Introduction

The decentralization of Smart Grids is an ongoing transformation. For novel Smart Grid appliances, e.g. distributed control algorithms (DCAs), IT security is a core requirement and needs to be considered already in the development phase.

Prospectively, millions of new regenerative energy resources and electric cars need to be coordinating additionally to the existing power grid, to match supply and demand. The development of innovative DCAs is one possible contribution in the direction of a resilient Smart Grid. While decentralization of control algorithms can help avoiding single-point-of-failures and improve the system’s resilience, as depicted in Fig. 1, its complexity increases. The OpenDISCO framework is a tool for assisting the development of resilient Smart Grid control despite these challenges.

Fig. 1
figure 1

Prospectively, distributed energy resources are connected via ICT infrastructures to form Smart Grids, enabling their self-organization as independent micro grids. Instead of introducing a central controller for all micro grids, the investigated approach makes use of a distributed control algorithm running on the different grid nodes

Full size image

Related work

Power grid functionality has traditionally been implemented in a centralized way. Current research shows alternative solutions based on DCAs for many of these applications, realized by so-called decentralized Virtual Power Plants (Stübs, 2018) and implementing grid functionality like Demand Response (Sakurama & Miura, 2017), Frequency-Load Control (Dong, 2016) and Power System State Estimation (Etemad & Lahouti, 2016).

The integration of Controller-Hardware-in-the-Loop (CHIL) into a Smart Grid validation environment has been thoroughly tested (Andrén et al., 2013) and several Cyber-Physical Energy System (CPES) testbeds exist (Cintuglu et al., 2017). Verification of DCAs is a well-researched topic among wireless sensor networks (Wang & Bagrodia, 2011). However, a truly decentralized framework has not been developed and we aim to contribute to this development with a security assessment framework for the Smart Grid.

OpenDISCO framework

The proposed framework aims to accompany the development cycles of any DCA for CPES by describing an interface for an advanced resilience assessment. Three main properties, namely a modular structure, the distributed execution, stress condition simulation, build the core of the framework:

  1. a)

    Modular Structure

Smart Grid engineers can independently develop modules to be executed by the OpenDISCO framework, that can implement the DCA’s logical structure, as shown in Fig. 2. Thanks to the modularity of the framework, it is easy to introduce a new or different DCA in the code. Modules are required to implement an event-driven interface, thus granting interoperability with simulation tools. The modularity mechanism is built upon a message queue and an event-driven operation: When a message or event arrives at the control node, it is sent to the central message queue and is then available for processing by the framework’s modules.

  1. b)

    Distributed Execution

Fig. 2
figure 2

Structure of a control node. Messages from the other nodes in the micro grid are delivered into the message queue to be processed by the control node’s modules. Changes in a node’s database values are then communicated as messages to connected control nodes

Full size image

Each control node can be either simulated or executed in a distributed environment with a preconfigured topology. Message exchange between the control nodes is implemented using the publisher-subscribe concept. The communication network’s topology is either realized in hardware or simulated. Thereby different topologies can be used for evaluation, for example ring topology, fully meshed topology or an incomplete mesh.

  1. c)

    Stress Condition Simulation

The framework includes an XML based attack description language, which allows to implement various attacker models. By creating designated attack simulation modules for the control nodes, it is possible to describe denial-of-service attacks and connectivity malfunctions, such as dropping or delaying messages, changing reported measurements and control commands, or even disconnecting from and re-connecting to the evaluated micro-grid. An additional feature is support for probabilistic and/or orchestrated attack behavior.

Case study

The presented case study shows a decentralized frequency-load control algorithm in an islanded micro grid (Nguyen et al., 2017). Each distributed energy resource (DER) is equipped with a control node, which implements a single node of the DCA and is responsible for commanding the DER. The power generating part of the DER is simulated in a digital real-time simulator, while the control nodes communicate in a communication network, shown in Fig. 3. The algorithm’s task is to react to deviations in the micro grids electrical frequency from the nominal value of 50 Hz. The algorithm is realized as a distributed averaging consensus, requiring the control nodes to communicate and then act collectively. In the evaluated scenario, each control node can only communicate with its direct neighbors, implementing a locality-aware ICT topology.

Fig. 3
figure 3

Structure of the communication and power flow in the example micro grid

Full size image

The evaluation of the connection between the digital real-time simulator and the control nodes was realized by implementing a cluster of Raspberry Pi embedded systems, as pictured in Fig. 4.

Fig. 4
figure 4

The cluster of Raspberry Pi embedded systems realizing a decentralized CHIL configuration

Full size image

Demo setup

The demo setup uses a physical Raspberry Pi cluster as pictured in Fig. 4 and powered by a 230 V, 60 W power hub, providing low voltage DC via USB to the Ethernet switch and embedded devices, which are mounted on a rack. Implementing a CHIL configuration, each Raspberry Pi functions as the controller of a DER in the simulated CPES, in this case an islanded micro grid. The interconnection between the embedded devices utilizes Ethernet and TCP/IP. The connection from a displaying computer to the cluster is managed by a dedicated Raspberry Pi and realized via IEEE 802.11 wireless protocol with WPA2 password authentication. The managing Raspberry Pi then redirects incoming Wi-Fi connections via Ethernet, if requested, to any of the Raspberry Pi computers. When connected to the demo setup, the effect of DoS attacks on the implemented control algorithm’s performance can be displayed and evaluated on any connected device.

Results and discussion

For the current evaluation, we investigated only attacks against the availability of the test setup’s communication. The attacker is assumed to be able to deliberately suppress or delay messages between control nodes. Figure 5a shows the default reaction of the evaluated system to a disturbance, where-as a simulated denial-of-service attack as depicted in Fig. 5b can be detected immediately.

Fig. 5
figure 5

Distributed consensus negotiation for frequency stabilization after a disturbance. Each color represents the proposed value of a single node. After each consensus iteration, that consensus value is used by each node to control the corresponding energy resource of the simulated micro grid. The left graph shows normal operation, whereas the right one shows the system during a DoS attack

Full size image

In the context of the Smart Grid and DER, neither benevolence nor soundness of the communication partners can be generally assumed, although encrypted connections and public key management schemes can provide certainty of the identities and authorizations of other nodes. Nonetheless, contributing nodes can be malfunctioning or even malicious, whilst maintaining valid credentials.

Presented research indicates that decentralized detection and reaction strategies are a worthwhile contribution to improve robustness of distributed systems and might become a necessity in future, increasingly complex Smart Grid infrastructures.

Conclusion

The OpenDISCO framework is an easily extendable open-source tool for assessment of distributed control algorithms (DCAs). It enables Smart Grid researchers and engineers to simulate and continuously verify control strategies during development. The prototype implementation is freely available (Stübs et al., 2018) and includes example DCA, sample ICT topologies and a custom attack description language as well as various predefined attacker models.