SPARKS Highlights the Smart Grid Cybersecurity Threat at their 2nd Stakeholder Workshop

On Wednesday 25th March 2015, the SPARKS project held its 2nd Stakeholder Workshop at the EMC2 Centre of Excellence and Nimbus Microgrid in Cork, Ireland. Stakeholders from different smart grid sectors attended, including Distribution System Operators (DSOs), equipment and solutions providers, research institutions, and academia. The major goal of the workshop was to highlight to stakeholders the serious nature of the cybersecurity threat to smart grid. In addition, the consortium presented their response to this threat.

Attendees at the 2nd SPARKS stakeholder workshop
Attendees at the 2nd SPARKS stakeholder workshop

The workshop was broadly split into two halves, focusing on the project’s efforts on securing medium-to-low voltage smart distribution networks and microgrids. These two settings are analogous to the two operational demonstration infrastructures that are available to the project, the distribution network of SWW – in this case, represented by the AIT SmartEST lab, and the Nimbus Microgrid. For each of the settings, stakeholders were shown a live cyber-attack demonstration, along with how the project’s research in the areas of risk assessment and resilience could be applied to address the demonstrated threat.

Perhaps the highlight of the day was a multi-stage attack demonstration, which showed how an attacker could, using an initial phishing email, infect a computer in the enterprise network of a DSO and (by exploiting a number of further computers) subsequently manipulate and shut down a photovoltaic invertor – a cyber-physical attack. Producing this attack demonstration was a truly collaborative endeavor, involving researchers from Queen’s University Belfast, EMC2 and AIT Austrian Institute of Technology. A key take-home message from this demonstration is the number of different ways such an attack could be implemented, in addition to those used by the consortium.

Dr Kieran McLaughlin and Dr BooJoong Kang from Queen’s University Belfast, and Silvio La Porta from EMC2 demonstrating a multi-staged cyber-attack to a photovoltaic invertor, located at the AIT SmartEST Laboratory in Vienna
Dr Kieran McLaughlin and Dr BooJoong Kang from Queen’s University Belfast, and Silvio La Porta from EMC2 demonstrating a multi-staged cyber-attack to a photovoltaic invertor, located at the AIT SmartEST Laboratory in Vienna

In a similar fashion, stakeholders were shown the potential impact of an attack to components of a microgrid, such as battery storage – a key subsystem for grid disconnected microgrids. In this demonstration, the longitudinal financial impacts of a cyber-attack to a battery storage system were highlighted. The project’s response to these threats was presented to stakeholders, focusing on our activities in risk assessment and resilience.

The project is investigating a number of vulnerability and impact assessment methods. For example, Prof Henrik Sandberg from KTH presented ongoing research on developing modelling techniques to assess the vulnerability of the smart grid to cyber-physical attacks, such as the one demonstrated at the workshop. To understand the impact of such attacks, a number of modelling approaches can be applied that describe the continuous state of components (e.g., voltage measurements), their discrete states (e.g., charging vs. discharging) and the ICT infrastructure. Dr Rohan Chabuksawr and the team at UTRC are exploring suitable simulation models that can be used to assess the impact of cyber-attacks across these three domains. In addition to the technical impact of such attacks, a financial cost will be incurred. Dr Michael Schmidthaler presented ongoing research from the Energy Institute in Linz that is investigating micro-economic models to examine these costs, motivating investment in security measures.

An important stage in the cyber-attack demonstration was a Man-In-The-Middle (MITM) attack on the IEC 61850 control protocol. In response to this threat, researchers at Queen’s University Belfast are developing a SCADA-specific Intrusion Detection System (IDS) that aims to detect anomalous IEC 61850 protocol usage. Dr Kieran McLaughlin from Queen’s presented this activity to the workshop. Advanced multi-staged attacks can operate for extended periods of time (e.g., months) before implementing their payload, such as controlling PV invertors or exfiltrating intellectual property from an organization. To support the identification of such attacks, and reduce the time an attack can remain in this latent undetected state, researchers from EMC2 are investigating how security analytics techniques can be applied to Big data to identify anomalous operational behaviour that could indicate an attack. Dr Silvio La Porta from EMC2 presented and demonstrated ongoing research in this area.

These two forms of detection mechanisms can be used as input to control algorithms that can make adjustments to the operational state of components, such as battery storage or controllable loads, to ensure the continued operation of a grid whilst under attack. Dr André Teixeira from KTH presented the project’s vision of how this could be achieved.

The workshop concluded with presentations from projects that are related to SPARKS: the EU-funded HyRiM project, coordinated by AIT Austrian Institute of Technology, is tasked with investigating novel risk metrics for interconnected utility networks, and measuring the potential impact of cascading effects. The EU-funded SEGRID project was introduced to workshop attendees by Dr Frank Fransen from TNO. In a similar manner to SPARKS, the project is exploring risk assessment methods in the context of a number of increasingly sophisticated smart grid use cases. The aim of this activity is to identify security gaps in current and future smart grid deployments. Security technologies will be developed to address these gaps, which will be evaluated on a number of testbeds in the project.

The presentations from the workshop were recorded. We anticipate being able to make selected slides and videos of the talks available in the coming days.