Auto-SGCR: Automated Generation of Smart Grid Cyber Range Using IEC 61850 Standard Models

Digitalization of power grids have made them increasingly susceptible to cyber-attacks in the past decade. Iterative cybersecurity testing (i.e., red-team testing or penetration testing) is indispensable to counter emerging attack vectors and to ensure dependability of critical infrastructure. Furthermore, these can be used to evaluate cybersecurity configuration, effectiveness of the cybersecurity measures against various attack vectors, and to train smart grid cybersecurity experts defending the system. Facilitating extensive experiments narrows the gap between academic research and production environment. A high-fidelity cyber range (a virtual cybersecurity testbed emulating smart grid systems) is vital as it is often infeasible to conduct such experiments and training using production environment. However, the design and implementation of cyber range requires extensive domain knowledge of physical and cyber aspect of the infrastructure. Furthermore, costs incurred for setup and maintenance of cyber range are significant. Moreover, most existing smart grid cyber ranges are designed as a one-off, proprietary system, and are limited in terms of configurability, accessibility, portability, and reproducibility. To address these challenges, an automated smart grid cyber range generation framework (Auto-SGCR) is presented in this article. Initially a human-/machine-friendly, XML-based modeling language called smart grid modeling language (SG-ML) was defined, which incorporates IEC 61850 system configuration language files. Subsequently, a tool chain to parse SG-ML model files and automatically instantiate a functional smart grid cyber range was developed. The developed SG-ML models can be easily shared and/or modified to reproduce or customize for any cyber range. The application of Auto-SGCR is demonstrated through case studies with large-scale substation models. The toolchain along with example SG-ML models have been open-sourced.