Test Case 22

Resilience Assessment of ICT infrastructure

Identification

ID

22

Project

ERIGrid 2.0

Date

28/04/21

Test Case Definition

Name of the Test Case

Resilience Assessment of ICT infrastructure

Narrative

The broad aim of this test case is to quantify and assess the resilience of ICT equipment used for communication in Cyber Physical Systems (CPS), i.e., smart grids. More specifically, the focus is on cyber resilience of digital substations. In a digital substation, analogue signal wiring is replaced with digital Ethernet (IEEE 802.3) links. Communication within a digital substation is realized through the IEC 61850 standard that covers substation automation and protection functionalities. Communication with the control center is realized through a dedicated communication gateway using protocols such as IEC 60870-5-104 and/or DNP 3. CPS resilience assessment considers the impact on power grid operation, when the abovementioned protocols/standards in digital substations are subjected to disturbances or targeted cyber attacks – packet loss, denial of service, etc. The characterization of this performance is one of the major interests of this test case, considering the nature of communication effects, and their overall impact on grid operations.

Function(s) under Investigation (FuI)
  • Protection and automation functionality in a digital substation.
  • Type of data exchanged, i.e., control commands and measurements.
Object under Investigation (OuI)

Digital substation (see SuT for more information)

Domain under Investigation (DuI)
  • Information and Communication Technology (ICT)
  • Electrical
Purpose of Investigation (PoI)

Verification and characterization of cyber resilience of digital substations. Specifically, characterize and verify the impact of ICT infrastructure performance on grid operations, in a digital substation in the presence of:

  1. Component failures in the ICT infrastructure of the substation
  2. Misconfiguration of the ICT infrastructure
  3. Cyber attacks targeting the substation ICT infrastructure

The impact on grid operations is measured by noting how aforementioned factors affect protection functionality, i.e., tripping times in a digital substation.

System under Test (SuT)

A digital substation includes substation bays, merging units, Ethernet switches (representing the process bus), Human Machine Interfaces (HMIs), time servers, Intelligent Electronic Devices (IEDs), Remote Terminal Units (RTUs), centralized protection and control units, station control systems, etc. A substation bay comprises busbars, disconnectors, circuit breakers, current and voltage transformers (CTs and VTs), etc. Hence, to realize this test case, the following components are required:

  • Real-time grid simulator such as RTDS or OPAL-RT that supports Hardware-in-Loop (HIL) studies
  • Substation network elements:
    1. At least one ethernet switch and time server. At least two or more physical IEC 61850 capable IEDs
    2. RTUs, MUs, other HIL devices
  • A communication network emulator/simulator to model disturbances/cyber attacks

The testing involves interfacing the real-time grid simulator with all hardware components in a HIL setup to mimic a digital substation. Furthermore, the real-time grid simulator also needs to be interfaced with the network emulator to model and input communication related effects such as latency, packet loss, loss of service, etc.

Source: Centralized Protection and Control. ABB Whitepaper, 2020.

Functions under Test (FuT)
  • Capability of the real-time grid simulator to exchange data using IEC 61850 and IEC 60870-5-104
  • Automation and protection functionality realized by OuI
  • Behaviour and performance of IEDs within the SuT, when subjected to specific disturbances
  • Emulation of communication networks
  • Performance of communication network emulator, i.e., Mininet
Test criteria (TCR)
  • Equipment response and performance under normal operating conditions
  • Equipment response and performance when subjected to communication-based disturbances – packet losses, latency, etc.
  • System response to communication-based disturbances
Target Metrics (TM)
  1. Tripping times
    • During normal operating conditions
    • During disturbances
  2. Communication of control commands (GOOSE)
    • During faulted (short-circuit) conditions
    • During communication disturbances
Variability Attributes (VA)
  • Type of protection scheme implemented
  • Overall substation configuration and topology
  • Characteristics of network emulator
  • Redundancy (N-1, N-2…. N-k): Number of components or communication links which can fail before system operation is at risk
  • Topology and type of simulated power system (transmission vs distribution)
  • Type of cyber-attack, e.g., Denial-of-Service (DoS), malformed authentication codes, etc.
Quality Attributes (QA)
  • Real-time communication performance during normal, electrical fault and communication disturbance conditions
  • Pass: performance within max threshold of 10 ms
  • Fail: performance exceeds 10 ms under any conditions

Qualification Strategy

The PoI are mainly addressed by characterizing and verifying the impact of ICT infrastructure performance on grid operations, in a digital substation. This can be achieved by determining how protection functionality and thereby power system stability is affected by disturbances to ICT infrastructure.

  • As per the IEC 61850 standard, the maximum tripping time for protection equipment should always be lesser than 10ms. Hence, this can be used as a metric to assess the cyber resilience of a digital substation. This assessment is subject to presence of component failures in the ICT infrastructure of the substation, misconfigurations, and cyber attacks targeting the substation ICT infrastructure.
Test Specification TC22.TS1

Determination of maximum tripping times in the presence of ICT disturbances within a digital substation