Impact of Cyber-Attacks on Process Bus and Time Synchronisation Communication at Substation

Cyber security plays a crucial role in ensuring the resilience of power systems. In this paper, we investigate the impacts of cyber-attacks on IEC 61850 MMS, GOOSE, and time synchronisation. We have built the use cases on a hardware-in-the-loop simulation with intelligent electronic devices and executed cyber-attacks. The attacker is assumed to have compromised the network using some initial access tactics and techniques defined in the MITRE ATT&CK® for Industrial Control Systems.
In the first use case we investigate tampering with MMS, while the second use case focuses on GOOSE communication of differential protection and causes the breakers to open. A modern protection approach is used by sending the measurement signals from merging units to a smart substation control and protection device, which sends the trip command. In the third use case we examine cyber-attack on time synchronisation with a setup similar to the GOOSE use case. Time synchronisation starts deviating due to the cyber-attack blocking the time synchronisation signal.
In the real world, the impacts of cyber-attacks can be severe; if successful entire feeder lines can be disconnected from the system leaving several customers disconnected. The impacts of the cyber-attack on GOOSE can be even broader than on MMS communication as transformers can be located at crucial interconnection points in the network and cause severe outages. In the time synchronisation use case, the cyber-attack can cause disturbances in the IED operation over time. Our use cases highlight the importance of pervasive IT and OT cybersecurity including rigorous security monitoring of power system ICT infrastructure to detect malicious activities as early as possible.