Armenia, Stefano with Camillo Carlini and Alessandro Cardazzone  "Understanding Security Policies in the Cyber Warfare Domain through System Dynamics", 2014 July 20-2014 July 24

UNDERSTANDING SECURITY POLICIES IN THE CYBER
WARFARE DOMAIN THROUGH SYSTEM DYNAMICS

Stefano Armenia”, Alessandro Cardazzone™, Camillo Carlini?

(1) DIAG — Department of Computer, Control and Management Engineering “Antonio Ruberti”
Sapienza University of Rome., Via Ariosto, 25 - 00185 Rome, Italy, - armenia@dis.uniromal.it

President of the System Dynamics Italian Chapter (SYDIC) — www.systemdynamics.it

(2)(3) DIAG — Department of Computer, Control and Management Engineering ‘Antonio Ruberti”
Sapienza University of Rome., Via Ariosto, 25 - 00185 Rome, Italy
c d, il.com / carlini@dis.uniroma Lit

ABSTRACT

In this paper we will delve with the analysis of the Italian Presidential Decree on Cyber
Security, dated January 2013. By reading such Act, we got the impression that, again, policy
makers lack both systemic skills and nonetheless the ability to evaluate the impacts of their
choices and assumptions before implementing their decisions. The Italian Cyber Security Act
(DL.2013) basically establishes, in case of national security put under threat by a cyber
menace, to recur to an inter-ministerial working group (Inter-Ministerial Committee for the
Security of the Republic - CISR) which, in case of deep crises, should be able to take
decisions in a timely and effective manner. In this paper, we won’t argue about the
effectiveness of such Board, which would have to be discussed by analysing on one hand the
specific competences (if any) brought to the Board by the various official stakeholders and on
the other by the processes put in place in order to favour the work to be carried out by such
Board, rather we will argue about the inherent delays in the system ultimately even made
worse by the need to activate such Board for certain critical decisions.

KEYWORDS
Cyber Security, Cyber Warfare, Homeland Security, System Dynamics

1. INTRODUCTION

Every economy of an advanced nation relies on information systems and interconnected
networks, thus in order to ensure the prosperity of a nation, making cyberspace a secure place
becomes as crucial as securing society from the presence of criminal bands. Cyber security
means ensuring the safety of this cyberspace from threats, which can take different forms.
Stealing secret information from national companies and government institutions, attacking
infrastructure vital for the functioning of the nation or attacking the privacy of the single
citizen can all be seen as extreme examples of a large spectrum of threats. Additionally,
perpetrators of attacks on cyberspace are now professionals working for governments,
hacktivist organizations or criminal bands rather than teenagers looking for some short-term
celebrity as it was in the old days. Intelligence operations are conducted through cyberspace
in order to study the weaknesses of a nation and, to complete the picture, in the military
domain cyberspace is now seen as one of the dimensions of the battlefield just like space, sea,
ground and air. Understanding the complexity of the picture of making cyberspace a safe
place turns out to be a problem, which is not only technical but rather a social, legal and
economic one. Improving cyber security knowledge, skills and capability of a nation will be
essential for supporting an open society and for protecting its vital infrastructures such as
telecommunication networks, power grid networks, industries, financial infrastructures etc.
(5).

Each countries’ critical infrastructures (from oil pipelines to the electricity grids, from gas to
water, from transportation, to financial/banking systems, to public services) is becoming
managed at an IT level in an increasing way. The massive and progressive introduction of
network, monitoring and control systems has improved the performance level of such
infrastructures, but has also introduced new ways (cyber) for criminals to carry out their
misfits. Today, an effective infrastructures protection includes threat identification,
vulnerability reduction and attack source identification, thus aiming at service downtime
minimization and damage limitation.

The expression “cyber threat” denotes the set of behaviours that can be carried out in and
through cyberspace. It mainly consists in cyber attacks, that are actions of individuals, states
or organizations, aimed at destroying, damaging or interfering with the proper functioning of
systems, networks and related processes, or at violating integrity and confidentiality of
data/information (5).

Depending on the actors and purposes, we can distinguish the following types:

+ Cybercrime: all the activities with criminal purposes (such as, for example, fraud or
wire fraud, identity theft, the misappropriation of information or of creative and
intellectual property);

+ Cyberespionage: unlawful acquisition of sensitive property or classified data or
information;

+ Cyberterrorism: the set of ideologically motivated actions, aimed at influencing a
country or an international organization.

Typically, a cyber attack is launched:

1. to paralyze one or more critical infrastructures’ activities;

2. to steal infrastructures information assets.

3. To cause a cyber war, a real conflict between nations that aims at paralyzing their
respective vital sectors (when targets are critical infrastructures and warning systems,
it is clear that the consequences for the entire society could be disastrous).

It is important to identify in advance which are likely to be possible targets of an attack so to
assess the related risks and consequences, also in terms of time required to restore normal
behaviour (resilience). Cyber threats are important challenges for the country, because they
involve both the digital domain and because of their transnational nature. Cyber threats are
not easy to counter: the actors, means, objectives and attack techniques vary continuously.

In light of the above and of the awareness that this is a continuously changing environment, it
is urgent to intervene, at the national level and beyond, against all cyber crime forms, which
represent a growing threat to critical infrastructure, society, business and citizens (5).

2. LEGISLATIVE CONTEXT AND RESEARCH QUESTIION

In this paragraph we will briefly introduce the legislative context that ultimately brought us to
consider posing our research questions.

Two main regulatory measures, adopted in Italy between 2012 and 2013, contribute to
defining the organization and strategy for Italy’s national cyber security. Law n.133/2012 and
the DPCM (Decree from the President of the Ministries Council) dated 24 March 2013.

Law 133/2012 attributes new and more detailed responsibility in the field of national cyber
defence and security to the Italian intelligence system. For instance this law gives the prime
minister the power to issue directives to the Intelligence and Security Department
(Dipartimento Informazioni per la Sicurezza - DIS), after prior consultations with the Inter
Ministerial Committee for the Security of the Republic (CISR), and to the security
intelligence services, in order to strengthen security intelligence activities for the protection
of critical infrastructures, with particular reference to national cyber defence and security.

The DPCM 24 January 2013 defines the institutional architecture tasked with safeguarding
national security in relation to critical infrastructures and intangible assets, with particular
attention to the protection of cyber security and national security. It indicates the tasks
assigned to each component and the mechanisms and procedures to follow in order to reduce
vulnerability, to improve risk prevention, to provide timely response to attacks and to permit
immediate restoration of the functionality of systems in the event of crisis.

