TY - GEN
T1 - Impact of Cyber-Attacks on Process Bus and Time Synchronisation Communication at Substation
AU - Raussi, Petra
AU - Pärssinen, Juha
AU - Noponen, Sami
AU - Opas, Mikael
AU - Raitio, Pia
AU - Salonen, Jarno
N1 - Only abstract reviewed. Papers will be available for downloading from the CIGRE website before the Symposium for all registered participants. The papers can be purchased in electronic format from CIGRE Central Office after the Symposium. The 6 best papers will be published in CIGRE Science & Engineering
PY - 2022
Y1 - 2022
N2 - Cyber security plays a crucial role in ensuring the resilience of power systems. In this paper, we investigate the impacts of cyber-attacks on IEC 61850 MMS, GOOSE, and time synchronisation. We have built the use cases on a hardware-in-the-loop simulation with intelligent electronic devices and executed cyber-attacks. The attacker is assumed to have compromised the network using some initial access tactics and techniques defined in the MITRE ATT&CK® for Industrial Control Systems.In the first use case we investigate tampering with MMS, while the second use case focuses on GOOSE communication of differential protection and causes the breakers to open. A modern protection approach is used by sending the measurement signals from merging units to a smart substation control and protection device, which sends the trip command. In the third use case we examine cyber-attack on time synchronisation with a setup similar to the GOOSE use case. Time synchronisation starts deviating due to the cyber-attack blocking the time synchronisation signal.In the real world, the impacts of cyber-attacks can be severe; if successful entire feeder lines can be disconnected from the system leaving several customers disconnected. The impacts of the cyber-attack on GOOSE can be even broader than on MMS communication as transformers can be located at crucial interconnection points in the network and cause severe outages. In the time synchronisation use case, the cyber-attack can cause disturbances in the IED operation over time. Our use cases highlight the importance of pervasive IT and OT cybersecurity including rigorous security monitoring of power system ICT infrastructure to detect malicious activities as early as possible.
AB - Cyber security plays a crucial role in ensuring the resilience of power systems. In this paper, we investigate the impacts of cyber-attacks on IEC 61850 MMS, GOOSE, and time synchronisation. We have built the use cases on a hardware-in-the-loop simulation with intelligent electronic devices and executed cyber-attacks. The attacker is assumed to have compromised the network using some initial access tactics and techniques defined in the MITRE ATT&CK® for Industrial Control Systems.In the first use case we investigate tampering with MMS, while the second use case focuses on GOOSE communication of differential protection and causes the breakers to open. A modern protection approach is used by sending the measurement signals from merging units to a smart substation control and protection device, which sends the trip command. In the third use case we examine cyber-attack on time synchronisation with a setup similar to the GOOSE use case. Time synchronisation starts deviating due to the cyber-attack blocking the time synchronisation signal.In the real world, the impacts of cyber-attacks can be severe; if successful entire feeder lines can be disconnected from the system leaving several customers disconnected. The impacts of the cyber-attack on GOOSE can be even broader than on MMS communication as transformers can be located at crucial interconnection points in the network and cause severe outages. In the time synchronisation use case, the cyber-attack can cause disturbances in the IED operation over time. Our use cases highlight the importance of pervasive IT and OT cybersecurity including rigorous security monitoring of power system ICT infrastructure to detect malicious activities as early as possible.
KW - cyber-attack
KW - substation communication
KW - time synchronisation
KW - process bus
M3 - Conference article in proceedings
BT - CIGRE 2022 Kyoto Symposium, Japan
PB - Conseil international des grands réseaux électriques (CIGRE)
T2 - CIGRE 2022 Kyoto Symposium
Y2 - 5 April 2022 through 8 April 2022
ER -