Improved cyber-attack detection support with dLab’s solution

In our modern society, the consequences of power outages are becoming increasingly serious, and the power grid is today classified as a critical infrastructure, hence a target for sabotage and various cyber-attacks. Improving IT security is a multifaceted problem and requires different strategies depending on situation and nature of threat.

Cyber-attacks that compromise data integrity in SCADA systems such as an unauthorized manipulation of control signals or sensors could have a severe impact on the operation of the grid as it could mislead system operators into making wrong decisions.

Adding a possibility to automatically correlate two real-time data streams measuring the same parameters but originating from two different sources can prove to be an effective solution to the latter case.

A fully air-gapped digital twin of the distribution substation

Swedish Dlaboratory (dLab) has developed a versatile distribution substation solution that address outage management strategies, power quality and load profiling.

A key advantage of the solution is the ability to act as a real-time digital twin of the distribution substation, measuring the same parameters as existing infrastructure but using a fully air-gapped system.

 On a top-level, dLab’s platform can be thought of as a three-parts system

Hardware – dBox

  • A tailored and highly scalable configuration consisting of high-tier industrial automation Measure voltages from all VTs, and currents from the protection core on all CTs (utilizing in-house designed hall element-based current sensors).
  • High sampling rate (20kHz).
  • Non-invasive installation.
  • High data storage capacity securing that no data is lost in the event of an outage or temporary communication downtime.

Communication

  • Utilizes the cellular network, VPN tunnels and encryption to transfer data between dBox and application platform.
  • Possible to utilize any existing communication infrastructure.

Application platform

  • Continuously collects data and events from the dBox, and can for this specific purpose:
    • Identify breaker positions and breaker operations.
    • Measure load and identify load changes.
    • Measure active and reactive power flow.
    • Identify grid disturbance conditions.
  • Can reside in the cloud or on-premises.

Analyzed data can be exported from the application platform for further comparison with existing data and information in e.g. SCADA. Through the comparison between the two systems, deviations can be identified indicating potential cyber-attacks.

Read more about our solution.

Contact us for more information