Use Case 1: Investigation of Versatile Cyber-attack Scenarios and Methodologies Against EPES
Test structure and methodologies
Rationale: Investigating attack scenarios in a controlled but highly realistic laboratory environment is highly important, since it is not always feasible to deploy real-life cyber-attack scenarios in running EPES infrastructure for safety reasons. As part of the simulation and validation effort, a laboratory environment consisting of a realistic (if scaled-down to the kW range) power system together with a realistic, scaled-down control system architecture are employed to act as a test bed for examining the effectiveness of attack scenarios as well as effectiveness and efficacy of detection and mitigation mechanisms, particularly also performance characteristics critical for mitigation. To this end, the Norwegian National Smart Grid laboratory is well equipped with different components and equipment for research related to smart grids and renewable generation. The laboratory is suitable for studying different grid configurations, hybrid ac/dc networks, microgrids, offshore grids and grid connection issues regarding small hydro power plants and wind generation. It includes a Grid emulator (200 kVA amplifier, DC to 5 kHz), a Real-Time Digital Simulators, HIL testing equipment and Rapid Control Prototyping (RCP) systems (OPAL-RT), Rotating machinery: Induction generators/motors, Synchronous generators/motors, Permanent magnet generators/motors and AC/DC converters: Voltage Source Converters and Multi-Level Converters.
Impact: The scenario will provide insights on how the SDN-microSENSE platform confronts a variety of attack methodologies in the EPES infrastructure. This pilot is critical since it will pave the way for the real-world demonstrations to come. Three main methodologies will be followed, namely a) attack vectors via business / HMI, b) Substation local networks and c) process control attack vectors. Key impact of the first methodology is the understanding of the type of communication arising during attacks as well as to obtain indicators of compromise from network traffic analysis. The second family of attack scenarios seeks to investigate attacks occurring at the station bus network where traditionally little or no network monitoring takes place. The third methodology differs from others in that: process bus networks should only ever be reachable from station bus networks by way of interaction among RTUs, PLCs and ultimately IEDs.