Cyber Attacks on Protective Relays in Digital Substations and Impact Analysis

Vetrivel Subramaniam Rajkumar; Marko Tealane; Alexandru Stefanov; Peter Palensky

doi:10.1109/MSCPES49613.2020.9133698

Cyber Attacks on Protective Relays in Digital Substations and Impact Analysis

Vetrivel Subramaniam Rajkumar, Marko Tealane, Alexandru Stefanov, Peter Palensky

Intelligent Electrical Power Grids

Research output: Chapter in Book/Conference proceedings/Edited volume › Conference contribution › Scientific › peer-review

22 Citations (Scopus)

513 Downloads (Pure)

Abstract

Power systems automation and communication standards are crucial for the transition of the conventional power system towards a smart grid. The IEC 61850 standard is widely used for substation automation and protection. It enables real-time communication and data exchange between critical substation automation devices. IEC 61850 serves as the foundation for open communication and data exchange for digital substations of the smart grid. However, IEC 61850 has cyber security vulnerabilities that can be exploited with a man-in-the-middle attack. Such coordinated cyber attacks against the protection system in digital substations can disconnect generation and transmission lines, causing cascading failures. In this paper, we demonstrate a cyber attack involving the Generic Object-Oriented Substation Event (GOOSE) protocol of IEC 61850. This is achieved by exploiting the cyber security vulnerabilities in the protocol and injecting spoofed GOOSE data frames into the substation communication network at the bay level. The cyber attack leads to tripping of multiple protective relays in the power grid, eventually resulting in a blackout. The attack model and impact on system dynamics are verified experimentally through hardware-in-the-loop simulations using commercial relays and Real-Time Digital Simulator (RTDS).

Original language	English
Title of host publication	8th Workshop on Modeling and Simulation of Cyber-Physical Energy Systems (MSCPES)
Place of Publication	Sydney, Australia
Publisher	IEEE
Pages	1-6
Number of pages	6
ISBN (Electronic)	978-1-7281-8721-1
ISBN (Print)	978-1-7281-8722-8
DOIs	https://doi.org/10.1109/MSCPES49613.2020.9133698
Publication status	Published - 2020
Event	8th Workshop on Modeling and Simulation of Cyber-Physical Energy Systems - Virtual Workshop Duration: 21 Apr 2020 → 21 Apr 2020 Conference number: 8

Workshop

Workshop	8th Workshop on Modeling and Simulation of Cyber-Physical Energy Systems
Period	21/04/20 → 21/04/20

Bibliographical note

Virtual Workshop

Green Open Access added to TU Delft Institutional Repository ‘You share, we take care!’ – Taverne project https://www.openaccess.nl/en/you-share-we-take-care

Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public.

Keywords

Cyber-Physical Systems
IEC 61850
Cyber Security
Cascading Failures
Cyber attacks

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

Access to Document

10.1109/MSCPES49613.2020.9133698

09133698Final published version, 564 KB

Cite this

@inproceedings{9c42eb78da124818bda45ec390cd562a,

title = "Cyber Attacks on Protective Relays in Digital Substations and Impact Analysis",

abstract = "Power systems automation and communication standards are crucial for the transition of the conventional power system towards a smart grid. The IEC 61850 standard is widely used for substation automation and protection. It enables real-time communication and data exchange between critical substation automation devices. IEC 61850 serves as the foundation for open communication and data exchange for digital substations of the smart grid. However, IEC 61850 has cyber security vulnerabilities that can be exploited with a man-in-the-middle attack. Such coordinated cyber attacks against the protection system in digital substations can disconnect generation and transmission lines, causing cascading failures. In this paper, we demonstrate a cyber attack involving the Generic Object-Oriented Substation Event (GOOSE) protocol of IEC 61850. This is achieved by exploiting the cyber security vulnerabilities in the protocol and injecting spoofed GOOSE data frames into the substation communication network at the bay level. The cyber attack leads to tripping of multiple protective relays in the power grid, eventually resulting in a blackout. The attack model and impact on system dynamics are verified experimentally through hardware-in-the-loop simulations using commercial relays and Real-Time Digital Simulator (RTDS).",

keywords = "Cyber-Physical Systems, IEC 61850, Cyber Security, Cascading Failures, Cyber attacks",

author = "{Subramaniam Rajkumar}, Vetrivel and Marko Tealane and Alexandru Stefanov and Peter Palensky",

note = "Virtual Workshop Green Open Access added to TU Delft Institutional Repository {\textquoteleft}You share, we take care!{\textquoteright} – Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public. ; 8th Workshop on Modeling and Simulation of Cyber-Physical Energy Systems ; Conference date: 21-04-2020 Through 21-04-2020",

