Evaluation of Anomaly Detection for Wide-Area Protection Using Cyber Federation Testbed

Cyber physical security research for smart grid is currently one of the nation’s top R&D priorities. The existing vulnerabilities in the legacy grid infrastructure make it particularly susceptible to countless cyber-attacks. There is a growing emphasis towards building interconnected, sophisticated federated testbeds to perform realistic experiments by allowing the integration of geographically-dispersed resources in the dynamic cyber-physical environment. In this paper, we present a cyber (network) based federation testbed to validate the performance of an anomaly detector in context of a Wide Area Protection (WAP) security. Specifically, we have utilized the resources available at the Iowa State University Power Cyber (ISU PCL) Laboratory to emulate the substation and local center networks; and the US Army Research Laboratory (ARL); to emulate the regional control center network. Initially, we describe a hardware-in-the loop based experimental setup for implementing data integrity attacks on an IEEE 39 bus system. We then perform network packet analysis focusing on latency and bandwidth as well as evaluate the performance of a decision tree based anomaly detector in measuring its ability to identify different attacks. Our experimental results reveal the computed wide area network latency; bandwidth requirement for minimum packet loss; and successful performance of the anomaly detector. Our studies also highlight the conceptual architecture necessary for developing the federated testbed, inspired by the NASPI network

NEFTSec: Networked federation testbed for cyber-physical security of smart grid: Architecture, applications, and evaluation

As today's power grid is evolving into a densely interconnected cyber-physical system (CPS), a high fidelity and multifaceted testbed environment is needed to perform cybersecurity experiments in a realistic grid environment. Traditional standalone CPS testbeds lack the ability to emulate complex cyber-physical interdependencies between multiple smart grid domains in a real-time environment. Therefore, there are ongoing research and development (R&D) efforts to develop an interconnected CPS testbed by sharing geographically dispersed testbed resources to perform distributed simulation while analysing simulation fidelity. This paper presents a networked federation testbed for cybersecurity evaluation of today's and emerging smart grid environments. Specifically, it presents two novel testbed architectures, including cyber federation and cyber-physical federation, identifies R&D applications, and also describes testbed building blocks with experimental case studies. It also presents a novel co-simulation interface algorithm to facilitate distributed simulation within cyber-physical federation. The resources available at the PowerCyber CPS security testbed at Iowa State University (ISU) and the US Army Research Laboratory are utilised to develop this platform for performing multiple experimental case studies pertaining to wide-area protection and control applications in power system. Finally, experimental results are presented to analyse the simulation fidelity and real-time performance of the testbed federation.This article is published as Singh, Vivek Kumar, Manimaran Govindarasu, Donald Porschet, Edward Shaffer, and Morris Berman. "NEFTSec: Networked federation testbed for cyber‐physical security of smart grid: Architecture, applications, and evaluation." IET Cyber‐Physical Systems: Theory & Applications (2022). DOI: 10.1049/cps2.12033. Works produced by employees of the U.S. Government as part of their official duties are not copyrighted within the U.S. The content of this document is not copyrighted

Evaluation of Anomaly Detection for Wide-Area Protection Using Cyber Federation Testbed

Cyber physical security research for smart grid is currently one of the nation’s top R&D priorities. The existing vulnerabilities in the legacy grid infrastructure make it particularly susceptible to countless cyber-attacks. There is a growing emphasis towards building interconnected, sophisticated federated testbeds to perform realistic experiments by allowing the integration of geographically-dispersed resources in the dynamic cyber-physical environment. In this paper, we present a cyber (network) based federation testbed to validate the performance of an anomaly detector in context of a Wide Area Protection (WAP) security. Specifically, we have utilized the resources available at the Iowa State University Power Cyber (ISU PCL) Laboratory to emulate the substation and local center networks; and the US Army Research Laboratory (ARL); to emulate the regional control center network. Initially, we describe a hardware-in-the loop based experimental setup for implementing data integrity attacks on an IEEE 39 bus system. We then perform network packet analysis focusing on latency and bandwidth as well as evaluate the performance of a decision tree based anomaly detector in measuring its ability to identify different attacks. Our experimental results reveal the computed wide area network latency; bandwidth requirement for minimum packet loss; and successful performance of the anomaly detector. Our studies also highlight the conceptual architecture necessary for developing the federated testbed, inspired by the NASPI network.This proceeding is published as Singh, Vivek Kumar, Manimaran Govindarasu, Donald Porschet, Edward Shaffer, and Morris Berman. "Evaluation of Anomaly Detection for Wide-Area Protection Using Cyber Federation Testbed." (2019).</p