How a cyber attack in Ukraine could cause a massive blackout in Europe


An attack on the power grid in the Ukraine could lead to a blackout Europe. Scientists from Delft University of Technology are warning for this risk. Cyber attacks on the power grid are not new. In 2015 and 2016, large parts of Ukraine were already crippled by Russian cyber attacks. It is expected that the attacks will increase in the coming years. In this article Professor Peter Palensky speaks about the possible risk of cyber attacks for the rest of Europe. We also explain how RTDS simulation tools can help to find weak spots in the power grid and how the effectiveness of countermeasures can be tested. Delft University of Technology has been using these RTDS tools since 2004.


One digital European power grid

Since March, the Ukrainian power grid has been connected to the rest of the European grid. This means that Ukraine can get power from other European countries if there are disruptions in the power grid. But this also brings risks, says Professor of Intelligent Electric Power Grids Peter Palensky. “The European power grid is now one big machine. If one component is attacked, it can knock out power in a city, a country and even a whole continent.” Because the power grid is no longer connected by analogue but digitally these days, the system has become much more vulnerable to attacks. “If you switch off one substation in the high-voltage grid, that’s not a big problem. But if several are switched off at once, a domino effect can occur throughout Europe,” says Palensky. “This used to be virtually impossible. Two transformers would have to explode at the same time. But with the transition to digital, it has become possible for hackers. Those with malicious intent can bring down the whole of Europe.”


Traditional tests blind to vulnerabilities

To find the weak spots in the net, testing and simulation is crucial. Historically, power system protection, control, and automation devices have been tested in a variety of ways: connected to massive analogue simulators (transient grid analyzers), in an open loop with an artificial signal, or via costly and inflexible operational testing that requires portions of the real grid to be brought out of service. As the power system becomes more complex – with a high penetration of converter-based generation, intelligent devices, and communication-based automation, and an increased threat of cyber attacks – traditional testing is more likely to be blind to vulnerabilities. Devices tested through traditional means may misoperate after deployment, interacting with other protection and control equipment or power hardware on the grid. This creates an opportunity for improving the testing and even development process by taking a more system-based approach and allowing for the complexity of the system to be represented in detail.


Real-time simulators needed for cyber security testing


Real-time simulators are used increasingly to find weak spots in power grids. Consisting of specialised hardware and software, they allow the power system to be modelled in real time with a high degree of detail and granularity (via electromagnetic transient simulation). When used in real time, external equipment can be connected to the simulated environment in a closed loop (“hardware-in-the-loop testing”). Closed-loop testing not only provides insight into the response of equipment to a wide variety of grid conditions, but also into the impact of equipment operation on the surrounding power system. It is unique in that it enables system-based testing, with an emphasis on testing multiple devices, multi-vendor interoperability, and device interactions. Real-time simulators are used worldwide by leading power companies, protective and control equipment manufacturers, research and educational institutions and consultants. They provide the opportunity to eliminate the risks associated with grid modernisation projects as much as possible and include modelling and testing facilities specifically aimed at validating smart grid equipment, special protection schemes, WAMPAC systems, renewable energy integration and cyber security.

Delft University of Technology was an early adopter of this technology, having owned and operated a real-time simulator since 2004. Today, in their Electrical Sustainable Power Laboratory, they operate one of the largest real-time simulators in Europe.


The RTDS® Simulator



The RTDS Simulator is designed for the real-time simulation of electrical power systems. The RTDS Simulator is used worldwide as a crucial component of cybersecurity testbeds, in which the simulated power system can be subjected to both intentional and unintentional cyber events and the effect on real protection, control, and measurement equipment can be determined. This provides a realistic, flexible, and safe environment for the validation of energy system security technologies. For example, in the graphic above, a discrete event network simulator is connected to the RTDS Simulator via real-time UDP socket communication. The RTDS Simulator represents a distribution feeder with several distributed energy resources. When the system is in a healthy state, an external program representing an Aggregator takes control action over the DERs based on requests from the DSO such as load-shedding. However, a Man in the Middle or Denial of Service attack could cause significant adverse effects on the grid. The network simulator can be used to simulate these attacks, and the power system simulator provides an opportunity for quantifying these vulnerabilities and/or the effectiveness of countermeasures.

For more information about RTDS solutions, please contact CN Rood.