Risk Indices Assessment of Different Cyber-Attack Actions for an SDN-Enabled IEC 61850 Substation Using Markov Decision Process
IEC61850-based digital substations are widely used for electricity network power flow to be controlled and directed safely and securely from generation to demand. As digital substations become software-intensive and digitally connected to the grid cyberspace, they are vulnerable to cyberattacks. Thu...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2025-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/11050378/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1839625306026016768 |
|---|---|
| author | Zhihao Wu Sugandh Seth Haiyu Li Zhirun Hu James Yu |
| author_facet | Zhihao Wu Sugandh Seth Haiyu Li Zhirun Hu James Yu |
| author_sort | Zhihao Wu |
| collection | DOAJ |
| description | IEC61850-based digital substations are widely used for electricity network power flow to be controlled and directed safely and securely from generation to demand. As digital substations become software-intensive and digitally connected to the grid cyberspace, they are vulnerable to cyberattacks. Thus, Software-Defined Networking (SDN) technology can be utilized to enhance the security of digital substations. This paper aims to evaluate the security posture of SDN-enabled substations and to calculate the cyber risk indices of a substation under different attacks. The proposed approach uses 1) the Purdue Model to model attack scenarios using cyber-physical devices at different layers based on typical protection control device arrangement in a substation and 2) the Markov Decision Process (MDP) model to assess cybersecurity risk indices for the substation. The assessment evaluates all possible attack patterns by an attacker to determine the severity of each attack path within the substation. The paper further compares the cybersecurity risk indices of SDN-enabled substations with those of traditional switch-based substations. Results show that implementing SDN technology can significantly enhance substation security with improvements ranging from 6.9% to 100% and an average security enhancement of 68%. |
| format | Article |
| id | doaj-art-8aa77b4c01b24f9ba3b9d3c6a65e03a2 |
| institution | Matheson Library |
| issn | 2169-3536 |
| language | English |
| publishDate | 2025-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj-art-8aa77b4c01b24f9ba3b9d3c6a65e03a22025-07-17T23:01:47ZengIEEEIEEE Access2169-35362025-01-011311961911963210.1109/ACCESS.2025.358312011050378Risk Indices Assessment of Different Cyber-Attack Actions for an SDN-Enabled IEC 61850 Substation Using Markov Decision ProcessZhihao Wu0https://orcid.org/0000-0003-1602-742XSugandh Seth1https://orcid.org/0000-0002-7474-2141Haiyu Li2https://orcid.org/0000-0002-5270-7986Zhirun Hu3https://orcid.org/0000-0002-1989-9576James Yu4https://orcid.org/0000-0002-7288-6977Department of Electrical and Electronic Engineering, The University of Manchester, Manchester, U.K.Department of Electrical and Electronic Engineering, The University of Manchester, Manchester, U.K.Department of Electrical and Electronic Engineering, The University of Manchester, Manchester, U.K.Department of Electrical and Electronic Engineering, The University of Manchester, Manchester, U.K.SP Distribution PLC, Glasgow, U.K.IEC61850-based digital substations are widely used for electricity network power flow to be controlled and directed safely and securely from generation to demand. As digital substations become software-intensive and digitally connected to the grid cyberspace, they are vulnerable to cyberattacks. Thus, Software-Defined Networking (SDN) technology can be utilized to enhance the security of digital substations. This paper aims to evaluate the security posture of SDN-enabled substations and to calculate the cyber risk indices of a substation under different attacks. The proposed approach uses 1) the Purdue Model to model attack scenarios using cyber-physical devices at different layers based on typical protection control device arrangement in a substation and 2) the Markov Decision Process (MDP) model to assess cybersecurity risk indices for the substation. The assessment evaluates all possible attack patterns by an attacker to determine the severity of each attack path within the substation. The paper further compares the cybersecurity risk indices of SDN-enabled substations with those of traditional switch-based substations. Results show that implementing SDN technology can significantly enhance substation security with improvements ranging from 6.9% to 100% and an average security enhancement of 68%.https://ieeexplore.ieee.org/document/11050378/Substation automation and protectionsoftware defined network (SDN)-enabled substationcybersecuritycyber risk indicesMarkov decision process (MDP) |
| spellingShingle | Zhihao Wu Sugandh Seth Haiyu Li Zhirun Hu James Yu Risk Indices Assessment of Different Cyber-Attack Actions for an SDN-Enabled IEC 61850 Substation Using Markov Decision Process IEEE Access Substation automation and protection software defined network (SDN)-enabled substation cybersecurity cyber risk indices Markov decision process (MDP) |
| title | Risk Indices Assessment of Different Cyber-Attack Actions for an SDN-Enabled IEC 61850 Substation Using Markov Decision Process |
| title_full | Risk Indices Assessment of Different Cyber-Attack Actions for an SDN-Enabled IEC 61850 Substation Using Markov Decision Process |
| title_fullStr | Risk Indices Assessment of Different Cyber-Attack Actions for an SDN-Enabled IEC 61850 Substation Using Markov Decision Process |
| title_full_unstemmed | Risk Indices Assessment of Different Cyber-Attack Actions for an SDN-Enabled IEC 61850 Substation Using Markov Decision Process |
| title_short | Risk Indices Assessment of Different Cyber-Attack Actions for an SDN-Enabled IEC 61850 Substation Using Markov Decision Process |
| title_sort | risk indices assessment of different cyber attack actions for an sdn enabled iec 61850 substation using markov decision process |
| topic | Substation automation and protection software defined network (SDN)-enabled substation cybersecurity cyber risk indices Markov decision process (MDP) |
| url | https://ieeexplore.ieee.org/document/11050378/ |
| work_keys_str_mv | AT zhihaowu riskindicesassessmentofdifferentcyberattackactionsforansdnenablediec61850substationusingmarkovdecisionprocess AT sugandhseth riskindicesassessmentofdifferentcyberattackactionsforansdnenablediec61850substationusingmarkovdecisionprocess AT haiyuli riskindicesassessmentofdifferentcyberattackactionsforansdnenablediec61850substationusingmarkovdecisionprocess AT zhirunhu riskindicesassessmentofdifferentcyberattackactionsforansdnenablediec61850substationusingmarkovdecisionprocess AT jamesyu riskindicesassessmentofdifferentcyberattackactionsforansdnenablediec61850substationusingmarkovdecisionprocess |