It is worth mentioning the setting up of a so-called Nucleus for Cyber Security (Nucleo per la
Sicurezza Cibernetica) within the Military Adviser’s Office. It is a permanent body
responsible for maintaining links and coordination between the different components of the
institutional architecture involved in various capacities in the field of cyber security, in
accordance with the powers conferred by law to each of them. Members of National
Intelligence, Ministry of Internal Affairs and Foreign Affairs, Ministry of Defense, Ministry
of Economic Development, Ministry of Economy and Finance, Civil Protection and the

Digital Agency are part of the Nucleus for Cyber Security. The nucleus was established to
support the prime minister in all activities concerning the prevention and/or preparation for a
possible crisis and the activation of warning procedures. The nucleus, among other activities,
will:

1. Promote the planning of the response to crisis situations by both government and
private stakeholders and the development of all necessary procedures for inter-
ministerial coordination, fitting in with the schedules of Civil Defense and Civil
Protection;

2. assess and promote procedures for information sharing, including with private
stakeholders, for the dissemination of alerts relating to cyber events and crisis
handling;

3. promote and coordinate cybersecurity exercises, both Inter-Ministerial and at
international level, involving the simulation of events.

In order to handle a crisis event in a coordinated manner, the decree assigns to the NISP the
role of Inter Ministerial Cybernetics Crises Table. The inter-ministerial body is chaired by the
prime minister’s military advisor and will include representatives of all the institutions
involved. It will ensure that the response and the appointment of the various departments’ and
agencies’ responsibilities, in relation to cybernetic crisis, are performed in a coordinated
manner. The decree, furthermore, establishes a strict collaboration between the Inter
Ministerial Cybernetics Crisis Table and the national CERT (see next section) in order to deal
with all technical aspects in elaborating emergency responses. (5)

Thus, the rationale of this paper finds its roots in the analysis of the Italian Public Presidential
Decree of Law on Cyber Security, dated January 2013 namely “Direttiva recante indirizzi per
la protezione cibernetica e la sicurezza informatica nazionale” [1].

By reading such D.L., we got the impression that, again, policy makers lack both systemic
skills and nonetheless the ability of being able to evaluate the impacts of their choices and
assumptions (ultimately turning into the application of a law and thus into money spent,
choices done, people moved around, etc.) before implementing their decisions. The Italian
D.L. Sec. 2013 (DL.2013) basically focuses the attention on the possibility, in case of
national security put under threat by a cyber menace, to recur to an inter-ministerial working
group (Inter-Ministerial Committee for the Security of the Republic - CISR) which, in case of
deep crises, should be able to take decisions in a timely and effective manner. In this paper,
we won’t argue about the effectiveness of such Board, which would have to be discussed by
analysing on one hand the specific competences (if any) brought to the Board by the various
official stakeholders and on the other by the processes put in place in order to favour the
work to be carried out by such Board, rather we will argue about the inherent delays in the
system ultimately even made worse by the need to activate such Board for certain critical
decisions.

3. A SYSTEM DYNAMICS MODELTO GET INSIGHTS ON THE CYBER
SECURITYAND CYBER WARFARE DOMAIN
A computer emergency response team (CERT) can be defined as an organization responsible
for setting up a framework for responding to cyber security incidents. It provides the
necessary services for handling incidents and supports its constituents in their recovery from
breaches of computer security. In order to mitigate risks and to minimize the number of
required responses, many CERTs also provide preventative and educational services for their
constituents. More recently the term CSIRT, which stands for Computer Security Incident
Response Team, is starting to replace CERT. It invokes a more holistic approach to security
rather than relying only on reactive forces. CERTs worldwide are generally founded and
financed by governments or academic institutions. The reason for this is that government
agencies are interested in protecting national security and universities by their very nature try
to find solutions to new problems. Historically, the name Computer Emergency Response
Team is the designation for the first team at Carnegie Mellon University (CMU). CERTs
existence is linked to malware, especially computer worms and viruses. After the Morris
Worm paralyzed a good portion of the Internet in 1988, CERT/CC at Carnegie Mellon
University was started under a US government contract.

To respect the indications of EU Directive 140/2009 and to achieve the target fixed by the
European agenda, in several EU member states, governments have set up the so-called
National CERTs. The main goal of a national CERT, from a cyber security perspective, is to
protect national and economic security, the on-going operations of a government, and the
ability of critical infrastructure to continue to function. Therefore a national CERT
typically monitors incidents at a national level, identifies incidents that could affect
critical infrastructure, warns critical stakeholders about p security threats, and
helps to build organizational CERTs in the public and private sectors (5).

We will start our analysis by setting up a possible preliminary scenario (to be validated by
eventually specializing the model to a real-case scenario in this area) where there are several
generic attacks that are being carried out against a certain nation and where the national
CERT acts in defence by monitoring incidents and trying to contrast them in order to mitigate
the extent of the overall damages.

The purpose of the model is thus to analyze the impact of some cyber attacks on national

defense system and the way the latter responds to such attacks.

The main process that will be modelled includes the arrival of some cyber attacks (Incoming
Attacks) , according to a stochastic Poissonian distribution. All the attacks will be considered
of equal weight in terms of damage caused. Once started (Started Attacks), they are
discovered in time thanks to the allocation of specific resources for this task of detection

(detection Rate), which is a function of the "Capability to Detect attacks". It is, in turn, the

mathematical product between the number of "vesources for detection" and the "detection
Productivity". Attacks that are not detected (Undetected Attacks), a simplified function of an
"average percentage of non detected", are still effective at the level of damage caused and
may be rediscovered in time (re-discovery rate) or ending their life cycle (Max Attack
Duration) having never been detected (Undetected non-mitigated), since, for example, the

attack has completed his mission.

The rate “Undetected Attacks going unmitigated”, as seen in Figure 1, depends on an average
of time duration of the attack (Max attack duration AVG). In this sense, the greater the
duration of the attack in time, the lower the number of attacks that pass in the state "non-

mitigated".

Detection P.ty

Capability to detect
Attacks +

Incoming Attacks
distribution

Incoming Attacks

Started attacks

Attacks Detection
7 Rate

detected

Re-detectng — pet not
‘Attacks
Aes

Undetected Attacks
‘going unmitigated

Max Attack
duration AVG

Undetected Attacks

AVG pet redetect =

Figurel: Detected and Undetected attacks

The “detected attacks”, in turn, will be contrasted (mitigation rate), by using some resources
(Capability to Mitigate Attacks, in turn a function of the mathematical product between the
resources dedicated to the mitigation and the resources productivity). In this way, Mitigation
resources try to mitigate attacks and therefore to limit the attacks damage.

However, we have assumed that some of the detected attacks, cannot be mitigated (see Figure
2), so at the end of their life cycle (Max Duration of Attack) they finish their share of damage

and disturbance (not mitigated).

Detooton Pay ida
4. Capability to detct
Attacks E Capability to
mate Atacks
Incoming Attacks |
distrusion |

Incoming Attacks ge |
me ———————_/f

Started attack: etected Attacks
| | Attacks Detection io
Rate

Mitigation Rate
+ MPatiacks going +] -
PP Lindetected Attacks being n
+ mitigated
Re-detecting ‘AVG pet not
Attacks 9] detected
A
Undetected Attacks
sing unmitigated Nom-Mitgated

Max Attack
duration AVG

Undetected Attacks

AVG pet redetect,

Figure 2: Mitigated and Non-mitigated attacks

Each "active" attack, in any state of the system (Started, Detected, Undetected, etc..),
produces a certain amount of 'effective' damage (Max Damage for Attack) during its life

cycle (Max Duration of Attack) (see Figure 3).

