ARCSG: Advancing Resilience of Cyber-Physical Smart Grid: An Integrated Co-Simulation Approach Incorporating Indicators of Compromise

Abstract

Modelling and simulation techniques offer cost-effective solutions for developing frameworks and modules that address the intertwined cyber-physical security challenges in the Smart Grid (SG) domain. While some existing co-simulation approaches consider both communication networks and power systems, they often overlook the importance of incorporating Indicators of Compromise (IOCs) in their analysis, which are crucial for detecting and mitigating cyber threats.In response to this gap, we introduce ARCSG, a co-simulation approach to study and enhance the resilience of complex cyber-physical power systems against cyber threats, with a particular focus on incorporating IOCs. Our design employs the Common Open Research Emulator (CORE) to emulate the cyber network and uses PowerWorld to model the power system processes. We incorporate control system components such as OpenPLC and ScadaBR. The co-simulation supports various protocols for monitoring and controlling the grid, such as Modbus, DNP3, ICCP, and PCCC. We demonstrate the effectiveness of our design by validating it through a false command attack on a PowerWorld case. Our approach aims to bolster the detection and mitigation of cyber threats by facilitating an advanced post-incident analysis. Such analysis empowers operators to rapidly identify the severity of a security violation, understand the strategies the adversary employed to initially breach security defences, and evaluate the comprehensive impact of the incident.