Menu Close

Testing Cyber Scenario attacks in a laboratory facility – part I

Introduction of Information Technology (IT) devices to support monitoring, control and operation of the power system network provides flexibility and deploys closed supervision or control of critical components. However, this integration of information technology devices carries some risk related with the cyber-security, in particular hacking. We want to ensure the systems are resilient to such attacks.  


Investigating attack scenarios in a controlled – but highly realistic laboratory environment – is essential as it is not always feasible to deploy real life cyber-attack scenarios in running electric power energy system (EPES) infrastructure for safety reasons. For the purposes of this use case, two Norwegian laboratories have combined resources, the Norwegian National Smart Grid Laboratory (NSGL) and the Norwegian Cyber Range (NCR). NSGL is operated jointly by the non-profit Energy Research institute SINTEF Energy Research and the University of Science and Technology, NTNU and is located in Trondheim. The NCR is operated by NTNU at Campus Gjøvik, some 400 km south of Trondheim.

The NSGL is a system-oriented laboratory providing state-of-the-art infrastructure for R&D, demonstration, verification, and testing over a wide range of Smart grid use cases. The lab offers capabilities for real time simulation of power system control (Transmission or Distribution level) and hardware in the loop (HIL) testing, including components and communication protocols present in the last generations of digital substations (eg merging units, phasor measurement units, remote terminal units with protocols/standards C37.118, IEC61850, IEC104, and DNP3). An overview picture of the laboratory can be seen in Figure 1.


Figure 1: The Norwegian National SmartGrid Laboratory is located in Trondheim, Norway and enables tests of Cyber Physical scenario with intelligent electronic devices and distribution network emulation.

The NCR is the principal Norwegian arena for education, research, training, and exercises, testing and simulation of cyber-security incidents in a realistic but safe environment. NCR can model IT and Operational Technology based (OT) cyber-infrastructure including simulated digital installations, smart devices, computers and communication protocols, privacy, and authentication systems, being able to simulate parts of the Internet, Information and Communications technology based operations and digital services. The lab has also the ability to simulate effects of cyber-incidents on the digital supply chains, including eventual cascading effects and consequences for different parts of the society.

The use case performed by these labs provides insights on how the SDNµSENSE project platform confronts a variety of attack methodologies in the EPES infrastructure. This pilot is critical since it paves the way for the real-world demonstrations.

We follow three main methodologies, namely:

  1. Attack vectors via business/HMI
  2. Attack vectors for Substation local networks
  3. Process control attack vectors

With the first method we focus on analysing the communication patterns arising during attacks and obtaining indicators of compromise from network traffic analysis. The second family of attack scenarios investigates attacks occurring at the station bus network where traditionally little or no network monitoring takes place. The third method differs from others in that process bus networks should only ever be reachable from station bus networks through interaction among RTUs, PLCs and ultimately IEDs.

The laboratory setup simulates an SDN based network topology hosting a number of systems replicating enterprise functionality and traffic as well as connectivity to the SCADA systems.

Testbed Setup

A central setup for the experiment can be seen in Figure 2. The rack contains the RTU, and IED, GPS Clocks, switches and computing units. The test setup is a mix of HW components, real time simulations and Software Defined Networking capabilities. Figure 3 illustrates the CPPS testbed setup, where important components are shown.

Figure 2: The SDNµSense developed test setup in the Norwegian National Smart Grid Laboratory, The rack contains a RTU, IED, GPS Clocks, switches and computing units
Figure 3: The CPPS testbed

This setup fulfills requirements of the EPES SCADA architecture. Thus, it is a simple and effective setup that can emulate the elements of the power system that will be exposed to potential cyber-attack.  A follow-up blog on the description of the outcome of the experiments will be published when the results are available.