Cyber Power Data and Log for Coordinated Cyber-Physical Attack

This paper presents a real-time reconfigurable Cyber-Power Grid Operation Testbed (CPGrid-OT) with multi-vendor, industry-grade hardware, and software. The developed testbed allows reconfigurability to some extent by offering flexibility to a) use for transmission or distribution system simulation, b) easily exchange data with diverse platforms interchangeably using standard data interface protocols, and integration of local/ cloud data storage, c) integrate adaptive communication network configuration with software-defined networking (SDN) and, d) perform hardware-in-the-loop experimentation with exchangeable devices using no-wire interfacing. Through CPGrid-OT, we discuss in detail cyber-power data generation, storage, and processing at multiple levels of the testbed. We then demonstrate two use cases with CPGrid-OT - (1) we implement coordinated cyber attacks, similar to GridEx. A step-by-step attack emulation timeline is provided that shows how attackers can compromise the system to adversely impact the power grid. For each step, we show how the generated data from CPGrid-OT can be utilized for resiliency analysis and incident response; (2) we further demonstrate how the generated data can be used to validate advanced tools such as CP-TRAM and SyncAD. Due to the lack of realistic cyber attack data available in the public domain, we provide high-resolution real-time data from both the cyber and power layers of our testbed to help spur the development and validation of cyber-power resiliency tools for future researchers.

本文提出了一种具备实时重构能力的网络电力系统运行测试平台（CPGrid-OT），该平台集成了多厂商的工业级软硬件。该测试平台在一定程度上实现了可重构性，具体表现为：a) 可用于传输或分配系统的模拟；b) 能够通过标准数据接口协议，方便地与不同平台进行数据交换；c) 集成本地/云端数据存储；d) 与软件定义网络（SDN）相结合，实现自适应通信网络配置；e) 通过无需线缆的接口，进行具有可更换设备的硬件在环实验。通过CPGrid-OT，我们对测试平台多层次的网络安全数据生成、存储和处理进行了详细探讨。随后，我们展示了两个使用案例——（1）我们实现了与GridEx类似的协同网络攻击，提供了逐步的攻击模拟时间表，展示了攻击者如何破坏系统以对电网产生不利影响。对于每个步骤，我们都展示了如何利用CPGrid-OT生成的数据进行弹性分析和事件响应；（2）我们进一步展示了如何利用生成的数据验证高级工具，如CP-TRAM和SyncAD。鉴于公共领域缺乏真实的网络攻击数据，我们提供了测试平台网络安全和电力层的高分辨率实时数据，以帮助促进未来研究人员网络安全弹性工具的开发与验证。