Search
back to search
NAME

Laboratory of Cybersecurity in the Smart Grid

DESCRIPTION

The Laboratory of Cybersecurity in the Smart Grid emulates a Software - Hardware real time communications environment of a Primary Distribution Substation, in which the electronic equipment (IEDs) that control and supervise the electrical equipment (switches, transformers, ...) have been deployed. It also simulates a Control Center, with basic functionalities, to which the Substation equipment is connected.
The laboratory allows to:
- Simulate the real communications between the different equipment and systems of the control center and the substation.
- Play a set of cyber attacks through tools for generating penetration tests (ethical hacking)
- Test the response of equipment (RTU, SCU, protection relays, ...) and information systems (SCADA, LDAP server, ...) from external manufacturers to those attacks.
- Test the effectiveness of attack detection tools developed by external manufacturers.
The two environments (substation and control center) are connected through an Ethernet network established between two routers. This allows the management of external access to the laboratory. Both routers establish a VPN connection.

MOST OUTSTANDING EQUIPMENT AND COMPONENTS

The laboratory is composed of two environments, the Control Center environment in which a SCADA has been installed and that simulates the operation of the electric grid (reduced to a substation), and the substation environment in which the electronic equipment is installed (SCU and relays of Protection).

CONTROL CENTER COMPONENTS:
The components of the Control Center environment are:
-Router: Allows to establish a VPN connection with the router of the substation.
-Internal Switch: Connects all computers in the control center.
-SCADA equipment. It contains the monitoring and control software (SCADA) of the substation. It also allows to modify the configuration of the IEDs from the Control Center.
-Computer LDAP and NTP servers: This equipment houses the different servers that are accessed from the IEDs of the substation:
-Server running the services:
* LDAP: Performs management of the control, access (authentication and authorization) of users and information systems to the IEDS.
* NTP — provides the time synchronization service.

SecureGrid Hacking Tool Box (HTB) is a tool box that allows to configure and perform different penetration tests to electronic devices of an electric substation.
SecureGrid HTB is thought to be used by the equipment manufacturers to check the security level of their equipment.

Monitoring of anomalies in electrical substations and industrial plants

The laboratory is composed of two environments, the Control Center environment in which a SCADA has been installed and that simulates the operation of the electric grid (reduced to a substation), and the substation environment in which the electronic equipment is installed (SCU and relays of Protection).

SUBSTATION COMPONENTS:
-Router: Allows to establish a VPN connection with the router of the control center.
-Substation Control Unit (SCU): It makes the functions of a remote unit by establishing the communication with the SCADA of the control center through the Telecontrol IEC 60870-5-104 Telecontrol protocol. Other protocols that are accepted are the Modbus TCP and the DNP3-TCP. On the other hand, it also makes the client functions 61850 of the protection relays through the protocol IEC-61850.
-Industrial Switch: Connects all IEDs by setting up the substation Bus.
-Protection relays: Perform the protection functions of the electrical equipment (switches, transformers,...). These relays implement the Protocol IEC-61850, which allows them to receive the electrical signals generated by the team OMICRON – CMC 850, communicate with the SCU, and launch GOOSE between them.
-Power supplies: Those relays whose power supply is in continuous (VCC) are equipped with their corresponding power supply.
-SCADA equipment. It contains the monitoring and control software (SCADA) of the substation. It also allows to modify the configuration of the IEDs from the Control Center.
-OMICRON – CMC 850: Allows to simulate up to 3 Merging units, electrical data acquisition equipment of the substation. This equipment is connected to the TCP/IP protection relays via the substation Bus.
-OMICRON – CMC 256: Allows to simulate electrical signals and connect them directly to the protection relays through the digital input and output connections. In addition, it allows to simulate the activity of switches.

WHITEZONE prevents malware presence at the operational zone of industrial plants, restricting the access to the delimeted area designed as operational zone, only to the authorised users carrying safe and identified software. This is a way of securing the industrial zone and improving the update process of the industrial production control (ICS) devices. It offers the following functionalities:

• Ensures that the information that is to be used within the operational zone by means of a USB key is secure, i.e. there is no virus or malware.
• Authenticates users manually or via an NFC card.
• Allows to choose the data that is going to be used in the protected zone and analyzes it to search for any virus or malware or any data not allowed through a multi-virus service in the cloud. If this verification is exceeded, it ejects a key "USB Whitezone ©" where the encrypted and signed data will be copied, to avoid modifications. These USB Whitezone © will be the only valid one within the protected operational zone. In addition, this component sends, in real time, all its activity to the BackEnd software.
• The Software Agent is an element that controls all USB port activity on the computer on which it is installed. If a non-Whitezone © USB device is inserted, it will be ejected immediately, making it impossible to use. If a USB Whitezone © is connected, it verifies that its contents have not been altered. If it has been altered, ejects the USB and otherwise decrypt the information contained so that the data is available. The software agent can communicate, in real time, all its activity to the BackEnd.

SERVICES OFFERED BY THE ASSET

services book icon
675

Cybersecurity functional test environment

services book icon
676

Industrial cybersecurity training for security operators and ethical hackers

services book icon
673

Simulation of real communications between control centres and electrical substations for cyber-attacks

services book icon
674

Simulation of real communications between control centres and electrical substations for cyber-defence

ENTITY MANAGING THE ASSET

FUNDACIÓN TECNALIA RESEARCH & INNOVATION

Contact person: Ana Isabel Ayerbe Fernandez-Cuesta

Other related assets

Tell us about your need

Let us get to know you better. If you are looking to implement intelligent technologies and advanced materials that improve the efficiency of your company's production system to offer solutions with more added value, fill in this form.

Scroll To Top