Minichino Qos of a Scada Sys
-
Upload
masudrana7300 -
Category
Documents
-
view
219 -
download
0
Transcript of Minichino Qos of a Scada Sys
-
8/2/2019 Minichino Qos of a Scada Sys
1/31
ICT-SEC 225353 MICIE (1)Brussels, 14 September 2009
Tool for systemic risk analysis and securemediation of data exchanged across linked CI
information infrastructures
QoS of SCADA system interconnectinga Power grid and a Telco network
Michele Minichino
,
ENEA
mailto:[email protected]:[email protected] -
8/2/2019 Minichino Qos of a Scada Sys
2/31
ICT-SEC 225353 MICIE (2)Luxemburg, 20 May 2010
CRPHT
CRATROMA3ENEAIECITRUSTMULT
FCTUCUNIBRAD
ACK: contribute of WP InterdependencyAnalysis and Modelingparticipants
QoS of SCADA system interconnecting aPower grid and a Telco network
-
8/2/2019 Minichino Qos of a Scada Sys
3/31
ICT-SEC 225353 MICIE (3)Luxemburg, 20 May 2010
Motivation of the research: lesson learned by IRRIIS project
MICIE: Prediction of risk of loss/degradation of quality of services ofCI operators (i.e. SCADA and NMS operators) Reference scenario and service oriented approach Fault Isolation and System Restoration (FISR) service
Risk of loss/degradation of FISR
FISR models
Indicators of risk of loss/degradation of FISR
MICIE: Models for the online risk prediction tool
Discussion
Talk contents
QoS of SCADA system interconnecting aPower grid and a Telco network
-
8/2/2019 Minichino Qos of a Scada Sys
4/31
ICT-SEC 225353 MICIE (4)Luxemburg, 20 May 2010
A mini black on the Telecom Italia PoP node in Rome
Flooding of a Telecom Italia major telecommunication node hasoccurred in Rome on January the 2nd 2004.
Part of wired and wireless services tilted (a mini black out for ItalianTelco infrastructure)
causing problems and delays in different infrastructures, including Fiumicino airport (stop of check-in, ticketing services and of luggage
acceptance and switching),
ANSI print agency, post offices and banks,
ACEA power distribution and
the communication network (GARR), connecting the main Italian
research institutions. The mini black out occurred to the Telecom Italia major node in
Rome, thePoP of Laurentina -Inviolatella, on Tor Pagnotta street
IRRIIS project - scenario of failure propagationfrom Telco Network to ACEA MV Power Grid
-
8/2/2019 Minichino Qos of a Scada Sys
5/31
ICT-SEC 225353 MICIE (5)Luxemburg, 20 May 2010
IRRIIS project - Laurentina Inviolatella node
Green arrow indicates the area where the Telecom centre is located
-
8/2/2019 Minichino Qos of a Scada Sys
6/31
ICT-SEC 225353 MICIE (6)Luxemburg, 20 May 2010
IRRIIS project - Telco blackout impacted onservices of SCADA operator of ACEA power grid
ACEA SCADA has two main Control Centres:
Flaminia Control Centre that is unmanned; receive/send data and control commands from a first part of the cabins of Rome
electrical distribution network;
Ostiense Control Centre that is manned; receive/send data and control commands from a second part of the cabins;
all the tele-measures, commands and alarms managed by Flaminia ControlCentre are dispatched to Ostiense Control Centre using two redundant TELCOcommunication links at 2Mbits/sec; One is the main link;
the other one is a backup link that is always in stand-by position;
such links were expected to be located on two different geographical paths;
both links were out of service during the Telco blackout as a consequence no alarms, signals on the status of power distribution network
and commands where exchangeable between the unmanned centre and themanned one.
in this situation SCADA operator completely lose the visibility and controllabilityof all the remote substations managed by the unmanned Flaminia Control Centre.
-
8/2/2019 Minichino Qos of a Scada Sys
7/31ICT-SEC 225353 MICIE (7)Luxemburg, 20 May 2010
IRRIIS project - Loss of services of SCADAoperator on failure of SCADA communication links
-
8/2/2019 Minichino Qos of a Scada Sys
8/31ICT-SEC 225353 MICIE (8)Luxemburg, 20 May 2010
Power grid: a portion of the HV (High Voltage) grid at 150 kV and thebackbone of the MV (Medium Voltage) grid at 20 kV. Each node represents a primary substation (Pi, large rectangle), in case of
HV network, or a secondary substation (Mi, small rectangle), in case of MVnetwork.
Nodes, named Ei, represent the substations of the national powertransmission grid. They feed the power distribution grid.
