Publications

Publications / SAND Report

National SCADA Test Bed: FY05 Progress on Virtual Control System Environment (VCSE)

Van Leeuwen, Brian P.; Michalski, John T.; Lee, Erik L.

This document provides the status of the Virtual Control System Environment (VCSE) under development at Sandia National Laboratories. This development effort is funded by the Department of Energy's (DOE) National SCADA Test Bed (NSTB) Program. Specifically the document presents a Modeling and Simulation (M&S) and software interface capability that supports the analysis of Process Control Systems (PCS) used in critical infrastructures. This document describes the development activities performed through June 2006 and the current status of the VCSE development task. Initial activities performed by the development team included researching the needs of critical infrastructure systems that depend on PCS. A primary source describing the security needs of a critical infrastructure is the Roadmap to Secure Control Systems in the Energy Sector. A literature search of PCS analysis tools was performed and we identified a void in system-wide PCS M&S capability. No existing tools provide a capability to simulate control system devices and the underlying supporting communication network. The design team identified the requirements for an analysis tool to fill this void. Since PCS are comprised of multiple subsystems, an analysis framework that is modular was selected for the VCSE. The need for a framework to support the interoperability of multiple simulators with a PCS device model library was identified. The framework supports emulation of a system that is represented by models in a simulation interacting with actual hardware via a System-in-the-Loop (SITL) interface. To identify specific features for the VCSE analysis tool the design team created a questionnaire that briefly described the range of potential capabilities the analysis tool could include and requested feedback from potential industry users. This initial industry outreach was also intended to identify several industry users that are willing to participate in a dialog through the development process so that we maximize usefulness of the VCSE to industry. Industry involvement will continue throughout the VCSE development process. The teams activities have focused on creating a modeling and simulation capability that will support the analysis of PCS. An M&S methodology that is modular in structure was selected. The framework is able to support a range of model fidelities depending on the analysis being performed. In some cases high-fidelity network communication protocol and device models are necessary which can be accomplished by including a high-fidelity communication network simulator such as OPNET Modeler. In other cases lower fidelity models could be used in which case the high-fidelity communication network simulator is not needed. In addition, the framework supports a range of control system device behavior models. The models could range from simple function models to very detailed vendor-specific models. Included in the FY05 funding milestones was a demonstration of the framework. The development team created two scenarios that demonstrated the VCSE modular framework. The first demonstration provided a co-simulation using a high-fidelity communication network simulator interoperating with a custom developed control system simulator and device library. The second scenario provided a system-in-the-loop demonstration that emulated a system with a virtual network segment interoperating with a real-device network segment.