Summary
Cyber incidents affecting power grids indicate that technical vulnerabilities alone rarely explain the scale and impact of successful attacks. Instead, a recurring combination of human-related weaknesses, organizational shortcomings, and inadequate architectural design often enables initial compromise and propagation within operational technology environments. This work proposes a structured, standards-aligned methodology for the initial cybersecurity assessment of IEC 61850-based substations, integrating architectural segmentation and risk-based reasoning with empirical evidence from documented cyber incidents. The methodology guides the identification of cybersecurity criteria, tools, and procedures during substation design and early engineering, and then performs an incident-driven coverage check by analysing recurring attack entry vectors and exploited vulnerabilities. The results highlight the dominant role of human-mediated access and correct network segmentation in constraining attack paths. Rather than prescribing a fixed set of controls, the proposed approach provides a repeatable basis to prioritize cybersecurity measures in future substation projects based on contextual risk and observed attack patterns.
Additional informations
| Publication type | Session Materials |
|---|---|
| Reference | D2_11779_2026 |
| Publication year | |
| Publisher | CIGRE |
| Country | Paraguay |
| Study committees | |
| File size | 668 KB |
| Price for non member | 30 € |
| Price for member | 30 € |
Authors
INSFRAN Aldo - ITAIPU BINACIONAL; RECALDE Gustavo - ITAIPU BINACIONAL; MENDES Marcos - ITAIPU BINACIONAL; BENITES Paulo - ITAIPU BINACIONAL; ARTETA Emilio - ITAIPU BINACIONAL
Keywords
IEC 61850, IEC 62351, IEC 62443, Cybersecurity, Secure Substation Design, Risk-Based Design, Power System Vulnerabilities