PowerPoint Presentation
Power GridCybersecurity Webinar
Jan. 29, 2016
1
Introduction & Real-Time ApplicationsThomas KirkSales
EngineerOPAL-RT TechnologiesKeynote SpeakerDavid ManzCybersecurity
Research ScientistPacific Northwest National Laboratory
Your Hosts
2
1
2
3
4
5Introduction
Real-Time Simulation, Applications, & SolutionsCyber
AttacksOPAL-RT UsersDavid ManzPNNL4
Question Period
6Presentation Outline
The electric power grid is evolving quickly with the
introduction of new intelligent technologies, which will improve
its efficiency and performance. However, these technologies have
the potential to make the grid more vulnerable to cyberattacks,
which has motivated a new set of standards (NERC CIP).1
OPAL-RT is dedicated to providing open power system real-time
digital simulators that meets the new requirements of power system
professionals as the industry focus on cybersecurity increases.
Introduction
1 R. J. Campbell, Cybersecurity Issues for the Bulk Power
System, Congressional Research Service, 2015
1
4
The art of ensuring the existence and continuity of the
information society of a nation, guaranteeing and protecting, in
Cyberspace, its information, assets and critical infrastructure. 23
Canongia, C., & Mandarino, R. 2014. Cybersecurity: The New
Challenge of the Information Society. InCrisis Management:
Concepts, Methodologies, Tools and Applications:60-80. Hershey, PA:
IGI Global.
DEFINITIONS:
The activity or process, ability or capability, or state whereby
information and communications systems and the information
contained therein are protected from and/or defended against
damage, unauthorized use or modification, or exploitation.12
Cybersecurity definition taken from National Initiative for
Cybersecurity Careers and Studies (NICCS)
Introduction
2
Introduction: Grid ModernizationModern power grids are
Cyber-Physical System (CPS) composed of electrical and information
infrastructure
The grid is becoming intelligent through:Wide deployment of new
technologiesSubstation, transmission and distribution
automationIncreased distributed Energy Resource (DER)
integrationAdvanced two-way communication networksDevelopment of
synchrophasor systems
But as newer technologies are adopted, the grid is becoming more
vulnerable to cybersecurity threats both: Malicious and
Accidental4
4 See NIST (http://www.nist.gov/el/smartgrid/cybersg.cfm)
Asset Management
Grid Control
Data Collection & Local Control
Communication
Sensors
Source: EPRI 2007
3
Smart grid cybersecurity must address not only deliberate
attacks, such as from disgruntled employees, industrial espionage,
and terrorists, but also inadvertent compromises of the information
infrastructure due to user errors, equipment failures, and natural
disasters.-NIST (http://www.nist.gov/el/smartgrid/cybersg.cfm)
6
Introduction: Threats and ScenariosDozens of industrial-level
cybersecurity incidents since 1999 (Source: Lloyds):2001: Cal-ISO
hacking incident (15 days)2007: Idaho National Laboratory Aurora
experiment2010: Iran nuclear Stuxnet incident 2012: German utility
DoS attack (5 days)
FERC analysis: The loss of 9 out of 55k+ US substations could
lead to an extended (1+ year) national blackout (Source: WSJ)
2014 NESCOR failure scenarios report includes failures due
to:Compromised equipment functionalityData integrity
attacksCommunication failuresHuman ErrorNatural Disasters
2014 NESCOR failure scenarios report 4
7
NERC CIP Standards focus largely on risk assessment and
identification of:Critical AssetsCritical Cyber Assets
SGIP Cyber Security Guidelines (NISTIR 7628) are also based on
risk assessment:
Simulation can be used to answer these questions and assess risk
What about real-time simulation?
Introduction: Risk Assessment
From Introduction to NISTIR 7628 Guidelines for Smart Grid Cyber
Security
5
Critical Asset: Facilities, systems, and equipment which if
destroyed, degraded, or otherwise rendered unavailable would affect
the reliability or operability of the Bulk Electric System.Critical
Cyber Asset: Cyber Assets essential to the reliable operation of
Critical Assets.
