Home >> Research Programs >> National and Homeland Security

Modeling and Simulation

Massive natural disasters and terrorist attacks often have a detrimental impact on public health, safety and the economy. When a disaster or attack affects the nation’s critical infrastructures such as the electric power grid, water treatment facilities or telecommunication systems, it can delay response and recovery time, endanger lives and prevent a return to normalcy. 


Critical infrastructures are complex physical and cyber-based systems that are essential to the day-to-day functionality of the country. In the last decade, with the emergence of the Internet and consolidated operating systems, commercial infrastructures have become increasingly automated and interconnected. In fact, most infrastructures are composed of a collection of networks, each relying on the other to function properly and provide resources to the public.


During Hurricane Katrina, the sudden surge of water spilling from unstable flood walls caused a catastrophic ripple effect that affected multiple infrastructure sectors including preventing mass transportation and delaying responding emergency services by blocking and damaging roads. At the same time, the rising water caused power outages that prevented flood pumps and hospitals from operating efficiently.


To assist infrastructure owners and operators, first responders and government agencies in discovering infrastructure vulnerabilities and efficient consequence management plans, researchers at Idaho National Laboratory have developed several computer-based modeling and simulation programs. 



Critical Infrastructure Modeling Simulation (CIMS)


Developed in 2005 by four INL infrastructure protection engineers, the Critical Infrastructure Modeling System (CIMS) is a software application that visually portrays the interoperability of numerous infrastructure sectors. The CIMS program relies on an easy-to-use graphical user interface, which allows a decision maker to build models on the fly and which supports rapid model construction from limited, open-source information.


Using only a simple map or aerial photo, CIMS users can start construction of an infrastructure model. As additional information, changing circumstances or intelligence data becomes available, the model can be updated to create a real-time view of dynamic environments similar to those after a hurricane or terrorist attack. External data sources such as Web links including webcam or direct sensor feeds can also be built into the model. 


CIMS seeks to provide emergency planners with a high-level analysis of infrastructure interoperabilities without requiring detailed engineering data to support the model. In this way, users can quickly construct three-dimensional models of cities and counties and run multiple infrastructure failure scenarios.


By identifying which infrastructures affect the greatest number of people, resources such as utility companies, first responders and government agencies can plan ahead and prioritize resources to return the region to a normal operating state. 


In 2006, CIMS was licensed for commercial production to Massachusetts-based Priority 5 Holdings, Inc.


-         Download the program pdf

-         Visit the official product Web site



Critical Infrastructure Protection and Resiliency Simulator (CIPR/sim)


In cooperation with the Department of Defense, scientists and engineers at Idaho National Laboratory have developed an advanced simulation technology – called CIPR/sim – which allows emergency planners to visualize the real-time cascading effects of multiple infrastructure failures before an actual emergency occurs. By using CIPR/sim, responders are better prepared and more responsive and accurate when analyzing critical incident data.


In 2007, several INL critical infrastructure protection engineers, geospacial technology experts and software developers began designing CIPR/sim to help first responders plan, prepare and predict the cascading effects that natural disasters or terrorist attacks have on infrastructure resources such as the electric power grid and telecommunication networks.


Today, CIPR/sim has become the first critical infrastructure simulation tool to be designed with a common operating framework that adheres to national Institute of Electrical and Electronics Engineers (IEEE) 1516 standards. This advancement allows the tool to import real-time data from numerous existing analysis modules, including RTDS (Real Time Digital Simulator) for electric grid analysis, QualNet for telecommunications analysis, and PC Tide for wind speed and flood surge analysis.


By incorporating independent module analysis into a single simulation, emergency planners are provided with an integrated checks-and-balances system where each infrastructure module builds on the information provided by the other. The result is a highly accurate situational awareness portrait of how a disaster scenario will play out and what infrastructures will be affected throughout the course of the incident. For instance, if CIPR/sim indicates an emerging storm system will affect the functionality of a particular substation, emergency planners also have access to information about how severely cell towers, pumping stations or hospitals in the region will be impacted by the damaged substation. This information is displayed for emergency planners in two distinct formats.


The first method uses a two-dimensional design that provides users with a spatial context of the tool’s results. The user interface has a GoogleEarth© look and feel for intuitive operator commands that include a series of data-rich charts and graphs for in-depth analysis. The second method is a three-dimensional design that provides users with additional insight not usually witnessed at the height of a disaster or attack. This immersive display is created in a photo-realistic format commonly seen in industry-leading gaming environments. The users have the ability to move freely within the created environment and can view and replay a disaster’s impact from multiple angles and perspectives. Both designs vividly display infrastructure damage or destruction in a color-coded real-time format.


In addition to providing a method and standard for linking modules, CIPR/sim allows emergency planners to create and run virtually any kind of natural or man-made incident. During demonstrations at Idaho National Laboratory, scenarios have shown the impact of earthquakes, hurricanes and deliberate physical attacks on infrastructures within major U.S. cities. Data for these demonstrations was displayed in real time by CIPR/sim through links established to existing RTDS, QualNet and PC Tide modules.


These combined benefits provide emergency planners with access to a wide variety of complex data streams in an easy-to-understand format. The format requires little or no interpretation, allowing users to make competent, time-sensitive decisions like the placement and quantity of support resources.


-         Download the program pdf

-         Watch CIPR/sim in action



Real Time Digital Simulator (RTDS)


In collaboration with the Department of Defense, cyber and electric grid reliability researchers at Idaho National Laboratory have acquired and are using a full-scale Real Time Digital Simulator for enhancing the security of the nation’s electric power grid and related control systems including supervisory control and data acquisition systems.


