Académique Documents
Professionnel Documents
Culture Documents
Abstract—Enhanced integration of information and communi- the seven properties required by the smart grid to meet future
cation technologies in the smart grid has led to an increase in the demands [4].
number of cyber assets and has also opened up the possibility of a The EPG has been recognized as a critical infrastructure with
cyberattack. It is necessary to understand the complex relation-
ship between the cyber and physical domains, and its potential a high risk of becoming the target of a cyberattack [5]. Because
impact on the power grid because of a successful cyber–physical of the idiosyncrasies of the power grid, the application of
attack. A cyber–physical test bed that can model and simulate the existing technologies to prevent or mitigate cyberattacks is not
smart grid is necessary to test and validate algorithms and devices. a direct possibility. The disruptions because of a cyberattack on
This paper presents the development of an end-to-end, real-time the smart grid transcend the cyber realm to affect the physical
cyber–physical test bed using Real-Time Digital Simulator and
Network Simulator 3 (ns-3). A methodology for integrating the realm as well. Hence, the approach to security of the smart
hardware phasor measurement unit and the phasor data con- grid must combine cyber security and power system security
centrator in the test bed is presented along with the detailed into cyber–physical security (CPS). Cyberattacks include false-
modeling of the communication network for the power system. data injection attacks on state estimation and electricity markets
The developed test bed is validated and used to demonstrate the [6], [7], denial-of-service (DoS) attacks on a critical asset [8],
impact of different cyberattacks on the power system and tested
algorithms. malicious intrusion, and the recent Distributed Network Pro-
tocol, Version 3.0 (DNP3) implementation vulnerability doc-
Index Terms—Cyber security, cyber–physical test bed, Network umented by the Industrial Control Systems Cyber Emergency
Simulator 3 (ns-3), real time, Real-Time Digital Simulator (RTDS),
smart grid. Response Team [9]. The impact of these kinds of attacks on the
physical devices in the EPG can be catastrophic. Power equip-
ment usually has high costs associated with it, and replacements
I. I NTRODUCTION
for some of these devices may have a long lead time to obtain.
associated infrastructure into the real-time cyber–physical sim- is aimed at simulating the smart-grid environment and studying
ulator using Real Time Digital Simulator (RTDS) and Network the effects of cyberattacks on the EPG.
Simulator 3 (ns-3); 2) the methodology for validation and SCADASim, which is a framework for building supervisory
testing the real-time test bed; 3) flexibility for integrating real control and data acquisition (SCADA) simulations, is built on
and simulated components in the test bed; 4) a detailed model top of OMNeT++ network simulator [17]. It is similar in
of the power-system communication network in real time with operation to EPOCHS, except that the simulator also allows for
support for different protocols; 5) the use of simulated entities, the possibility of including real devices to a limited extent. By
such as a virtual host with the capability to interact with real using schedulers, it is possible to test the effect of attacks on real
hosts; and 6) the use of ns-3, which is an open-source software devices, although it uses a simulated environment. GridSpice,
tool. Therefore, the source code is available to users to modify which is a distributed simulation platform for the smart grid,
and implement features as needed. The developed test bed uses Gridlab-D and MATPOWER as the network and power
is limited by resources to model the large system, which can simulation tools, respectively [18]. This is a cloud-based simu-
be easily solved by securing additional financial resources. lation platform aimed at simulating large networks with hun-
The major advantage of the test bed is that the operations dreds of connected generators and distribution networks. In
and actions do not need to be scheduled beforehand. Events addition to power and communication network simulation, it
can be triggered or performed at any desired time with the also allows market operations. Potential applications include
consequences reflected as in a real system. This makes the renewable energy integration, home area control and smart
test bed ideal for studying cyber–power system attacks and algorithms, electric vehicle infrastructure, distributed energy
developing methodologies to mitigate the effects of these resources, microgrids, demand response and distribution oper-
attacks. ation, and utility-scale storage. GridSim is built using Gridstat
In the following sections, the development of a real-time and TSAT [19]. GridStat is a wide-area data delivery framework
cyber–physical test bed using both RTDS and ns-3 is described. based on a publish–subscribe architecture [20]. It is used to
Section II provides a short summary of related work for mod- deliver data simulating the communication network. A transient
eling the power system and the cyber system. In addition, the stability simulator, i.e., TSAT, is used for power system simu-
uniqueness of using RTDS and ns-3 in the test bed is also lation. GridSim simulates the power grid, the information and
examined. Section III provides an introduction to cyber–power communication technology (ICT) infrastructure that overlays
system modeling. Section IV examines the architecture of the the grid, and the control systems. The primary focus is the
developed real-time test bed. Section V presents the validation design and testing of wide-area control applications using PMU
of the test bed. Section VI describes the potential applications and other high-rate timestamped data for large systems. The
and presents actual case studies of the test bed. ORNL Power System Simulator setup uses ns-2 and A Discrete
EVent system Simulator (ADEVS) simulation tools [21]. An-
other variation that uses OPNeT++ instead of ns-2 has also
II. R ELATED W ORK
been developed. The IBCN Smart Grid Simulator simulation
Cybersecurity research needs have driven the development environment is implemented using OMNeT++ and MATLAB
of smart-grid cyber–physical test beds. There have been sev- [22]. The environment is designed as layered architecture, in
eral efforts aimed at the development of cost-effective and which three layers are defined: application, middleware, and
accurate test beds. Cosimulation of heterogeneous systems is support layers. It is used to evaluate demand-side management
common in other areas of research and has gained popularity algorithms for electric vehicles.
