Automated Cybersecurity Tester for IEC61850-Based Digital Substations

Power substations are the crucial nodes of an interconnected grid, serving as the points where power is transferred from the transmission/distribution grids to the loads. However, interconnected cyberphysical systems and communication-based operations at substations lead to many cybersecurity vulnerabilities. Therefore, more sophisticated cybersecurity vulnerability analyses and threat modeling are required during productization phases, and system hardening is mandatory for the commercialization of products. This paper shows the design and methods to test the cybersecurity of multicast messages for digital substations. The proposed vulnerability assessment methods are based on the semantics of IEC61850 Generic Object Oriented Substation Event (GOOSE) and Sampled Value (SV), and cybersecurity features from IEC62351-6. Different case scenarios for cyberattacks are considered to check the vulnerabilities of the device under test (DUT) based on the IEC62351-6 standard. In order to discover security vulnerabilities in a digital substation, the proposed cybersecurity tester will generate malicious packets that compromise the regular functionality. The results show that the proposed cybersecurity testing module is able to detect potential vulnerabilities in multicast messages and the authentication methods (e.g., message authentication code) of multicast communications. Both commercial and simulated devices are used for the case studies.