Modelling and Analysing Security Threats Targeting Protective Relay Operations in Digital Substations

Digitalization of power substations is mandatory to increase the efficiency, stability and reliability of smart grids. In digital substations, protective relays (e.g., overcurrent relays) can communicate using the IEC 61850 GOOSE protocol to provide fast response and discrimination capabilities to clear and isolate grid faults (e.g., short circuit events). However, exploitation of the GOOSE protocol vulnerabilities by cyber-attackers may lead to catastrophic failures in power substation equipment. Recent works consider the security vulnerabilities of the GOOSE protocol. However, a holistic approach to study different attack techniques and strategies that can be used by cyber-attackers to hijack communication channels between relays is currently missing. For example, the timing of injecting attack and the operation mode of the protective relay during the attack could lead to different impact. Moreover, a masquerade attack, mimicking the GOOSE protocol behaviour, is harder to be detected. This paper presents a comprehensive study of attack techniques and strategies and their respective impact, utilizing an integrated simulation model of the protective relays and their physical, communication and cybersecurity operations in a digital substation. Moreover, an assessment method for cyber-attacks is proposed based on the impact and the warnings caused by these attacks. Six simulation scenarios are modelled and analyzed, demonstrating the applicability of the proposed method.