Search

Premium Membership ♕

Save 50% on all Video Courses with Enterprise Membership Plan and study specialized LV/MV/HV technical articles and guides.

Home / Technical Articles / Should we be concerned about the cybersecurity of modern digital substations? Oh, yes!

The curse of a modern digital substation

Swift communication and interoperability are two primary aspects of modern digital substations that make them stand out in the protection and monitoring front. Apparently, the same features sometimes make them vulnerable to external cyber threats if left unprotected. While there is no denying that the modern digital substations have profound superiority over conventional legacy or proprietary counterparts, they are also more complex and a breeding ground for digital threats like data loss, control malfunctions, unauthorized access, etc.

Should we be concerned about the cybersecurity of modern digital substations? Oh, yes!
Should we be concerned about the cybersecurity of modern digital substations? Oh, yes!

In this article, keeping the plethora of advantages of digital substations aside, we shall focus more on the most probable cyber threats that they come across while suggesting proper mitigations.

Ironically, the past six-seven years have seen a steep rise in the number of security breaches in digital substations and power stations, indicating a massive scope for security enhancements in current applications of Ethernet/ IP-based interoperable communication systems in digital substations.

The advanced medium of data transfer, remote control, automation, and data acquisitions are primarily supposed to improve the user experience and safety of the power substation. However, misuses and intrusions have made the digital substations one of the most vulnerable points, potentially exposing them to forced cascaded failures.

Let’s discuss how to avoid them with adequate attention to cyber-security.

Table of Contents:

  1. Probable vulnerabilities and threats in digital substations
    1. Identifying the point of risk
  2. Why should we be worried?
  3. Bracing power substations against cyber-attacks
    1. Protection principle
    2. Layers of digital protection in a power substation
    3. Customized security zones for power facilities

1. Probable vulnerabilities and threats in digital substations

Such is the pace of technology shift in communications and power substations that it is not an easy job to pinpoint the exact point and reason for sporadic yet potentially detrimental by-products. Apparently, the ethernet and TCP/IP-based interfaces have opened the floodgates for cyber threats.

In the case of digital substations, cyber-security is a holistic term that includes safeguarding against diverse threats and lapses, which could be external or internal. They could be some minor internal unintentional data modification or severe external remote ransomware cyber-attack.

There could be intentional or non-intentional unauthorized uses that require System Engineers to access preventive and recovery mechanisms periodically, ideally preventing the threats completely.

Go back to the Contents Table ↑


1.1 Identifying the point of risk

As indicated in the diagram below, the digital substations are developed in multilayer architecture with a complex combination of software and hardware components. Apart from the main-stream power equipment, the major components in a digital substation are Remote servers, SCADA, IEDs, Gateway, and digital merging units.

The mode of communication among these components varies depending on their respective functions. For instance, Generic Object-Oriented Substation Event (GOOSE) is the go-to option for real-time data transfer between the IEDs through the station and process bus. Likewise, the measurement data from instrument transformers are transferred from merging units to IEDs in the form of sampled values.

The very heterogeneous nature of digital substation communication exposes the vulnerable spots all over the substation and not just in the server or control center.

Furthermore, IEC 61850 was not designed with security as its prime objective and skips the encryption to aid instantaneous real-time data communication for protection signals, which could be a point of vulnerability in digital substations. This allows the intruders to adulterate or disable substation component to trigger a cascade effect, which eventually could take down the entire protection, automation, and control mechanism.

In Figure 1, the potential cyber-threat zones are identified from Zone-1 to Zone-6.

Premium Membership Required

This technical article/guide requires a Premium Membership. You can choose an annually based Plus, Pro, or Enterprise membership plan. Subscribe and enjoy studying specialized technical articles, online video courses, electrical engineering guides, and papers. With EEP’s premium membership, you get additional essence that enhances your knowledge and experience in low- medium- and high-voltage engineering fields.

Check out each plan’s benefits and choose the membership plan that works best for you or your organization.

Good to know 💥Get 50% discount on all video courses by purchasing Enterprise plan.

Log In »Purchase »

Premium Membership

Get access to premium HV/MV/LV technical articles, electrical engineering guides, research studies and much more! It helps you to shape up your technical skills in your everyday life as an electrical engineer.
More Information
author-pic

Bishal Lamichhane

Electrical Engineer (B.E Electrical, M. Sc Engineering) with specialization in energy systems planning. Actively involved in design and supervision of LV/MV substations, power supply augmentations and electrification for utilities and bulk consumers like airports and commercial entities. An enthusiast and scholar of power systems analysis.

Leave a Comment

Tell us what you're thinking. We care about your opinion! Please keep in mind that comments are moderated and rel="nofollow" is in use. So, please do not use a spammy keyword or a domain as your name, or it will be deleted. Let's have a professional and meaningful conversation instead. Thanks for dropping by!

seventy  ⁄  7  =  

Learn How to Design Power Systems

Learn to design LV/MV/HV power systems through professional video courses. Lifetime access. Enjoy learning!

Subscribe to Weekly Newsletter

Subscribe to our Weekly Digest newsletter and receive free updates on new technical articles, video courses and guides (PDF).
EEP Academy Courses - A hand crafted cutting-edge electrical engineering knowledge