Detection Pay

Eietive Severity of

Mizaon Pay '

' A me Threat Rati

Capabity to £ Capabity © : wi

oe oct At rnitigte Atacks 4
buon deter Anacks ioe A ) ial

| \

\

‘Anacks going
+ Undeteeted

Re-detecting _ AVG pet not

(71

Unvetected Attacks
going unitgted

a

Mak Attack

Max Damage x
duration AVG

Undetected Attacks

Figure 3: Damages and Expected Damages

Among the initial hypotheses of the model, we will assume as directly estimated the damages

that the observer would expect as a cause of the detected attacks in progress (Expected

Damages)

However, the discrepancy between the “Effective damages” to infrastructures (i.e., the
amount of damage that can be observed) and the damage that the observer would expect is an
information quite relevant to the job of threat contrast: in this way, if the damages that the
structures received, are bigger (over a certain threshold) compared to those that would be
expected from the detected attacks, then there must necessarily be some attacks that were not
detected and that are producing damages unnoticed. The estimation of threat severity (threat
of Effective severity ratio) calculated as the ratio of actual damages (Effective Damages), and
estimated damage from attacks detected (Expected Damages) is a determining factor of
acceleration in the process of acquisition of resources which can be allocated either to the

detection or the contrast of the attacks. (see Figure 4).

Activation of
Inserministeral board

| say none |
\ “Threshold a
A saad Perception of “Threat Ratio
ioe eg
;

[
i

Incoming
Atigks Flow

Started attacks

Detection Rate

/ \
fy Phy oO j

‘Anacks going
Undetected

Re-detecting ,
8 _ ANG pet not
‘Atmel PS detected

i a

—
"AVG Dante x
tack in Time Unit

Figure 4: Resource acquisiti

Among the initial assumptions, we expected in normal circumstances that there is a certain
amount of resources dedicated to the one side on detection process (Active resource for
detection) and to the other side on mitigation process (Active resource for mitigation) of
cyber attacks. As described above, the model provides a self-regulating mechanism whereby
if detection or mitigation resources are not able to handle an unexpected peak in attacks,

resources are acquired from outside (Resource Acquisition).

But the process of acquiring resources from the outside, obviously requires time (Acquisition

process delay time) (see Figures 5 and 6)

Long Term Impacts of RES-E Promotion in the
Brazilian Power System

Mario Domingos Pires Coelho
Faculdade de Engenharia da
Universidade do Porto, Portugal
up201407355@fe.up.pt

Abstract— This paper analyzes the impact on market prices of
the policies that have been adopted in Brazil to foster electricity
from renewable energy sources (RES-E), namely wind power. In
recent years the Brazilian Government implemented a series of
policies that enabled a strong growth of RES-E. Recently more
than 14 GW of wind and solar power were contracted. However,
as most of the assets are concentrated in specific regions, these
policies will induce price differences among areas of the country.
In this scope, this paper describes a System Dynamics based
model of the Brazilian generation system to evaluate the impact
on prices from the deployment of these new sources. The paper
describes simulations using realistic data for the Brazilian power
system and the results suggest that the difference of prices in the
country tend to increase since the Northeast region of the
country concentrates most of the wind parks.

Index Terms Brazilian power system, Electricity Markets,
Generation Expansion Planning, Long-term analysis.

I INTRODUCTION

The Electricity Power Industry has been evolving quickly
and passing through a revolution in the recent years. Some of
the main drivers of this revolution are the unbundling of the
electricity sector, the fast renewable energy deployment and
the improvement on computer and communication
technologies [1]. These factors are quickly reshaping the way
power systems are regulated, operated and planned.

As power systems are evolving, the Generation Expansion
Planning (GEP) and the methods to approach this problem
have been also passing through changes. Shortly, we can say
that the GEP has evolved from a cost optimization paradigm

J.T. Saraiva
INESCTEC and Faculdade de Engenharia
da Universidade do Porto, Portugal
jsaraiva@fe.up.pt

Adelino J. C. Pereira
IPC/ISEC - Instituto Superior de
Engenharia de Coimbra, Portugal

ajcp@isec.pt

the Norwegian power system and Vogstad [7] expanded that
model to analyze the entire Nord Pool. On the other hand,
and Saraiva [8] evaluated the long term impacts of
asing wind power generation in the Iberian electricity
day-ahead market price. The use of ABM based models also
increased a lot in the energy sector. For instance, Wittmann
[9] proposed the use of ABM tools to support investment
decisions, and Calabria [10] developed an ABM model to
support the proposition of a novel regulatory framework for
Brazilian Electricity Market.

Rahmandad and Sterman [11] compared ABM based
approaches with models based on differential equations
concluding that both could provide similar mean results. At
this point it is worth mentioning that given its stochastic
nature, ABM generates results as a distribution of outcomes.
However, they highlighted that “AB models will be useful
when data or the underlying “physics” of a situation specify
the network structure, suggest it is critical in the results, and
that structure is stable over the time horizon of interest. Often,
though, data ... and the distribution of individual attributes are
hard to obtain and highly uncertain, requiring extensive
sensitivity analysis to ensure robust results.”

Despite the conception of sophisticated planning tools, the
evolution of the electricity sector is most of the times a result
of the implemented policies. It is common though that the
outcomes from the policies are excessive/unexpected and this
is true for different power systems around the world as
mentioned in [12], [13]. These issues are a result of the lack of
Systems Thinking together with the difficulty in

(in the scope of the vertical integ! utilities k of
the past) [2], through a multi-criteria and large scale problem
(in which uncertainties regarding the fuel costs and
environmental targets became important) [3], and finally to a
market environment [4]. In this case, there are typically many
agents and technologies under competition leading to higher
levels of uncertainties [5]. Considering this new framework
and the unbundling of traditional utilities in generation,
transmission, distribution and retailing activities, Agent Based
Models (ABM) and System Dynamics (SD) started to be
applied to the power sector. Botterund [6] developed a SD toll
to evaluate the competitiveness of natural gas power plants in

derstanding the diverse feedback mechanisms that are
intrinsic to complex and dynamic structures as power systems.

According to these ideas and recognizing that current
models are often affected by this type of problems, this paper
describes a System Dynamics based tool developed to perform
expansion planning studies. In this case, this tool was used to
analyze the impacts of the new wind power plants in the prices
of the Brazilian electricity markets in the medium and in the
long run. After this Introduction, Section II, overviews the
Brazilian Power System and the main issues that it has been
facing in recent years. Section III provides details on the main

http://ieeexplore ieee.org/document/7980797/

Incoming Attacks
distribution

Autacks,

AVG pet
redeteet

Detection Paty

Capabiity «0

detect Attacks mitigate Attacks _ ’

Activation of

Interminstrial board
Resources

posal [REST]

/ 7 ] 7 }
Disposal Poley Senet Actin

Reser Dsrntion

-) ee

é

ma Dy

tacks going
na

passat

tacks Mitigation
Rate

Expected
Damage Rate

Attack AVG

Vas

“ave Danae x

Figura 5: Resource Distribution Policy

4. RESULTS, DISCUSSION & FUTURE WORK

We have simulated our model with the following assumptions and initialization values (unit:
1 hour):

Attacks_Increase = STEP(Offensive, 168) - STEP(Offensive,336)
Acquisition_process_delay_time = 72+(Activation_of _Interministerial_board*96)
AVG_pct_not__detected = 0.1

Delay_in_Activating_the_board = 24

Incoming __attacks_distribution = poisson (Mean_of_attacks+Attacks_Increase)
Max_Attack_duration__AVG = 96

Max_Damage_x__Attack_AVG = 10

Mean_of attacks = 20

Offensive = RANDOM (100,150)

Severity__Activation__Threshold = 2

Std_Detection_Pty = 6

Std_Mitigation_Pty = 3

From Figure 1, we notice that we have the desired increase in the number of average attacks
after the first week of simulation, which structurally brings, due to the new desired values for
resources in detection and mitigation, to a growth in the related rates.