The physical link between any two nodes is an electrical trunk
SCADA system A Main SCADA Control Centre (MSC) directly controls and supervises the
portion of the power grid. A Disaster Recovery SCADA centre (DRS), directly controls and
supervises a complementary portion of the power distribution grid.
two types of Remote Terminal Units (RTUs), which interface the SCADAwith power distribution grid: HV RTUs, located at HV substations, and MV
RTUs, located at MV substations. Telco network
Default Proprietary Network of SCADA Public Switched Telephone network (MSC and DRS are connected, via
firewalls, by two redundant, public, high speed Telco links)
Global System Mobile connections
IRRIIS project - SCADA interconnecting power gridand telco network
-
8/2/2019 Minichino Qos of a Scada Sys
9/31ICT-SEC 225353 MICIE (9)Luxemburg, 20 May 2010
IRRIIS project - Portion of grid directly observed bySCADA operator (feeding the flooded Telco node)
-
8/2/2019 Minichino Qos of a Scada Sys
10/31ICT-SEC 225353 MICIE (10)Luxemburg, 20 May 2010
IRRIIS project - SCADA system and its mapping onthe whole power grid
S SC
-
8/2/2019 Minichino Qos of a Scada Sys
11/31ICT-SEC 225353 MICIE (11)Luxemburg, 20 May 2010
MICIE will design and implement a so-called "MICIEalerting system"
MICIE alerting system will support the CI operatorsby means of an on line risk prediction tool thatprovides them a real time risk level making use ofCI models
CI operators are currently assumed to be SCADAand NMS operators
QoS of SCADA system interconnecting aPower grid and a Telco network:
Framework
MICIE main product
-
8/2/2019 Minichino Qos of a Scada Sys
12/31ICT-SEC 225353 MICIE (12)Luxemburg, 20 May 2010
MICIE: How can models predict the risk ofloss/degradation the QoS of SCADA and
NMS operators?
-
8/2/2019 Minichino Qos of a Scada Sys
13/31ICT-SEC 225353 MICIE (13)Luxemburg, 20 May 2010
QoS of SCADA system interconnecting aPower grid and a Telco network
How can models predict the risk of loss/degradation the QoS ofSCADA and NMS operators with the final aim to improve thequality of power to grid customers?
Reference scenario and service oriented approach
Fault Isolation and System Restoration (FISR) service
Risk of loss/degradation of FISR
FISR models
Indicators of risk of loss/degradation of FISR FISR models for the online risk prediction tool
Quality of services of SCADA and NMS operators
-
8/2/2019 Minichino Qos of a Scada Sys
14/31ICT-SEC 225353 MICIE (14)Luxemburg, 20 May 2010
Reference Scenario consists in identification of
services, sequences of adverse events that could impair the quality of such
services (i.e. in terms of continuity, readiness, performances, timeresponse)
the set of interconnected networks supporting such services (in
terms of topologies, essential systems (i.e. Telco emergencypower supply, cooling systems))
interconnections among networks and systems
MICIE project
Reference scenario and service orientedapproach
U d t di i k f l /d d ti f (SCADA
-
8/2/2019 Minichino Qos of a Scada Sys
15/31ICT-SEC 225353 MICIE (15)Luxemburg, 20 May 2010
methodology
modelstools
scenarios
Understanding risk of loss/degradation of (SCADAand NMS operators) services due to
interdependencies
A recursive approach
-
8/2/2019 Minichino Qos of a Scada Sys
16/31ICT-SEC 225353 MICIE (16)Luxemburg, 20 May 2010
MICIE Reference scenario currently includes the followingsubset of interconnected networks/CIs:
E CI, Electrical CI: a portion of the electrical 22 KV grid and of
161 KV transmission lines
C CI, Communication: a portion of communication transmissionequipments. It transfers information and data from Remote Terminal Units and
control centres of SCADA and Network Management System for thecontrol and the management of the CIs ( it does not include SCADA
and NMS systems)
ICT CI, SCADA system for 22KV grid and NMS system for controland management of fibre optic grid
It also includes all the Automatic systems on substations thatare included in scenarios
Reference scenario & service oriented approach
Interconnected networks
-
8/2/2019 Minichino Qos of a Scada Sys
17/31ICT-SEC 225353 MICIE (17)Luxemburg, 20 May 2010
Reference scenario and service oriented approachE CI Electrical 22 KV grid portion
-
8/2/2019 Minichino Qos of a Scada Sys
18/31
ICT-SEC 225353 MICIE (18)Luxemburg, 20 May 2010
Reference scenario and service oriented approachE CI Electrical 22 KV grid portion
(interconnected with C CI and ITC CI)
-
8/2/2019 Minichino Qos of a Scada Sys
19/31
ICT-SEC 225353 MICIE (19)Luxemburg, 20 May 2010
Reference scenario and service oriented approachCCI Communication portion and NMS
-
8/2/2019 Minichino Qos of a Scada Sys
20/31
ICT-SEC 225353 MICIE (20)Luxemburg, 20 May 2010
Reference scenario and service oriented approachSCADA and interconnections (C CI and NMS)
R f i d i i d h
-
8/2/2019 Minichino Qos of a Scada Sys
21/31
ICT-SEC 225353 MICIE (21)Luxemburg, 20 May 2010
Reference scenario and service oriented approachEvents impact (through interconnected CI) on energy
supplied to MV grid customers
-
8/2/2019 Minichino Qos of a Scada Sys
22/31
ICT-SEC 225353 MICIE (22)Luxemburg, 20 May 2010
A first set of services have been identified:
trying to reveal interdependencies and thus opening the wayto cascading failures and escalation effects;
Mutual interactions of services; what a service requires (or it
is supposed to require) in order to be properly supplied, interms of ancillary services and company policies andstrategies.
services can be lost (ON/OFF) or can degradate (Quality ofService)
services loss or degradation can propagate impacting on thefinal (end) user with diverse severities.
