Call for Paper - Upcoming Issues

Cybersecurity Threat Modelling for Electric Power System SCADA Control Centers and Substation Automation Systems

International Journal of Electrical and Electronics Engineering
© 2025 by SSRG - IJEEE Journal
Volume 12 Issue 9
Year of Publication : 2025
Authors : Shivakumar V, Veena M B
10.14445/23488379/IJEEE-V12I9P106
pdf
How to Cite?

Shivakumar V, Veena M B, "Cybersecurity Threat Modelling for Electric Power System SCADA Control Centers and Substation Automation Systems," SSRG International Journal of Electrical and Electronics Engineering, vol. 12,  no. 9, pp. 49-65, 2025. Crossref, https://doi.org/10.14445/23488379/IJEEE-V12I9P106

Abstract:

The increasing automation and reliance on Information and Communication Technologies (ICT) in electric power systems, from generation to utilization, introduce significant cyber threats to critical infrastructure. Malfunctions caused by cyberattacks can lead to cascaded effects across multiple sectors, including defence, aviation, and health, potentially resulting in severe consequences. It is essential to address these cybersecurity threats to ensure grid resilience, and a robust threat model is crucial for designing secure control centers and substation automation system architectures. This paper presents a detailed threat model study for typical Supervisory Control and Data Acquisition (SCADA) control center and substation automation system architectures. Utilizing the STRIDE methodology and the CIA triad principles, the authors identified threats and correlated them with ISO/IEC 27001, ISO/IEC 27002, and IEC 62351 series of standards for mitigation plans. The developed framework was applied to a laboratory SCADA Test bed, and the results are discussed. Several reported cyber incidents were reviewed, applicable ISO/IEC 27002 controls were identified, and it was demonstrated how implementing these controls could have prevented them. The study offers inferences and recommendations for mitigating threats with optimal cost, highlighting the critical role of human factors in minimizing cyber incidents within critical infrastructure.

Keywords:

Control system, Critical infrastructure, Cybersecurity, Risk management, Threat model.

References:

