Cyber Security of the Smart Grid

Transcription

1 Cyber Security of the Smart Grid Design Document May /4/11 Group Members John Majzner Daniel Kosac Kyle Slinger Jeremy Deberg Team Advisor Manimaran Govindarasu Graduate Students Adam Hahnad Siddharth Sridhar Aditya Ashok

2 Project Overview Problem Statement: As the world becomes more interconnected and communication is more necessary, a dire problem arises when a third party tries to disrupt this communication. There is a great deal of communication taken place between power companies and the power grid. Power companies use a SCADA system (Supervisory Control And Data Acquisition) to monitor and manage their infrastructure program. This SCADA system has become more prone to attacks in the last decade due to the advancement of technology. The project we were given consists of building a realistic SCADA system, emulating real world attacks on the system, and observing the results due to these attacks. Past Accomplishments: This project has been in progress for many previous semesters with different groups taking steps towards reaching the main goal. These groups that have come before have gotten the system up to a 9 bus system. This however, only includes 2 actual RTUs, and have the other 7 emulated through a virtual machine. There have been multiple security exercises run on the system that stress the basic functionality of the embedded security. By this it implies that the security located on the VPN and built in security to the different PC s is up to par. It also implies that the networking and routes are all setup correctly. Objectives: The first objective that we face is familiarizing ourselves with the system. This was a lot more complicated than anticipated. The conceptual outline of the system is very straightforward; however you must also take into account the embedded software, and the software that is used with the Siemens devices. The group needs to learn each piece of this software and how it communicates with each other. This also needs to be taken to a deeper level if the option of exploiting a software bug is to be used. The amount of options each piece of software has is more than what the project calls for, but in view of keeping the outcome as realistic as possible, the experiment must utilize the software that will be used in the field even if most of the options will never be used. The second objective will be to scale up the SCADA system. The projected size the experiment is to reach is a 30 bus system. However, already in the project this may be a stretch due to the equipment that is available to the group. The group would need to virtualize most of the buses that would be added and the computer hardware isn t there. A more precise objective would be to scale the system at a realistic ratio of buses and implement them successfully before trying to add anymore. The third objective will be to assault the SCADA system with different security exploits. This is an objective that will be extremely vague until the end of the experiment. As the attacks progress the group will adjust the different parameters to account for things they think are a weak spot in the SCADA system. However, different ideas of things to try are already in

3 progress. One such idea is to exploit the common electric company s worker s password. It has been documented that the pattern of passwords used by this class of worker are usually very insecure. Another approach that is being considered is the deep analysis of the packets that are used in the communication between the different system pieces. The group will look to see if there are patterns that exist when different activities are triggered, such as turning off a breaker. This packet will then be emulated and passed back at the system to try to exploit security weaknesses.

4 System Overview Overall: The system is a simulation of data being transmitted over hundreds of miles and seeing how power flow of a power grid will be affected as disruptions occur. Simulation of data and distance is ISEAGE. The power flow is monitored and simulated by the Power Factory and the substations. The Control Center is to make the system more realistic to an actual power system. The Attack box is how we will disrupt the system. ISEAGE: The Internet-Scale Event and Attack Generation Environment or ISEAGE is a network simulation for the real world. This system can emulate large scale events and attacks. ISEAGE is what hooks all of our systems together to simulate them being apart by miles while allowing each terminal to sit next to each other. Control Center: The Control Center uses the software from Siemens. This software is used in actual power grid control centers to monitor the status of the lines. From this terminal we can see if breakers are open or closed and be able to trip them. Power Factory: Power factory is the program that is used for creating the power grid simulation and collecting data. The power factory has the program that collects all the data received from OPC server and can be able to see if the system will not be stable. The dynamic power anayisis from Power Factory will also show how each generator and each load will receive power if something in the system changes. OPC: The OPC is the program that connects the Power Factory to the substations on the network. The OPC run in ISEAGE to allow communication of data from Power Factory to the substation. Then from the substation it can send and receive information from the control center. Relay Substations: The Relays are connected to a substation to allow the simulation to use real physical data to make the system more realistic. These Relays cost more money then the virtuals and take up more space, this is why we only have 2. The final goal is for every substation to have a relay to create a highly realistic system.

