GOOSEAttacker: Synthetic Attack Generation Tool for IEC61850

The digitization of critical infrastructures introduces both advantages and vulnerabilities, particularly within Digital Electric Substations (DES) operating under the IEC 61850 communications standard. Although there exist measures such as the cybersecurity IEC 62351 standard, significant security risks are still present, partially due to a lack of cybersecurity knowledge among operators. This work focuses on the Generic Object-Oriented Substation Event (GOOSE) protocol that provides a critical role in the delivery of event-related information within DES and its associated vulnerabilities. In this paper we introduce GOOSEAttacker, a tool that emulates potential attacks within a DES environment targeting the GOOSE protocols. The tool marks malicious traffic, stores packet captures and can be customized for specific attacks and scenarios. We assess GOOSEAttacker in a testbed built with real DES equipment, confirming that the generated attacks compromise the operation of the deployed infrastructure.