Exploiting Ripple20 to Compromise Power Grid Cyber Security and Impact System Operations

Abstract

Driven by power grid digitalisation, tighter coupling between the cyber and physical layers has introduced cyber security threats. This paper elucidates the emergence and possible consequences of recently identified Information Technology (IT) / Industrial Internet of Things (IIoT) vulnerabilities, i.e., Ripple20, and the threats it poses to power grid cyber security. In this paper, we investigate advanced cyber attack tactics and techniques to exploit Ripple20 and IEC 61850 vulnerabilities through various attack vectors. The presented cyber-physical attack scenarios focus on gaining unauthorised access from pole-mounted reclosers in MV networks to the control centre and substation Operational Technology (OT) systems. Subsequently, the aforementioned vulnerabilities are exploited to maliciously disconnect embedded generation, block substation protection functionality, and cause busbar faults. We then experimentally demonstrate the impact of such advanced cyber attacks on power system operation that initiate cascading failures and cause a blackout. Recommendations and mitigation techniques for advanced cyber threats in the OT domain of distribution system operators are also provided.