Reinforcing Energy Security in Ukraine: Highlights from the eFORT Project

Joint Stock Company “Prykarpattyaoblenergo” is a distribution system operator located in the Ivano-Frankivsk region of western Ukraine. The company’s specialists are responsible for maintaining power grids that consist of over 26,000 km of overhead and underground power lines, along with more than 6,000 transformer substations. The licensed operational area of the enterprise spans 14,000 square kilometers, through which two billion seven million kilowatt-hours of electricity are transmitted annually.

The primary task of JSC “Prykarpattyaoblenergo” is to ensure reliable and uninterrupted power supply to both the population and businesses within the region. A key factor in maintaining the quality of services is the cybersecurity of its information and operational networks. Since the onset of the ongoing conflict in Ukraine, the company’s cybersecurity department has faced numerous challenges and a significant increase in attacks.

Participation in the eFORT project represents a vital activity aimed at minimizing risks in cyberspace. Within this project, JSC “Prykarpattyaoblenergo” serves as a potential end-user of eFORT solutions and acts as a testing ground to demonstrate the effectiveness of the developed solutions.

The development of innovative solutions in the field of cybersecurity for Electrical Power and Energy Systems (EPES) necessitates a detailed study and understanding of the cyber threat landscape that an electric power company encounters daily. These activities were successfully initiated and carried out in collaboration with CIRCE, iSolutions, and JSC “Prykarpattyaoblenergo” within the framework of the eFORT project. The primary objective was to obtain and thoroughly analyze traffic from the operational networks of the Distribution System Operator (DSO) for cyber threats. The data obtained is extremely valuable and will be used in the eFORT project to guide the goals and directions of further innovative work.

Figure 1 Overall network architecture and points for capturing data

JSC “Prykarpattyaoblenergo’s” cybersecurity specialists, together with representatives from iSolutions, organized and executed traffic capture at various points in the DSO’s information and operational networks as part of the preparation for the Use Case demonstration scenarios. A substantial amount of data was collected for analysis. iSolutions provided valuable consultations and technical support for selecting the optimal network points for traffic capture. The process was divided into several stages, utilizing network devices provided by CIRCE. The data recording spanned more than a week, and the resulting data sets were handed over to CIRCE’s team of specialists, led by Esteban Damián Gutiérrez Mlot, a Computer Science Specialist at Fundación CIRCE.

The analysis of network traffic data was conducted by CIRCE using Malcolm, a powerful network traffic analysis tool suite. Malcolm automatically normalises, enriches, and correlates data for comprehensive analysis, providing robust visibility into network communications through two distinct interfaces: OpenSearch Dashboard, which offers flexible data visualisation, and Arkime, a tool designed for identifying and analysing network sessions related to suspected security incidents. For threat detection, Malcolm processes network packets through two Intrusion Detection Systems (IDS), Zeek (formerly Bro) and Suricata.

Figure 2 Threats detected in inbound traffic

The bar chart (Figure 2) provides an overview of the attack types detected within the network traffic. The most prevalent attack category is scanning, representing a significant number of detections. Additionally, HTTP attacks show a notable frequency. These findings highlight that scanning activities, indicative of reconnaissance or probing, are the most recurrent threat, followed by a substantial number of HTTP attacks. Lower-frequency categories, such as denial of service, execution, discovery, and defence evasion, are particularly concerning. Despite their lower frequency, these less common attacks demand heightened attention due to their potential severity and specialised nature.

The outbound network serves as the gateway connecting external networks to the vital infrastructure of the electrical substation. Securing this network is paramount to safeguarding the critical processes that form the backbone of the substation’s operations.

Figure 3 Threats detected in outbound traffic

As expected, the outbound network exhibits significantly fewer threats compared to inbound traffic. Nevertheless, it is crucial to secure this area effectively, emphasizing the need for robust security measures to mitigate potential risks.

As a result of the work carried out and the deeper analysis conducted, JSC “Prykarpattyaoblenergo” has developed several technical and software measures to improve the security of the region’s power grids, which is extremely significant and important. The effective collaboration of specialists from CIRCE, iSolutions, and JSC “Prykarpattyaoblenergo” within the framework of the eFORT project has provided not only valuable contributions to the project but also advanced, innovative experiences and directions for strategic initiatives to enhance the cybersecurity of the Ukrainian DSO.


