Impact modeling of DSO-TSO cross-domain fault propagation attacks

[en] Cross-domain threats are a real challenge for power system operators. While existing research has focused primarily on cyberattacks within either transmission or distribution networks, a critical gap remains in understanding the impacts of cross-domain threats. In response, this paper analyzes coordinated attacks originating from medium-voltage (MV) systems and propagating to high-voltage (HV) transmission systems (TSs) through shared substations. A new approach is proposed to model the possibility of such fault propagation from distribution system operator’s (DSO) domain to TS operator’s (TSO) domain. The hybrid-attack scenario consists of two sequential steps: 1) manipulating the protection settings of protective devices 2) causing man-made faults on MV feeders. This is formulated as a bilevel optimization problem considering attackers’ and TSO’s perspective. In addition, the concept of minimal cut-sets is deployed to capture the process of the fault propagation through shared substations. The proposed framework can be used by TSOs as a tool for conducting the impact assessment. The proposed model is tested on the IEEE reliability test system to demonstrate its effectiveness. The simulation results show that the hybrid attacks can lead to significant disruptions, including direct and indirect load shedding, as well as multiple transmission/MV line outages, and hence should be considered by system operators in their security management policies.

Disciplines :

Electrical & electronics engineering
Energy
Computer science

Author, co-author :

Bahrami, Mahdi ; Université de Liège - ULiège > Montefiore Institute of Electrical Engineering and Computer Science

Wehenkel, Louis ; Université de Liège - ULiège > Département d'électricité, électronique et informatique (Institut Montefiore) > Méthodes stochastiques

Language :

English

Title :

Impact modeling of DSO-TSO cross-domain fault propagation attacks

Publication date :

June 2026

Journal title :

Sustainable Energy, Grids and Networks

ISSN :

2352-4677

Publisher :

Elsevier BV

Volume :

Pages :

102273

Peer reviewed :

Peer Reviewed verified by ORBi

Additional URL :

https://api.elsevier.com/content/article/PII:S2352467726001554?httpAccept=text/xml

Name of the research project :

Belgian Energy Transition Fund, project CYPRESS (https://cypress-project.be/

Funders :

ULiège - University of Liège

Available on ORBi :

since 10 May 2026

Statistics

Number of views

21 (0 by ULiège)

