Summary

Cyber incidents affecting power grids indicate that technical vulnerabilities alone rarely explain the scale and impact of successful attacks. Instead, a recurring combination of human-related weaknesses, organizational shortcomings, and inadequate architectural design often enables initial compromise and propagation within operational technology environments. This work proposes a structured, standards-aligned methodology for the initial cybersecurity assessment of IEC 61850-based substations, integrating architectural segmentation and risk-based reasoning with empirical evidence from documented cyber incidents. The methodology guides the identification of cybersecurity criteria, tools, and procedures during substation design and early engineering, and then performs an incident-driven coverage check by analysing recurring attack entry vectors and exploited vulnerabilities. The results highlight the dominant role of human-mediated access and correct network segmentation in constraining attack paths. Rather than prescribing a fixed set of controls, the proposed approach provides a repeatable basis to prioritize cybersecurity measures in future substation projects based on contextual risk and observed attack patterns.

Additional informations

Publication type Session Materials
Reference D2_11779_2026
Publication year
Publisher CIGRE
Country Paraguay
Study committees
File size 668 KB
Price for non member 30 €
Price for member 30 €

Authors

INSFRAN Aldo - ITAIPU BINACIONAL; RECALDE Gustavo - ITAIPU BINACIONAL; MENDES Marcos - ITAIPU BINACIONAL; BENITES Paulo - ITAIPU BINACIONAL; ARTETA Emilio - ITAIPU BINACIONAL

Keywords

IEC 61850, IEC 62351, IEC 62443, Cybersecurity, Secure Substation Design, Risk-Based Design, Power System Vulnerabilities

A Standards-Based Cybersecurity Framework for Substation Automation Design: Applying IEC 61850, 62351, 62443, and Lessons Learned from Real-World Events