Exploiting Ripple20 to Compromise Power Grid Cyber Security and Impact System Operations

Vetrivel Subramaniam Rajkumar, Alexandru Stefanov, Shyam Musunuri, Johan de Wit

Research output: Chapter in Book/Conference proceedings/Edited volumeConference contributionScientificpeer-review

68 Downloads (Pure)


Driven by power grid digitalisation, tighter coupling between the cyber and physical layers has introduced cyber security threats. This paper elucidates the emergence and possible consequences of recently identified Information Technology (IT) / Industrial Internet of Things (IIoT) vulnerabilities, i.e., Ripple20, and the threats it poses to power grid cyber security. In this paper, we investigate advanced cyber attack tactics and techniques to exploit Ripple20 and IEC 61850 vulnerabilities through various attack vectors. The presented cyber-physical attack scenarios focus on gaining unauthorised access from pole-mounted reclosers in MV networks to the control centre and substation Operational Technology (OT) systems. Subsequently, the aforementioned vulnerabilities are exploited to maliciously disconnect embedded generation, block substation protection functionality, and cause busbar faults. We then experimentally demonstrate the impact of such advanced cyber attacks on power system operation that initiate cascading failures and cause a blackout. Recommendations and mitigation techniques for advanced cyber threats in the OT domain of distribution system operators are also provided.
Original languageEnglish
Title of host publicationCIRED 2021 Proceedings
Number of pages5
Publication statusPublished - 2021
Event26th International Conference and Exhibition on Electricity Distribution - Geneva, Switzerland
Duration: 20 Sep 202123 Sep 2021


Conference26th International Conference and Exhibition on Electricity Distribution
Abbreviated titleCIRED 2021
Internet address


Dive into the research topics of 'Exploiting Ripple20 to Compromise Power Grid Cyber Security and Impact System Operations'. Together they form a unique fingerprint.

Cite this