Intrusion evaluation of communication network architectures of power substations

Document Type


Publication Date



Department of Electrical and Computer Engineering; Center for Cyber-Physical Systems


Electronic elements of a substation control system have been recognized as critical cyberassets due to the increased complexity of the automation system that is further integrated with physical facilities. Since this can be executed by unauthorized users, the security investment of cybersystems remains one of the most important factors for substation planning and maintenance. As a result of these integrated systems, intrusion attacks can impact operations. This work systematically investigates the intrusion resilience of the ten architectures between a substation network and others. In this paper, two network architectures comparing computer-based boundary protection and firewall-dedicated virtual local-area networks are detailed, that is, architectures one and ten. A comparison on the remaining eight architecture models was performed. Mean time to compromise is used to determine the system operational period. Simulation cases have been set up with the metrics based on different levels of attackers' strength. These results as well as sensitivity analysis show that implementing certain architectures would enhance substation network security.

Publisher's Statement

© 2015 IEEE. Publisher's version of record:

Publication Title

IEEE Transactions on Power Delivery