New Electrical Grid

    (2016)
  • J.R. Agüero et al.

    Grid modernization: challenges and opportunities

    Electr. J.

    (2017)
  • H. Wang et al.

    Research on the remote maintenance system architecture for the rapid development of smart substation in China

    IEEE Trans. Power Deliv.

    (2018)
  • S.K. Venkatachary et al.

    Cybersecurity and cyber terrorism-in energy sector–a review

    J. Cyber Secur. Technol.

    (2018)

    • Cited by (0)

    View full text
    © 2021 Elsevier B.V. All rights reserved.