This paper focuses on the cyber security in smart applications for energy grid topologies characterized by high penetration of distributed energy resources (DER) with renewable generation, storage devices and controllable loads, and the involvement of multiple active actors across the smart grid domains.

To illustrate this, a representative use case dealing with the Voltage Control (VC) of active Medium Voltage (MV) distribution grids will be considered. The role of the VC function is to adjust the voltage profile on the MV grid to optimize technical and economic objectives, sending set points to distributed energy resources and to the distribution grid devices.

The aim of the work is to demonstrate techniques for deriving justifiable estimations of the difficulty of succeeding with different kinds of cyber attacks to VC related communication services within the substation automation system.

Following the attack modelling activity ongoing within the Cigré working group D2.31 on “Security architecture principles for digital systems in Electric Power Utilities (EPUs)”, this paper evaluates the capabilities of CySeMoL (Cyber Security Modelling Language).

The CySeMoL methodology is applied to describe the grid ICT architecture (networks, operating systems, services, protocols, data flows), the security measures and the source and the target of the attack. The CySeMoL modelling approach is based on the attack graph formalism and provides justifiable quantitative estimates on the likelihood that different attack paths will be successful. In this paper CySeMoL will be used for estimating the likelihood of certain attack processes affecting the VC functions, including attacks caused by the remote maintenance procedures on the VC devices.

Starting with the description of a Voltage Control function architecture as a representative use case of future smart grids, the paper focusses on the application of CySeMoL to the sample case aimed at the evaluation of the adequacy of the tool to the smart grid sector.