in cyber–physical simulation. This section provides a detailed Some test beds are more specific in their purpose, such
look into cosimulation environments that have been developed as the Test Bed for Analyzing Security of SCADA Control
for studying the smart grid. In [13] and [14] a hybrid simu- Systems (TASSCS) developed by the University of Arizona,
lation architecture, which is based on IEEE 1516 High-Level which is meant for research on SCADA systems only [23]. It
Architecture, was presented, and it enabled combined simu- uses OPNeT++ system-in-the-loop simulation for the com-
lation of power and communication systems in an integrated munication system, and the PowerWorld simulator to provide
environment. EPG simulation. It is primarily used for research on intrusion
The Electric Power and Communication Synchronizing Sim- detection. SCADA CST [24] is another platform that is similar
ulator (EPOCHS) is a platform for agent-based electric power to TASSCS, except that RINSE is used to simulate the cyber
and communication network simulation. It is the integration system. The National SCADA Test Bed is a foundational test-
of three different simulators: PSCAD/EMTDC for transient bed initiative, which represents a national laboratory collabo-
timescales, PSLF for power system modeling, and ns-2 for rative project [25]. The Virtual Control Systems Environment
communication network modeling [15]. A carefully designed developed by Sandia National Laboratory uses OPNeT++ and
software mediator called runtime infrastructure is responsi- PowerWorld simulator such as the TASSCS test bed. It uses
ble for interfacing and synchronizing between the individual simulated, emulated, and physical devices to provide a ver-
simulators by allowing them to exchange data periodically. A satile reconfigurable platform [26]. The Global Event-Driven
cyber–physical test bed using Internet-Scale Event and Attack Cosimulation Framework (GECO) combines the power-system
Generation Environment for emulating wide-area network com- load flow and ns-2 to provide a cosimulation framework. The
munications and RTDS/DigSilent for simulating power systems main goal here is the modeling and simulation of wide-area
has been developed at Iowa State University [16]. The test bed monitoring, protection, and control schemes [27].
This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination.
VELLAITHURAI et al.: DEVELOPMENT AND APPLICATION OF REAL-TIME TEST BED FOR CPS 3
VELLAITHURAI et al.: DEVELOPMENT AND APPLICATION OF REAL-TIME TEST BED FOR CPS 5
communication-network layer. There is no direct coupling control center. The complete integrated cyber–physical test bed
between RTDS and ns-3. RTDS simulates the power system is shown in Fig. 9.
and provides measurement signals to the measurement layer.
The measurement devices then communicate to the destination,
V. VALIDATION OF THE T EST B ED
through ns-3, emulating the required communication network
characteristics. The substations, each having their own private In order to validate the integrated test bed, component-
network of devices, are interconnected through a multihop level performance and system-level performance were com-
network topology. Data flow is possible between substations pared with benchmark performance. For component-level
and with the control center. If data flow occurs between two performance, the RTDS factory test certification was obtained
substations, the data packet is passed through ns-3, which from the manufacturer. Additionally, the results from several
simulates the appropriate delays associated with the transmis- test cases obtained using RTDS were compared with other
sion of that packet between the two substation gateways. For software tools, such as MATPOWER, and published results
wide-area communication system emulation, a similar process for the standard IEEE system. The development of the open-
is used. source communication network simulator ns-3 started in 2006
Consider the scenario shown in Fig. 8, where a PMU at and is still in active development. Both of these simulators have
Node 9 needs to send data to the control center. In this case, been used extensively and validated by other researchers at
the PMU data are first concentrated at the local substation PDC. the component level. ns-3 is used in emulation mode, which
This process of intrasubstation communication occurs on a real means that the virtual applications, which generate packets, are
LAN network. The local PDC sends data to the super PDC replaced with real hosts. As far as ns-3 is concerned, the only
through the highlighted path in ns-3. This adds the communi- change is that the virtual packets are replaced with real packets.
cation network dynamics based on packet origin, destination, Therefore, the working of ns-3 is essentially the same for real
and network configuration while delivering the packet to the packets as it is for virtual packets.