® 1: Incoming Attacks flow 2: Attacks Detection Rate 3: Attacks Mitigation Rate
1: 3004
2 200
3 40
1: 150
2: 1004
3 20
1: ny)
2: 0
3 0
,00 250,75 500,50 750,25 1000,0
Page 1 Hours 1:15 Sab, 22 mar 2014
gas ? Untitled

Figure 1: Attacks flow rates

> 1:Detected attacks 2: Mitigated attacks 3: Non mit...ted attacks 4: Undetected attacks 5: Undetec...ted Attack

fon
S!
3:
3}
S!

Aw
Res

ie
2:
3:
re
500,50 750,25 1000,0
Page 1 Hours 1:15 Sab, 22 mar 2014
ae > Untitled

Figure 2: behaviours of “attacks” stocks over time

From Figure 2, we can notice that the backlogs are somehow managed over time thanks to
the growth in resources contrasting (detecting and mitigating) the attacks.

.*] 1: Active R...for Detection 2: Desired ...on Resources 3: Active R...or Mitigation 4: Desired ...ion Resources

1 304
2
3
* _—:
is
i I
1 a
2
2
4 154 pax
3
ch we \
_, bl Oe Pes wee
1 Pe
2 2 ee
3
4 0.
,00 250,75 500,50 750,25 1000,0
Page 1 Hours 1:15 Sab, 22 mar 2014
aoeayr 7 Untitled

Figure 3: behaviours of resources dedicated to detection and mitigation

From Figure 3, we see that the model gives priority to detecting attacks as at a certain
moment, there is a clear perception that the Nation is under attack but the CERT cannot
correlate the damages they experience to a real threat that they recognise (so priority is given
to detection so to be able to “empty” earlier the Started and Undetected Stocks, which
contribute heavily to procure damages “unseen” in the first moments of th simulation.

® 1: Expected Dam...m Active attacks 2: Effective Damages 3: Effective Sev...ty of threat Ratio
ts 5000004
a3 2000000
35 8 a
7 ae : el
Ne 250000
2: 10000004
= 4
1: 10)
2: 0
3: 15
,00 250,75 500,50 750,25 1000,0
Page 1 Hours 1:15 Sab, 22 mar 2014
aeaf' 7? Untitled

Figure 4: Effective damages vs. Expected Damages

We can see that the Effective Severity of Threat is quite high at the beginning but then
decreases as the “unseen” stocks get emptied out over time

As a final remark, we are obviously still in the tuning phase of our model but w can see the
promised potential for understanding the structure of attacks and response to a cyber menace.

From the above results, we can only have a partial conclusion which tells us that the model
seem to behave correctly but a more accurate tuning phase, a sensitivity analysis and more
structured approach to experiments will be able to tell us more in the near future (possibly by
the upcoming conference in summer).

In future developments, in order to provide a way to measure the effectiveness of the
response of an organization (i.e.: a CERT) to a cyber threat, we will introduce in the some
KPI’s that are interesting to consider (5), and namely what is called the cyber security
readiness index, which is a composite measure of the capacity and willingness of an
organization to face cyber threats.

It consists of the composition of the following KPIs:

Awareness index

Assesses the situational awareness related to cyber risks of the organization;

Defense index

Assesses the capacity of an organization to protect itself from a cyber attack. Notice
that the defense index is somehow correlated with the awareness index, since the
implementation of strong defence mechanisms shows cyber security awareness.
Policy index

Assesses the implementation of security related policies. A high score in this index
shows compliance to several security policies and their constant update. There is a
strong correlation of the policy index with the awareness index since the adoption of
updated security policies show an increased awareness.

External independency index

Assesses the correlation between internal systems and external providers. A low score
on this index shows the correlation of the organization mechanism to external
providers since the fault of an external cloud provider could impact on its possibility
to deliver the core product of its business. A high score on this index shows an
organization that relies minimally on external services that could impact on its
security. Note that such high scores imply larger operational costs as the organization
has to insource software services without the involvement of third parties.

5. BIBLIOGRAPHY

qd)

2)

QB)

(4)

(6)

(6)

7)

(8)

(9)
(10)

qty

(12)

(13)

(14)

(15)

(16)

(17)

(18)

(19)

(20)
Ql)

(22)

(23)

DECRETO DEL PRESIDENTE DEL CONSIGLIO DEI MINISTRI 24 gennaio 2013 “Direttiva
recante indirizzi per la protezione cibernetica ¢ la sicurezza informatica nazionale”, 2013

AAVV. On the i ification and desi; ion of Eurot critical infras sand the

of the need to improve their protection, Council Directive 2008/114/EC of 8 December 2008, Official
Journal of the European Union.

Brunner M. and Suter E. M., “International CIIP Handbook 2008/2009”, Center for Security Studies,
ETH Zurich, 2008.

Byres E.J. and Lowe J..“The Myths and Facts behind Cyber Security Risks for Industrial Control
Systems”, VDE 2004 Congress, VDE, Berlin, October 2004.

CIS Sapienza - Center for Cyber Intelligence and Information Security, University of Rome Sapienza,

The 2013 Italian Cyber Security Report: the Critical Infrastructures and other sensitive sectors
readiness, 2013, Universita di Roma La Sapienza Press
http://www.dis.uniroma1 .it/~cis/media/CIS%20Resources/2013CIS-Report.pdf

Dos Santos B.L., Peffers K., Mauer D.C., “The impact of information technology investment
announcements on the market value of the firm”, Information Systems Research, 4, pp. 1-23. 1993.
ENISA (European Network and Information Security Agency), “Incentives and Challenges for
Information Sharing in the Context of Network and Information Security", 2010.

European Commission, “Proposal for a Directive of the Council on the identification and designation of
European Critical Infrastructure and the assessment of the need to improve their protection”, EC, COM
(2006) 787.

European Commission, “Green Paper on a European f for critical infrastruc' ion”,
EC, COM(2005)576, Bruxelles, Annex I.

European Commission, “Verso una politica generale di lotta contro la ciber criminalita”, EC,
COM(2007)267, PP. 1-2.

European C Pp Cc ication from the C ission to the Council and the
European Parliament of 20 October 2004, “Critical Infrastructure Protection in the fight against
terrorism”, EC, COM(2004) 702.