Number of downloads

36 (0 by ULiège)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

OpenAlex citations

Bibliography

Interaction Between Transmission and Distribution System Operators and an Assessment of Their Cooperation in Smart Grids," ISGAN Discussion Paper, 2014. [Online]. Available:.
S. Hussain, J. Hernandez Fernandez, A.K. Al-Ali, and A. Shikfa, ‘‘Vulnerabilities and countermeasures in electrical substations,’’ Int. J. Crit. Infrastruct. Protection, vol. 33, Jun. 2021.
Electricity Information Sharing and Analysis Center, Analysis of the cyber attack on the Ukrainian power grid, 2016. [Online]. Available:. Accessed on: Aug. 11, 2019.
Network Code on Cybersecurity. [Online]. Available:.
M. Bahrami and L. Wehenkel, Coordinated EV Charging Attacks to Cause Transmission Line Overloads, 2024 9th International Youth Conference on Energy (IYCE), Colmar, France, 2024, pp. 1-6.
Y. Dvorkin and S. Garg, "IoT-enabled distributed cyber-attacks on transmission and distribution grids," 2017 North American Power Symposium (NAPS), Morgantown, WV, USA, 2017, pp. 1-6.
M.P. Goodridge, S. Lakshminarayana and A. Zocca, "Uncovering Load-Altering Attacks Against N−1 Secure Power Grids: A Rare-Event Sampling Approach," in IEEE Trans. Power Syst., doi: 10.1109/TPWRS.2024.3419725.
S. Lakshminarayana, S. Adhikari and C. Maple, "Analysis of IoT-Based Load Altering Attacks Against Power Grids Using the Theory of Second-Order Dynamical Systems," in IEEE Trans. Smart Grid, vol. 12, no. 5, pp. 4415-4425, Sept. 2021, doi: 10.1109/TSG.2021.3070313.
I. Zografopoulos et al., “Security assessment and impact analysis of cyberattacks in integrated T&D power systems,” in Proc. 9th Workshop Model. Simul. Cyber-Phys. Energy Syst., 2021, pp. 1–7.
C. Qin, C. Zhong, B. Sun, X.L. Jin, and Y. Zeng, “A tri-level optimal defense method against coordinated cyber-physical attacks considering full substation topology,” Appl. Energy, vol. 339, pp. 120961, Jun. 2023.
K. Lai, M. Illindala, and K. Subramaniam, “A tri-level optimization model to mitigate coordinated attacks on electric power systems in a cyber-physical environment,” Appl. Energy, vol. 235, pp. 204–218, Feb. 2019.
A. Apostolov and B. Vandiver, "IEC 61850 GOOSE applications to distribution protection schemes," 2011 64th Annual Conference for Protective Relay Engineers, College Station, TX, USA, 2011, pp. 178-184, doi: 10.1109/CPRE.2011.6035618.
and Teng-Fa TsaoHong-Chan Chang, "Composite reliability evaluation model for different types of distribution systems," in IEEE Trans. Power Syst., vol. 18, no. 2, pp. 924-930, May 2003, doi: 10.1109/TPWRS.2003.811174.
Y. Liu, H. Gao, W. Gao and F. Peng, "Development of a Substation-Area Backup Protective Relay for Smart Substation," in IEEE Trans. Smart Grid, vol. 8, no. 6, pp. 2544-2553, Nov. 2017, doi: 10.1109/TSG.2016.2527687.
H.C. Kiliçkiran, ˙Ibrahim ¸Sengör, H. Akdemir, B. Kekezo ˘glu, O. Erdinç, and N. G. Paterakis, “Power system protection with digital overcurrent relays: A review of non-standard characteristics,” in Elect. Power Syst. Res., vol. 164, pp. 89–102, 2018.
M. Bahrami, M. Fotuhi-Firuzabad and H. Farzin, "Reliability Evaluation of Power Grids Considering Integrity Attacks Against Substation Protective IEDs," in IEEE Trans. Ind. Informat., vol. 16, no. 2, pp. 1035-1044, Feb. 2020.
C.-C. Liu, A. Stefanov, J. Hong, and P. Panciatici, “Intruders in the grid,” IEEE Power Energy Mag., vol. 10, no. 1, pp. 58–66, Jan./Feb. 2012.
C. -W. Ten, K. Yamashita, Z. Yang, A.V. Vasilakos and A. Ginter, "Impact Assessment of Hypothesized Cyberattacks on Interconnected Bulk Power Systems," in IEEE Trans. Smart Grid, vol. 9, no. 5, pp. 4405-4425, Sept. 2018.
ABB, "Protection and Control IED Manager PCM600," ABB. [Online]. Available:.
ABB, "OpenSSL Heartbleed Vulnerability in Relion 650 series Ver. 1.3.0," ABB-VU-PSAC-1MRG016162, 2014. [Online]. Available:.
Cybersecurity & Infrastructure Security Agency (CISA), "ICS Advisory (ICSA-22-333-02): Vulnerability in [specific vulnerability or device]," *CISA*. [Online]. Available:.
J.L. Sarralde and J.M. Yarza, “Cyber security applied to P&C IEDs,” in Proc. IEEE Power Energy Soc. Conf. Expo., 2014, pp. 1–5.
M. Fischer, S. Tenbohlen, M. Schafer and R. Haug, "Determining power transformers' sequence of service in power grids," in IEEE Trans. Dielectr. Electr. Insul., vol. 18, no. 5, pp. 1789-1798, October 2011.
R. Billinton and R.N. Allan, Reliability Evaluation of Engineering Systems. Boston, MA, USA: Springer, 1992.
E. Karangelos and L. Wehenkel, "Cyber–physical risk modeling with imperfect cyber-attackers," Electr. Power Syst. Res., vol. 211, p. 108437, 2022.
P.M. Subcommittee, “IEEE reliability test system,” IEEE Trans. Power App. Syst., vol. PAS-98, no. 6, pp. 2047–2054, Nov. 1979.
Y. Zhang, A. Sprintson, and C. SinghAn integrative approach to reliability analysis of an IEC 61850 digital substation,” presented at the IEEE Power Energy Soc. General Meeting, San Diego, CA, USA, 2012.