IEEE TRANSACTIONS ON SMART GRID Analyzing the Cyber-Physical Impact of Cyber Events on the Power Grid R. Liu, Student Member, IEEE, C. Vellaithurai, Member, IEEE, S. Biswas, Student Member, IEEE, T. Gamage, Member, IEEE, A. Srivastava, Senior Member, IEEE Abstract—With ongoing smart grid activities, advancements in Information and Communication Technology (ICT) coupled with development of sensors are utilized for better situational awareness, decision support, and control of the power grid. How- ever, it is critical to understand the complex interdependencies between cyber and power domains, and also the potential impacts of cyber events on the power grid. In this paper, the impact of three different possible cyber events on physical power grid have been analyzed using an integrated cyber-power modeling and simulation testbed. Real-time modeling of end-to-end cyber- power systems have been developed with hardware-in-the-loop capabilities. Real-Time Digital Simulator (RTDS), synchrophasor devices, DeterLab, and Network Simulator-3 (NS-3) are utilized in this developed testbed with a wide-area control algorithm and associated closed-loop control. DeterLab can be used to model real-life cyber events in the developed cyber-physical testbed. Man-in-the-middle and denial-of-service attacks have been modeled as specific cases for IEEE standard test cases. Additionally, communication failure impact on the power grid has been analyzed using the testbed. Index Terms—Cyber-Power, Real-Time Simulation, NS-3, De- terLab, RTDS, Wide-Area Control, Cyber Security, Synchropha- sor Devices I. I NTRODUCTION T he impact of cyber attacks on power systems has been at the forefront of research in recent years. Smart grids – traditional electric power grids augmented with highly integrated communication and computational capabilities – depend significantly more on data transfers, with higher quality of service (QoS), than their traditional counterparts [1], [2]. Due to their highly integrated nature, smart grids are also more vulnerable to cyber threats and attacks. However, the true cyber-physical impact of such attacks is not always clear, and needs to be analyzed. An integrated cyber-physical testbed provides an excellent platform to understand the intricate relationship between the power system and the associated cyber system through real-time modeling and simulation, and to directly observe the in-depth impact of cyber events on the simulated power system. This research was funded in part by Department of Energy (DoE) Award Number DE-OE0000097 (Trustworthy Cyber Infrastructure for the Power Grid). R. Liu, A. Srivastava are with the School of Electrical Engineering and Computer Science, Washington State University, Pullman WA 99164 USA, e-mail: asrivast@eecs.wsu.edu. T. Gamage is with the Southern Illinois University, Edwardsville, IL 62026 USA C. Vellaithurai is with Schweizer Engineering Laboratories (SEL), Pullman, WA 99163 USA. S. Biswas is with the ALSTOM, Redmond, WA, USA Most of the existing research work have explored either cyber system or power system vulnerabilities, but not both in a comprehensive and truly integrated manner. In [3], the authors present the impact of data integrity attacks on voltage control loop. In [4], the impact of cyber attacks on transient stability of smart grids with voltage support devices is discussed. A framework that models a class of cyber-physical switching vulnerabilities in smart grid systems is found in [5]. An address resolution protocol (ARP) spoofing based man-in-the- middle attack has been shown in [6]. Most recent testbed development efforts suggest to have one or more of the following disadvantages: (i) lack of hardware interface to integrate the real hardware-in-the-loop; (ii) lack of end-to-end system modeling; and (iii) lack of real time dynamic unbalanced system simulation. For example, the national SCADA testbed (NSTB) [7] utilizes actual physical grid components including generation, transmission, and com- munication networks, in addition to incorporating real world data from industry collaborators 1 . Virtual control system en- vironment (VCSE) [8] uses OPNET as the network simulator and PowerWorld as power system simulator, and provides a platform for creating a large-scale control system test envi- ronment. SCADA CST [9] is similar to VCSE except that it uses the real-time immersive network simulation environment (RINSE) to simulate the communication network. A virtual power system testbed that utilizes RINSE and PowerWorld is found in [10]. A hardware-in-the-loop testbed that uses the real-time digital simulator (RTDS) as the power system simulator is found in [11]. GECO testbed [12] utilizes GE’s positive sequence load flow (PSLF) and network simulator- 2 (NS-2). The Iown State University testbed [13] uses RTDS and the internet-scale event and attack generation environment (ISEAGE). In this work, our goal is to analyze the direct cyber- physical impact of specific cyber attacks on the power sys- tem not limited by the observed cyber vulnerabilities of the given power system. To reach this goal, a comprehensive and reconfigurable cyber-physical testbed that can be used to model and simulate most practical cyber events is required. Towards this end, we’ve developed a comprehensive cyber- physical testbed for real-time end-to-end system simulation that integrates a simulated power grid, hardware sensors and controllers, industry grade substation and control center level data concentrators, emulated communication network, and 1 NSTB has helped in identifying several cyber vulnerabilities and developed cost-effective methods for secure communication between control centers and remote devices Submitted for publication. Author copy - do not redistribute.