European Proposal for a “Regulation of the European Parliament and of the Council", Concerning the
European Network and Information Security Agency (ENISA), EC,COM(2010) 521.

European Union, “Cybersecurity Strategy of the European Union: An Open, Safe and Secure
Cyberspace", JOIN/2013/0001.

European Union Agency for Network and Information Security (ENISA), “National Cyber Security
Strategy. Practical Guidebook”, p8, December 2012.

European Union Agency for Network and Information Security (ENISA), Glossary,

hitp://www.enisa.curopa.eu/activities/ri rent-risk/risk

inventory/glossary.

European Union Agency for Network and Information Security (ENISA), National Cyber Security

Strategy List, _http://www.enis ‘activiti esilience-and-CIIP/national-cyber-security-
s/ national-cyber-securit ies-in-the-world.

European Union Directive 2008/114/EC.

Franchina L., (2008) “Dalla Direttiva UE alla ‘governance’ nazionale, Infrastrutture Critiche sotto
protezione”, [online], GNOSIS, italian journal of Intelligence

Franchina L., (2007) “Come si proteggono le infrastrutture critiche”, [online], GNOSIS, italian journal
of Intelligence

Italian Digital Agenda official website, http://www.agenda-digitale.it/agenda_| digitale/.

Italian Digital Administration Code, http:/vww.digitpa.gov.it/codic i

del-cad

Italian Information and Security Department, “Report on information policy for security in the year
2010”, Presidency of the Council of Ministers, pp. 23-35, Rome, 2011.

Italian Ministry for the Interior Decree G.U. 30 aprile 2008, n. 101, “Individuazione delle infrastrutture
critiche informatiche di interesse nazionale”.


(24)

Italian National Security Department, official website, http://www.sicurezzanazionale.gov. it.

(25) Italian Police official website, http://www.poliziadistato.it/articolo/18494/.

(26) Italian Presidency of the Council of Ministers, Sistema di informazione per la sicurezza della
repubblica, “II linguaggio degli organismi informativi. Glossario i i ", Quaderni di
Gnosis, 2012.

(27) Italian Presidency of the Council of Ministers, “Protezione delle Infrastrutture Critiche Informatizzate",
Dipartimento per I’ Innovazione e le Tecnologie, Marzo 2004.

(28) Kaspersky Lab, “The geography of cybercrime: Western Europe and North America”, September 2012.

(29) Kaspersky Securelist,

http://www.securelist.com/en/analysis/204792244/The_geography_of _cybercrime_Western_Europe_and_Nort
h_America.

(30) Kern RR. and Peltz V., “Disaster Recovery Levels”, IBM Systems Magazine, November 2003.

(31) — Microsoft, “Microsoft Security Intelligence Report", Regional Threat Assessment: Italy”, Volume 14,
July through December, 2012.

(32) | Norton 2012 cyber crime report - Italy,
http://now-static.norton.com/now/en/pu/images/Promotions/2012/cybercrimeReport/NCR-
Country_Fact_Sheet-Italy.pdf.

(33)  Ponemon Institute, “2011 Cost of Data Breach Study, Italy”, March 2012, http://www.ponemon.org.

(34) Rinaldi S.M., Peerenboom, J.P. and Kelly T.K., “Identifying, Understanding and Analyzing Critical
Infrastructure Interdependencies”, IEEE Control Systems Magazine, Vol. 21, No. 6, 11-25, 2001.

(35) Shackelford S.J. “In ch of cyber peace" Stanford Law Review. 2012, http://www.

iew.org) ber-peace.

(36) Symantec, “Internet Security Threat Report 2013", Volume 18, 2013.

(37) US Information Technology Industry Council, “Steps to Facilitate More Effective Information Sharing
to Improve Cybersecurity”, October 2011, www. itic.org.

(38) US Presidential Decision Directive 63 (May22, 1998), “Critical Infrastructure Protection”.

(39) US Presidential Policy Directive 21 (February 12, 2013), “Critical Infrastructure Security and
Resilience”.

(40) US Public law 107-56 (October 26, 2001) “Uniting and Strengthening America by Providing
Appropriate Tools Required to Intercept and Obstruct Terrorism Act”.

(41) | US White house official website,

http://www.whiteh i ion/eop/nse/cybersecurit S ts/july2010.

(42) | US White house official website, http://www-.whitehouse.gov/cybersecurity.

(43) US White house official website, http://www.whiteh y it p ive-national-
cybersecurity-initiative

(44) | UK Cabinet Office, “The UK Cyber Security Strategy: Protecting and promoting the UK in adigital
world", Cabinet Office, United Kingdom, London, 2011.

(45) UK Financial Services Authority, “The failure of the Royal Bank of Scotland - Financial Services
Authority Board Report”, 2011.

(46) United Nation, “Overview of cybers ity”, ITU R dation ITU-T X.1205", ITU-T, p.2,
Geneva 2008.

(47) — Verizon, “The 2013 Data Breach Investigations Report”,
http://www. veri ise.com ts/rp_data-breach-investigati port-
2013_en_xg.pdf.

(48) | Westby J. R., “Governance of Enterprise Security: CyLab 2012 Report”, Carnegie Mellon University

CyLab, 2012, https://www.cylab.cmu.edu/outreach/governance.html.

blocks of the developed SD based tool. Section IV presents
some of the results obtained so far with this research and
Section V draws the main conclusions and mentions some of
the research directions to follow in the near future.

Il. BRAZILIAN POWER SYSTEM

It is a well-known fact that the Brazilian Power System is
largely dominated by hydro generation, and that most of these
hydro stations integrate long cascades that, in several cases,
are owned by different generation companies. In this context,
the ISO is responsible for and the
power plants, in order to guarantee the security of supply in
the short and in the long term. After the crisis of 2001, in
which the lack of planning and investments in the sector
combined with a large drought led to an energy rationing in
the country, a complete reform of the sector was put in place.

A. Electricity market and price formulation

Barroso et al. [14] explain in a very concise way the main
features of the Brazilian power system after the sector was
reorganized in 2004. Mandatory, ex-ante and physically
backed contracts are required for all consumers. This means
that free consumers cannot be uncontracted and take part on
short-term settlement market for their energy ion.

However, in recent years, the share of hydro generation
started to decrease, namely because of a sequence of dry years
from 2012 to 2015. During these years, the hydro reservoirs
got drained out and the electricity prices on the short term
clearing market peaked as shown in Figure 1.

B. Generation Expansion
In Brazil, expansion planning is performed in a centralized
way by EPE, Energy Research Company. Since the new legal
framework established in 2004, this entity was created and
became responsible for the research and provision of
i for the ion of the ion system in the
whole country through two different plans: Ten Year Energy
Plan (PDE) and the National Energy Plan (PNE) [16] [17].

PDE and PNE provide an indicative evolution of the
power system. However, in practice generation expansion is
promoted trough public auctions. The tenders are carried out
to supply the demand in the regulated market. Every year the
Brazilian regulatory agency, NEEL, requires _ that
distribution companies measure up and forecast the demand
for the next years, indicating the amount of energy that should
be purchased. The aggregated amount of ‘new’ energy
demanded by all distribution companies will be then

otherwise they are lized. This the
security of supply and long term contracts for producers at the
same time that avoids that free consumers are able to
‘freeride’ in moments of cheap electricity in the short-term
settlement market. It is also important to mention that in Brazil
domestic consumers must purchase power from distribution
companies under a regulated scheme.