year = "2020",

doi = "10.1109/MSCPES49613.2020.9133698",

language = "English",

isbn = "978-1-7281-8722-8",

pages = "1--6",

booktitle = "8th Workshop on Modeling and Simulation of Cyber-Physical Energy Systems (MSCPES)",

publisher = "IEEE",

address = "United States",

}

Subramaniam Rajkumar, V, Tealane, M, Stefanov, A & Palensky, P 2020, Cyber Attacks on Protective Relays in Digital Substations and Impact Analysis. in 8th Workshop on Modeling and Simulation of Cyber-Physical Energy Systems (MSCPES)., 9133698, IEEE, Sydney, Australia , pp. 1-6, 8th Workshop on Modeling and Simulation of Cyber-Physical Energy Systems, 21/04/20. https://doi.org/10.1109/MSCPES49613.2020.9133698

Cyber Attacks on Protective Relays in Digital Substations and Impact Analysis. / Subramaniam Rajkumar, Vetrivel; Tealane, Marko; Stefanov, Alexandru et al.
8th Workshop on Modeling and Simulation of Cyber-Physical Energy Systems (MSCPES). Sydney, Australia : IEEE, 2020. p. 1-6 9133698.

Research output: Chapter in Book/Conference proceedings/Edited volume › Conference contribution › Scientific › peer-review

TY - GEN

T1 - Cyber Attacks on Protective Relays in Digital Substations and Impact Analysis

AU - Subramaniam Rajkumar, Vetrivel

AU - Tealane, Marko

AU - Stefanov, Alexandru

AU - Palensky, Peter

N1 - Conference code: 8

PY - 2020

Y1 - 2020

N2 - Power systems automation and communication standards are crucial for the transition of the conventional power system towards a smart grid. The IEC 61850 standard is widely used for substation automation and protection. It enables real-time communication and data exchange between critical substation automation devices. IEC 61850 serves as the foundation for open communication and data exchange for digital substations of the smart grid. However, IEC 61850 has cyber security vulnerabilities that can be exploited with a man-in-the-middle attack. Such coordinated cyber attacks against the protection system in digital substations can disconnect generation and transmission lines, causing cascading failures. In this paper, we demonstrate a cyber attack involving the Generic Object-Oriented Substation Event (GOOSE) protocol of IEC 61850. This is achieved by exploiting the cyber security vulnerabilities in the protocol and injecting spoofed GOOSE data frames into the substation communication network at the bay level. The cyber attack leads to tripping of multiple protective relays in the power grid, eventually resulting in a blackout. The attack model and impact on system dynamics are verified experimentally through hardware-in-the-loop simulations using commercial relays and Real-Time Digital Simulator (RTDS).

AB - Power systems automation and communication standards are crucial for the transition of the conventional power system towards a smart grid. The IEC 61850 standard is widely used for substation automation and protection. It enables real-time communication and data exchange between critical substation automation devices. IEC 61850 serves as the foundation for open communication and data exchange for digital substations of the smart grid. However, IEC 61850 has cyber security vulnerabilities that can be exploited with a man-in-the-middle attack. Such coordinated cyber attacks against the protection system in digital substations can disconnect generation and transmission lines, causing cascading failures. In this paper, we demonstrate a cyber attack involving the Generic Object-Oriented Substation Event (GOOSE) protocol of IEC 61850. This is achieved by exploiting the cyber security vulnerabilities in the protocol and injecting spoofed GOOSE data frames into the substation communication network at the bay level. The cyber attack leads to tripping of multiple protective relays in the power grid, eventually resulting in a blackout. The attack model and impact on system dynamics are verified experimentally through hardware-in-the-loop simulations using commercial relays and Real-Time Digital Simulator (RTDS).

KW - Cyber-Physical Systems

KW - IEC 61850

KW - Cyber Security

KW - Cascading Failures

KW - Cyber attacks

UR - http://www.scopus.com/inward/record.url?scp=85092180572&partnerID=8YFLogxK

U2 - 10.1109/MSCPES49613.2020.9133698

DO - 10.1109/MSCPES49613.2020.9133698

M3 - Conference contribution

SN - 978-1-7281-8722-8

SP - 1

EP - 6

BT - 8th Workshop on Modeling and Simulation of Cyber-Physical Energy Systems (MSCPES)

PB - IEEE

CY - Sydney, Australia

T2 - 8th Workshop on Modeling and Simulation of Cyber-Physical Energy Systems

Y2 - 21 April 2020 through 21 April 2020

ER -

Cyber Attacks on Protective Relays in Digital Substations and Impact Analysis

Abstract

Workshop

Bibliographical note

Keywords

UN SDGs

Access to Document

Other files and links

Fingerprint

Cite this