A Standards-Based Cybersecurity Framework for Substation Automation Design: Applying IEC 61850, 62351, 62443, and Lessons Learned from Real-World Events

Cyber incidents affecting power grids indicate that technical vulnerabilities alone rarely explain the scale and impact of successful attacks. Instead, a recurring combination of human-related weaknesses, organizational shortcomings, and inadequate architectural design often enables initial compromise and propagation within operational technology environments. This work proposes a structured, standards-aligned methodology for the initial cybersecurity assessment of IEC 61850-based substations, integrating architectural segmentation and risk-based reasoning with empirical evidence from documented cyber incidents. The methodology guides the identification of cybersecurity criteria, tools, and procedures during substation design and early engineering, and then performs an incident-driven…