8
1
2
3
4
5Introduction
Real-Time Simulation, Applications, & SolutionsCyber
AttacksOPAL-RT UsersDavid ManzPNNL4
Question Period
6Presentation Outline6
Real-Time Simulation7
10
Real-Time Cybersecurity ApplicationsRisk assessment studies
including penetration testing, & cyber-critical asset and
vulnerability identification
Research & development, design and testing of:Situational
awareness, anomaly detection and cyber-attack mitigation
systemsNetwork/communication systemsControl and monitoring systems
(e.g. SCADA, DMS, EMS, WAMPAC)Synchrophasor systemsState
Estimators
Meeting standards specific and related to cybersecurity,
following smart grid guidelinese.g. NERC CIP, NIST SGIP-CSWG, IEEE
C37.118
8
POLL after this slideWhich of these cybersecurity applications
have you used or plan on using?11
To & From Virtual DevicesCommands, Status
Typical Real-Time Simulation Setup
GPS ClockPMU
Antenna
C37.118
Analog outTime syncRFTime sync
RelayIEC61850 SV, GOOSEVirtual Devices
Analog out
Digital Comm
Phasor Data Concentrator(PDC)Control Center: Control,
Applications and HMI
Controller
Modbus, DNP3, etc.Analog, Digital IOCommunication Network
Synchropasors
Power Amplifier
9
12
Detailed Large-Scale Power System software developed by
Hydro-Qubec
Automated testing with TestView (supports Python)
Based on MATLAB/Simulink & SimPowerSystems
Open API (Python, C++, Java)Automate studies, link to external
systemsPhasor-based real-time simulation software for very large
networksImport PSSE, CYME, DIgSILENT PowerFactory networks
Software Solutions ePHASORsim Real-Time Transient Stability
Simulator 10 ms time step HYPERsim Large Scale Power System
Simulation for Utilities & Manufacturers 25 s to 100 s time
step
1 s(1 Hz)10,0002,0001,00050010010010 ms(100 Hz)50 s(20 KHz)10
s(100 KHz)20,000Period (frequency) of transient phenomena
simulatedNumber of 3-Phase Buses eMEGAsim Power System & Power
Electronics Simulation 10 s to 100 s time step
C37.118 PDCModel Predictive Controller
EmulatedPMUsC37.118 Systems Under Test10
13
Protocol support for smart grid applications:IEC61850-8-1
GOOSEIEC61850-9-2 Sampled ValuesC37.118MODBUSDNP3IRIG-B and 1 PPS
Sync
Permits for some attacks/faults to be emulated directly within a
model
Communication Protocols
IEC 60870-5-104OPC UA ServerTCP/IPUDPRS-232, RS-422, RS-485IEEE
1588
Signals from model11
14
Communication becoming critical component of grid along with new
considerations (NISTIR 7628):CybersecurityPerformance: Latency,
Bandwith, Processing SpeedAdded cost
Network simulators have been used towards real-time
co-simulation of power and communication systems
Network SimulatorsCommercialFree-for-useNetSimQualnetRiverbed
Modeler (formerly OPNET)NS2, NS3OMNeT++Kali LinuxJ-Sim
Network Simulation Tools with Real-Time Capabilities
Source: NISTIR 110012
12
3
4
5Introduction
Cyber AttacksOPAL-RT UsersDavid ManzPNNL4
Question Period
6Presentation Outline
2
Real-Time Simulation, Applications, & Solutions13
Denial-of-Service (DoS) Attacks can render a service unavailable
either through a direct or indirect attackIEC61850 Goose identified
as susceptible due to status numbers (Skopik & Smith 2015)Also
refers to physical attacks on communication infrastructureCutting
wiresWireless jamming
Cyberattacks: DoS
Reference: Skopik F., Smith P.: Smart Grid Security - Innovative
Solutions for a Modernized Grid, Elsevier Science Publishing, 2015,
ISBN: 978-0-12-802122-4.
14
17
Man-in-the-middle (MitM) attacks impersonate two communication
nodes by making them believe that they are talking together (Skopik
& Smith 2015):Packet injection/spoofing (IEC61850 Goose, DNP3,
MODBUS),Packet suppression,Recording, replaying and modification of
recorded packets
Cyberattacks : Man-in-the-Middle
Reference: Skopik F., Smith P.: Smart Grid Security - Innovative
Solutions for a Modernized Grid, Elsevier Science Publishing, 2015,
ISBN: 978-0-12-802122-4.
15
18
GNSS spoofing/meaconing is a threat to PMUs and synchrophasor
systems, heavily reliant on time synchronizationFor 60 Hz networks,
IEEE C37.118-2014 Standard allows max 26.53 s pure timing error
Cyberattacks : GNSS Spoofing/Meaconing
Source:
http://rnl.ae.utexas.edu/images/stories/files/papers/spoofSMUCIP2012.pdf
Spoof lockedC37.118StandardBrokenSpoofer removed
D. P. Shepard, T. E. Humphreys, and A. A. Fansler, Evaluation of
the vulnerability of phasor measurement units to GPS spoofing
attacks, International Journal of Critical Infrastructure
Protection, vol. 5, no. 34, pp. 146153, 2012.
