Contents I. Introduction
Substations are important components of present-day “smart grid” electricity delivery systems. As these systems become increasingly dependent on computer-based remote control and automation for their operation, they are also subject to a growing number of threats from hackers and cyber attackers. Substations are essential to the power distribution process. Electric power plants produce the bulk of electricity; however, before the electricity reach outlets to power various appliances and devices, it generally needs to go through substations. Substations take the high-voltage electricity generated at power plants and transform it to lower voltage that serves the load on distribution systems. As the operations and performance of substations have become increasingly streamlined by automation, substation security has grown to be very complex. The physical system of the substation relies on the cyber system for control, monitoring and operation. As a result, the reliable operation of substations is highly dependent on the associated cyber infrastructures. The integrated cyber and physical system of substations creates a large and complex infrastructure. Due to the high penetration of Information and Communications Technology (ICT), Supervisory Control And Data Acquisition (SCADA) systems are interconnected with one another, resulting in higher vulnerability with respect to cyber intrusions. Substation cyber security and protection is a critical field of research for the emerging smart grid environment. A substation cyber attack or multiple simultaneous attacks can be disastrous, resulting in blackouts for wide area power grids. For instance, simultaneous cyber intrusions into important substations may trigger multiple, cascaded sequences of events, leading to a blackout. As a result, it is crucial to enhance the cyber security of substations and analyze cyber and physical security as one integrated structure in order to enhance the resilience of power grids. Recent reports indicate that cyber-attacks are increasingly likely for critical infrastructures, e.g., control centers, nuclear power plants, and substations. These attacks may cause significant damages on the power grid. Furthermore, it has been reported that attackers successfully compromised U.S. Department of Energy computer systems by more than 150 cyber attacks between 2010 and 2014, as reported in review of federal records [1]. Between 2011 and 2014, electric utilities reported 362 targeted attacks that caused outages or other power disruptions. Of those 14 are cyber attacks, and the rest are physical in nature, according to electric utility data reported to the Department of Energy [2]. Government agencies and international institutions have published cyber and physical security related guidelines and standards [3]–[9]. In February 2016, United States Industrial Control Systems Cyber Emergency Response Team (U.S. ICS-CERT) in Department of Homeland Security (DHS) issued an alert about a coordinated cyber attack on the Ukrainian power grid [10]. This cyber attack caused outages to approximately 225,000 customers’ after disconnecting seven 110 kV and twenty three 35 kV substations from the grid. Attackers successfully compromised utility’s industrial control system via virtual private network (VPN) and malware viruses called “KillDisk” and “BlackEnergy.” This cyber incident clearly shows the need for reliable cyber security measures at substations. The mitigation strategy is vital to cyber-physical security of substations in order to stop the attack, disconnect the intruder(s), and restore the power system to a normal state.
