International Conference on Renewable Energies and Power Quality (ICREPQ’16) Madrid (Spain), 4 th to 6 th May, 2016 Renewable Energy and Power Quality Journal (RE&PQJ) ISSN 2172-038 X, No.14 May 2016 Design and development of a test environment to analyze the impact of cyber attacks on the electrical distribution network Ioannis Moschos 1 , David Lavérnia Ferrer 1 , J.-I. Cairó 1 1 IREC, Catalonia Institute for Energy Research C. Jardins de les Dones de Negre, 1, Pl. 2a, 08930 Sant Adriá del Besós, Barcelona, Spain Phone: +34 933 562 615. e-mail: icairo@irec.cat Abstract. Extensive use of information and communication technology infrastructure (ICT) in today’s electrical networks is empowering the Smart Grid growth, but at the same time lays the foundation for cyber threats to the more vulnerable premises of the system. The purpose of this work is twofold. First, to build a simulation environment that covers the impact assessment of cyber attacks on a distribution network´s power components. Second, to propose a testbed architecture which will be comprised from the aforementioned simulation tool combined with a hardware-implemented microgrid. The final cyber-to- physical environment would provide a more accurate embodiment of information data flow through real communication paths. This will enable developing, integrating and conceiving cyber attacks’ impact on realistic scenarios. The testbed environment would have a strong emphasis on Distributed Renewable Energy Resources (DER). The power system simulation tool used in this work is DIgSILENT Powerfactory. IREC’s microgrid SmartLab facilities are utilized in the complete test bed formulation. Key words cyber attack, distribution grid, power system simulation, DIgSILENT, DER 1. Introduction Critical Infrastructures like electrical networks become increasingly dependent on ICT resources, since there is a growing need for higher data flow, remote monitoring and control and better interoperability between different network components. The novel schemes that enable Smart Grid functions, such as self-healing, Demand Side Management and centralized control of generation and demand premises are based on complex ICT systems that are unavoidably more vulnerable to cyber threats. For instance, a SCADA environment utilizes protocols such as Modbus and DNP3, which are proven susceptible to cyber intruders [1]. What makes cyber attacks really threatening is their immediate and sometimes devastating effect at a very low cost. In addition, they are usually deceptive –the intruders make the system operators ‘blind’ to the attack– as it was the case with the Stuxnet computer worm that forced nuclear centrifuges in Iran to tear themselves apart [2]. This results in two major problems; the attack can reach its final process disruption (e.g. blackout) without being detected and the authorities cannot trace back the identity of the attacker. Efforts in grid resilience against cyber threats are constantly improving. The U.K. is going to increase spending on its cyber security program to 860 million pounds by December 2015, in order to reduce the cyber threat risks [3]. National security centers are also being established all over Europe to monitor and protect critical infrastructure [4]. European Commission has already determined a cybersecurity strategy in the European Union that addresses industrial, economical and organizational milestones which will lead a strengthened cyberspace [5]. Despite all these ventures, a recent attack at the Sony Pictures entertainment company demonstrated that hackers still possess high ability in acquiring control of critical IT services [6]. A. Related research work Several studies have been conducted in the past related with cybersecurity in the smart grid. The topic is vast and the literature covers many different schemes, for instance the vulnerability of components, risk assessment, prevention and mitigation of the attacks. Studies that use simulation techniques for examining the impact of cyber attacks can be classified in three main categories:  Based on the time scale of phenomena that are investigated. Power system simulations can be steady-state, transient or real-time. Communication and control components however, require a discrete event simulation approach. Authors in [7] discuss all these aspects in detail.  Depending on the Smart Grid layers being modeled, which also affects the number of software tools used. Cyber attacks occur at the information/control or the communication layer https://doi.org/10.24084/repqj14.402 583 RE&PQJ, No.14, May 2016