In an increasingly digital society, protecting the electrical grid against cyberattacks has never been more important. As part of the European project SDN-microSENSE, SINTEF has helped develop tools to detect and mitigate cyberattacks, but they need to be tested before they can be deployed in the real grid. The solution? Deploy the tools in a simulated grid and launch real cyberattacks at them.
Securing next-generation power networks requires next-generation technology
SDN-microSENSE is a European project that intends to ensure the normal operation of Electrical Power and Energy Systems (EPES), as well as the integrity and confidentiality of communications, by providing a set of tools that are secure, privacy enabled and resilient to cyberattacks.
“The key term is “security” in terms of trying to avoid problems for the population when generating solutions for electrical systems,” says Alfredo González Naranjo, SDN-microSENSE project coordinator and innovation programme manager at Ayesa.
“If you want a technical definition, we’re investigating how to use next-generation communication technology to cyber secure the next-generation electrical power networks,” says Sokratis Katsikas, professor with the Department of Information Security and Communication Technology at the Norwegian University of Science and Technology (NTNU) and director of SFI Norwegian Centre for Cyber Security in Critical Sectors (NORCICS).
When most people think of “cybersecurity”, they probably think of their own personal cybersecurity: social media passwords, online banking logins, etc. However, what does cybersecurity mean for the electrical grid?
The more digital we become, the more vulnerable we are to cyberattacks
The electrical grid is a critical infrastructure in society, and therefore, it is crucial that it is protected from cyberattacks. When considering the threat of cyberattacks on this scale, it is difficult to not think of current events: namely, the invasion of Ukraine and rising tensions between Russia and NATO. However, concerns about cyberattacks cannot be attributed to current events alone.
“As we move towards a digital transformation of industry, the likelihood of cyberattacks increases,” says Sokratis. “For example, Norway is a highly digitalised society in many aspects, so we know what it means if one of these services we enjoy today is somehow broken down by a cyberattack. You can imagine how this can also apply to digitalised industry, in our case, the power network. The more digital we become, the more vulnerable we are to cyberattacks.”
However, cybersecurity isn’t just about protecting the system against cyberattacks.
“I think the other important point is privacy,” Alfredo adds. “Personal data privacy for clients, such as electric utility companies. It’s very important to ensure that the communication data between different systems is correct so that they don’t suffer any attacks and you can’t gather anyone’s personal data.”
The need to protect personal data privacy in electrical grids can also be attributed to society’s digital transformation.
“We have to consider that all processes are digital: when you measure the energy consumption of houses, when you receive your electricity bill… all the calculations of these processes are digital. So you have to ensure that there is no problem with personal data,” says Alfredo.
Put simply, cybersecurity in the electrical grid ensures that when you flip your light switch, your light will turn on or off. But it also stops anyone else from controlling your light remotely or gathering information, such as how long your light is turned on or how many times it’s turned on and off, without you knowing.
Launching real cyberattacks in a simulated environment
SDN-microSENSE has produced a number of tools that can counteract a cyberattack on the electrical grid. All these tools have been tested individually with great success. However, they also need to be tested collectively. This work is part of Use Case 1: Investigation of Cyberattack Scenarios and Methodologies Against EPES.
Use Case 1 is led by NTNU and hosted by SINTEF Energy Research. On 11 May, project members gathered in Trondheim to test the tools’ ability to collectively detect a cyberattack and provide the necessary measurements to help mitigate the attack without any conflicts or errors.
Naturally, these tests could not be run on the actual Norwegian electrical grid. Instead, the tools were deployed in a simulated electrical grid that emulates the real environment. Cyberattacks were then launched at this simulated grid to see how the tools would respond.
The simulated grid was hosted by the Norwegian Smart Grid Laboratory, which was developed with the purpose of testing a wide range of smart grid technologies. It has the capacity to test both hardware, such as converters and switchgear, as well as software, such as communication protocols and cybersecurity programs. The lab’s flexibility and capabilities make it an ideal platform for SDN-microSENSE, as well as other Norwegian projects, such as the Norwegian Centre for Intelligent Electricity Distribution (CINELDI) and NORCICS.
“The Smart Grid lab is a versatile lab that is very well suited to testing and verifying the interaction between components and the electrical system. We can test scenarios that would be too difficult to test in regular pilots,” says Hans Christian Bolstad, senior project manager at SINTEF Energy Research and manager of the lab. “Considering the power grid’s increased degree of autonomy and self-healing, it is important that we improve our understanding on the issues and role of cybersecurity, e.g. for measurements and data.”
“This is the value of the facilities that NTNU and SINTEF have,” says Sokratis. “You can test the tools in a realistic environment without compromising the real one. Then, when you deploy the tools, they are already more or less tested.”
This form of testing enables the research to be taken to a higher technology readiness level (TRL) than would’ve otherwise been possible – and unlocks opportunities for close collaboration with industry as a result.
“Academic research usually goes up to TRL 3 (Experimental proof of concept), at most TRL 4 (Technology validated in lab),” explains Sokratis. “Industry wants TRL 7 (System prototype demonstration in operational environment) and upwards. Initiatives like this help bridge that gap.”
“Once the solution has been integrated into the portfolio of the industry partners, it increases their number of cybersecurity solutions,” says Alfredo. “This is an important point for industrial partners because it’s a way to expand their potential customer base, services, new tools, and so on.”
SDN-microSENSE has six uses cases in total, but Use Case 1 is the most complicated.
“Because there are a lot of tools involved in the use case, there’s a lot of integration to consider and a lot of communication channels between them. So it’s very difficult to test all the different paths,” says Alfredo.
However, this also means that if Use Case 1 is successful, it is reasonable to assume that the other use cases will be too. Various spin-off projects have already been launched that will continue to build on the work started in these use cases.
Broad expertise for flexible solutions
At its core, SDN-microSENSE is a European collaboration, with 33 partners from 15 countries and funding from the European Union’s Horizon 2020 research and innovation programme. The value of such a large European collaboration is twofold. First, it gives the project access to an extremely broad range of expertise.
“This project involves a high number of tools,” says Alfredo. “Each partner provides one or two different tools, and is specialised in a form of technology or a field of knowledge.”
“You cannot expect to find this kind of expertise and knowhow in a single partner, or even among two or three partners, and certainly not in a single country,” Sokratis agrees.
Second, the solutions developed by this project are applicable to numerous countries, rather than just one.
“The added value of having partners with different expertise and knowhow, and who come from different European countries, is that whatever we come up with is potentially usable and exploitable in any of these countries, not just one,” says Sokratis.
“Because regulations are different, technical environments are different, it’s important to ensure that the solutions are applicable to many countries in Europe,” Alfredo adds.
“It is important for researchers to interact with other European partners. This European interaction brings pluricultural solutions to problems like the cybersecurity on future electric power systems,” says SINTEF’s Santiago Sanchez-Acevedo.
SINTEF contacts for SDN-microSENSE:
A version of this blog was also published on SDN-microSENSE’s website in three parts.