What question did this study set out to answer?

The study aims to explore the relationship between threat priority and operational observability in IEC 61850 digital substations.

May 26, 2026Open Access

Risk–Observability Mismatch in an IEC 61850 Digital Substation: A Structured Cyber-Physical Assessment

Key Points

The study aims to explore the relationship between threat priority and operational observability in IEC 61850 digital substations.
Utilized a smart grid simulator (SGSim) for analysis
Conducted DFD-guided STRIDE analysis and CVSS v3.1 scoring
Validated attacks using packet-capture evidence and SCADA/HMI observations.
Volumetric DoS attack was highly visible, compromising communication availability
SYN flood weakened control recoverability but was not easily observed at the operator level
GOOSE FDI attack maintained communication continuity while distorting operational state.

Abstract

IEC 61850 digital substations depend on communication services whose compromise can affect protection, supervision, and control. Existing work has advanced substation threat modeling, cyber-physical testbeds, and intrusion detection, but the relation between structured threat priority and operational observability remains under-characterized. This article examines that relation in a smart grid simulator (SGSim)-based IEC 61850 digital-substation environment. DFD-guided STRIDE analysis, CVSS v3.1 scoring, likelihood–impact prioritization, and ATT the SYN flood weakens control recoverability while remaining weakly visible at the operator plane; and the GOOSE FDI case preserves communication continuity while falsifying the represented operational state. These findings indicate that visible disruption alone is insufficient for interpreting cyber-physical severity in the studied SGSim-based digital substation.

Read Full Paperexternally

Mark Helpful

Bookmark

Relay

View Full Paper