[1] Adriana Hemzacek, Today’s Toughest Questions Answered: Cybersecurity in Transit, Icomera, 2023. [Online]. Available: https://www.icomera.com/todays-toughest-questions-answered-cybersecurity-in-transit/
[2] “Cyber Security and Resilience Guidelines for the Smart Energy Operational Environment,” Technology Report, International Electrotechncal Commission (IEC), 2019. [Online]. Available: https://www.iec.ch/basecamp/cyber-security-and-resilience-guidelines-smart-energy-operational-environment
[3] Keith Stouffer et al., “NIST SP 800-82r3: Guide to Operational Technology (OT) Security,” NIST Special Publication, 2023.
[CrossRef] [Google Scholar] [Publisher Link]
[4] Shaymaa Mamdouh Khalil, Hayretdin Bahsi, and Tarmo Korõtko, “Threat Modeling of Industrial Control Systems: A Systematic Literature Review,” Computers & Security, vol. 136, pp. 1-19, 2024.
[CrossRef] [Google Scholar] [Publisher Link]
[5] K.T. Soumya et al., “A Systematic Study on the Intelligent Cyber Security for Smart Microgrid,” Proceedings of the IEEE International Conference on Distributed Computing, VLSI, Electrical Circuits and Robotics (DISCOVER), Mangalore, India, pp. 237-242, 2024. [CrossRef] [Google Scholar] [Publisher Link]
[6] Filip Holik et al., “Threat Modeling of a Smart Grid Secondary Substation,” Electronics, vol. 11, no. 6, no. 1-21, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[7] BoHyun Ahn et al., “Security Threat Modeling for Power Transformers in Cyber-Physical Environments,” 2021 IEEE Power & Energy Society Innovative Smart Grid Technologies Conference (ISGT), Washington, DC, USA, pp. 1-5, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[8] Ioannis Zografopoulos et al., “Cyber-Physical Energy Systems Security: Threat Modeling, Risk Assessment, Resources, Metrics, and Case Studies,” IEEE Access, vol. 9, pp. 29775-29818, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[9] Christoph Schmittner et al., “Threat Modeling in the Railway Domain,” International Conference on Reliability, Safety, and Security of Railway Systems, Lille, France, pp. 261-271, 2019.
[CrossRef] [Google Scholar] [Publisher Link]
[10] George Matta et al., “Risk Management and Standard Compliance for Cyber-Physical Systems of Systems,” Infocommunications Journal, vol. 13, no. 2, pp. 32-39, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[11] Mohamed Badawy, Nada H. Sherief, and Ayman A. Abdel-Hamid, “Legacy ICS Cybersecurity Assessment Using Hybrid Threat Modeling-An Oil and Gas Sector Case Study,” Applied Sciences, vol. 14, no. 18, pp. 1-38, 2024.
[CrossRef] [Google Scholar] [Publisher Link]
[12] Batoul Achaal et al., “Study of Smart Grid Cyber-Security, Examining Architectures, Communication Networks, Cyber-Attacks, Countermeasure Techniques, and Challenges,” Cybersecurity, vol. 7, no. 1, pp. 1-30, 2024.
[CrossRef] [Google Scholar] [Publisher Link]
[13] Suvda Myagmar, Adam J. Lee, and William Yurcik, “Threat Modeling as a Basis for Security Requirements,” Symposium on Requirements Engineeringfor Information Security (SREIS), pp. 1-8, 2005.
[Google Scholar]
[14] Avi Gopstein et al., “NIST Framework and Roadmap for Smart Grid Interoperability Standards, Release 4.0,” National Institute of Standards and Technology, pp. 1-212, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[15] Livinus Obiora Nweke, and Stephen D. Wolthusen, “A Review of Asset-Centric Threat Modelling Approaches,” International Journal of Advanced Computer Science and Applications (IJACSA), vol. 11, no. 2, pp. 1-6, 2020.
[CrossRef] [Google Scholar] [Publisher Link]
[16] IEC Technical Specification 62351-1:2007, “Power Systems Management and Associated Information Exchange - Data and Communications Security - Part 1: Communication Network and System Security - Introduction to Security Issues,” Report, International Electrotechncal Commission (IEC), pp. 1-7, 2007.
[Google Scholar] [Publisher Link]
[17] Rafiullah Khan et al., “STRIDE-Based Threat Modeling for Cyber-Physical Systems,” 2017 IEEE PES Innovative Smart Grid Technologies Conference Europe (ISGT-Europe), Turin, Italy, pp. 1-6, 2017.
[CrossRef] [Google Scholar] [Publisher Link]
[18] ISO/IEC 27001:2022, “Information Security, Cybersecurity and Privacy Protection - Information Security Management Systems - Requirements,” Report, International Electrotechncal Commission (IEC), 2022.
[Google Scholar] [Publisher Link]
[19] Traffic Light Protocol (TLP): Clear, “The Attack against Danish Critical Infrastructure,” Report, SektorCERT, 2023. [Online]. Available: https://sektorcert.dk/wp-content/uploads/2023/11/SektorCERT-The-attack-against-Danish-critical-infrastructure-TLP-CLEAR.pdf
[20] Jack Beerman et al., “A Review of Colonial Pipeline Ransomware Attack,” 2023 IEEE/ACM 23rd International Symposium on Cluster, Cloud and Internet Computing Workshops (CCGridW), Bangalore, India, , pp. 8-15, 2023.
[CrossRef] [Google Scholar] [Publisher Link]
[21] Blaine Jeffries et al., “Cyber Risk to Mission Case Study: Oldsmar,” Report, Defense Technical Information Center, 2022. [Online]. Available: https://apps.dtic.mil/sti/trecms/pdf/AD1183009.pdf
[22] Hossein Rahimpour et al., “A Review of Cybersecurity Challenges in Smart Power Transformers,” IEEE Access, vol. 12, pp. 193972-193996, 2024.
[CrossRef] [Google Scholar] [Publisher Link]
[23] Georgios Michail Makrakis et al., “Industrial and Critical Infrastructure Security: Technical Analysis of Real-Life Security Incidents,” IEEE Access, vol. 9, pp. 165295-165325, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[24] Vetrivel Subramaniam Rajkumar et al., “Cyber Attacks on Power Grids: Causes and Propagation of Cascading Failures,” IEEE Access, vol. 11, pp. 103154-103176, 2023.
[CrossRef] [Google Scholar] [Publisher Link]
[25] David E. Whitehead et al., “Ukraine Cyber-Induced Power Outage: Analysis and Practical Mitigation Strategies,” 2017 70th Annual Conference for Protective Relay Engineers (CPRE), College Station, TX, USA, pp. 1-8, 2017.
[CrossRef] [Google Scholar] [Publisher Link]
[26] Jean-Pierre Hauetet al., In Tech: Ukrainian Power Grids Cyberattack, International Society of Automation, 2017. [Online]. Available: https://www.isa.org/intech-home/2017/march-april/features/ukrainian-power-grids-cyberattack
[27] Analysis of the Cyber Attack on the Ukrainian Power Grid, Electricity Information Sharing and Analysis Center (E-ISAC), 2016. [Online]. Available: https://nsarchive.gwu.edu/sites/default/files/documents/3891751/SANS-and-Electricity-Information-Sharing-and.pdf
[28] IEC 62351:2025 SER, “Power Systems Management and Associated Information Exchange - Data and Communications Security - All Parts,” Report, International Electrotechncal Commission (IEC), 2025.
[Google Scholar] [Publisher Link]
[29] Nicolas Falliere, Liam O. Murchu, and Eric Chien, W32.Stuxnet Dossier, Symantec Security Response, 2011. [Online]. Available: https://docs.broadcom.com/doc/security-response-w32-stuxnet-dossier-11-en
[30] David Kushner, The Real Story of Stuxnet: How Kaspersky Lab Tracked Down the Malware that Stymied Iran’s Nuclear-Fuel Enrichment Program, IEEE Spectrum, 2013. [Online]. Available: https://spectrum.ieee.org/the-real-story-of-stuxnet
[31] Aurora Generator Test, Wikipedia, The Free Encyclopedia, 2014. [Online]. Available: https://en.wikipedia.org/wiki/Aurora_Generator_Test
[32] Doug Salmon et al., “Mitigating the Aurora Vulnerability With Existing Technology,” 36th Annual Western Protection Relay Conference, Washington, pp. 1-7, 2009.
[Google Scholar] [Publisher Link]