In recent years, critical infrastructure and power grids have increasingly been targets of cyber-attacks, causing widespread and extended blackouts. Digital substations are particularly vulnerable to such cyber incursions, jeopardizing grid stability. This paper addresses these risks by proposing a cybersecurity framework that leverages software-defined networking (SDN) to bolster the resilience of substations based on the IEC-61850 standard. The research introduces a strategy involving smart cyber switching (SCS) for mitigation and concurrent intelligent electronic device (CIED) for restoration, ensuring ongoing operational integrity and cybersecurity within a substation. The SCS framework improves the physical network's behavior (i.e., leveraging commercial SDN capabilities) by incorporating an adaptive port controller (APC) module for dynamic port management and an intrusion detection system (IDS) to detect and counteract malicious IEC-61850-based sampled value (SV) and generic object-oriented system event (GOOSE) messages within the substation's communication network. The framework's effectiveness is validated through comprehensive simulations and a hardware-in-the-loop (HIL) testbed, demonstrating its ability to sustain substation operations during cyber-attacks and significantly improve the overall resilience of the power grid.

翻译：近年来，关键基础设施与电网日益成为网络攻击的目标，导致大规模长时间停电事故。数字化变电站尤其易受此类网络入侵影响，危及电网稳定运行。本文针对这些风险，提出一种基于软件定义网络（SDN）的网络安全框架，旨在增强符合IEC-61850标准的变电站韧性。研究提出包含智能网络切换（SCS）的缓解策略与并行智能电子设备（CIED）的恢复策略，确保变电站持续运行完整性与网络安全。SCS框架通过集成自适应端口控制器（APC）模块实现动态端口管理，并采用入侵检测系统（IDS）识别并抵御变电站通信网络中恶意的IEC-61850采样值（SV）与通用面向对象系统事件（GOOSE）报文，从而优化物理网络行为（即利用商用SDN能力）。通过全面仿真与硬件在环（HIL）测试平台验证了该框架的有效性，证明其能在网络攻击期间维持变电站运行，并显著提升电网整体韧性。