The prices in the short-term market are defined according
to a cascade of computational programs, NEWAVE and
DECOMP. The logic of the operation of these software tools
is based on the trade-off of using or saving water resources
[15] which also means that the prices are not the result of the
relationship between demand and supply as in the market
mechanisms in operation in many countries.

Evolution of stored energy (%) and Electricity Prices (USD/MWh)

storage-%

Pree smn

als

i
aA TAR
-|f|V\-n

|
it
\

Percentage of total storage capacity)
leciiy pice (USD/MWh)

Figure 1. Evolution of energy storage in the reservoirs of the country and the
electricity prices in the short term market in recent years. Sources: CCEE,
br and ONS, www.ons.org.br, accessed 07/05/2016.

in a auction performed jointly by
ANEEL and by the Electricity Trade Chamber. In this scope,
Calabria [10] provides a review on the Brazilian electricity
market design and the model of contracting new power plants.
In recent years though, the government adopted a more
active role in the sector in order to foster RES-E, namely wind
and solar PV. The policies that were implemented ranged from
feed in tariffs in the scope of the PROINFA program, till tax
exemption and also auctions exclusively opened for renewable
sources [13]. As a result of these policies, the country was able
to obtain a fast paced growth of these intermittent sources in
contrast to what has been planned previously. Table I provides
a comparison of the installed capacity for several sources in
terms of what was estimated in the PDE 2016 and what was
really observed by the end of 2015.

TABLE I. COMPARISON OF THE INSTALLED CAPACITY (IN GW) IN BRAZIL BY
2015, DATA FROM PDE 2016 AND ANEEL.

Type PDE Reality | Difference
Large hydro’s [104.6 933 “113
‘Small hydro’s 37 Ea -0.6
Nuclear 33 2.0 =13
Biomass 3.9 38 49.9
Wind 03 95 49.2
Natural Gas BS 13.0 “08
Coal 35 3.6 40.1
Fuel Oil 18 4.0 42.2
Diesel 19 47 42.8

C. Conclusion

Summing up, the Brazilian power system went through a
restructuring process in the recent years. After the crisis in
2001, expansion planning activities were centralized and large
investments were directed towards a renewable and more

http://ieeexplore ieee.org/document/7980797/

diversified electricity matrix. However, differently from the
plans developed before, wind power and biomass were
responsible for a major part of the expansion. Thus after a
sequence of dry years, which almost originated the system’s
collapse, it is worth to evaluate the policies that were applied
and their effects in the prices on the medium and long run.

Til. THE BRAZILIAN POWER SYSTEM SD MODEL

The developed System Dynamics model structures the
Brazilian power sector in two subsystems. The first one is
termed as “NONE” and it corresponds to the North and
Northeastern power subsystem and the second was termed as
“SECOS” and represents the Southeast/Center-West and
South subsystems. This organization is used because it reflects
some of the features of the Brazilian system regarding
hnologies and their ic location together

with the most frequent electricity interchange patterns. The
main characteristics of these two are stated below:

- NONE - this subsystem has an average load of 14.7 GW
over the year. Additionally, the average natural energy
flow to its hydropower plants is of 15.5 GW and the total
installed thermal power capacity is of 9 GW. The
operation cost of the thermal plants range from 19.43
USD/MWh to 280.31 USD/MWh;

- SECOS - this subsystem has an average load of 47 GW
over the year. The average natural energy flowing to its
water basins is of 43.8 GW and the total thermal capacity
is of 14.8 GW, with thermal power plants operation costs
ranging from 5.56 USD/MWh to 330.45 USD/MWh'.

Figure 2 shows a s shot of part of the developed SD
model to represent the Brazilian System. Each of the two
subsystems, NONE and SECOS, are composed by a
generation module, a consumption (demand), a price module
and a transmi mn section, in which the price is defined
through calculations and data inputs from both the generation
and consumption models. Additionally, the SD model also
considers the energy transmission limit between both regions.

The general functioning of the developed model is
explained as follows. For each time step, a demand level is
established in each subsystem. This demand is calculated
considering a price/demand elasticity and a_ stochastic
evolution. From the demand and a specified percentage to
internalize grid losses, it is defined the total generation that
must be scheduled in each subsystem. Considering the
difference of prices between the two subsystems it is then
defined the amount of electricity that should be exchanged
between them also taking into account the transmission limit.
The energy shall flow from the region having a lower energy

' Data from ANEEL - Agéncia Nacional de Energia Elétrica. Generation
Information Bank, BIG, available in www.aneel.gov.br, accessed in
12/09/16. Also from ONS, IPMO ~ Monthly Information Operation Program:
Janeiro, available in www.ons.org.br, accessed in 07/05/2016. Also from
ONS, Operation Data/ Inflow natural energy, available in www.ons.org.br,
accessed in 07/05/2016. The electricity prices displayed were obtained
considering the exchange rate of RS3.55 for 1.00USD.

price to the one with higher price in order to balance the prices
in the country if transmission capacity is enough. After setting
the amount of energy transfer between the two subsystems, the
power that each s is and the
dispatch is updated. In this proc wind generation has
priority meaning that all available wind energy is accepted in
the system. All thermal power plants that have operation ci
lower than the price at that time step will be dispatched, and
the hydro units operate as slack resource and are responsible
for fulfilling the difference between the demand and the wind
plus the dispatched thermal units. Using the difference
between the amount of water (energy) that inflows to the
system and the quantity that must be used in the electricity
dispatch and taking into consideration the total amount of
energy available in the reservoirs, the electricity price is
updated in each iteration. This means that if the difference
between the inflow renewable energy resource (water) and the
needed hydroelectricity to be dispatched is negative, then the
price tends to increase. If that occurs, it will be induced a
larger thermal power utilization and in the long term foster
new generation investments.

