Simulator and Device Integration¶
NetSim Cyber can be integrated with both external power-system simulators and built-in protocol simulators. This flexibility allows users to begin with simple software-based experiments and then extend the same workflow to hardware-in-the-loop platforms, real-time simulators, and physical power-system devices.
In a cyber-physical power-system testbed, the physical system behaviour and the communication network behaviour are closely linked. A power-system simulator may generate voltage, current, frequency, breaker status, or control data, while NetSim Cyber models the communication path and applies cyber-attack logic to the data exchanged between devices.
NetSim Cyber supports two main integration approaches:
External simulator and real-device integration: NetSim Cyber interfaces with external power-system simulators, HIL platforms, SCADA systems, and real devices.
Built-in open-source protocol simulator integration: NetSim Cyber includes built-in protocol simulators that can generate and receive traffic for supported power-system protocols without requiring external devices.
Together, these capabilities allow users to perform both early-stage attack validation and realistic laboratory testing.
NetSim Cyber simulator and device integration options
External Power-System Simulator Integration¶
NetSim Cyber can interface with external power-system simulators and real-time simulation platforms to support cyber-physical power-system studies. In this type of setup, the external simulator models the electrical system, while NetSim Cyber models the communication network and applies cyber-attack behavior to the protocol traffic.
External simulator integration is useful when users want to evaluate the impact of cyber-attacks on realistic power-system dynamics, device behavior, control actions, protection logic, or SCADA monitoring.
NetSim Cyber can be integrated with platforms and systems such as:
Typhoon HIL
OPAL-RT
RTDS
MATLAB
Simulink
SCADA systems
PMUs
PDCs
IEDs
RTUs
PLCs
Protection relays
Substation gateways
Control-center applications
In an external simulator setup, the simulator or physical device acts as the source or destination of protocol traffic. NetSim Cyber is placed between the communicating endpoints and intercepts the protocol messages exchanged between them. The Threat Agent can then modify, delay, replay, drop, or forward traffic based on the configured attack scenario.
For example:
A Typhoon HIL system may generate Modbus TCP or DNP3 traffic representing simulated field measurements.
An RTDS system with a communication module may transmit PMU data to a PDC.
A MATLAB/Simulink model may interact with external communication tools or controllers.
A protection relay or IED may exchange GOOSE or MMS traffic with another substation device.
A SCADA master may communicate with an RTU or PLC using Modbus TCP, DNP3, or IEC 60870-5-104.
| External System / Device | Typical Role | Example Protocols | Example Use Case |
|---|---|---|---|
| Typhoon HIL | Real-time power-system simulator | Modbus TCP, DNP3, IEC 61850, custom TCP/IP | HIL-based attack impact studies |
| OPAL-RT | Real-time power-system simulator | C37.118, Modbus TCP, DNP3, IEC 61850 | Real-time grid simulation and communication testing |
| RTDS | Real-time digital simulator | C37.118, IEC 61850, DNP3 | PMU/PDC and protection communication studies |
| MATLAB / Simulink | Power-system model or control model | TCP/IP, custom protocol, external interface | Algorithm validation and co-simulation |
| SCADA System | Master / HMI / control application | Modbus TCP, DNP3, IEC-104 | SCADA cybersecurity testing |
| PMU | Measurement source | IEEE C37.118 | Synchrophasor attack studies |
| PDC | Measurement concentrator | IEEE C37.118 | PMU data validation and monitoring |
| IED / Relay | Protection and automation device | IEC 61850 GOOSE, MMS, SV | Substation automation testing |
| RTU / PLC | Field device or controller | Modbus TCP, DNP3, IEC-104 | Industrial and utility communication testing |
External simulator and device integration examples
External simulator integration workflow
Built-in Open-Source Protocol Simulators¶
NetSim Cyber includes built-in open-source protocol simulators for major power-system communication protocols. These simulators allow users to create complete protocol test environments without requiring physical PMUs, PDCs, IEDs, RTUs, PLCs, SCADA systems, or hardware-in-the-loop platforms during early-stage testing.
The built-in simulators are useful for protocol validation, attack emulation, training, demonstration, dataset generation, and rapid testing of detection algorithms. Users can first validate attack logic using built-in simulators and then move the experiment to an external simulator or real-device testbed.
NetSim Cyber supports built-in simulation for protocols such as:
IEEE C37.118 Synchrophasor
IEC 61850 GOOSE, Routed GOOSE, MMS, and Sampled Values
Modbus TCP
DNP3
IEC 60870-5-104
These simulators provide both source-side and destination-side components. For example, a PMU simulator can generate synchrophasor data, while a PDC subscriber can receive and analyze it. Similarly, a Modbus slave can generate register data while a Modbus master reads or writes values.
| Protocol | Source / Publisher Simulator | Destination / Subscriber Simulator | Open-Source Framework Used |
|---|---|---|---|
| IEEE C37.118 Synchrophasor | PMU Simulator | OpenPDC / PDC Subscriber | pyPMU, OpenPDC |
| IEC 61850 GOOSE, R-GOOSE, MMS, SV | IED / Relay Publisher | GOOSE Subscriber / Analyzer | libiec61850 |
| MODBUS TCP | PLC / RTU Simulator | SCADA HMI / Modbus Master | pymodbus, QModMaster |
| DNP3 | RTU Simulator | SCADA Master | OpenDNP3, DNP3 Station |
| IEC 60870-5-104 | IEC-104 Slave Simulator | IEC-104 Master Station | lib60870 |
Built-in Open-Source Protocol Simulators
Benefits of Built-in Simulators¶
The built-in simulator capability provides a ready-to-use environment for protocol testing, attack emulation, and cyber-security research.
| Benefit | Description |
|---|---|
| Rapid attack prototyping | Quickly test attack logic before moving to larger testbeds |
| Protocol-level validation | Verify protocol parsing and field-level manipulation |
| Single-system deployment | Run source, destination, network, and attack logic on one PC |
| Reduced complexity | Avoid dependence on physical devices during early-stage testing |
| Safe experimentation | Test attacks without affecting real equipment |
| Dataset generation | Generate labeled normal and attack traffic for AI/ML research |
| Faster iteration | Modify scenarios and attack settings quickly |
| Real-data support | Import or replay real measurement data for realistic testing |
Benefits of built-in simulators
Benefits of External Simulator Integration¶
| Benefit | Description |
|---|---|
| Realistic cyber-physical testing | Study attack impact on simulated electrical behavior and communication networks |
| HIL validation | Test cyber-attacks with real-time simulators and hardware interfaces |
| Real-device testing | Evaluate response of PMUs, PDCs, IEDs, RTUs, PLCs, relays, and SCADA systems |
| Timing realism | Include real network interfaces, device delays, and physical communication paths |
| End-to-end validation | Observe the full chain from measurement generation to monitoring or control response |
| OT testbed support | Integrate NetSim Cyber into laboratory SCADA and substation automation environments |
| Progressive testing | Move from built-in simulators to real-device experiments after initial validation |
NetSim Cyber supports both lightweight simulator-based experimentation and realistic external testbed integration. Built-in simulators help users quickly create repeatable cyber-attack scenarios, while external simulator and device integration allows the same concepts to be validated in more realistic cyber-physical environments. This makes NetSim Cyber suitable for training, research, device validation, protocol testing, and power-system cybersecurity studies.