This paper presents a comprehensive analysis of the security issues found in over 100 global energy facilities, including substations, power plants, and control centers. The analysis was enabled by the deployment of Intrusion Detection Systems (IDS), through which a detailed network security assessment was possible. The paper highlights the top five most frequent and significant network security risks identified, which were particularly pervasive across the analyzed plants. Along with the most frequent ones, we have also worked out some noteworthy examples of particularly unsafe implementations in substations.
Additionally, our investigation revealed numerous operational issues on the station and process bus, such as configuration errors, network failures, and IEC 61850 interoperability issues, all of which are commonly overlooked and could impact operations later. The most frequent operational issues will be examined in detail.
Furthermore, the paper offers insights into secure PAC system implementations, derived from our analysis, serving as a blueprint for cyber-resilient substation network architectures. This work not only outlines the most frequent security and operational issues but also contributes to the discourse on advancing cybersecurity practices for PAC systems.