Electric power grid cyber attack

Electric power grid and cyber physical systems

The electric power grid (EPG) or smart grid is a critical infrastructure at high risk of cyber-attacks, such as False Data Injection attacks, Denial-of-Service (DoS) attacks on a critical asset, Malicious Intrusions etc. To secure the smart grid, we must integrate cyber security The electric power grid (EPG) or smart grid is critical infrastructure at high risk of cyber-attacks. The backbone of the electric grid are Cyber-physical systems (CPS) – that employ communication and computational resources for operation and interaction with the physical environment. Typical CPS components such as automated control systems, remote terminal units, programmable logic controllers (PLCs), intelligent electronic devices (IEDs), etc., are all connected to one another over a communication network. power system security through cyber-physical security (CPS).

Cyber physical test bed

The security of such CPSs can be improved by using a testbed to replicate and understand power systems operating conditions, discover vulnerabilities, develop security countermeasures, and evaluate grid operation under fault-induced or maliciously constructed scenarios.

Testbeds can be hardware based or software based. The drawbacks of hardware-based testbeds are:

They are expensive.
Once set up, expansion or modification is time consuming and costly. Scaling up is nearly impossible.
Safety needs to be factored in

To overcome these issues, high fidelity simulation tools are combined to form software-based CPS test beds. Such testbeds provide flexibility in designing, modifying, and scaling the systems under test. They can also serve as digital twins.

The simplest of such a simulation tools-based testbed comprises of a power system simulator and a network simulator. The former models all the power electronics devices, power transmission and distribution while the later models the communications network. Typical power system simulators such as MATLAB/Simulink or RTDS can be interfaced with NetSim to run in real-time.

PMU and Synchrophasor

The phasor measurement unit (PMU) is a device that measures the electrical characteristics of the grid and then communicates them back to a phasor data concentrator (PDC) and ultimately to T-SCADA systems or the Control Centre.

A phasor measurement unit (PMU) is a device used to estimate the magnitude and phase angle of an electrical quantities - such as voltage or current in the electricity grid - using a common time source for synchronization. Time synchronization is usually provided by GPS or IEEE 1588 Precision Time Protocol, which allows synchronized real-time measurements of multiple remote points on the grid. The resulting measurement is known as a synchrophasor; and the measuring device is the PMU. A synchronized PMU can accurately measure the quality of the grid - voltage and/or current - at any given time across all measurement points.

What is the use of NetSim?

The PMU, PDC and Control Centre communication over a network. Similarly, synchro-phasor measurements data is exchanged over the network. NetSim provides the “virtual” network over which these components can communicate with one another. In NetSim, users can model wired, wired or cellular networks running the TCP/IP stack. Once the network is modelled, users can:

Incorporate communication latency and jitter by modifying bandwidths, propagation delays or creating congestion.
Introduce packet errors and packet losses.
Launch network attacks.

Typical attacks that can be simulated include

Time delay attack
Distributed denial of service (DDOS) attack
False Data Injection attack

NetSim can also be used to simulate counter measures against these attacks. One approach would be to use Machine Learning (ML). For example: Deep Neural Networks (DNNs) – that can detect and mitigate such attacks - developed using Python Keras or Tensor Flow can seamlessly be integrated with NetSim.

30-day evaluation and lab set-up

Please contact us for a free 30-day evaluation of NetSim. NetSim is an IP based, data plane, flow-through network emulator which means NetSim emulates the network for the data flowing between the client(s) and server(s). A typical lab setup would be as follows

A physical server with multiple VMs (or Multiple PCs) running the power system simulator (and/or other applications)
A dedicated physical system or VM running NetSim Emulator (Win 10 / Win 11 OS)
Network connectivity between the server / PCs and the NetSim system, preferably through a L2 switch.
Set the gateway in the server / PCs to the NetSim Emulator system
Create a 'virtual network' in NetSim. Map real devices to virtual devices (done inside NetSim)
Run the power system simulator (and/or other applications)

Traffic will now 'flow through' NetSim and encounter network impairments - such as delay, loss, error, attacks, etc. - depending on the settings in the virtual network created. The network parameters can be modified for each run and various 'what-if' scenarios analyzed.

NetSim provides an interface with Wireshark at all the 'virtual nodes' within the 'virtual network'; packets can be captured and analyzed within the network. As the packet flows through this virtual network various kinds of attacks can be launched. These include packet drops, modification of packet headers, modification of packet payload, creation and injection of malicious packets and so on.

Useful Links

Examples

False Data Injection Attack