!! "# $%!& '(!)**+* $!$ +) * ', -./01.//1233/ "4, -./01.//12223 *, 565 1
Content CRUTIAL testbeds - objectives The Telecontrol Testbed platform Critical scenarios - plotted demo Experimental results The future - research/industry/policy 2
Objectives identify critical aspects of ICT-power dependencies assess the control infrastructure vulnerability to plausible cyber attacks, as well as the severity of potential damages to the power infrastructure support cyber risk assessment and model based evaluation of power control systems with statistics from experiments 3
Platforms CESI RICERCA Macrogrid teleoperation testbed: power substation controllers on real-time control networks, interconnected to control centre operation networks in turn connected to corporate networks K.U.Leuven Microgrid control testbed: power electronic converters controlled from PCs interconnected over an open communication network Perform repeatable and controlled security experiments on simulation platforms of industrial infrastructures 4
Macrogrid Teleoperation Testbed
Communication protocols 6
HMI 7
8
RCC, normal status 9
Security Analysis Tool 10
Risk Management, /! " "! "! Experimental plan. # " $%& # " $%& ' $%& Experiment setting - " $%$(& )!! Experiment running " * Data collection. + ' Data publication /, 0 Experiment development cycle 11
Experimental plan Denial of the supervision functions Preclusion of the operator s intervention Extra-ordinary maintenance Pre-emergency defence Failure of automatic defence actions in emergency conditions 12
Experiment setting Parameter Type Technique Tool Target Number of attackers Number of attack Gateway architecture WAN emulation Communication protocol Setting DoS, intrusion, infection, malware packet replying, packet flooding UDP flooding, syn flooding, TCP replay, ping <IP address port number> <n> <n> IP forward, firewall, VPN, redundant channels Hub Ethernet network 10Mbps, switched Ethernet 10/100 Mbps TCP/IP, IEC 69870-5-104 13
Plotted demo Scenario cyber attacks to Automatic Load Shedding Assess the security of the TSO-DSO communications for the actuation of the defence plan Evaluate the impact of attacks in emergency conditions DoS attacks to the teleoperation communications, generated by enemies located on the third party Telecom IP backbone 14
Experiment setting Parameter Type Technique Tool Target Number of attackers Number of attack Gateway architecture WAN emulation Communication protocol Setting DoS packet flooding UDP flooding Substation gateway 2 1 VPN switched Ethernet 10/100 Mbps IEC 69870-5-104 15
Automatic Load Shedding DSO CC TSO CC TSO Substation/ Sentinel DSO Substation 16
Normal Operation 2. Signals and Measurements DSO CC TSO CC 1. Signals and Measurements 1. Signals and Measurements TSO Substation/ Sentinel 1. Test DSO Substation 17
Pre-emergency TSO CC Pre-emergency condition triggers evaluation of load shedding strategy 5. Signals and Measurements 2. ArmSub 1-n DSO CC 1. Signals and Measurements TSO Substation/ Sentinel 1. Test Armed 3.Arming Sub x++ 4. Signals and DSO Substation Measurements 18
Emergency TSO CC 4. Signals and Measurements DSO CC 1. Signals and Measurements Emergency condition triggers load shedding TSO Substation/ Sentinel 2. Load Shedding Detached 3. Signals and DSO Substation Measurements 19
Attack during pre-emergency 5. Signals and Measurements TSO CC Pre-emergency condition triggers evaluation of load shedding strategy 3. ArmSub 1 DSO CC 2. Signals and Measurements TSO Substation/ Sentinel 1. Attack to Sub 1 Not Armed 4.Arming Sub 1 DSO Substation 20
Attack during pre-emergency TSO CC Pre-emergency condition triggers evaluation of load shedding strategy 3. ArmSub 1-n DSO CC 1. Signals and Measurements 2. Attack to Centre TSO Substation/ Sentinel Not Armed DSO Substation 22
Attack during emergency 5. Signals and Measurements 2. ArmSub 1-n DSO CC TSO CC Pre-emergency condition triggers evaluation of load shedding strategy 1. Signals and Measurements 7. Signals and Measurements 5. Attack to Sub x-y 3.Arming Sub x 4. Signals and Measurements Emergency condition triggers load shedding TSO Substation/ Sentinel 6. Test Not Armed 8. Load Shedding Not detached DSO Substation 23
Experimental measures IMT Inter Message Time IRT Inter Reconnection Time TTF Time To Failure 25
Experimental measures NLM Number of Lost Messages TNLM Total Number of Lost Messages NR Number of reconnections 26
Achievements Highlighted power-ict dependencies on critical scenarios - a corrective control action the defence plan involving TSO and DSO infrastructures Assessed the effects of DoS cyber attacks to control infrastrucures, as well as the severity of potential damages IEC 60870-5-104 communications (ref. Part 7 of IEC 62351) Elaborated measures from experimental statistics 27
Testbed evolution Additional experiments - new attacks, protocols, architectural patterns, enhanced counter-measures Exploit testbed measures to feed a modeling framework for quantitative evaluations of the effects of cyber attacks on the ICT and power infrastructures Integrate Power System Simulators into the testbed Develop other CRUTIAL scenarios involving bulk power generation infrastructures Integrate Macrogrid Teleoperation and Microgrid Control -> towards SmartGrids Push-up updates of power systems regulations and grid codes in the power sector 28
Applied research New applications in system operation and control for detection and mitigation of system conditions Systematic test over the defence plan life cycle of the to accommodate continued system and scheme expansions when necessary Implementation of advanced wide-area defence systems i) improvement of the existing decentralised subsystems to utilize advanced algorithms making local decisions based on local measurements and/or selected remote information ii) fully developed information interchange and communication infrastructures to link all the monitoring, control and protection devices together Self healing grid technology The key to a successful solution is rapid detection fast and powerful control devices efficient and reliable communication systems smart algorithms 29
Basic research )* 7 * 8* ** * 79 )* )* 7 7 : : 7 * 7 8 8* 7 * * 7' 7" 7 7 7* 30
31 Power risk assessment ( ) 1 ) ( F K F K F K T F T F T V F V F V C F R Ι = ω π ω π ω π ( ) 2 ), ( ) Pr( ) Pr( ) (,,,, = i j f t i f t j t i f t P X E Sev X X E X R The perspective is to develop a unified framework correlating Risk Indexes at the different layers
Applied research Security assessment - gap reduction between short term operation planning (off-line analysis) and real time operation (on-line analysis) Benchmark resiliency of power control systems Joined training to TSOs, DSOs, GENCOs, others 32
What is needed Power system security/adequacy needs flexible/multioperated defence plans Defence plan operation triggered by comprehensive risk assessment The architecture of multiple defence lines including multilayer ICT protection mechanisms/controls 33
Where we are Power system security/adequacy needs flexible/multioperated defence plans Defence plan operation triggered by comprehensive risk assessment The architecture of multiple defence lines including multilayer ICT protection mechanisms/controls 34