A cybersecurity assessment framework for virtual operational technology in power system automation

Abstract

Assessment of cybersecurity in power system automation (PSA) requires a framework to study and analyze the complex relationships between the cyber-based control systems and power systems. A production system is not ideal or available for such assessment due to potential impacts and disruptions. In this paper,11Preliminary idea of this paper has been presented in part at Winter Simulation Conference 2018, Gothenburg, Sweden, December 2018. we propose a framework constituents of power system, process network, communication network, automation network, and enterprize network for cybersecurity assessment in PSA. Both real and virtual components supportability are incorporated in the framework for covering good enough functionalities of power systems maintaining hardware diversity and scalability. A specific instance of the proposed framework, Virtual Operational Technology Network (VOTNet), is presented explaining simulated and emulated systems such as programmable logic controllers (PLCs), network devices, computing systems, software, and tools. The VOTNet consists of a centralized control center deployed with computing devices, an emulated communication network, a substation control center, and power systems. We evaluate and assess the VOTNet for cybersecurity and scalability issues and its cyber–physical impacts under different cyberattacks such as unauthorized access, denial of service (DoS), modbus protocol scanning and data reading, data manipulation/injection, and session hijacking. We also present risk assessment and mitigation against all the demonstrated attacks. Situational awareness and coordination under cyberattacks are also demonstrated. Finally, the usefulness of a virtual testbed in terms of different research applications and lessons learnt from its usage are also presented.