Back to search

ENERGIX-Stort program energi

Security of supply in smartgrids with interacting digital systems

Alternative title: Forsyningssikkerhet i smarte nett med samhandlende digitale systemer

Awarded: NOK 4.5 mill.

Project Number:

296381

Project Period:

2019 - 2023

Funding received from:

Organisation:

Location:

Subject Fields:

The requirements for a functional and flexible power grid are increasing as a result of electrification and the green transition of society. Renewable energy sources, flexible resources, and new loads demand more active monitoring, control, and management of the power grid in order to maintain security of supply at an acceptable cost. This requires increased access to data, and thus more sensors, more communication, liberation of data that has previously been isolated in the control system for new purposes, and exchange of data to new services and suppliers. The result is a smarter power grid that can be characterized as a complex cyber-physical system of systems, where the reliability of the physical power system increasingly depends on the cyber security of digital networks and vice versa. The digital networks increase the number of possible attack points for malicious actors, and dependencies between different systems introduce new vulnerabilities. The grid companies must be able to understand and handle this new risk picture. This need has been exemplified by previous power outages such as the power outage in Ukraine in 2015 caused by hackers. The need is increasing in today’s geopolitical situation with war in the Ucraine. The InterSecure project brought together expertise from both the power and ICT domains of Norwegian grid companies, research institutions and government agencies to develop risk management methods and tools that enable grid companies to handle the new risk picture. The project was based on well-known and standardized processes for risk management, including ISO 31000, as well as existing practices at the grid companies today. By relating the new methods that are developed to existing processes, it is ensured that the methods can easily be used by the grid companies without the need for major adaptations. There are five main results from the project. 1) An updated framework for risk management has been created based on ISO 31000 and NS 5814. The framework enables a more iterative risk management and consists of three main phases; plan, assess and manage. Among the new elements are stakeholder analysis and value assessment of what is to be protected. 2) Threat modeling has been carried out for the secondary substation and conditional connection agreements in the project using the Microsoft Threat Modeling tool and a smart grid template, which can be found here: https://github.com/SINTEF-Infosec/Smart-Grid-Threat-Modeling-Template. For the secondary substation, information disclosure and denial of service were identified as the most critical threats. 3) Two simulation models have also been developed to be able to verify threats. These two models consist of two digital secondary substations and an operations center. The first model was created in the Mininet network emulator and is the most important model because it is easy to use. There is a demonstration of the model on Youtube; https://www.youtube.com/playlist?list=PLL3pXQi4Q7Ur03kmHE2SzqvD4RFFRJde7 The second model was created using different virtual machines for each component. You can read more about this model here: . 4) An approach has also been created to assess vulnerabilities and failure consequences for a cyber-physical power system based on a bow-tie model. This approach focuses on security of supply and is based on critical components, i.e., components that have a direct impact on the power supply. The approach was tested on a case related to conditional connection agreements with a focus on an unwanted event where the circuit breaker does not disconnect customers when necessary. The reason for the circuit breaker failing to open on demand can be both technical failure and deliberate actions. 5) A template for barrier management was also developed which has been added to Proactima's tool Dmaze (https://proactima.com/digitale-verktoy/#dmaze). This template can help companies follow up on barriers by describing barrier functions, responsible persons and any measures that must be taken to maintain the barrier. A blog summarizing the project can be found here: https://blog.sintef.com/sintefenergy/security-of-supply-in-smart-grids-with-interacting-digital-systems/

The project will provide grid operators with ways to identify, understand and limit new threats and vulnerabilities arising due to interactions between different digital systems. The developed methods will increase the competence in digital technology and its utilization, ensure robust systems and processes, and save the grid companies costs and problems associated with the introduction of new technology. Ultimately, the methods will help limit failures and supply interruptions. This is increasingly important in a society where constantly more societal critical functions depend on an intelligent, secure and reliable electricity distribution. The value of the project will be realized by applying the developed methods to the grids of the participating grid companies. A training course has been developed during the project. After the project finalization, the training course will be available, on request, for interested companies. Some of the methods will be maintained and further developed by Proactima. The project will also try to get additional dissemination after the project. The methods developed in the project will be taken further in new research project.

The main objective of the project is to develop methods for assessing, handling and limiting threats and vulnerabilities arising due to interactions between the SCADA system and other digital systems, in order to maintain the security of supply in smartgrids at a high level. Realizing the promise of increased functionality and flexibility in the future smartgrid requires an updated ICT architecture with a stronger integration of systems, such as SCADA, distribution management system (DMS), outage management system (OMS) and advanced metering system (AMS). This interoperability and complexity may introduce new threats and vulnerabilities that distribution grid companies need to identify, understand and manage. Starting by identifying the most critical systems with respect to the security of supply and their interactions, this project will develop risk management methods and tools capable of addressing digitalisation, automation and interoperability. The developed methods and tools will increase the competence in digital technology and its utilization, ensure robust systems and processes making the distribution grid inherently resilient to threats and failures, and save the grid companies costs and problems associated with the introduction of new technology. Ultimately, the tools will help limit failures and supply interruptions, thereby reducing costs and maintaining the companies' reputation. The main challenge that the research will address is a lack of appropriate and easily accessible methods and tools for grid operators. There are several risk management methods and tools available today, however, these are not adapted to the future smartgrid with interacting digital systems. The project will address this using a top-down approach with e.g. case studies and simulations, while ensuring that the whole electricity grid from generation to consumer is considered.

Publications from Cristin

No publications found

Funding scheme:

ENERGIX-Stort program energi