NAME Laboratory of Cybersecurity in the Smart Grid

MOST OUTSTANDING EQUIPMENT AND COMPONENTS

• CONTROL CENTER

  The laboratory is composed of two environments, the Control Center environment in which a SCADA has been installed and that simulates the operation of the electric grid (reduced to a substation), and the substation environment in which the electronic equipment is installed (SCU and relays of Protection).

  CONTROL CENTER COMPONENTS:
  The components of the Control Center environment are:
  -Router: Allows to establish a VPN connection with the router of the substation.
  -Internal Switch: Connects all computers in the control center.
  -SCADA equipment. It contains the monitoring and control software (SCADA) of the substation. It also allows to modify the configuration of the IEDs from the Control Center.
  -Computer LDAP and NTP servers: This equipment houses the different servers that are accessed from the IEDs of the substation:
  -Server running the services:
  * LDAP: Performs management of the control, access (authentication and authorization) of users and information systems to the IEDS.
  * NTP — provides the time synchronization service.

• SecureGrid Hacking Tool Box (HTB)

  SecureGrid Hacking Tool Box (HTB) is a tool box that allows to configure and perform different penetration tests to electronic devices of an electric substation.
  SecureGrid HTB is thought to be used by the equipment manufacturers to check the security level of their equipment.

• SOTER

  Monitoring of anomalies in electrical substations and industrial plants

• SUBSTATION

  The laboratory is composed of two environments, the Control Center environment in which a SCADA has been installed and that simulates the operation of the electric grid (reduced to a substation), and the substation environment in which the electronic equipment is installed (SCU and relays of Protection).

  SUBSTATION COMPONENTS:
  -Router: Allows to establish a VPN connection with the router of the control center.
  -Substation Control Unit (SCU): It makes the functions of a remote unit by establishing the communication with the SCADA of the control center through the Telecontrol IEC 60870-5-104 Telecontrol protocol. Other protocols that are accepted are the Modbus TCP and the DNP3-TCP. On the other hand, it also makes the client functions 61850 of the protection relays through the protocol IEC-61850.
  -Industrial Switch: Connects all IEDs by setting up the substation Bus.
  -Protection relays: Perform the protection functions of the electrical equipment (switches, transformers,...). These relays implement the Protocol IEC-61850, which allows them to receive the electrical signals generated by the team OMICRON – CMC 850, communicate with the SCU, and launch GOOSE between them.
  -Power supplies: Those relays whose power supply is in continuous (VCC) are equipped with their corresponding power supply.
  -SCADA equipment. It contains the monitoring and control software (SCADA) of the substation. It also allows to modify the configuration of the IEDs from the Control Center.
  -OMICRON – CMC 850: Allows to simulate up to 3 Merging units, electrical data acquisition equipment of the substation. This equipment is connected to the TCP/IP protection relays via the substation Bus.
  -OMICRON – CMC 256: Allows to simulate electrical signals and connect them directly to the protection relays through the digital input and output connections. In addition, it allows to simulate the activity of switches.

• WHITEZONE

  WHITEZONE prevents malware presence at the operational zone of industrial plants, restricting the access to the delimeted area designed as operational zone, only to the authorised users carrying safe and identified software. This is a way of securing the industrial zone and improving the update process of the industrial production control (ICS) devices. It offers the following functionalities:

  • Ensures that the information that is to be used within the operational zone by means of a USB key is secure, i.e. there is no virus or malware.
  • Authenticates users manually or via an NFC card.
  • Allows to choose the data that is going to be used in the protected zone and analyzes it to search for any virus or malware or any data not allowed through a multi-virus service in the cloud. If this verification is exceeded, it ejects a key "USB Whitezone ©" where the encrypted and signed data will be copied, to avoid modifications. These USB Whitezone © will be the only valid one within the protected operational zone. In addition, this component sends, in real time, all its activity to the BackEnd software.
  • The Software Agent is an element that controls all USB port activity on the computer on which it is installed. If a non-Whitezone © USB device is inserted, it will be ejected immediately, making it impossible to use. If a USB Whitezone © is connected, it verifies that its contents have not been altered. If it has been altered, ejects the USB and otherwise decrypt the information contained so that the data is available. The software agent can communicate, in real time, all its activity to the BackEnd.