This paper proposes new concepts for detecting and mitigating cyber attacks on substation automation systems by domain-based cyber-physical security solutions. The proposed methods form the basis of a distributed security domain layer that enables protection devices to collaboratively defend against cyber attacks at substations. The methods utilize protection coordination principles to cross check protection setting changes and can run real-time power system analysis to evaluate the impact of the control commands. The transient fault signature (TFS)-based cross-correlation coefficient algorithm has been proposed to detect the false sampled values data injection attack. The proposed functions were verified in a hardware-in-the-loop (HIL) simulation using commercial relays and a real-time digital simulator (RTDS). Various types of cyber intrusions are tested using this test bed to evaluate the consequences and impacts of cyber attacks to power grid as well as to validate the performance of the proposed research-grade cyber attack mitigation functions.
J. Hong, R. F. Nuqui, A. Kondabathini, D. Ishchenko and A. Martin, "Cyber Attack Resilient Distance Protection and Circuit Breaker Control for Digital Substations," in IEEE Transactions on Industrial Informatics, vol. 15, no. 7, pp. 4332-4341, July 2019, doi: 10.1109/TII.2018.2884728.
KEYWORDS: Collaborative cyber defense models, cyber–physical security test bed, digital substation,
domain-based mitigation, smart grid cybersecurity, substation cybersecurity.