Sandia National Laboratories and Idaho National Laboratory deployed state-of-the-art cybersecurity technologies within a virtualized, cyber-physical wind energy site to demonstrate their impact on security and resilience. This work was designed to better quantify cost-benefit tradeoffs and risk reductions when layering different security technologies on wind energy operational technology networks. Standardized step-by-step attack scenarios were drafted for adversaries with remote and local access to the wind network. Then, the team investigated the impact of encryption, access control, intrusion detection, security information and event management, and security, orchestration, automation, and response (SOAR) tools on multiple metrics, including physical impacts to the power system and termination of the adversary kill chain. We found, once programmed, the intrusion detection systems could detect attacks and the SOAR system was able to effectively and autonomously quarantine the adversary, prior to power system impacts. Cyber and physical metrics indicated network and endpoint visibility were essential to provide human defenders situational awareness to maintain system resilience. Certain hardening technologies, like encryption, reduced adversary access, but recognition and response were also critical to maintain wind site operations. Lastly, a cost-benefit analysis was performed to estimate payback periods for deploying cybersecurity technologies based on projected breach costs.
This document summarizes the on-going cyber security work and resulting cyber security reference architecture for a secure microgrid control system network. The architecture pre sented here provides guidelines and security recommendations for the implementation of a secure microgrid control system at Department of Defense (DOD) installations. The mi crogrid is designed using the Energy Surety MicrogridTM (ESM) methodology developed by Sandia National Laboratories (SNL). Microgrids developed using the ESM methodology demonstrate— • increased reliability for critical mission loads resulting from the interconnection of electrical generation assets using the existing distribution network • reduced reliance on diesel-generated backup power through the use of renewable energy sources during outages • increased efficiency of diesel backup generators through careful, coordinated operation across the microgrid system • reduced operational risk through a strong focus on cyber security The design of a microgrid control system needs to be more robust than that of a traditional industrial control system (ICS) for the following reasons: • The microgrid is used in emergency situations and may be critical to continuity of operations of an installation. • The microgrid must function during active attack by a capable adversary. As such, the traditional design and implementation for an ICS may not be sufficient for implementing a robust and secure microgrid.
Design and operation of the electric power grid (EPG) relies heavily on computational models. High-fidelity, full-order models are used to study transient phenomena on only a small part of the network. Reduced-order dynamic and power flow models are used when analysis involving thousands of nodes are required due to the computational demands when simulating large numbers of nodes. The level of complexity of the future EPG will dramatically increase due to large-scale deployment of variable renewable generation, active load and distributed generation resources, adaptive protection and control systems, and price-responsive demand. High-fidelity modeling of this future grid will require significant advances in coupled, multi-scale tools and their use on high performance computing (HPC) platforms. This LDRD report demonstrates SNL's capability to apply HPC resources to these 3 tasks: (1) High-fidelity, large-scale modeling of power system dynamics; (2) Statistical assessment of grid security via Monte-Carlo simulations of cyber attacks; and (3) Development of models to predict variability of solar resources at locations where little or no ground-based measurements are available.
This paper describes a new hybrid modeling and simulation architecture developed at Sandia for understanding and developing protections against and mitigations for cyber threats upon control systems. It first outlines the challenges to PCS security that can be addressed using these technologies. The paper then describes Virtual Control System Environments (VCSE) that use this approach and briefly discusses security research that Sandia has performed using VCSE. It closes with recommendations to the control systems security community for applying this valuable technology.
To analyze the risks due to cyber attack against control systems used in the United States electrical infrastructure, new algorithms are needed to determine the possible impacts. This research is studying the Reliability Impact of Cyber ttack (RICA) in a two-pronged approach. First, malevolent cyber actions are analyzed in terms of reduced grid reliability. Second, power system impacts are investigated using an abstraction of the grid's dynamic model. This second year of esearch extends the work done during the first year.
This report summarizes research on a holistic analysis framework to assess and manage risks in complex infrastructures, with a specific focus on the bulk electric power grid (grid). A comprehensive model of the grid is described that can approximate the coupled dynamics of its physical, control, and market components. New realism is achieved in a power simulator extended to include relevant control features such as relays. The simulator was applied to understand failure mechanisms in the grid. Results suggest that the implementation of simple controls might significantly alter the distribution of cascade failures in power systems. The absence of cascade failures in our results raises questions about the underlying failure mechanisms responsible for widespread outages, and specifically whether these outages are due to a system effect or large-scale component degradation. Finally, a new agent-based market model for bilateral trades in the short-term bulk power market is presented and compared against industry observations.
Flexible Alternating Current Transmission Systems (FACTS) devices are installed on electric power transmission lines to stabilize and regulate power flow. Power lines protected by FACTS devices can increase power flow and better respond to contingencies. The University of Missouri Rolla (UMR) is currently working on a multi-year project to examine the potential use of multiple FACTS devices distributed over a large power system region in a cooperative arrangement in which the FACTS devices work together to optimize and stabilize the regional power system. The report describes operational and security challenges that need to be addressed to employ FACTS devices in this way and recommends references, processes, technologies, and policies to address these challenges.