Summary

The increasing digitalization of electrical substations, driven by IEC 61850-based architectures, has introduced new operational efficiencies but also expanded the cyber-attack surface. This paper presents a standards-based cybersecurity risk mitigation model designed to protect critical assets in digital substations against representative cyber threats. The proposed model integrates preventive, detective, and segmentation controls aligned with NIST SP 800-82r3, IEC 62443, and ISO/IEC 27019, and is validated in a controlled laboratory environment simulating process bus and station bus communication.

A baseline risk assessment was conducted by mapping assets, threats, vulnerabilities, and controls, resulting in a pre-mitigation risk matrix with four high-risk scenarios: false data injection (FDI) on GOOSE messages, denial of service (DoS) on time synchronization, unauthorized remote SCADA access, and manipulation of sampled values (SV). For validation, a selected subset of controls was implemented. The post-mitigation analysis showed a reduction to a single Moderate risk scenario, representing a 75% decrease in high-risk exposures. These results demonstrate the model’s effectiveness in enhancing operational resilience, even when implemented only partially.

This research contributes a validated, standards-aligned methodology for assessing and mitigating cyber risks in IEC 61850 substations, offering both practical implementation guidance and quantitative evidence of its impact. The findings provide a foundation for scaling the model to production environments and integrating it into broader cybersecurity strategies for critical infrastructure.

Additional informations

Publication type Session Materials
Reference D2_12215_2026
Publication year
Publisher CIGRE
Country Colombia
Study committees
File size 804 KB
Price for non member 30 €
Price for member 30 €

Authors

GOMEZ Ivan Fernando - EPM; TOBAR Oscar Andres - unal; GRAJALES Juan David - ITM

Mitigating Cyberattack Risks in Digital Substations Using a Cybersecurity Model