Development of smart grid testbed with low-cost hardware and software for cybersecurity research and education

Smart Grid, also known as the next generation of the power grid, is considered as a power infrastructure with advanced information and communication technologies (ICT) that will enhance the efficiency and reliability of power systems. For the essential benefits that come with Smart Grid, there are also security risks due to the complexity of advanced ICT utilized in the architecture of Smart Grid to interconnect a huge number of devices and subsystems. Cybersecurity is one of the emerging major threats in Smart Grid that needs to be considered as the attack surface increased. To prevent cyber-attacks, new techniques and methods need to be evaluated in a real-world environment or in a testbed. However, the costs for setting-up Smart Grid testbed is extensive. In this article, we focused on the development of a smart grid testbed with a low-cost hardware and software for cybersecurity research and education. As a case study, we evaluated the testbed with most common cyber-attack such as denial of service (DoS) attack. In addition, the testbed is a useful resource for cybersecurity research and education on different aspects of SCADA systems such as protocol implementation, and PLC programming

A review of cyber-ranges and test-beds:current and future trends

Cyber situational awareness has been proven to be of value in forming a comprehensive understanding of threats and vulnerabilities within organisations, as the degree of exposure is governed by the prevailing levels of cyber-hygiene and established processes. A more accurate assessment of the security provision informs on the most vulnerable environments that necessitate more diligent management. The rapid proliferation in the automation of cyber-attacks is reducing the gap between information and operational technologies and the need to review the current levels of robustness against new sophisticated cyber-attacks, trends, technologies and mitigation countermeasures has become pressing. A deeper characterisation is also the basis with which to predict future vulnerabilities in turn guiding the most appropriate deployment technologies. Thus, refreshing established practices and the scope of the training to support the decision making of users and operators. The foundation of the training provision is the use of Cyber-Ranges (CRs) and Test-Beds (TBs), platforms/tools that help inculcate a deeper understanding of the evolution of an attack and the methodology to deploy the most impactful countermeasures to arrest breaches. In this paper, an evaluation of documented CR and TB platforms is evaluated. CRs and TBs are segmented by type, technology, threat scenarios, applications and the scope of attainable training. To enrich the analysis of documented CR and TB research and cap the study, a taxonomy is developed to provide a broader comprehension of the future of CRs and TBs. The taxonomy elaborates on the CRs/TBs dimensions, as well as, highlighting a diminishing differentiation between application areas

A Survey on Industrial Control System Testbeds and Datasets for Security Research

The increasing digitization and interconnection of legacy Industrial Control Systems (ICSs) open new vulnerability surfaces, exposing such systems to malicious attackers. Furthermore, since ICSs are often employed in critical infrastructures (e.g., nuclear plants) and manufacturing companies (e.g., chemical industries), attacks can lead to devastating physical damages. In dealing with this security requirement, the research community focuses on developing new security mechanisms such as Intrusion Detection Systems (IDSs), facilitated by leveraging modern machine learning techniques. However, these algorithms require a testing platform and a considerable amount of data to be trained and tested accurately. To satisfy this prerequisite, Academia, Industry, and Government are increasingly proposing testbed (i.e., scaled-down versions of ICSs or simulations) to test the performances of the IDSs. Furthermore, to enable researchers to cross-validate security systems (e.g., security-by-design concepts or anomaly detectors), several datasets have been collected from testbeds and shared with the community. In this paper, we provide a deep and comprehensive overview of ICSs, presenting the architecture design, the employed devices, and the security protocols implemented. We then collect, compare, and describe testbeds and datasets in the literature, highlighting key challenges and design guidelines to keep in mind in the design phases. Furthermore, we enrich our work by reporting the best performing IDS algorithms tested on every dataset to create a baseline in state of the art for this field. Finally, driven by knowledge accumulated during this survey's development, we report advice and good practices on the development, the choice, and the utilization of testbeds, datasets, and IDSs

The Use of System in the Loop, Hardware in the Loop, and Co-modeling of Cyber-Physical Systems in Developing and Evaluating New Smart Grid Solutions

This paper deals with two issues: development of some advanced smart grid applications, and implementation of advanced testbeds to evaluate these applications. In each of the development cases, the role of the testbeds is explained and evaluation results are presented. The applications cover the synchrophasor systems, interfacing of microgrids to the main grid, and cybersecurity solutions. The paper hypothesizes that the use of the advanced testbeds is beneficial for the development process since the solution product-to-market cycle may be shortened due to early real-life demonstrations. In addition, solution users’ feedback to the testbed demonstration can be incorporated at an early stage when making the changes is not as costly as doing it at more mature development stages

EVA: a hybrid cyber range

Over the recent years, cyber attacks have increased constantly. Attacks targeting sensors networks, or exploiting the growing number of networked devices, are becoming even more frequent. This has led to the need to find a way to train the teams responsible for defending computer systems in order to make them able to respond to any threats quickly. The fact that it is impossible to carry out training operations directly on corporate networks or critical infrastructure has led to the birth of Cyber Ranges, virtual or hybrid systems that allow training in safe and isolated environments. In this paper we present a model for the implementation of a Hybrid Cyber-Range (HCR), based on the model of a real Water Supply System WSS). The HCR shall combine the dynamism and flexibility of virtualised Cyber-Ranges (CR) and the realism of Cyber-Physical Systems (CPS)

Security assessment of the smart grid : a review focusing on the NAN architecture

Abstract: This paper presents a comprehensive review on the security aspect of the smart grid communication network. The paper focus on the Neighborhood Area Network (NAN) cybersecurity and it laid emphasis on how the NAN architecture is such an attractive target to intruders and attackers. The paper aims at summarizing recent research efforts on some of the attacks and the various techniques employed in tackling them as they were discussed in recent literatures and research works. Furthermore, the paper presents a detailed review on the smart grid communication layers, wireless technology standards, networks and the security challenges the grid is currently facing. The work concludes by explaining current and future directions NAN communication security could consider in terms of data privacy measures. The data privacy measures are discussed in terms of prevention and detection techniques

Blockchain in Energy Communities, A proof of concept

This report aims at exploring the use of the distributed ledger paradigm to incentive the participation of the citizen to a truly free, open and interoperable energy market, producing a feasibility study and a first demo testbed, taking also into consideration privacy, cybersecurity and big-data issues of the smart-home in the Energy market context. This study is intended to support point 4.1, 4.2 and 4.3 of the DSM (COM(2015)192) and point 2.2 of the Energy Union package (COM(2015)80.JRC.E.3-Cyber and Digital Citizens' Securit

SCADA System Testbed for Cybersecurity Research Using Machine Learning Approach

This paper presents the development of a Supervisory Control and Data Acquisition (SCADA) system testbed used for cybersecurity research. The testbed consists of a water storage tank's control system, which is a stage in the process of water treatment and distribution. Sophisticated cyber-attacks were conducted against the testbed. During the attacks, the network traffic was captured, and features were extracted from the traffic to build a dataset for training and testing different machine learning algorithms. Five traditional machine learning algorithms were trained to detect the attacks: Random Forest, Decision Tree, Logistic Regression, Naive Bayes and KNN. Then, the trained machine learning models were built and deployed in the network, where new tests were made using online network traffic. The performance obtained during the training and testing of the machine learning models was compared to the performance obtained during the online deployment of these models in the network. The results show the efficiency of the machine learning models in detecting the attacks in real time. The testbed provides a good understanding of the effects and consequences of attacks on real SCADA environmentsComment: E-Preprin