Date Closed: November 2016

The purpose of this project was to build a comprehensive, extensible smart power grid testbed for cyber security evaluation and experimentation with specialized capabilities to permit future evaluation of new devices and network monitoring. It sought to develop a layered approach to cyber security that focuses on detecting the insertion of unauthorized devices on the network and detecting abnormal behavior of authorized devices. It also aimed to develop advanced intrusion detection techniques to detect previously unseen attacks on the network and advanced device identification techniques to detect unauthorized devices that have been inserted into the network. In the process of conducting this research, it was discovered that there are other testbeds that can be potentially leveraged and that there is a lack of understanding of real traffic on live substation networks in the technical community. In addition, feedback from the technical advisors indicated that operators desire situational awareness of substation networks but have very little to no security expertise, although they possess basic networking skills. This project included six primary tasks:

  1. Build a testbed and integrate it with existing infrastructure in the GT ECE Power Systems lab
  2. Develop custom software / system to monitor traffic in live substation
  3. Characterize traffic on live substation network
  4. 4 Detect flaws in nodes in the network and report flaws to ICS-CERT
  5. Develop "monitoring portion" of the Network Monitoring and Security System
  6. Develop "security portion" of the Network Monitoring and Security System

Through the completion of these tasks, the first detailed substation traffic characterization study was conducted. This study discovered flaws in several different relay, monitoring, and control system devices. These flaws affected 68% of the devices of a NEETRAC member's substation equipment. The flaws were reported to ICS-CERT and Georgia Tech/NEETRAC is working with ICS-CERT and vendors to generate patches, some of which have already been made. Finally, this project developed an open source monitoring and security system that can immediately improve the security posture of members' substation networks.