5 The Relay s Virtual Substations We can create substations without relays by making them virtual. These virtual substations run on a virtual machine making them very low cost and not take up much space. The conversion from virtual to relay should be a simple setup process and not require digital coding to work. We use the virtual stations so when we get the relays the setup will be fast and have the system fully operational to test. Attack Box: The mu attack box is a system that can generate common types of digital attacks. DDoS attacks and corrupted information is our primary focus. Activating this device while it is hooked up to a power grid will crash the system. Our ultimate goal is to have the box trying to crash the system and the grid working as if nothing was wrong.

6 System Concept

7 Design One of the primary goals of this project is to increase the complexity of the current power system simulation. The current system contains 9 buses, along with 3 generators, 3 simulated loads, 2 real substations, and 2 real loads. Our goal is to increase the number of buses to 30, along with many new generators and loads. The simulation software used is called Power Factory, and this software ties into the control center and the virtual machines using a server called OPC. Building a New Bus: There are several things that must be done in order to create a new bus. First, the bus along with any generators, loads, transformers, and transmission lines must be created in Power Factory. This allows all aspects of the system to be simulated in a wide variety of conditions. After the bus is created in Power Factory, a virtual machine must be created to facilitate the communication with the control center. The virtual machine is used to simulate the real-world communication environment with many nodes, data delay, and possible security holes. After the virtual machine is created, all of the breakers need to be mapped in the control center. This allows the breakers to be controlled remotely. Finally, the OPC server must be setup to allow communication between Power Factory, the virtual machines, and the control center. Steps to Adding a Bus Power Factory: Power Factory is a software environment that allows all forms of power system to be built, tested, and simulated. Many types of faults can be tested, and contingency analysis can be carried out to ensure a stable and healthy system. Power factory is also designed to be able to communicate with several other programs for a simulation closer to that of reality. Bus: A bus in the simulation in Power Factory corresponds to a real world substation. There are several breakers connected to each bus, and each breaker is connected to either a generator, load, transformer, or transmission line. The data associated with a bus includes voltage, current, and power flow. A bus is created by selecting either a single bar bus or a double bar bus. Most times, a single bar bus is used for the distribution system and double bar buses are used for a transmission system. The current simulation consists of a distribution system, so single bar buses will be created. After a bus is added, the desired machines, loads, transmission lines, and transformers must be connected. Generator: Generators are an essential component of any power system. A generator can be any

8 number of machines, solar systems, or storage systems such as batteries. In our system only synchronous machines are used as generators, so these will be added to some of the additional buses. After a generator is added a plant model must be created which contains all kinds of information about how the machine operates under a variety of conditions. This model contains a file with all of this information and must be updated with each additional generator. Lines: Transmission lines are used to transport power from the generator locations to the load locations. Each bus is connected to other bus(es) through transmission lines. These lines must be included in the model because they contain resistance, inductance, and capacitance. These values vary depending on which type of cable is used, and the physical distance between buses. Transmission lines of varying lengths will be used in our model because in a real world system, substations are spaced out at different distances. Load: Loads correspond to anything connected to a bus which consumes electrical energy. In the current system there are 2 real loads and several simulated loads. We will be adding additional simulated loads. These loads contain information about real and reactive power consumed, and many times are connected to a bus through a transmission line. Transformers: Transformers are devices that are used to change the voltage level between two buses. This is necessary because generators produce power at relatively low voltage, but a higher voltage is desired for transmission. Higher voltage transmission results in lower line losses. Any time there is a voltage difference between two buses, a transformer must be used to make the connection. OPC: The server that is used to communicate between the virtual machines, Power Factory, and the control center is called OPC. There are two components that must be added: server entries for the additional breakers and explorer entries for the same information. The OPC explorer contains information about the status of the breakers and the commands that have been sent from the control center. Virtual Machine: Virtual machines are created for each bus, and are an intermediate between the control center and the Power Factory simulated bus. The virtual machines define how the information is exchanged and contain address information for the OPC server. Control Center: The control center is used as an interface between the power system and the humans that are keeping it running correctly. Information about the status of the system is available at the control center, and alarms will go off if any problems are detected in the system. Breakers can also be controlled from the control center for fault clearance and other uses. Information for each new bus must be added to the control center for the system to remain functional.

9

10 Testing System

11 Documenting Results