During GNSS attacks on a time server in an electrical substation, the time service is affected and, accordingly, time-critical protection functions can misoperate. In our threat model, these trips are maliciously triggered via time synchronization attacks (using the so-called two-clock GNSS attack). These data show how IEC 61850 Sampled Values, IEEE 1588 Precision Time Protocol, and GOOSE traffic behave under these attacks, with GOOSE messages proving the misoperation of the differential protection IED.
This is the complementary dataset for the paper: "Malicious GNSS Spoofing Causing False Trips in IEC 61850 Multivendor Substations" by Fruböse et al. (2026).
This work was funded by the Topic Engineering Secure Systems of the Helmholtz Association (HGF) (POF IV, LK 01, 46.23.02) and supported by KASTEL Security Research Labs, Karlsruhe.
Payload which discloses vendor information is replaced.