Ref. [15] provides a deeper explanation regarding the
detailed formulation used in the model. The only differences
observed from the model used in previous studies and the one
used now is in the introduction of a spillage mechanism in the
Hydropower module and the introduction of a new item/factor
in the price formulation to improve the use of hydro resources,
avoiding the occurrence of spillage. Therefore the equation
used to obtain the Reservoir levels, Res, , is now dependent
on the spillage, Sp,, on the energy flowing in the rivers,
ENA,, and the dispatched hydropower, Pyy ¢. Spillage occurs
when the Reservoirs, reach their full capacity, Resyax-

S(ENA, = Puy, — Sp,).dt 0)
Sp, = max (0; Res; — Resax) (2)

Res, =

Regarding the price formulation, a new factor was inserted
multiplying the Thermal Power Term, Pip,¢, in equation (10)
explained in [15]. After introducing the spillage, it was
observed that the power system has spillage in periods of
higher electricity prices. During these periods, because of the
large Thermal Power dispatch induced by the energy prices,
Hydropower was lost even when available. Thus the new
formulation for the price variation index, Am,, was developed
considering the balance of Hydropower dispatched, Pyy,t, and
the energy flowing in the rivers, ENA;, together with the
thermal power, P;;,¢, multiplied by a coefficient that reduces
the impact of thermal power on electricity prices when the
reservoirs levels approach theirs maximum values as follows:

Pay,t-ENAt+ (Pun e"(—(Rese/Resmax))

At, = Tr *
£ s Resp

(3)
Iv. RESULTS AND DISCUSSION

The SD model described above was implemented in the

Powersim Studio software [18] and the simulations were

performed for a horizon of 10 years with time-steps of 1 week.

http://ieeexplore ieee.org/document/7980797/

NOWE

= ©

ind power

stochactty wind

aux flow menth
year NONE

INPUTS ENERGY

2,803.59 Gwh
sneraticn

2,388.15 Gah

DEMAND NONE

TIME CONSTANT
DEMAND

stochastic demand
‘pralution

10817.57 §

lee diference record
price diference copy

Pree ——

Figure 2. Screen shot of part of the developed SD. In blue, we highlight the Hydro Power module, in red we have the Wind and Thermal power systems, in green
the electricity demand, in black the price module and in orange the Transmission module.

The results obtained indicate that the model is able to
adequately reflect some of the real operation conditions of the
Brazilian system. Figures 3 and 4 displays two graphs
obtained from the Powersim Studio software with the energy
in GWh transferred between the two subsystems (in the
figures positive values indicate transfers from the SECOS to
the NONE). In Figure 3 we are simulating the Power System
with the presence of the wind power assets in the NONE
region while for Figure 4 the simulations were performed
without these assets. It can be observed that transmission
limits are reached mostly when the power is transferred from
the NONE to the SECOS region and mainly in periods of
large inflows to the water basins of the NONE and also when
wind parks located in the NONE have larger outputs.

It is also possible to notice that in the presence of the wind
power plants in the northeast subsystem, the NONE region
becomes a great exporter of electricity and that in the absence
of these units a better balance in the exchanges of electricity is
verified. In the first ¢: power was transferred from NONE
to SECOS region during 81% of the time, being the energy
transferred from NONE to SECOS of 338 TWh while in the
opposite direction the transmitted energy is reduced to 32

TWh. In the second case, the transmission occurred from
NONE to SECOS for 66% of the time, as the transmitted
energy from NONE to SECOS remained around 2.75 times
the energy transferred from SECOS to NONE subsystems.

These large differences in the transmitted electricity
between the regions will then influence the difference of
prices over the simulation period as detailed below.

-1,000- 4
Jan 01, 2016

= von ||
ity
: nn \ LL

Jan 01, 2020 Jan 01, 2024

Figure 3. Transferred energy (GWh) between SECOS and NONE subsystems
in the presence of the new wind assets at NONE Region.

http://ieeexplore ieee.org/document/7980797/

wh
1,000; \

a cer

Ht HA

Jan 01, 2016 Jan 01, 2020

8
8

PW_Transfered - 0 Wind

LH

Jan 01, 2024

Figure 4. Transferred energy (GWh) between SECOS and NONE subsystems,
without the presence of the new wind assets at NONE Region.
Figures 5 and 6 display the difference of prices between
the two subsystems when large assets of wind power in
NONE are operating (Figure 5) and when these units are not
considered (Figure 6). As it can be observed and expected
from the previous results, the presence of the wind parks in the
NONE is contributing to further increase the differences of
prices between the two regions. These figures display the
difference of price of the SECOS region regarding the prices
on NONE, which means that positive values indicate that the
prices in the SECOS are higher. The simulation shows that the
prices in SECOS can be as large as 3 times the prices in
NONE i in the case of the presence of wind parks.

Price Diference - I

Wind

0
Jan 01, 2016 Jan 01, 2020 Jan 01, 2024

Figure 5. Evolution over time of the difference of electricity prices between
SECOS and NONE subsystems in USD/MWh, with wind assets

Price Diference - O

Wind

. AMAA
f AA WUuL
i |

-50:
Jan 01, 2016

Jan 01, 2020

Jan 01, 2024

Figure 6. Evolution over time of the difference of electricity prices between
SECOS and NONE subsystems in USD/MWh, without wind assets.

However, although the price differences increase as a
result of the presence of wind parks in the NONE, it is very
important to highlight at this point that the presence of wind
parks contributes to lower the energy prices over the
simulation period as they represent more availability of
renewable energy in the integrated system. In fact, Table II
displays the results of the simulations for the yearly average
energy prices with the presence and without the wind units in
the NONE for the two subsystems. As it can be observed the
electricity prices in the NONE subsystem are consistently
lower than the ones in SECOS, what justifies the energy
flows. These facts stress the need of reinforcing transmission
lines between the SECO and the NONE in order to further
increase the global benefit from the operation of wind parks.
Additionally, they indicate that a better planning regarding the
geographic location of the new assets could result in more
balanced prices over the country. Finally, these results also
indicate that although the price differences increase as a result
of the wind parks connected in the NONE, both subsystems
benefit from their presence because the electricity prices
decline in both cases when compared with the ones that would
exist in each system without considering these wind parks.

TABLE II - AVERAGE ELECTRICITY PRICES OVER THE YEARS PER
SUBSYSTEM IN BOTH CASES WITH AND WITHOUT WIND ASSETS (PRICES
iN USD/MWH3).

With Wind | Without
2017 $59,38 $52,28
2018 $67,65, $52,96
2019 $65,09 $60,90
2020 $65,22 $58.45
2021 $67,84 $69,25
2022 $75,49 $68,82
2023 $71,32 $64.44
2024 $78,57. $73,71
2025 $73,50 $72,31

Vv. CONCLUSIONS AND FINAL COMMENTS

This paper reports the development of a Systems Dynamic
tool focusing on the Brazilian generation system and also
reflecting its i in different s having
transmission constraints between them. This model has proven
to be a valuable tool to provide different kinds of long term
analysis in Brazilian power sector. Thanks to its flexibility, it
is possible to analyze on the long term the behavior of the
generation system under different perspectives, to construct,
simulate and analyze different evolution scenarios namely in
view of different policies adopted by the government to
induce investment in some particular technologies.

In this study we accessed the long term influence of the
policies that enabled a fast paced growth in the wind power
installations, more specifically located in the Northeastern
region of the country. The reasons for this localized boom are
related with the wind power potential, the federal policies that
promoted exclusive renewable energy auctions, along with tax

http://ieeexplore ieee.org/document/7980797/

exemptions and other incentives adopted by _ state
governments. These factors supported the installation of more
than 14 GW of wind power in the region and as a result an
important part of the generation expansion contracted in recent
years was done using this renewable primary source.

As observed in the simulations, the large concentration of
the new wind power units is increasing the difference of
electricity prices between the electricity submarkets in the
country. Moreover, transmission limits have been reached
frequently. Nevertheless, this study also indicates that there is
a systemic benefit in terms of the reduction of electricity
prices along the country and that these new generation assets
are in fact needed. Therefore, this study corroborates the
conclusion reported by other studies regarding the need to
construct new transmission assets to enable a better integration
of the country and also the need of tenders in specific regions
of the country as stated in [19]. The results observed so far
show that the formulation is being succeeded since we have
been able to access quantitatively the impacts of the policies
implemented to foster RES-E and wind power in particular.

