October 17, 2019
OPAL-RT’s HYPERSIM & SCALABLE’s EXata CPS: Real-Time Cyber-Physical Simulation of the Electric Power Grid for Cybersecurity Studies
The Status Quo
21st century power grids face a number of make-or-break challenges on the Infrastructure/Security/Wide-Area Monitoring, Protection and Control fronts, notably mixed and hybrid old/new analog/digital equipment; newer energy sources like wind and solar integrated into older networks; as well as faster-switching converters and newer digital equipment that make the grid ‘smarter’, more sustainable, future-proofed and flexible—but that also leave it open to all the vulnerabilities associated with networked resources and communications.
Smart Grids & Their Inherent Complexities…
Modern power grids have become Cyber-Physical Systems (CPS) composed of electrical and communication infrastructure. As opposed to the analog networks of, say, 100 years ago that were made of cables and switches and hardware, today’s grids are studded with communications, administration and protection equipment that has been being ushered in for its precision and superior oversight functions since the dawn of the digital age.
Today’s grid is becoming more ‘intelligent’ through the:
- Wide deployment of new technologies
- Substation, transmission and distribution automation
- Increased Distributed Energy Resources (DER) integration
- Advanced two-way communication networks, and the
- Development of synchro phasor systems
However, as an unavoidable consequence of the above, as newer technologies are adopted, the grid is becoming more vulnerable to cybersecurity threats of all kinds as well as communication equipment failures. Mixed technologies are harder to test; hybrid networks offer unique challenges as diagnostics for one simply aren’t adequate solutions for the other.
…& the Real-World Outcomes
We have seen that connecting Supervisory Controls and Data Acquisition (SCADA) systems and Operational Technology (OT) devices via the internet has significantly improved accessibility, automation, and efficiency of vast networks, but it also introduces vulnerabilities.
Without hyperbole, we can say that this makes every communication line a potential attack surface. Because of this, cyber threats against public utilities and other critical infrastructure are just as ubiquitous as attacks on government and corporate computing infrastructures.
These attacks may cause loss, and/or denial of access or manipulation of system views and control. Cyber-attacks against SCADA systems, such as power generation and distribution systems, water treatment plants, and transportation facilities, can cause widespread disruption of commerce and daily life.
Besides cyber-attacks, a larger amount of communications equipment also means more potential for human error, operator carelessness or negligence, and equipment failures that can also lead to serious consequences.
“There is a pressing need for operators of SCADA systems, microgrids, substations and other infrastructures to determine how resilient their operational systems are to cyberattacks and to develop plans to mitigate the associated risks.”
This is why 2018’s partnership between OPAL-RT and SCALABLE was so exciting and groundbreaking for both parties:
OPAL-RT TECHNOLOGIES are experts in real-time simulation of power systems and power electronics:
- We’re focused on improving the security and reliability of systems used to control, protect and monitor the grid.
SCALABLE Network Technologies are experts in real-time simulations of communication network infrastructures:
- Their EXata network emulation platform, with its cyber library of simulated attacks and vulnerabilities, is used to analyze and test the resilience of critical communication networks effectively.
- Tools like EXata CPS allow customers to visualize their specific environments in a manageable laboratory setting and quickly evaluate a range of ‘what if’ scenarios to determine the impact on their systems if subjected to cyber-attack.
The Much-Awaited HYPERSIM 2019.2, Featuring EXata CPS
The companies’ collaboration has borne fruit in HYPERSIM 2019.2:
“EXata CPS is integrated in HYPERSIM 2019.2 on the same hardware to offer a complete real-time cyberphysical solution for the development, testing, and assessment of electrical grids with communication networks,” said Etienne Leduc, Product Owner of HYPERSIM. “HYPERSIM, which simulates the physical system, is the only real-time digital simulator with the power to simulate electromagnetic transients of large-scale power systems, tackling operational and reliability issues threatening a power system’s cybersecurity. This integration of EXata CPS and HYPERSIM provides a means to test the resilience of power systems to cyber-attacks and improve their cyber defenses, thereby helping to ensure cybersecurity, reliability, and efficiency of such systems.”
The figure below shows the integration between the OPAL-RT simulator, at left, communicating with both EXata CPS and the devices under test (controllers or ECUs or other networked IT/Security devices) with monitoring, storing and interaction abilities, represented to the right.
Types of Attack Supported
The hybrid best-in-class duo of HYPERSIM and EXata CPS can model any number of types of attacks.
The most significant attacks which can impact power systems are:
- Denial of Service (DOS): These attacks can bring down or make unavailable a critical piece of equipment
- Packet Modification Attacks: These attacks make changes to the payload of packets and can result in:
- Bogus input, such as modified sensor data, which can lead to erroneous decisions by the controllers
- Bogus output, such as manipulated or misleading data sent, which can lead to unintended or incorrect actions
Communications Protocols Supported
Both companies’ support of Communication Protocols is extensive, as is evidently required in a context entirely dependent on I/O, digital communications and both IT and security infrastructure:
EXata CPS communicates with HYPERSIM through the following protocols:
- Generic Object-Oriented Substation Events (GOOSE), a subset of IEC 61850
- 118 (over TCP/IP), used by synchrophasors
- DNP3 (over TCP/IP)
- Modbus (over TCP/IP)
- IEC 60870-5-104 (over TCP/IP)
Two Sample Attacks: Scenarios
The following graphic depicts the SCADA dashboard where two possible scenarios are modeled and simulated using the hybrid HYPERSIM/EXata CPS toolbox:
In Scenario 1, we simulate a message delay attack once the grid is islanded:
- As there’s not enough generational power for all the loads in this microgrid, the residential load L1 needs to be shed upon islanding the grid
- By delaying the GOOSE message aimed at the breaker by 3 seconds, the frequency and voltage become unstable, which can lead to equipment damage or backup protections kicking in
In Scenario 2, while islanded, we simulate a packet value multiplication attack:
- By intercepting the power measurement of the L2 industrial load going to the microgrid controller and multiplying its value by 2, the controller thinks that it needs to react as there’s not enough generational power for all the loads
- In consequence, the residential load L3 needs to be shed by the microgrid controller, cutting power for families and small businesses
Highlights of this Article