Impact of Cyber-Attacks on Process Bus and Time Synchronisation Communication at Substation

Petra Raussi (Corresponding author), Juha Pärssinen, Sami Noponen, Mikael Opas, Pia Raitio, Jarno Salonen

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientific

2 Downloads (Pure)


Cyber security plays a crucial role in ensuring the resilience of power systems. In this paper, we investigate the impacts of cyber-attacks on IEC 61850 MMS, GOOSE, and time synchronisation. We have built the use cases on a hardware-in-the-loop simulation with intelligent electronic devices and executed cyber-attacks. The attacker is assumed to have compromised the network using some initial access tactics and techniques defined in the MITRE ATT&CK® for Industrial Control Systems.
In the first use case we investigate tampering with MMS, while the second use case focuses on GOOSE communication of differential protection and causes the breakers to open. A modern protection approach is used by sending the measurement signals from merging units to a smart substation control and protection device, which sends the trip command. In the third use case we examine cyber-attack on time synchronisation with a setup similar to the GOOSE use case. Time synchronisation starts deviating due to the cyber-attack blocking the time synchronisation signal.
In the real world, the impacts of cyber-attacks can be severe; if successful entire feeder lines can be disconnected from the system leaving several customers disconnected. The impacts of the cyber-attack on GOOSE can be even broader than on MMS communication as transformers can be located at crucial interconnection points in the network and cause severe outages. In the time synchronisation use case, the cyber-attack can cause disturbances in the IED operation over time. Our use cases highlight the importance of pervasive IT and OT cybersecurity including rigorous security monitoring of power system ICT infrastructure to detect malicious activities as early as possible.
Original languageEnglish
Title of host publicationCIGRE 2022 Kyoto Symposium, Japan
PublisherConseil international des grands réseaux électriques (CIGRE)
Publication statusPublished - 2022
MoE publication typeNot Eligible
EventCIGRE 2022 Kyoto Symposium - Kyoto International Conference Center, Kyoto, Japan
Duration: 5 Apr 20228 Apr 2022


ConferenceCIGRE 2022 Kyoto Symposium
Internet address


  • cyber-attack
  • substation communication
  • time synchronisation
  • process bus


Dive into the research topics of 'Impact of Cyber-Attacks on Process Bus and Time Synchronisation Communication at Substation'. Together they form a unique fingerprint.

Cite this