← Back

Introduction

NetSim Cyber is a technology platform for modelling, simulating, and analysing cyber-attacks on power-system communication networks. It enables users to study how attacks on communication links, protocol messages, and measurement data can affect cyber-physical power systems such as SCADA networks, Synchrophasor systems, substation automation systems, and industrial control environments.

Modern power grids depend on communication networks for monitoring, control, protection, automation, and wide-area situational awareness. Devices such as PMUs, PDCs, IEDs, RTUs, PLCs, SCADA masters, and HMI systems exchange data using standard power-system protocols. While these communication systems improve observability and control, they also introduce cyber vulnerabilities that must be evaluated in a controlled and safe environment.

NetSim Cyber provides a laboratory environment where engineers, researchers, and security teams can emulate realistic attack scenarios on power-system protocols. It supports both simulated and real-device testbeds and can operate as a man-in-the-middle system between communicating endpoints. This allows users to observe the effect of attacks such as DoS, false data injection, replay, delay, packet modification, timestamp manipulation, and protocol-specific payload manipulation.

This manual describes the capabilities, installation requirements, supported protocols, lab setup procedures, attack configuration workflow, and example use cases for NetSim Cyber.

Purpose of the Manual

The purpose of this manual is to provide users with a practical and technical reference for using NetSim Cyber to simulate cyber-attacks on power-system communication networks.

This manual explains how to:

1. Understand the role of NetSim Cyber in cyber-physical power-system testing.

2. Set up NetSim Cyber in host-system and distributed test environments.

3. Interface NetSim Cyber with real devices, software simulators, and hardware-in-the-loop platforms.

4. Use built-in open-source protocol simulators for early-stage testing.

5. Configure power-system protocol traffic between source and destination nodes.

6. Insert a Threat Agent into the communication path.

7. Select and execute protocol-aware cyber-attacks.

8. Observe and analyze the impact of attacks on power-system measurements and communication flows.

9. Troubleshoot common setup, routing, dependency, and execution issues.

The manual is intended to serve both as a user guide and a technology library. As a user guide, it provides step-by-step procedures for installation, configuration, and operation. As a technology library, it explains the supported protocols, attack types, simulator integrations, and technical concepts required to understand NetSim Cyber experiments.

Intended Audience

This manual is intended for users who work with power-system communication networks, cyber-physical power systems, or operational technology security.

The primary audience includes:

1. Power-system engineers working with PMUs, PDCs, IEDs, RTUs, PLCs, SCADA systems, or substation automation systems.

10. Protection and control engineers evaluating the impact of communication attacks on monitoring and control applications.

11. SCADA and OT engineers responsible for testing communication paths, protocol behavior, and network reliability.

12. Cybersecurity engineers assessing vulnerabilities in power-system protocols and control networks.

13. Researchers studying cyber-physical power systems, smart grids, wide-area monitoring, and attack detection.

14. Faculty, students, and laboratory instructors using NetSim Cyber for education and training.

15. Product validation teams testing power-system devices, simulators, or protocol implementations.

The document assumes that the reader has a basic understanding of power-system communication concepts and Windows-based network configuration. Prior experience with all supported protocols is not mandatory, but familiarity with SCADA, PMU/PDC systems, or industrial communication networks will help users understand the examples more easily.

What NetSim Cyber Does

NetSim Cyber enables users to model and simulate cyber-attacks on power-system communication traffic. It is designed to intercept, analyse, modify, and forward protocol traffic between communicating devices in a controlled test environment.

NetSim Cyber can be used with:

• Real power-system devices such as PMUs, PDCs, IEDs, RTUs, PLCs, and SCADA systems.

• Hardware-in-the-loop and real-time power-system simulators such as Typhoon HIL, OPAL-RT, and RTDS.

• Software-based simulators and protocol tools.

• Built-in open-source protocol simulators for early-stage protocol testing and attack validation.

NetSim Cyber supports major power-system and industrial communication protocols, including:

• IEEE C37.118 Synchrophasor

• IEC 61850 GOOSE, Routed GOOSE, MMS, and Sampled Values

• Modbus TCP

• DNP3

• IEC 60870-5-104

• Custom TCP/IP-based protocols

In a typical experiment, NetSim Cyber is placed between a source device and a destination device. The source may be a PMU, RTU, PLC, IED, or simulator. The destination may be a PDC, SCADA master, HMI, subscriber, or control application. NetSim Cyber forwards traffic between these endpoints while a Threat Agent applies the selected attack logic.

The Threat Agent can perform protocol-aware operations such as:

• Modifying measurement values.

• Injecting noise, ramp, increment, decrement, or pulse disturbances.

• Manipulating frequency, ROCOF, timestamps, or protocol-specific fields.

• Replaying valid messages.

• Introducing delay or packet drops.

• Testing custom payload modification logic through user-defined scripts.

By using NetSim Cyber, users can evaluate how cyber-attacks affect power-system data quality, monitoring applications, control decisions, protection logic, and cyber-physical situational awareness. The tool helps users validate attack scenarios, generate datasets, test detection algorithms, and perform safe cybersecurity experiments without affecting production systems.