Ensuring the cyber resiliency of IEC 61850-based Substation Automation Systems (SAS) is critical for reliable grid operations. This work presents a comprehensive analysis of the performance and security of traditional networking and Software-Defined Networking (SDN) for IEC 61850-based SAS. By leveraging SDN's flow control, proactive traffic engineering, and deny-by-default policies, this study highlights its advantages over traditional networking in critical Operational Technology (OT) applications. Three novel factors for cyber resiliency metrics-network performance, protocol-specific attackability, traffic containment, are proposed, culminating in a unified resiliency score. Experimental evaluations using an enhanced real-time Hardware-in-the-Loop (HIL) testbed, includes GOOSE spoofing, DNP3 Denial-of-Service attacks, and network failovers. Results demonstrates SDN's ability to mitigate impact of cyber threats, enhanced network performance, and reduced attack surface. The findings also indicates the significance of adopting SDN at the process bus for scenarios, if full SDN deployment is not feasible. Additionally, this work provides a metric-based approach to evaluate and compare OT network resiliency across various possible configurations.

Human operators in industrial cyber-physical systems (ICPS) (e.g. electric power system) are responsible for critical, real-time decision-making in control centers. They often relying on decision support tools (DSTs) to assist with dynamic decision-making. However, DSTs using multi-modal feedback can sometimes lead to cognitive and information overload, potentially impairing operators' performance, specially during extreme events. This work focuses on human-machine cooperation assisted through advanced tools. The Cyber-Physical Transmission Resiliency Assessment Metric (CP-TRAM) is used as a DST to aid operators by integrating both physical and cyber alerts/alarms, for collaborative decision-making. We developed a laboratory setup for experimental human-in-the-loop validation by replicating a power grid control center environment. Developed CP-TRAM tool with an operator training simulator, displays alarms through the Cyber-Power Alarm Tool. To assess CP-TRAM's impact on cooperative decision-making, we simulate a cyberinduced physical event based on an MITRE ATT&CK Industrial Control System (ICS) framework and evaluate operator responses with and without access to CP-TRAM and the Cyber-Power Alarm Tool. Our study includes 36 participants-18 professional operators and 18 students operator. Results demonstrates improvement in decision making with enhanced speed and accuracy of cyber event detection and response with these tools. Additionally, we incorporate human factors data to further validate CP-TRAM's effectiveness in augmenting operator decision-making.