basque digital innovation HUB logo
back to search

NAME

Smart Grid-en Zibersegurtasuneko laborategia

DESCRIPTION

Smart Grid-en Zibersegurtasuneko laborategiak, Lehen mailako banaketa-subestazioa batetako komunikazioetako Software-Hardware ingurunea antzeratzen du, non subestazio elektriko baten ekipamendu elektrikoak (interruptoreak, transformadoreak…) kontrolatzen eta superbisatzen duten ekipamendu elektronikoak (IED) zabaldu dira. Halaber, subestazio ekipoetara konektatzen den, oinarrizko funtzioak dituen Kontrol zentroa simulatzen da
Laborategiak aukera ematen du honako hau egiteko:
- Kontrol-zentroaren eta azpikuntzaren ekipamendu eta sistemen arteko benetako komunikazioa simulatzea.
- Sartze probak sortzeko tresnen bidez (hacking etikoa), zibererasoen multzoa erreproduzitu
- Eraso horien aurre, ekipoen (RTU, SCU, babes releak, …) eta kanpoko fabrikatzaileen Informazio sistemen (SCADA, servidor LDAP, …) erantzuna probatu
- Kanpoko fabrikatzaileek garatutako erasotzeko detekzio tresnen eraginkortasuna frogatu.
- Ingurumen biak (subestazioa eta Kontrol zentroa) bi routeren artean ezarritako Ethernet sare baten bidez konektaturik daude. Horrek kanpoko sarreren kudeaketa ahalbidetzen du. Router biek VPN konexioa ezartzen dute

MOST OUTSTANDING EQUIPMENT AND COMPONENTS

CONTROL CENTER +

The laboratory is composed of two environments, the Control Center environment in which a SCADA has been installed and that simulates the operation of the electric grid (reduced to a substation), and the substation environment in which the electronic equipment is installed (SCU and relays of Protection).

CONTROL CENTER COMPONENTS:
The components of the Control Center environment are:
-Router: Allows to establish a VPN connection with the router of the substation.
-Internal Switch: Connects all computers in the control center.
-SCADA equipment. It contains the monitoring and control software (SCADA) of the substation. It also allows to modify the configuration of the IEDs from the Control Center.
-Computer LDAP and NTP servers: This equipment houses the different servers that are accessed from the IEDs of the substation:
-Server running the services:
* LDAP: Performs management of the control, access (authentication and authorization) of users and information systems to the IEDS.
* NTP — provides the time synchronization service.

SecureGrid Hacking Tool Box (HTB) +

SecureGrid Hacking Tool Box (HTB) is a tool box that allows to configure and perform different penetration tests to electronic devices of an electric substation.
SecureGrid HTB is thought to be used by the equipment manufacturers to check the security level of their equipment.

SOTER +

Monitoring of anomalies in electrical substations and industrial plants

SUBSTATION +

The laboratory is composed of two environments, the Control Center environment in which a SCADA has been installed and that simulates the operation of the electric grid (reduced to a substation), and the substation environment in which the electronic equipment is installed (SCU and relays of Protection).

SUBSTATION COMPONENTS:
-Router: Allows to establish a VPN connection with the router of the control center.
-Substation Control Unit (SCU): It makes the functions of a remote unit by establishing the communication with the SCADA of the control center through the Telecontrol IEC 60870-5-104 Telecontrol protocol. Other protocols that are accepted are the Modbus TCP and the DNP3-TCP. On the other hand, it also makes the client functions 61850 of the protection relays through the protocol IEC-61850.
-Industrial Switch: Connects all IEDs by setting up the substation Bus.
-Protection relays: Perform the protection functions of the electrical equipment (switches, transformers,...). These relays implement the Protocol IEC-61850, which allows them to receive the electrical signals generated by the team OMICRON – CMC 850, communicate with the SCU, and launch GOOSE between them.
-Power supplies: Those relays whose power supply is in continuous (VCC) are equipped with their corresponding power supply.
-SCADA equipment. It contains the monitoring and control software (SCADA) of the substation. It also allows to modify the configuration of the IEDs from the Control Center.
-OMICRON – CMC 850: Allows to simulate up to 3 Merging units, electrical data acquisition equipment of the substation. This equipment is connected to the TCP/IP protection relays via the substation Bus.
-OMICRON – CMC 256: Allows to simulate electrical signals and connect them directly to the protection relays through the digital input and output connections. In addition, it allows to simulate the activity of switches.

WHITEZONE +

WHITEZONE prevents malware presence at the operational zone of industrial plants, restricting the access to the delimeted area designed as operational zone, only to the authorised users carrying safe and identified software. This is a way of securing the industrial zone and improving the update process of the industrial production control (ICS) devices. It offers the following functionalities:

• Ensures that the information that is to be used within the operational zone by means of a USB key is secure, i.e. there is no virus or malware.
• Authenticates users manually or via an NFC card.
• Allows to choose the data that is going to be used in the protected zone and analyzes it to search for any virus or malware or any data not allowed through a multi-virus service in the cloud. If this verification is exceeded, it ejects a key "USB Whitezone ©" where the encrypted and signed data will be copied, to avoid modifications. These USB Whitezone © will be the only valid one within the protected operational zone. In addition, this component sends, in real time, all its activity to the BackEnd software.
• The Software Agent is an element that controls all USB port activity on the computer on which it is installed. If a non-Whitezone © USB device is inserted, it will be ejected immediately, making it impossible to use. If a USB Whitezone © is connected, it verifies that its contents have not been altered. If it has been altered, ejects the USB and otherwise decrypt the information contained so that the data is available. The software agent can communicate, in real time, all its activity to the BackEnd.

SERVICES OFFERED BY THE ASSET

ENTITY MANAGING THE ASSET

FUNDACIÓN TECNALIA RESEARCH & INNOVATION

Parque Científico y Tecnológico de Bizkaia, C/ Geldo , Edificio 700

48160 DERIO, BIZKAIA

Contact person:

Ana Isabel Ayerbe Fernandez-Cuesta

ana.ayerbe@tecnalia.com

imprimir

Ask for your proposal 4.0

Other related assets

Ask for your proposal

Let us get to know you better. Answer some questions and your 4.0
link will present you with the best proposal for incorporating 4.0 solutions

  • OrdenNecesidades 
    Order from 1 to 3, with 1 being your highest priority