Toward Threat of Implementation Attacks on Substation Security: Case Study on Fault Detection and Isolation

Modern and future substations are aimed to be more interconnected, leveraging communication standards like IEC 61850-9-2, and associated abstract data models and communication services like generic object oriented substation event, manufacturing message specification, and sampled measured value. Such interconnection would enable fast and secure data transfer, sharing of the analytics information for various purposes like wide area monitoring, faster outage recovery, blackout prevention, distributed state estimation, etc. This would require strong focus on communication security, both at system level as well as at embedded device level. Although communication level security is dealt in IEC 62351, implementation attack on the embedded system is not considered. Since the embedded system makes the core of the smart grid, in this paper, we take a deeper look into impact of implementation attacks on substation security. An overview of potential exploits is first provided. This is followed by a case study, where implementation attacks like malicious fault injection attacks and hardware Trojan are used to compromise a substation level intelligent electronic device. The studied scenario extends implementation attacks beyond its usual exploit of confidentiality to affect power grid integrity and availability.