The curse of a modern digital substation
Swift communication and interoperability are two primary aspects of modern digital substations that make them stand out in the protection and monitoring front. Apparently, the same features sometimes make them vulnerable to external cyber threats if left unprotected. While there is no denying that the modern digital substations have profound superiority over conventional legacy or proprietary counterparts, they are also more complex and a breeding ground for digital threats like data loss, control malfunctions, unauthorized access, etc.
Should we be concerned about the cybersecurity of modern digital substations?In this article, keeping the plethora of advantages of digital substations aside, we shall focus more on the most probable cyber threats that they come across while suggesting proper mitigations.
Ironically, the past six-seven years have seen a steep rise in the number of security breaches in digital substations and power stations, indicating a massive scope for security enhancements in current applications of Ethernet/ IP-based interoperable communication systems in digital substations.
Let’s discuss how to avoid them with adequate attention to cyber-security.
Table of Contents:
- Probable vulnerabilities and threats in digital substations
- Why should we be worried?
- Bracing power substations against cyber-attacks
1. Probable vulnerabilities and threats in digital substations
Such is the pace of technology shift in communications and power substations that it is not an easy job to pinpoint the exact point and reason for sporadic yet potentially detrimental by-products. Apparently, the ethernet and TCP/IP-based interfaces have opened the floodgates for cyber threats.
In the case of digital substations, cyber-security is a holistic term that includes safeguarding against diverse threats and lapses, which could be external or internal. They could be some minor internal unintentional data modification or severe external remote ransomware cyber-attack.
There could be intentional or non-intentional unauthorized uses that require System Engineers to access preventive and recovery mechanisms periodically, ideally preventing the threats completely.
Go back to the Contents Table ↑
1.1 Identifying the point of risk
As indicated in the diagram below, the digital substations are developed in multilayer architecture with a complex combination of software and hardware components. Apart from the main-stream power equipment, the major components in a digital substation are Remote servers, SCADA, IEDs, Gateway, and digital merging units.
The mode of communication among these components varies depending on their respective functions. For instance, Generic Object-Oriented Substation Event (GOOSE) is the go-to option for real-time data transfer between the IEDs through the station and process bus. Likewise, the measurement data from instrument transformers are transferred from merging units to IEDs in the form of sampled values.
Furthermore, IEC 61850 was not designed with security as its prime objective and skips the encryption to aid instantaneous real-time data communication for protection signals, which could be a point of vulnerability in digital substations. This allows the intruders to adulterate or disable substation component to trigger a cascade effect, which eventually could take down the entire protection, automation, and control mechanism.
In Figure 1, the potential cyber-threat zones are identified from Zone-1 to Zone-6.
Related electrical guides & articles