This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination.
VELLAITHURAI et al.: DEVELOPMENT AND APPLICATION OF REAL-TIME TEST BED FOR CPS 7
TABLE I
VALIDATION R ESULTS
Fig. 11. Phase separation of system and generator voltage during an Aurora attack.
VELLAITHURAI et al.: DEVELOPMENT AND APPLICATION OF REAL-TIME TEST BED FOR CPS 9
300
Real Power (MW)
200
100
60
Reactive Power (MVAR)
40
20
-20
1.5
Fig. 15. Packets per second during the DoS attack at different locations.
1
Torque (PU)
0.5
TABLE II
P ROPAGATION D ELAY B ETWEEN G ATEWAY
Fig. 16. Bytes per second during the DoS attack at different locations.
VELLAITHURAI et al.: DEVELOPMENT AND APPLICATION OF REAL-TIME TEST BED FOR CPS 11
[27] H. Lin, S. Veda, S. Shukla, L. Mili, and J. Thorp, “GECO: Global Saugata S. Biswas (S’12) received the B.E. degree
event-driven co-simulation framework for interconnected power system in electrical engineering from Nagpur University,
and communication network,” IEEE Trans. Smart Grid, vol. 3, no. 3, Maharashtra, India, in 2007 and the Ph.D. degree
pp. 1444–1456, Sep. 2012. from Washington State University, Pullman, WA,
[28] P. Forsyth, T. Maguire, and R. Kuffel, “Real time digital simulation for USA, in 2014.
control and protection system testing,” in Proc. IEEE 35th Annu. Power From 2007 to 2009, he was with the Design and
Electron. Spec. Conf., Jun. 2004, vol. 1, pp. 329–335. Development Department of a switchgear industry
[29] C. Vellaithurai, “Cyber-Power System Analysis Using a Real Time in India. From 2009 to 2010, he was a Ph.D. Stu-
Test Bed,” M.S. Thesis, Washington State Univ., Pullman, WA, USA, dent with Mississippi State University, Starkville,
Jul. 2013. MS, USA, before continuing his doctoral study at
[30] P. Anderson and A. Fouad, “Power System Control and Stability,” Iowa Washington State University. He is currently work-
State Univ. Press: Ames, IA, USA, 1977. ing with Alstom, Bellevue, WA, USA.
[31] A. Srivastava et al., “Modeling cyber-physical vulnerability of the smart Dr. Biswas received several Gold Medal awards from Nagpur University
grid with incomplete information,” IEEE Trans. Smart Grid, vol. 4, no. 1, for his academic achievements from 2003 to 2007, and the EECS Outstanding
pp. 235–244, Mar. 2013. Ph.D. Student in Electrical Engineering Award from Washington State Univer-
[32] S. Biswas, C. Vellaithurai, and A. Srivastava, “Development and real time sity in 2013.
implementation of a synchrophasor based fast voltage stability monitoring
algorithm with consideration of load models,” in Proc. IEEE Ind. Appl.
Soc. Annu. Meet., Oct. 2013, pp. 1–9.
[33] C. Vellaithurai, A. Srivastava, and S. Zonouz, “SECPSIM: A training
simulator for cyber-power infrastructure security,” in IEEE Int. Conf.
SmartGridComm, Oct. 2013, pp. 61–66. Anurag K. Srivastava (S’00–M’05–SM’09) re-
ceived the Ph.D. degree from Illinois Institute of
Technology, Chicago, IL, USA, in 2005.
Ceeman B. Vellaithurai (S’09–M’12) received Since August 2010, he has been with Washington
the B.E. degree in electrical and electronics en- State University, Pullman, WA, USA, as an Assistant
gineering from Anna University Tiruchirappalli, Professor. From 2005 to 2010, he was an Assistant
Tiruchirappalli, India, in 2011 and the M.S. degree Research Professor with Mississippi State Univer-
in electrical engineering with specialization in power sity, Starkville, MS, USA. His research interests
systems from Washington State University, Pullman, include power-system operation and control using
WA, USA, in 2013. smart-grid data.
He is currently working with Schweitzer Engi- Dr. Srivastava served as the Chair of the IEEE
neering Laboratories Inc., Pullman, as a Protection Power and Energy Society (IEEE PES) Career Promotion Subcommittee and
Engineer. His research interests include real-time as the Chair of the IEEE PES Student Activities Subcommittee. He currently
modeling and simulation of cyber–power systems. serves in other several IEEE PES Technical Committees and as an Associate
Mr. Vellaithurai received the Best Outgoing Student Award from Anna Editor for the IEEE T RANSACTIONS ON S MART G RID, and as an IEEE
University Tiruchirappalli for his academic achievements. Distinguished Lecturer.