Contact us

contact@efort-project.eu

Follow us on:

Enhancing Grid Resilience: Dynamic Simulations for Stability in South-Tirol’s Distribution Network by Fraunhofer EMI

In the eFORT project, Fraunhofer EMI develops dynamic simulations that contribute to increase the resilience of electricity grids. The methods are demonstrated using a distribution grid in the Sarentino Valley (Italy), which is operated by Edyna.

The solutions developed by the project partners during the course to the project are demonstrated within four pilot cases located in Spain, the Netherlands, Italy and Ukraine. The contribution of Fraunhofer EMI focuses on the third pilot case located in South-Tirol (Italy). The specific power grid under consideration is a remote MV/LV distribution grid in the Sarentino Valley, which has a high proportion of hydropower.

Due to the geographical location of the grid under consideration, there is a high vulnerability to being disconnected from the superimposed grid, but on the other hand, due to the high proportion of hydropower, there is a possibility of being operated as a grid island, at least temporarily especially in summer time. In addition to the quasi-dynamic investigation of island operation, grid stability with a particular focus on frequency stability is also examined with the help of dynamic RMS simulations. A particular challenge here arises from the low inertia of the distribution grid, which is made more difficult by the increasing number of prosumers.

Result and Discussion

Based on the close and efficient cooperation with all partners, in particular with EDYNA and SELTA-DP, work was initially carried out on the development of a dynamic model of part of the distribution grid. In addition to the lines/cables, the model contains static generators, loads and dynamic generators, which were modeled as synchronous generators. In a first step, standard models and fictitious controller and machine parameters were assumed for voltage and speed controllers. Yet no protective relays were taken into account. All loads are modeled with a constant impedance. The grid model is now available as a PowerFactory model and enables the simulation of the dynamic behavior of the grid, for example in the event of a disconnection from the superimposed transmission grid or a significant load step. A further version of the model has been created for use with a dynamic RMS, which is also being developed by Fraunhofer EMI as part of the eFORT project and is continuously validated against commercial simulation software tools such as PowerFactory and Neplan. 

The following example shows exemplary simulation results based on the dynamic model of part of the distribution grid under consideration. The grid, schematically illustrated in Figure 1, contains a number of switches that enable lines to be switched off and the grid to be split into two parts. In the example, some switches are open so that two separate grid parts are created, each of which is connected to the superimposed grid. Due to the generation from biogas, hydropower and photovoltaics, grid A (green) has a power surplus, while grid part B (blue) must be fed from the superimposed grid.

Figure 1: Schematic representation of the distribution network.

At time t =1 s, both grids are disconnected from the superimposed grid, resulting in the traces shown in Figure 2 for the respective frequencies and the aggregated turbine outputs for the two sub-grids.

Figure 2: Frequency and aggregated power generation of the two sub-grids. 

Due to the failure of the external grid, not only the active power flows but also the (negative) reactive power flows go to zero (see Figure 3), so that the voltages initially rise sharply. Assuming loads of constant impedance, this results in an increase in load power. This temporary increase in load power is reflected in an initial drop in frequency and an increase in the aggregated turbine power in grid section A, even if this is statically oversupplied. In the long term, the frequency stabilises above 50 Hz and a reduced aggregated turbine output is obtained.

Figure 3: Amount of injected reactive power fed into the two sub-grids as well as the voltages at the lower voltages side of the two corresponding substations.

Outlook

Further steps that will be performed in the following project period are the adjustment of model parameters in cooperation with grid and generation plant operators for a better approximation of the real dynamic behaviour and their validation. The final goal is to evaluate the frequency stability of the distribution grid in island operation with regard to significant load steps and generator failures. The RMS codes developed at Fraunhofer EMI will also be used here. Established measures such as the temporal rate of change of the frequency immediately after the event (ROCOF) and the minimum frequency passed (NADIR) will be used as evaluation criteria.

While the prediction of the frequency mainly depends on the inertia of the grid and the magnitude of the active power imbalance, the evaluation of the angular stability, as another important stability phenomenon, requires an accurate dynamic description of all generators and reactive power generating components. With increasingly accurate modelling of the grid components, e.g., by replacing standard parameters for machines and controllers with real parameters, the prediction accuracy of the rotor angles of the individual generators also increases. The temporal traces of the rotor angles, in particular their temporal and local scatter, then enable a reliable assessment of the angular stability.

Conclusion

Being able to predict the dynamic behaviour of the distribution grid for a list of credible contingency scenarios like islanding, generator failure, line failure and others, and through the subsequent assessment of the evolution of frequency and rotor angles, the operator gains a powerful tool to improve the stability of its grid during the grid planning phase and operation


Contact us

contact@efort-project.eu

Follow us on: