Periodic Reporting for period 1 - eFORT (Establishment of a FramewORk for Transforming current EPES into a more resilient, reliable and secure system all over its value chain)
Période du rapport: 2022-09-01 au 2024-02-29
Prompted by the need to comply with environmental and societal concerns, Electrical Power and Energy Systems (EPES) are undergoing an unprecedented transformation, demanding urgent upgrades to make them more reliable and resilient. The present system is a vastly interconnected power grid facing a broad variety of threats jeopardizing energy supply security. In the last 20 years, the number of blackout events and their respective impacts have grown steadily. Strongly linked to climate change, weather-related blackouts are set to become even more frequent and severe in the future. The power sector has also become a prime target for criminals with cyberattacks surging by 380% in last years. On the other hand, improving grid resiliency is a key factor to enhance locally produced energy efficiency (mostly renewable). The required grid modernization implies developments in: (i) digitalization, (ii) communication and control technologies, (iii) integration of distributed energy resources (DERs) and electrical transportation systems, and (iv) real-time data management. Upgrading the grid and the communication strategies to deliver electricity more reliably and efficiently will greatly reduce the frequency and duration of power blackouts, diminish the impact of disruptive events and restore service faster when outages occur.
Based on this, the main objective of eFORT is to make European power grids more resilient and reliable to failures, cyberattacks, physical disturbances and data privacy issues. To this end, technological innovations will be developed for the detection, prevention and mitigation of risks and vulnerabilities and positive impact on operation. Specific objectives also include a characterisation and common repository of vulnerabilities and threats to the EPES, along with their impact; a secure data sharing framework, and developing secure-by-design operation technologies. The results will be demonstrated in 4 real-scale sites covering a complete overwiew of the grid: transmission and cascading effects (Netherlands), Distribution (Ukraine), Generation and Islanding modes (Italy) and DER (Spain).
As for the expected impact, the proposed holistic security framework to protect the EPES against man-made hazards and extreme weather events will lead to several contributions in the field of ensuring the continuity and recovery of this critical system. The specific impact factors respond to the expected outcomes, “Demonstration of increased energy system reliability and resilience” and “Preventing or ensuring rapid recovery following disturbances”.
Based on this, the main objective of eFORT is to make European power grids more resilient and reliable to failures, cyberattacks, physical disturbances and data privacy issues. To this end, technological innovations will be developed for the detection, prevention and mitigation of risks and vulnerabilities and positive impact on operation. Specific objectives also include a characterisation and common repository of vulnerabilities and threats to the EPES, along with their impact; a secure data sharing framework, and developing secure-by-design operation technologies. The results will be demonstrated in 4 real-scale sites covering a complete overwiew of the grid: transmission and cascading effects (Netherlands), Distribution (Ukraine), Generation and Islanding modes (Italy) and DER (Spain).
As for the expected impact, the proposed holistic security framework to protect the EPES against man-made hazards and extreme weather events will lead to several contributions in the field of ensuring the continuity and recovery of this critical system. The specific impact factors respond to the expected outcomes, “Demonstration of increased energy system reliability and resilience” and “Preventing or ensuring rapid recovery following disturbances”.
So far, the project has focused on 2 main working lines. The first one is devoted to a deep understanding on the vulnerabilities and risks of the European power grid, both currently existing and arising ones, in its transition to a more digitalised and decentralised system. In this sense, a characterisation of the power grid for an enhanced comprehension and classification of its assets and vulnerabilities has been carried out. An ordered enumeration of the EPES structure has been listed, followed by a threat analysis classifying the results into three categories (natural, technological and human-caused). Almost 30 subdivisions have been identified. Regarding vulnerabilities, an extensive literature survey produced the corresponding list, sorted by their main impact: on the infrastructure (generation, transmission, distribution, demand) or on the process (operation, planning, human resources, financial).
Next, a crossed severity-impact evaluation has been carried out both on threats and vulnerabilities, combined in a risk heat map introducing the events likelihood for a visual interpretation of the overall impact of the threat-vulnerability combinations. Heat waves, floodings, incomplete integration of systems and connection losses were identified as the most critical risks from the literature. Consulted experts pointed additionally to hacking and cyber-crime, operational faults or unpredictable load shifts.