GNSS Simulator
16
19
123
4
5Introduction
OPAL-RT UsersDavid ManzPNNL4
Question Period
6Presentation Outline
2
Real-Time Simulation, Applications, & Solutions
3
Cyber Attacks
KTH
Almas, M.S.; Baudette, M.; Vanfretti, L; Lovlund, S;
Synchrophasor network, laboratory and software applications
developed in the STRONg2rid project, 2014 PES General Meeting &
Conference & Exposition, Wahsinton, USA, 27-31 July 2014
Comprehensive WAMPAC Test Bench
17
21
Virginia Tech University
D. Bian, M. Kuzlu, M. Pipattanasomporn, S. Rahman, Y. Wu,
Real-time co-simulation platform using OPAL-RT and OPNET for
analyzing smart grid Performance, Power & Energy Society
General Meeting, 2015 IEEE, 1-5
Smart grid communication system performance testing OPNET uses
to simulate smart grid traffic
18
22
Ohio State University
F. Guo, L. Herrara, R. Murawski, E. Inoa, C. Wang, P. Beauchamp,
E. Ekici, J. Wang. Comprehensive Real-Time Simulation of the Smart
Grid, IEEE Transactions on Industry Applicatio, Vol. 49, No. 2,
2013
Microgrid power and communication systems co-simulation Results
show that communications have a significant effect on system
dynamics
19
23
University of South Florida
Smart Grid Power Systems Lab (SPS) uses OPAL-RT to model power
grid and PMUs in SCADA Testbed for research
validation:Cybersecurity,Communication,Grid visualization,Power
system control and optimization
Simulator connects to OSIsoft PI Server IEEE-C37.118 to PI
Server to send data and receive commands
H.G. Aghamolki, Z. Miao, L. Fan. A Hardware-in-the-Loop SCADA
Testbed, North American Power Symposium (NAPS), 2015
20
24
123Introduction
6Presentation Outline
2
Real-Time Simulation, Applications, & Solutions
3
Cyber Attacks
4
OPAL-RT Users
5
David ManzPNNL
Question Period
23Cyber-Physical Security Research, Experimentation and
ApplicationsDavid Manz, PhDPacific Northwest National Laboratory
Richland, WA
26
24powerNETWhat is it?Multi-user power system testbedSandbox
environmentExperiment basedAccess controls by
project/userAuto-configurationBuilt upon cloud technologyRemote
accessScalableEmulation and simulationUser
friendlyConfiguration/monitoring portalCommon library of
scenarios
25What is it?Modular and extendableSupport for multiple cyber
physical industriesFederation with internal and external testbeds
and resourcesCurrent capacity2-3 projects at onceVisionNational
user facility
26FacilitiesCloud technology based orchestration with web based
user portalNetwork EmulationEmulate LAN/WAN communication
characteristics. Examples:Dedicated LineDial-upWirelessSCADA
environmentsReal equipment to model ~2 substationsSoftware
simulation of dozens of SCADA equipmentSupport for legacy
communications
2/1/201629
27Facilities Cont.Physical Process Emulation
OPAL-RTHardware-in-the-loop modelingLarge scale
simulationSynchrophasors9 PMU from variety of vendors1 PMU
Development Platform1 Hardware PDC (Many software PDC possible) Up
to ~1000 general purpose virtual nodes possibleXenServer
hypervisorEnergy Management System
2/1/201630
28Testbed UsesValidation and verificationTechnology assessment
and prototypingSimulation and modelingTraining and
educationDemonstration (with PNNL EIOC)
Annual Review 201229Research TopicsCyber securityCyber-physical
systemCyber impact/interaction on physical processesDistributed
applicationsSmart GridInteroperability testingApplication
prototyping
30powerNET Usage ExamplesGridlab-D Analysis ProjectFPGI: A
Distributed Systems Architecture for the Power Grid CEDS Digital
Ants IEC 61850/62351 Interoperability TestingSCADA network
determinismCyber-Physical TrainingDHS Cyber-Physical Federation
Demonstration
31powerNET Testbed BenefitsMulti-user shared facility and
equipmentTime and resource efficientDynamically configurableRemote
accessTest wide scale federation of testbeds and understand
associated management and security concernsUser
benefits:Researchers: Efficiency, Realistic SandboxIndustry:
Conformance and Interoperability testingAcademia: Hands-on
Education
32cyberNETPeer CapabilityModel and emulation enterprise
environmentsEnterprise servicesUser modeling and simulationFederate
resources for bigger experimentsIT and OT joint experiments
33powerNET Video
34Question Period
Thomas [email protected]
David [email protected]
37
Our new Cybersecurity webpage is now
online:http://www.opal-rt.com/cybersecurity
For a one-on-one demo or any additional questions you might
have:http://www.opal-rt.com/contact-opal-rt
Visit our event page to view where to meet OPAL-RT
Technologies:http://opal-rt.com/events
The content of this webinar will be available shortly on:
http://opal-rt.com/events/past-webinars
Quick Survey as you leave!35Thank you!
Join the Conversation! "Real-Time Simulation with OPAL-RT
38
