Collaborative, Trust-Based Security Mechanisms for a National Utility Intranet

This thesis investigates security mechanisms for utility control and protection networks using IP-based protocol interaction. It proposes flexible, cost-effective solutions in strategic locations to protect transitioning legacy and full IP-standards architectures. It also demonstrates how operational signatures can be defined to enact organizationally-unique standard operating procedures for zero failure in environments with varying levels of uncertainty and trust. The research evaluates layering encryption, authentication, traffic filtering, content checks, and event correlation mechanisms over time-critical primary and backup control/protection signaling to prevent disruption by internal and external malicious activity or errors. Finally, it shows how a regional/national implementation can protect private communities of interest and foster a mix of both centralized and distributed emergency prediction, mitigation, detection, and response with secure, automatic peer-to-peer notifications that share situational awareness across control, transmission, and reliability boundaries and prevent wide-spread, catastrophic power outages

A Novel Testbed for Evaluation of Operational Technology Communications Protocols and Their On-Device Implementations

Operational Technology (OT) and Infrastructure Technology (IT) systems are converging with the rapid addition of centralized remote management in OT systems. Previously air-gapped systems are now interconnected through the internet with application-specific protocols. This has led to systems that had limited access points being remotely accessible. In different OT sectors, legacy protocols previously transmitted over serial communication were updated to allow internet communication with legacy devices. New protocols such as IEC-61850 were also introduced for monitoring of different OT resources. The IEC-61850 standard’s Generic Object Oriented Substation Event (GOOSE) protocol outlines the representation and communication of a variety of different components through Publisher and Subscriber roles. Each publisher and subscriber are defined specifically on Intelligent Electronic Devices (IEDs), which may differ in manufacturer and capabilities. Each defined publisher and subscriber are network specific, so the different topologies and data types sent can vary between networks. To support the different objects represented in the protocol, customizable configurations for GOOSE supporting components is required. In this thesis, an effective, flexible, and practical testbed is introduced for evaluating OT protocols, with a case study in the implementation of the GOOSE protocol on IEDs. Common cyberattacks on the GOOSE protocol are identified and implemented on the testbed with variable data rate generation. The tests are executed on three separate GOOSE devices, two devices from reputable manufacturers, and a Raspberry Pi running an open source library, libiec61850. Each device is configured in accordance with manufacturer instruction to ensure the test operated under valid operating conditions. Advisor: Hamid R. Sharif-Kashan

Substation Communication Architecture to Realize the Future Smart Grid

Substation and its communication architecture play an important role in maintaining high reliability, and availability of the power supply. Due to the proliferation of multi-vendor IEDs (Intelligent Electronic Devices) and communication technologies in substation, there seems to be an immediate need to adopt a standard approach for meeting the critical communication demands of Substation Automation System (SAS) and also to be future ready to tackle demand growth and changing scenario due to restructuring and deregulation. This paper presents possible exploitation of the technical features of IEC 61850, the standard for Communication Networks and Systems in Substation, to make the substation communication architecture future ready to accommodate the applications and goals of smart grid. Keywords: Substation Automation, Interoperability, IEC61850, Smart Grid, Distribution Automation

A study of the applicability of software-defined networking in industrial networks

173 p.Las redes industriales interconectan sensores y actuadores para llevar a cabo funciones de monitorización, control y protección en diferentes entornos, tales como sistemas de transporte o sistemas de automatización industrial. Estos sistemas ciberfísicos generalmente están soportados por múltiples redes de datos, ya sean cableadas o inalámbricas, a las cuales demandan nuevas prestaciones, de forma que el control y gestión de tales redes deben estar acoplados a las condiciones del propio sistema industrial. De este modo, aparecen requisitos relacionados con la flexibilidad, mantenibilidad y adaptabilidad, al mismo tiempo que las restricciones de calidad de servicio no se vean afectadas. Sin embargo, las estrategias de control de red tradicionales generalmente no se adaptan eficientemente a entornos cada vez más dinámicos y heterogéneos.Tras definir un conjunto de requerimientos de red y analizar las limitaciones de las soluciones actuales, se deduce que un control provisto independientemente de los propios dispositivos de red añadiría flexibilidad a dichas redes. Por consiguiente, la presente tesis explora la aplicabilidad de las redes definidas por software (Software-Defined Networking, SDN) en sistemas de automatización industrial. Para llevar a cabo este enfoque, se ha tomado como caso de estudio las redes de automatización basadas en el estándar IEC 61850, el cual es ampliamente usado en el diseño de las redes de comunicaciones en sistemas de distribución de energía, tales como las subestaciones eléctricas. El estándar IEC 61850 define diferentes servicios y protocolos con altos requisitos en terminos de latencia y disponibilidad de la red, los cuales han de ser satisfechos mediante técnicas de ingeniería de tráfico. Como resultado, aprovechando la flexibilidad y programabilidad ofrecidas por las redes definidas por software, en esta tesis se propone una arquitectura de control basada en el protocolo OpenFlow que, incluyendo tecnologías de gestión y monitorización de red, permite establecer políticas de tráfico acorde a su prioridad y al estado de la red.Además, las subestaciones eléctricas son un ejemplo representativo de infraestructura crítica, que son aquellas en las que un fallo puede resultar en graves pérdidas económicas, daños físicos y materiales. De esta forma, tales sistemas deben ser extremadamente seguros y robustos, por lo que es conveniente la implementación de topologías redundantes que ofrezcan un tiempo de reacción ante fallos mínimo. Con tal objetivo, el estándar IEC 62439-3 define los protocolos Parallel Redundancy Protocol (PRP) y High-availability Seamless Redundancy (HSR), los cuales garantizan un tiempo de recuperación nulo en caso de fallo mediante la redundancia activa de datos en redes Ethernet. Sin embargo, la gestión de redes basadas en PRP y HSR es estática e inflexible, lo que, añadido a la reducción de ancho de banda debida la duplicación de datos, hace difícil un control eficiente de los recursos disponibles. En dicho sentido, esta tesis propone control de la redundancia basado en el paradigma SDN para un aprovechamiento eficiente de topologías malladas, al mismo tiempo que se garantiza la disponibilidad de las aplicaciones de control y monitorización. En particular, se discute cómo el protocolo OpenFlow permite a un controlador externo configurar múltiples caminos redundantes entre dispositivos con varias interfaces de red, así como en entornos inalámbricos. De esta forma, los servicios críticos pueden protegerse en situaciones de interferencia y movilidad.La evaluación de la idoneidad de las soluciones propuestas ha sido llevada a cabo, principalmente, mediante la emulación de diferentes topologías y tipos de tráfico. Igualmente, se ha estudiado analítica y experimentalmente cómo afecta a la latencia el poder reducir el número de saltos en las comunicaciones con respecto al uso de un árbol de expansión, así como balancear la carga en una red de nivel 2. Además, se ha realizado un análisis de la mejora de la eficiencia en el uso de los recursos de red y la robustez alcanzada con la combinación de los protocolos PRP y HSR con un control llevado a cabo mediante OpenFlow. Estos resultados muestran que el modelo SDN podría mejorar significativamente las prestaciones de una red industrial de misión crítica

