As power system's operational technology converges with innovative information and communication technologies, the need for extensive resilience testing for scenarios covering the electrical grid, networking bottlenecks, as well as cyber security threats, become a necessity. This paper proposes a comprehensive, multi-disciplinary simulation framework to test virtualized intelligent electronic devices (vIEDs), considering 1) functional requirements, 2) performance and quality of service of the underlying communication network using software-defined networking, and 3) cyber security intrusion detection schemes. This work serves as a reference for researchers interested in the grid modernization of information and communication infrastructure for future power systems. Six different cyber security attack surfaces have been identified within the framework scope. It was observed that migration of vIEDs due to device maintenance or external anomalies is interesting from an operational perspective yet still poses significant security threats. Therefore, both host-based and network-based intrusion detection schemes were analyzed. Also, the setup has been mapped to an offshore wind case study demonstrating its potential and possible scenarios to simulate.

This paper presents a methodology to distinguish between three-phase faults and GOOSE cyber attacks, aimed at opening the circuit breakers in the power grid. We propose a scheme that utilizes Phasor Measurement Unit (PMU)-enabled monitoring of power grid states, and communication network packet logs in the substation. In this scheme, by leveraging both cyber and physical data correlations and applying a Seasonal Autoregressive Moving Average (SARMA) model, we successfully distinguish between 3-phase faults and cyber attacks. The proposed scheme is tested using the benchmark IEEE 9-bus system, and can distinguish cyber attacks from faults in less than 0.2s. This demonstrates the usefulness of the proposed scheme for power system cyber security analytics.