|
| Node label | Meaning |
|
| UG | The circuit breaker trips without a fault, resulting in a power outage. |
| M1 | A trip command is sent through the front-end processor. |
| M2 | The status evaluation module is affected, and the operator sends a trip command error. |
| M3 | The human–machine interface (HMI) substation is accessed, and a trip command is sent to the relay. |
| M4 | The remote terminal unit (RTU) is accessed; the relays for RTU monitoring are controlled or the relays are reconfigured. |
| M5 | Direct access to the relay protector is obtained. |
| M6 | False data are injected. |
| A1 | The hardware firewall is bypassed for port scanning. |
| A2 | The control center application server is accessed. |
| A3 | Measurement and status packets are intercepted. |
| A4 | An eavesdropping device is installed. |
| A5 | The encrypted message is decoded. |
| A6 | Port scanning is implemented. |
| A7 | The substation user interface is accessed. |
| A8 | A connection via dial-up is established. |
| A9 | The password is decoded. |
| A10 | Port scanning is conducted. |
| A11 | The password is decoded. |
| D1 | Idle and potentially threatening ports are disabled, and the firewall is used to mask scanned packets. |
| D2 | Server data are backed up and server security measures are enhanced. |
| D3 | Measurements are conducted and packet encryption measures are implemented. |
| D4 | An antieavesdropping cable, an encryption algorithm, or an antieavesdropping device is implemented. |
| D5 | A better encryption algorithm is adopted. |
| D6 | Idle and potentially threatening ports are disabled, and the firewall masks scanned packets. |
| D7 | The router is enhanced to prevent IP scanning. |
| D8 | Strong modem encryption is adopted. |
| D9 | A new encryption algorithm is applied, including RTU mandatory authentication. |
| D10 | The protection of relay authorized access is realized. |
| D11 | Strong passwords are selected for the network. |
| D12 | Advanced permissions are included for trip commands. |
| D13 | Data digital signature protocols are established. |
| D14 | Scanning is conducted to fix any vulnerabilities in the HMI. |
| D15 | The RTU firmware is updated and a security gateway is deployed. |
| D16 | The relay protector firmware is updated on time. |
|
