A cybersecurity assessment for hybrid virtualized-physical digital substations

Virtualization in digital substations is a rising trend in the power sector, opening up interesting research avenues. The virtualization of intelligent electronic devices (IEDs) is thought to enable more flexible and agile cybersecurity software updates and patching processes while seamlessly integrating with current physical IEDs. However, no studies have yet considered a general cybersecurity assessment for such novel hybrid systems. To fill this gap, a systematic cybersecurity assessment of a digital substation composed of hybrid (virtual and physical) IEDs is presented in this paper. A testbed was developed to assess the different attack vectors with a focus on targeting virtual machines (resource exhaustion) and injection attacks on IEC 61850-compliant communication streams. A hybrid protection selectivity use case was successfully demonstrated with multiple targeted cyber attacks on the testbed where the non-attacked IED successfully cleared the grid fault. The attacks' impacts ranged from minor to major effects on the IEDs' tripping signals (and eventually circuit breaker actions) including forced signal delays, signal latching, and signal drops. The results of this study highlight the importance of providing a proper cybersecurity by design strategy for integrating hybrid substation systems with virtualization technologies.