The role of communication systems in smart grids: Architectures, technical solutions and research challenges

The purpose of this survey is to present a critical overview of smart grid concepts, with a special focus on the role that communication, networking and middleware technologies will have in the transformation of existing electric power systems into smart grids. First of all we elaborate on the key technological, economical and societal drivers for the development of smart grids. By adopting a data-centric perspective we present a conceptual model of communication systems for smart grids, and we identify functional components, technologies, network topologies and communication services that are needed to support smart grid communications. Then, we introduce the fundamental research challenges in this field including communication reliability and timeliness, QoS support, data management services, and autonomic behaviors. Finally, we discuss the main solutions proposed in the literature for each of them, and we identify possible future research directions

Monitoring of Power System Topology in Real-Time.

Abstrac

Vulnerability and resilience of cyber-physical power systems: results from an empirical-based study

Power systems are undergoing a profound transformation towards cyber-physical systems. Disruptive changes due to energy system transition and the complexity of the interconnected systems expose the power system to new, unknown and unpredictable risks. To identify the critical points, a vulnerability assessment was conducted, involving experts from power as well as information and communication technologies (ICT) sectors. Weaknesses were identified e.g.,the lack of policy enforcement worsened by the unreadiness of involved actors. The complex dynamics of ICT makes it infeasible to keep a complete inventory of potential stressors to define appropriate preparation and prevention mechanisms. Therefore, we suggest applying a resilience management approach to increase the resilience of the system. It aims at a better ride through failures rather than building higher walls. We conclude that building resilience in cyber-physical power systems is feasible and helps in preparing for the unexpected

Protection of Active Distribution Networks and Their Cyber Physical Infrastructure

Today’s Smart Grid constitutes several smaller interconnected microgrids. However, the integration of converter-interfaced distributed generation (DG) in microgrids has raised several issues such as the fact that fault currents in these systems in islanded mode are way less than those in grid connected microgrids. Therefore, microgrid protection schemes require a fast, reliable and robust communication system, with backup, to automatically adjust relay settings for the appropriate current levels according to the microgrid’s operation mode. However, risks of communication link failures, cyber security threats and the high cost involved to avoid them are major challenges for the implementation of an economic adaptive protection scheme. This dissertation proposes an adaptive protection scheme for AC microgrids which is capable of surviving communication failures. The contribution is the use of an energy storage system as the main contributor to fault currents in the microgrid’s islanded mode when the communication link fails to detect the shift to the islanded mode. The design of an autonomous control algorithm for the energy storage’s AC/DC converter capable of operating when the microgrid is in both grid-connected and islanded mode. Utilizing a single mode of operation for the converter will eliminate the reliance on communicated control command signals to shift the controller between different modes. Also, the ability of the overall system to keep stable voltage and frequency levels during extreme cases such as the occurrence of a fault during a peak pulse load period. The results of the proposed protection scheme showed that the energy storage -inverter system is able to contribute enough fault current for a sufficient duration to cause the system protection devices to clear the fault in the event of communication loss. The proposed method was investigated under different fault types and showed excellent results of the proposed protection scheme. In addition, it was demonstrated in a case study that, whenever possible, the temporary disconnection of the pulse load during the fault period will allow the utilization of smaller energy storage device capacity to feed fault currents and thus reduce the overall expenditures. Also, in this dissertation we proposed a hybrid hardware-software co-simulation platform capable of modeling the relation between the cyber and physical parts to provide a protection scheme for the microgrid. The microgrid was simulated on MATLAB/Simulink SimPowerSystems to model the physical system dynamics, whereas all control logic was implemented on embedded microcontrollers communicating over a real network. This work suggested a protection methodology utilizing contemporary communication technologies between multi-agents to protect the microgrid