The Real Time Digital Simulator, or RTDS, provides power systems simulation technology for fast, reliable, accurate and cost-effective study of power systems with complex High Voltage Alternating Current (HVAC) and High Voltage Direct Current (HVDC) networks. The RTDS Simulator is a fully digital electromagnetic transient power system simulator that operates in real time.

Because the simulator functions in real time, the power system algorithms are calculated quickly enough to continuously produce output conditions that realistically represent conditions in a real network. Real-time simulation is significant for two reasons -- the user can test physical devices and the user is more productive by completing many studies quickly with real-time simulation.

Additionally, RTDS can be connected directly to power system control and protection equipment. For example, it can be used to test HVDC (High Voltage Direct Current) controllers or protective relays. Testing on an RTDS Simulator is more thorough than other test methods because the user is able to subject the equipment to many severe but realistic conditions that could not possibly be achieved when it is installed on the physical system.

As well, the simulator can be operated with or without user interaction (interactive or batch mode operation). Therefore, the equipment can be subjected to thousands of tests in batch mode without requiring supervision. The RTDS Simulator will provide detailed reports on the equipment's response to each test. Whether the user is testing equipment or simply running simulation studies, the real-time capability significantly improves productivity.

The simulator provides power system researchers with a supercomputer for electric grid reliably. Each modular system is fully digital and can be used for a range of studies including performing real-time closed-loop testing of protective relays and control systems, performing analytical power system simulations, testing protective relays and education and training.


The system’s graphical user interface, proprietary software and mathematical algorithms can simulate any modern electric power grid configuration. As new equipment or components are added or subtracted from the simulator’s configuration, the model instantly updates. For example, INL researchers can run simulated system-failure scenarios such as a control system cyberintrusion or a physical damage event such as a terrorist attack or natural disaster and instantly detect the order and reasoning for why dedicated relays, breakers or substations failed.

The ability to simulate real-time power grid information is a key factor in detecting previously unknown vulnerabilities and providing emergency planners with a path forward for responding to grid failures. The RTDS Simulator enables power industry experts to define the network configuration and run real-time tests for many aspects of service life, allowing system problems to be discovered faster, and solutions to be designed and tested immediately.

The RTDS system at INL is the first U.S. government-owned and -managed simulator. The laboratory employs operators with extensive experience in dynamic power systems.


-         Download the program pdf



Control Systems Security Self-Assessment Tool (CS2SAT)


In cooperation with the Department of Homeland Security’s National Cyber Security Division, control system and cybersecurity researchers at Idaho National Laboratory have developed a software-based assessment tool that aids critical infrastructure owners in applying standardized security measures to their control systems.


The Control System Cyber Security Self-Assessment Tool works by compiling many known cybersecurity standards into one database and provides instructions to companies on how to best meet minimum cybersecurity recommendations based on their risk of a cyberintrusion. The tool’s intent is to help establish unified, consistent guidelines that will provide infrastructure control systems with a constant method for gauging and improving their cybersecurity process, while still allowing utility companies to maximize their productivity over the Internet.


Using a standard desktop computer, the software walks users through a series of questionnaires related to the control system in question. Users input data about their control system at four different, but interrelated steps. The first step identifies potential cyber-consequences related to the facility being assessed, while the other three provide information and recommendations on how to fix potential weaknesses.


The first step, Consequence Analysis, asks users to answer a series of multiple-choice questions related to the potential economic impact, loss of life or injury, environmental and cascading effects of a successful cyberintrusion. Once the questions have been answered, the tool calculates a recommended Security Assurance Level (SAL) that provides a security goal for utilities to strive for based on their risk associated with a cyberintrusion. The scores range from five, or high security, to one, or low security. The SAL score is also used to determine which set of existing standards and guidelines located in the tool’s database will help guide the company to achieving an appropriate level of security.


For instance, to meet an SAL score of three, typical for most electric power plants, the user’s control system would need a minimum of a properly configured firewall placed between the corporate local area network (LAN) and the control system LAN. It would also need encrypted data flow between the corporate and control system network. Control systems not configured for these requirements would be provided with a series of recommended steps to help increase their security to an appropriate assurance level.


The second phase is known as Architecture Discovery. In this phase, the tool allows users to input data about how their network is configured, and what components such as firewalls, WiFi access points or routers may be connected to the control system. Users also have the option of selecting from standard network configurations or templates built into the tool. Using a graphical user interface, the tool generates a second series of questions to identify how security has been implemented at each connected component.


Once the tool identifies all connected components, step three generates a Requirements Questionnaire, which asks control system engineers and operators to supply specific information about how each control system is currently configured for cybersecurity. This information is then compared to the SAL score that was assigned to the control system based on its consequence of a cyberintrusion. At this point, the tool generates a gap analysis that identifies which requirements are not being met and recommends a process for improvement.


In addition to security solutions, the final step displays a Risk Reduction Report that prioritizes recommended solutions to ensure increased cybersecurity is applied to the most critical areas on a priority schedule.


In 2006, the software program was field tested with seven companies in multiple sectors including water and energy. Additionally, the tool has been demonstrated and discussed at control systems user groups and at conferences like the SANS Institute Process Control and SCADA Summit. Today, the software package is available for purchase from the Instrument Society of America (ISA).


-         Visit the ISA Web site


Department of energy

DOE Office of Nuclear Energy
DOE-Idaho Office