The cyber security of the IEC 61850-based smart substations has become an inevitable issue since they rely heavily on information and communication technologies. This paper analyzed the current security situation of smart substation from two aspects:cyber security vulnerability of smart substation and limitation of traditional cyber security evaluation methods. It proposed a security analysis and estimation method for information system and automation system, which estimated the security levels of any devices or equipment in substation separately by detecting known or unknown vulnerabilities. The method managed to assess the daily management by using static assessment tool. Through the practical test in the experimental environment for smart substation, several system vulnerabilities were detected towards information system and automation system, where the effectiveness of the cyber security analysis and estimation method for smart substation was verified. By applying this method, vulnerabilities of substation information system and automation system can be controlled, and the overall security of smart substation thereby can be enhanced.