The characterisation of cascading effects in the power grid has been another key activity so far. The conclusions indicate that cascading effects mainly can be caused either from internal causes, (equipment failures, human error, malfunctions, bad monitoring), or from external ones (natural disasters, cyber-attacks, infrastructure interdependencies). In addition, the time to a blackout is preceded by a propagation period where a point of no return can be established and the overall process can be accelerated by cyber-attacks.
The second main line was developing a robust EPES defence system composed of secure-by-design technologies capable of facing a wide range of potential threats in compliance with real-time requirements. Although the final results will be concentrated within the 3rd year of the project, some steps have already been taken: dynamic risk assessment tool (designed in physical and cyber domains, with a methodology that has been published), control scheme for islanding operation (first version of the algorithm), IDS (capture and analysis of real data sets) or the intelligent platform (partner contribution, architecture and API definition).
Next, a crossed severity-impact evaluation has been carried out both on threats and vulnerabilities, combined in a risk heat map introducing the events likelihood for a visual interpretation of the overall impact of the threat-vulnerability combinations. Heat waves, floodings, incomplete integration of systems and connection losses were identified as the most critical risks from the literature. Consulted experts pointed additionally to hacking and cyber-crime, operational faults or unpredictable load shifts.
The characterisation of cascading effects in the power grid has been another key activity so far. The conclusions indicate that cascading effects mainly can be caused either from internal causes, (equipment failures, human error, malfunctions, bad monitoring), or from external ones (natural disasters, cyber-attacks, infrastructure interdependencies). In addition, the time to a blackout is preceded by a propagation period where a point of no return can be established and the overall process can be accelerated by cyber-attacks.
The second main line was developing a robust EPES defence system composed of secure-by-design technologies capable of facing a wide range of potential threats in compliance with real-time requirements. Although the final results will be concentrated within the 3rd year of the project, some steps have already been taken: dynamic risk assessment tool (designed in physical and cyber domains, with a methodology that has been published), control scheme for islanding operation (first version of the algorithm), IDS (capture and analysis of real data sets) or the intelligent platform (partner contribution, architecture and API definition).
The main results in the 1st period are related with EPES and threat characterization and with for cascading effects analysis. The former main conclusions include a risk scoring process (qualitative scoring from low to high) adopted to improve the risk assessment process and the prioritization of the various EPES vulnerabilities. Risk heat maps have been created after the pertinent scoring criteria have been established. These characterisations represent a state-of-the-art compilation that will feed the rest of the activities. Linked to this vulnerability impact,coordinated attacks against power demand and/or supply via consumer IoT devices were identified as a risk more difficult to control by DSO/TSO (Distribution System Operators / Transmission System Operators) than other conventional ones. Simulations have been conducted utilizing public models in DIgSILENT PowerFactory environment. The results showed that the analysed systems present significant differences with respect to the success probability of an attack and that the required number of bots to obtain a certain success probability varies depending on the area attacked.
As for the cascading effects study, measures and actions to improve the resilience of the EPES at the physical and cyber layer were defined and is enhanced by including mitigation and countermeasure actions for these issues. This work is continued in WP4, where a real-time digital twin was developed for the interconnected power grids using open data and common and future power grid components and standards. This is used to investigate the impact of cyber-attacks on power system stability and how cyber-attacks can cause cascading failures in interconnected power systems and a blackout.
Other results worth mentioning at this point include the Dynamic Risk Assessment tool. The related activities resulted in the establishment of a data model for dynamic risk assessment, the development of the PyDyn tool for stability control of Power System Networks, and the implementation of a prototype tool for visualizing cyber risks, which was presented at a national cybersecurity conference.
As for the cascading effects study, measures and actions to improve the resilience of the EPES at the physical and cyber layer were defined and is enhanced by including mitigation and countermeasure actions for these issues. This work is continued in WP4, where a real-time digital twin was developed for the interconnected power grids using open data and common and future power grid components and standards. This is used to investigate the impact of cyber-attacks on power system stability and how cyber-attacks can cause cascading failures in interconnected power systems and a blackout.
Other results worth mentioning at this point include the Dynamic Risk Assessment tool. The related activities resulted in the establishment of a data model for dynamic risk assessment, the development of the PyDyn tool for stability control of Power System Networks, and the implementation of a prototype tool for visualizing cyber risks, which was presented at a national cybersecurity conference.