Towards Automated Generation of Smart Grid Cyber Range for Cybersecurity Experiments and Training
Daisuke Mashima, Muhammad M. Roomi, Bennet Ng, Zbigniew Kalbarczyk, S. M. Suhail Hussain, Ee-chien Chang
TL;DR
Smart grid cyber ranges enable safe, hands-on cybersecurity testing but are traditionally costly and tailored to specific installations, limiting accessibility. The authors present SG-ML, an XML-based modelling language that encodes cyber and physical configurations using IEC 61850 SCL and PLCopen XML, plus supplementary schemas, and a Processor that compiles models into an operational cyber range. The SG-ML Processor automates generation of both power system (via Pandapower) and cyber network (via Mininet) models and can instantiate virtual IEDs, PLCs, and SCADA HMI for multi-substation topologies, as demonstrated on the EPIC testbed. They also show cyber-attack case studies (e.g., false command injection and MITM) to illustrate experimental capability. The work contributes an open-source, scalable framework that lowers the barrier to reproduce, compare, and train on realistic smart grid cyber ranges.
Abstract
Assurance of cybersecurity is crucial to ensure dependability and resilience of smart power grid systems. In order to evaluate the impact of potential cyber attacks, to assess deployability and effectiveness of cybersecurity measures, and to enable hands-on exercise and training of personals, an interactive, virtual environment that emulates the behaviour of a smart grid system, namely smart grid cyber range, has been demanded by industry players as well as academia. A smart grid cyber range is typically implemented as a combination of cyber system emulation, which allows interactivity, and physical system (i.e., power grid) simulation that are tightly coupled for consistent cyber and physical behaviours. However, its design and implementation require intensive expertise and efforts in cyber and physical aspects of smart power systems as well as software/system engineering. While many industry players, including power grid operators, device vendors, research and education sectors are interested, availability of the smart grid cyber range is limited to a small number of research labs. To address this challenge, we have developed a framework for modelling a smart grid cyber range using an XML-based language, called SG-ML, and for "compiling" the model into an operational cyber range with minimal engineering efforts. The modelling language includes standardized schema from IEC 61850 and IEC 61131, which allows industry players to utilize their existing configurations. The SG-ML framework aims at making a smart grid cyber range available to broader user bases to facilitate cybersecurity R\&D and hands-on exercises.