NetSim Cyber: A Proving Ground for Cyber-Physical Power System Security
Modern electric power grids are no longer isolated physical systems. They are cyber-physical infrastructures where power equipment, communication networks, and control software operate together. While this convergence improves efficiency and automation, it also introduces serious cyber-security risks.
NetSim Cyber is designed to help researchers, utilities, and system developers understand how cyber-attacks affect Cyber-Physical Power Systems (CPPS) — before those attacks occur in the real world.
Why Choose NetSim Cyber for CPPS Security Research?
Improving CPPS security requires a realistic testbed that can replicate power-system behavior under malicious conditions.
Limitations of Hardware Testbeds
High cost
Limited scalability
Safety risks
Inflexible configurations
The Software Advantage
Software-based CPPS testbeds overcome these limitations and function as digital twins of real power systems.
A complete CPPS testbed consists of:
A power system simulator to model generators, power electronics, transmission, and distribution systems.
A network simulator to model the underlying communication network and its cyber behavior.
Interfacing with real-time power system simulators
NetSim can interface with the following:
OPAL-RT
Typhoon HIL
RTDS
HYPERSIM
PSCAD
MATLAB
Focused on Post-Exploitation Impact Analysis
NetSim Cyber is purpose-built for post-exploitation cyber-physical research, operating under the assumption that the system has already been compromised. It is used for:
Studying the operational impact of cyber-attacks
Evaluating how attacks affect monitoring, control, and state estimation
Supporting cyber-physical security research and validation
Cyber-Attacks Studied Using NetSim Cyber
NetSim Cyber enables protocol-level and communication-level attack simulation, including:
False Data Injection (FDI)
Man-in-the-Middle (MitM) attacks
Protocol-specific payload manipulation
Packet delay and packet drop attacks
Denial-of-Service (DoS / DDoS)
Time synchronization manipulation
Packet sniffing (passive attacks)
Proof of Concept: IEEE C37.118 Synchrophasor Attacks
IEEE C37.118 is the dominant protocol for synchrophasor data transmission in Wide Area Monitoring Systems (WAMS).
What NetSim Cyber Demonstrates
Small data manipulations can silently distort grid observability
Phasor Data Concentrators process valid-looking but incorrect data
Monitoring and decision-making can be influenced without communication loss
NetSim Cyber Architecture
NetSim Cyber enables distributed co-simulation by intercepting live IEEE C37.118 PMU traffic and injecting cyber-attacks in real time.
The modified synchrophasor stream is delivered to OpenPDC, allowing direct observation of attack impact on CPPS behavior.
Observed Impact on CPPS Operations
NetSim Cyber allows detailed study of attack effects such as:
Increment / Decrement Manipulation: Sudden step changes in measurement values that appear as legitimate operating shifts.
Ramp Manipulation: Gradual bias injection that closely resembles slow-moving system drift or load variation.
Random Noise Injection: Low-amplitude fluctuations that degrade measurement quality while remaining protocol-compliant.
Pulse / Surge Injection: Short-duration spikes that mimic transient disturbances or fault-like events.
Frequency & Time Synchronization Attacks
Small frequency deviations create a false perception of instability
Stealthy manipulation of frequency and timestamp data can undermine wide-area monitoring and state estimation, leading to flawed operational decisions. NetSim allows you to simulate these critical threats.
Extensive protocol support
IEEE C37.118 protocol (Synchro phasor Protocol)
Generic Object-Oriented Substation Events (GOOSE), a subset of IEC 61850
On IEC 61850 communication networks in smart grid, methodology of implementation and performance analysis on a experimental platform (https://ieeexplore.ieee.org/document/8585706)
