Utilizing trust to achieve cyber resilient substations

Thumbnail Image



Journal Title

Journal ISSN

Volume Title


University of New Brunswick


The Smart Grid integrates cyber technology into power grids for automated and efficient management of electricity generation, transmission, and distribution. Key to its operation is the substation, regulating voltage across the system. However, cyberinfrastructure integration has increased the substation’s vulnerability to advanced persistent threats (APTs) like PipeDream that exploit device protocols such as Modbus and Distributed Network Protocol 3 (DNP3). Cyber resilience in substations is crucial because APTs can disrupt operations, necessitating manual interventions for recovery, thus causing downtime. Enhancing cyber resilience helps substations minimize downtime and recover more efficiently in the face of these disruptive events. However, the substation’s constraints pose challenges for implementing cyber resiliency measures such as encryption and intrusion detection. This dissertation proposes a trust-based framework that includes a trust, risk posture, and trust transferability model to enhance the substation’s cyber resiliency. The trust model detects protocol-based attacks on Intelligent Electronic Devices (IEDs) and Supervisory Control and Data Acquisition (SCADA) Human Machine Interface (HMI) systems. The risk posture model dynamically assesses the substation’s risk posture pre- and post-attack, while the transferability model evaluates the device and its trust’s integration across substations. Practical implementation involves a substation-emulated Docker-based testbed with a multi-agent architecture. Following Security Operations Center (SOC) principles, a real-time dashboard offers updates. Using the MITRE Industrial Control Systems (ICS) Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) framework, evaluation assesses the trust framework against various attacks. The trust model consistently shows efficient performance, with response latency less than 10 ms, superior to alternatives with a minimum latency of 20 ms. Evaluation under rogue devices, compromised SCADA HMI, and compromised IED scenarios highlights robust detection capabilities, except for baseline replay and delay response attacks. The risk posture model effectively represents substation risk postures, providing insights into attack impacts. The transferability model consistently denies admission to devices with malicious behavior in scenarios like normal replacement, compromised replacement, and trust IED with poor trust scores. Results show the trust framework’s efficacy in evaluating substation resilience, identifying malicious behavior, and endorsing trustworthy devices. Additionally, a dataset comprising the experiments’ captures in the testbed is available to the public1.