Abstract

The increasing digitization and interconnection of power systems has improved their operational efficiency and flexibility, but has also introduced critical cyber vulnerabilities. Ensuring the security of smart grid substations is therefore crucial for maintaining reliable grid operation and power delivery. In this thesis, we address the critical challenge of detecting attacks against IEC 61850 substations. The research encompasses the development and validation of advanced security monitoring frameworks using machine learning techniques and system simulations. We first introduce an OpenStack-based Hardware-in-the-Loop (HIL) framework that supports both emulation and co-simulation. This environment enables controlled evaluation of smart grid components' resilience to cyber threats and facilitates testing of the proposed security solutions. We then leverage Network and System Management (NSM) based on IEC 62351-7 and propose a hybrid anomaly detection platform that combines rule-based methods and deep learning to detect threats within IEC 61850 substations. To this end, we introduce a two-stage deep learning architecture that integrates LSTM, RNN, and GRU models to further enhance the accuracy of NSM-based anomaly detection. We then validate these approaches through simulations on various standard IEEE test grids. Finally, we implement a Deep Packet Inspection (DPI) mechanism, in compliance with the IEC 62351-90-2 standard, to identify malicious activity targeting IEC 61850 substations. This mechanism employs a two-level architecture to identify anomalies and then determine whether they were caused by faults or attacks. We then test this approach on a realistic IEC 61850 substation model implemented in our real-time co-simulation testbed. Collectively, the contributions discussed within this thesis offer a strategy, based on the IEC 62351 standard, to secure substations in a smart grid.