Several developments are still being implemented so that
the model can better reflect the reality and consequently the
conclusions to be obtained become more assertive. The model
is being expanded so that it includes the 4 submarkets that in
fact exist in Brazil. A generation expansion module is also
being deployed, so that the dynamics of prices influencing the
construction of more generation assets as the horizon develops
can be a Finally, the deployment of other distributed
i hnol will also be idered in the future as
part as an integrated response to Climate Change concerns.

ACKNOWLEDGMENT
The first author thanks CNPq — Conselho Nacional de
Cientifico e Te légico — Brazil, which is
providing the needed support and funding for this work.

This work is financed by the ERDF — European Regional
Development Fund through the Operational Programme for
Competitiveness and Internationalization - COMPETE 2020
within project «POCI-01-0145-FEDER-006961», and by
National Funds through FCT — Fundagao para a Ciéncia e a

Tecnologia (Portuguese Foundation for Science and

Technology) as part of project UID/EEA/50014/2013.
REFERENCES

[I] J. A. Pecas Lopes, N. Hatziargyriou, J. Mutale, P. Djapic, N. Jenkins,

“Integrating distributed generation into electric power systems: A review
of drivers, challenges and opportunities”, Electric Power S)
Research, vol. 77, no. 9, pp 1189-1203, July 2007.

[2] B. G. Gorestin, N. M. Campodonico, J. P. Costa, M. V. Pereira, “Power
System Expansion Planning Under Uncertainty”, JEEE Trans. on Power
Systems, vol. 8, no. 1, pp. 129-136, August 1993.

[3] J. C. Meza, M. B. Yidrim, A. S. Masud, “A Model for the Multiperiod
Multiobjective Power Generation Expansion Planning”, EEE Trans. on
Power Systems, vol. 22, no. 2, pp. 871-878, May 2007.

] 1-B. Park, J-H. Kim, K. Y. Lee, “Generation Expansion Planning in a
Competitive Environment Using a Genetic Algorithm”, in Proc. IEEE
PES Summer Meeting, Chicago, USA, vol. 3, pp. 1169-1172, July 2002.

cs

[5] A. Pereira, J. T. Saraiva, “Generation expansion planning (GEP) ~ A
long-term approach using system dynamics and genetic algorithms”,
Energy International Journal, vol. 36, no. 8, pp. 5180-5199, Aug. 2011.

[6] A. Botterud, “Long-Term Planning in Restructured Power System:
PhD Thesis, Norwegian University of Science and Technology,
Trondheim, Norway, 2003.

[7] K. Volgstad, “A system dynamics analysis of the Nordic Electricity
market: The transition from fossil fueled power a renewable supply
within a liberalized electricity market”, PhD Thesis, Norwegian
University of Science and Technology, Trondheim, Norway, 2004

[8] A. Pereira, J. T. Saraiva, “Long term impact of Wind power generation

in the Iberian day-ahead electricity market price”, Energy International

Jounal, vol. 55, pp. 1159-1171, June 2013.

T. Wittmann, Agent-Based Models of Energy Investment Decisions,

Springer Science & Business Media, 2008.

[10]F. A. Calabria, “Enhancing Flexibility and Ensuring Efficiency and
Security: Improving the Electricity Market in Brazil Using a Virtual
Reservoirs Model”, PhD Thesis, University of Porto, Portugal, 2016.

[II]H. Rahmandad, J. D. Sterman, “Heterogeneity and Network Structure in
the Dynamics of Diffusion: Comparing Agent-Based and Differential
Equation Models”, Management Science, vol. 54, no. 5, pp. 998-1014,
May 2008

[12]C. Klessmann, C. Nabe, K. Burges, “Pros and cons of exposing
renewables to electricity market risks — A comparison of the market
integration approaches in Germany, Spain, and the UK”, Energy Policy,

vol. 36, no. 10, pp. 3646-3661, October 2008.

[13]P. Mastropietro, C. Batlle, L. A. Barroso, P. Rodilla, “Electricity
auctions in South America: Towards Convergence of System Adequacy
and RES-E Support”, Renewable and Sustainable Energy Reviews, vol.
40, pp. 375-385, December 2014.

[I4]L. A. Barroso, A. Street, S. Granville, B. Bezerra, “Bidding Strategies in
Auctions for Long-Term Electricity Supply Contracts for New

, in Proc. IEEE - PES 2008 General Meeting, July 2008.

[15]M. D. P. Coelho, J. T. Saraiva, A. J. C. Pereira, “Long Term Expansion
Planning of the Brazilian Generation System Using Dynamic Systems”
in Proc. of the Sist Power
Conference, UPEC 2016, Coimbra, Por

[16]MMEJEPE, Ten Year Energy Expansion Plan 2023, Ministry of Mines
and Energy & Energy Research Company, Brasilia, 2014 (in Portuguese)

[I7]M. R. Conde, “Incorporation of the environmental dimension in the
long-term planning of the power generation expansion with multi-
criteria technics to support decision making”, Thesis,
UFRJ/COPPE/ Energy Planning Program, 2013. (in Portuguese)

[I8]L. A. Malezynski, “Best Practices for System Dynamics Model Design
and Construction with Powersim Studio”, Sandia National Laboratories.
2011. Available online at:_prod.sandia.govitechlib/access-
control.cgi/2011/114108.pdf

[19] MMEJEPE, “Increase of the Interconnection Capacity between Regions
North/Northeast and Southeast/Center-West for the exceeding Energy in
Regions North and Northeast: Bipoles A and B”, Studies for
Transmission Expansion Auctions, Ministry of Mines and Energy &
Energy Research Company, Brasilia, 2016 (in Portuguese)

Z

BIOGRAPHIES

Mario D. P. Coelho was born in Pirapora, Brazil in 1988. In 2011 he
received his diploma as Electrical Engineer from UFMG. After working for 5
years with the deployment of Distributed Generation projects in Brazil, he
joined the Executive Master in Sustainable Energy Systems in the framework
of the MIT Portugal Program at FEUP, where he is pursuing the PhD degree.
Adelino J. C. Pereira was born in Sanfins, Portugal in 1975. He received his
diploma, M.Sc. and PhD degrees from the Fac. de Engenharia da Univ. do
Porto, FEUP, Portugal, in 1998, 2003 and 2010. In 1998 he joined the
Coimbra Polytechnic Institute (ISEC) where he is Adjunct Professor.

J.T. Saraiva (M’00) was born in Porto, Portugal in 1962. In 1987, 1993 and
2002 he got his MSc, PhD, and Agregado degrees from FEUP, where he is
currently Professor. In 1985 he joined INESC Porto where he is head
researcher and worked in projects in the scope of consultancy contracts with
the Portuguese Electricity Regulatory Agency and generation, transmission
and distribution companies.

http://ieeexplore ieee.org/document/7980797/