Protecting the Core: Securing Protection Relays in Modern Substations

This report examines cyber risks to modern substations with a focus on protection relays (IEDs), explaining their functions, typical redundant network topologies, and how attackers progress from Internet-based OSINT to targeted, process-aware enumeration and exploitation; it highlights practical vectors (default credentials, vendor access, backdoors, Telnet, firmware/config manipulation) that could enable disruptive physical impacts if leveraged against poorly secured substations.