Test Specification TC25.TS1

Impact analysis of Denial-of-Service (DoS) attack in a digital substation

Test Specification Definition

ID	TC25.TS1
Reference to Test Case	TC25
Title of Test	Impact analysis of Denial-of-Service (DoS) attack in a digital substation
Test Rationale	A digital substation is realised by the IEC 61850 standard which mandates a common Ethernet based communication infrastructure within a substation. This experiment seeks to analyse the impact of a DoS attack that successfully compromises the substation communication infrastructure. This may lead to delayed or loss of trip, block commands, thereby directly impacting grid operations.
Specific Test System (graphical)	The test system comprises of a real-time grid simulator, at least one Ethernet switch, and multiple IEC 61850 compliant devices interconnected in a HIL setup. (See SuT for further information)
Target measures	KPIs: loss of load, voltage deviations, frequency fluctuations on simulated system under a DoS attack Time taken and quality of service for IEC 61850 based communication under a DoS attack
Input and output parameters	Input parameters: Type of power system simulated Network topology of substation Protection schemes applied through the relays Fault type and duration Type of attack: DoS Output parameters: KPIs: loss of load, voltage deviations, frequency fluctuations on simulated system under a DoS attack Avg time for intra substation communication and communication quality of service (jitter, packet loss, latency, throughput, availability)
Test Design	The test is a HIL experiment as described in the SuT and specific test system. The test consists of a reference test for the baseline measurements and repeat of this test with the DoS attack. The test design is as follows: Start the system with all devices functioning as required and the system is stabilized. Run a test simulation with a short-circuit or fault condition at location monitored by relay. Note that the appropriate relay communicates trip signal via IEC 61850 GOOSE message. Note this time as reference time T1. Circuit breaker is opened, and the fault is cleared. Carry out DoS attack via external emulator/device to target specific IED/relay. Repeat steps 2 to 3 and note the new time T2. Quantify impact of attack through KPIs and note down targeted device. Repeat for additional target devices at different locations to identify most critical digital asset.
Initial system state	All devices are ON and running Real-time grid simulator can send and receive messages to and from the hardware devices IEDs receive messages from the real-time grid simulator
Evolution of system state and test signals	Successful recording of KPIs for each targeted device. The fault event generated by the real-time grid simulator has predeterminate fault duration and wait time. The DoS attack operates independently of the HIL experiment sequence and can occur at any moment of time in the sequence.
Other parameters	N/A
Temporal resolution	Order of tens of seconds
Source of uncertainty	Configuration of HIL test setup, quality of time synchronization.
Suspension criteria / Stopping criteria	Suspension criteria: Errors in devices/misconfiguration Stopping criteria: the experiment can be concluded when the KPIs for various target devices are noted. Alternatively, if the attack causes cascading effects or a blackout, it can be stopped.