Reference scenario and service oriented approach:services identification
-
8/2/2019 Minichino Qos of a Scada Sys
23/31
ICT-SEC 225353 MICIE (23)Luxemburg, 20 May 2010
Currently we are focusing on the service Fault Isolationand System Restoration
performed by SCADA operator by means of SCADAcontrol centre of the MV power distribution network
Outages in MV power distribution network, need to beautomatically detected, isolated and the network has tobe restored to power its end users again.
Fault Isolation & System Restoration (FISR) service
-
8/2/2019 Minichino Qos of a Scada Sys
24/31
ICT-SEC 225353 MICIE (24)Luxemburg, 20 May 2010
Risk of loss/degradation of FISR service
The quality of FISR service affects the quality of power supply interms of
SAIDI
SAIFI
CAIFI
The degradation/loss of FISR service performed by SCADAoperator, is critical because it is strictly correlated to the quality ofpower supplied to customers.
A timely actuation of FISR service, consequential to a permanentfailure of the grid, reduces the outage duration
-
8/2/2019 Minichino Qos of a Scada Sys
25/31
ICT-SEC 225353 MICIE (25)Luxemburg, 20 May 2010
FISR models and tools(tools) [online/offline]
Reliability of Interconnected networks
FISR dependability(WNRA reliability analyzer) [online] FISR performance and rerouting (NS2 simulator) [offline]
FISR worst case measures in presence of hacker attacks (MILPalgorithm) [online]
Bayesian Belief Networks (GENIE) [online]
Holistic Reductionistic models (CISIA extension)[online]
Deterministic and Agent Based simulation (RAO)[online]
Raw data models of operational status(algorithm)[online]
-
8/2/2019 Minichino Qos of a Scada Sys
26/31
-
8/2/2019 Minichino Qos of a Scada Sys
27/31
ICT-SEC 225353 MICIE (27)Luxemburg, 20 May 2010
SCADA systemSCADA implements FISR on Power Grid
by monitoring/ controlling/ reconfiguring
the grid (measures/ switches/RTUs)
SCADA Control Centre
RTU
Gateway
Ethernet Bus
FIU
MOSCAD
WP2000Interconnected networks supporting FISR
WP2000
-
8/2/2019 Minichino Qos of a Scada Sys
28/31
ICT-SEC 225353 MICIE (28)Luxemburg, 20 May 2010
Telco networkHierarchical structure
Backbone (Point of Presence)
Transit Exchange (TeX)
Local Access (LeX)
WP2000
Interconnected networks supporting FISR
WP2000
-
8/2/2019 Minichino Qos of a Scada Sys
29/31
ICT-SEC 225353 MICIE (29)Luxemburg, 20 May 2010
Power grid,SCADA system, Telco network
WP2000Interconnected networks supporting FISR
INTERCONNECTIONS
SCADA and Telco
Telco and HV grid
RTUs, SCADA andTelco devicesenergised by Powergrid by means ofemergency powersupply systems
see D2.2.1
-
8/2/2019 Minichino Qos of a Scada Sys
30/31
ICT-SEC 225353 MICIE (30)Luxemburg, 20 May 2010
Indicators of risk of loss/degradation of FISR
Performances of FISR (NS2 models)
Dynamical path between SCADA control centre and RTUs Throughput of nodes of Telco network
Round Trip time between SCADA control centre and RTUs FISR response time: the time between the occurrence of loss of power supply to
customers (due to a grid failure) and the restoration of power supply to customers.
outage duration % of affected customers
Dependability of FISR Connectivity between SCADA control centre and RTUs: minpaths and
mincuts (WNRA models)
Reliability and availability between SCADA control centre and RTUs (WNRAmodels)
Probability of loss of a service on occurrence of specific events (BBN
models) Reliability indices of power grid: SAIDI, SAIFI, CAIDI (RAO simulator)
FISR operativity level (CISIA)
-
8/2/2019 Minichino Qos of a Scada Sys
31/31
MICIE: Models for the online risk prediction tool
at the state of the art, no single technique has the modelling and theanalytical power to cope with a meaningful and quantitative evaluationof degradation/loss of services performed by SCADA or NMS operatorsat regional/national level.
the aim of risk prediction tool should be a meaningful, on line andpossibly quantitative evaluation of the risk of degradation/loss ofservices performed by SCADA or NMS operators
As a consequence, a successful development of the risk prediction toolshould carefully evaluate all the formalisms and models and QoSindicators investigated and computed within WP2000 and should
integrate the most adequate ones, according to the requirements of theon line risk prediction tool