A Framework for Modeling Cyber-Physical Switching Attacks in Smart Grid

Security issues in cyber-physical systems are of paramount importance due to the often safety- critical nature of its associated applications. A rst step in understanding how to protect such systems requires an understanding of emergent weaknesses, in part, due to the cyber-physical coupling. In this paper, we present a framework that models a class of cyber-physical switching vulnerabilities in smart grid systems. Variable structure system theory is employed to effectively characterize the cyber-physical interaction of the smart grid and demonstrate how existence of the switching vulnerability is dependent on the local structure of the power grid. We identify and demonstrate how through successful cyber intrusion and local knowledge of the grid an opponent can compute and apply a coordinated switching sequence to a circuit breaker to disrupt operation within a short interval of time. We illustrate the utility of the attack approach empirically on the Western Electricity Coordinating Council three-machine, nine-bus system under both model error and partial state information.The open access fee for this work was funded through the Texas A&M University Open Access to Knowledge (OAK) Fund

PMU Placement in Electric Transmission Networks for Reliable State Estimation against False Data Injection Attacks

Currently the false data injection (FDI) attack bring direct challenges in synchronized phase measurement unit (PMU) based network state estimation in wide-area measurement system (WAMS), resulting in degraded system reliability and power supply security. This paper assesses the performance of state estimation in electric cyber-physical system (ECPS) paradigm considering the presence of FDI attacks. The adverse impact on network state estimation is evaluated through simulations for a range of FDI attack scenarios using IEEE 14-bus network model. In addition, an algorithmic solution is proposed to address the issue of additional PMU installation and placement with cyber security consideration and evaluated for a set of standard electric transmission networks (IEEE 14-bus, 30-bus and 57-bus network). The numerical result confirms that the FDI attack can significantly degrade the state estimation and the cyber security can be improved by an appropriate placement of a limited number of additional PMUs

Coordinated cyber-physical attack on power grids based on malicious power dispatch

This paper proposes a new mode of cyber-physical attack based on injecting false commands, which poses an increasing risk to modern power systems as a typical example of Cyber-Physical Systems (CPS). Such attacks can trigger physical attacks by driving the system into vulnerable states. To address the critical issues arising from this new mode, we define an inverse-community (IC) in power flow distribution and evaluate it using inverse-modularity. To identify the most vulnerable state of the IC that represents the inherent vulnerability of the system, we employ a full malicious power dispatch problem. We also analyze an example of the proposed mode, where a partial malicious power dispatch that maximizes inverse-modularity is combined with physical attacks aimed at disconnecting vulnerable IC boundary lines, making cascading failures highly likely. To demonstrate the potential impact of this coordinated cyber-physical attack, we use the IEEE-118 and IEEE-300 bus systems for simulation. The results show the effectiveness of this attack strategy and provide a new perspective to analyze cyber-physical security issues in modern power systems

The Resilience Of Smart Energy Systems Against Adversarial Attacks, Operational Degradation And Variabilities

The presented research investigates selected topics concerning resilience of critical energy infrastructures against certain types of operational disturbances and/or failures whether natural or man-made. A system is made resilient through the deployment of physical devices enabling real-time monitoring, strong feedback control system, advanced system security and protection strategies or through prompt and accurate man-made actions or both. Our work seeks to develop well-planned strategies that act as a foundation for such resiliency enabling techniques.The research conducted thus far addresses three attributes of a resilient system, namely security, efficiency, and robustness, for three types of systems associated with current or future energy infrastructures. First (chapter 1), we study the security aspect of cyber-physical systems which integrate physical system dynamics with digital cyberinfrastructure. The smart electricity grid is a common example of this system type. In this work, an abstract theoretical framework is proposed to study data injection/modification attacks on Markov modeled dynamical systems from the perspective of an adversary. The adversary is capable of modifying a temporal sequence of data and the physical controller is equipped with prior statistical knowledge about the data arrival process to detect the presence of an adversary. The goal of the adversary is to modify the arrivals to minimize a utility function of the controller while minimizing the detectability of his presence as measured by the K-L divergence between the prior and posterior distribution of the arriving data. The trade-off between these two metrics– controller utility and the detectability cost is studied analytically for different underlying dynamics.Our second study (chapter 2) reviews the state of the art ocean wave generation technologies along with system level modeling while providing an initial study of the impacts of integration on a typical electrical grid network as compared to the closest related technology, wind energy extraction. In particular, wave power is computed from high resolution measured raw wave data to evaluate the effects of integrating wave generation into a small power network model. The system with no renewable energy sources and the system with comparable wind generation have been used as a reference for evaluation. Simulations show that wave power integration has good prospects in reducing the requirements of capacity and ramp reserves, thus bringing the overall cost of generation down.Our third study(chapter 3) addresses the robustness of resilient ocean wave generation systems. As an early-stage but rapidly developing technology, wave power extraction systems must have strong resilience requirements in harsh, corrosive ocean environments while enabling economic operation throughput their lifetime. Such systems are comprised of Wave Energy Converters (WECs) that are deployed offshore and that derive power from rolling ocean waves. The Levelized Cost of Electricity (LCOE) for WECs is high and one important way to reduce this cost is to employ strategies that minimize the cost of maintenance of WECs in a wave farm. In this work, an optimal maintenance strategy is proposed for a group of WECs, resulting in an adaptive scheduling of the time of repair, based on the state of the entire farm. The state-based maintenance strategy seeks to find an optimal trade-off between the moderate revenue generated from a farm with some devices being in a deteriorated or failed state and the high repair cost that typifies ocean wave farm maintenance practices. The formulation uses a Markov Decision Process (MDP) approach to devise an optimal policy which is based on the count of WECs in different operational states.Our fourth study (chapter 4) focuses on enabling resilient electricity grids with Grid Scale Storage (GSS). GSS offers resilient operations to power grids where the generation, transmission, distribution and consumption of electricity has traditionally been ``just in time . GSS offers the ability to buffer generated energy and dispatch it for consumption later, e.g., during generation outage and shortages. Our research addresses how to operate GSS to generate revenue efficiency in frequency regulation markets. Operation of GSS in frequency regulation markets is desirable due to its fast response capabilities and the corresponding revenues. However, GSS health is strongly dependent on its operation and understanding the trade-offs between revenues and degradation factors is essential. This study answers whether or not operating GSS at high efficiency regularly reduces its long-term performance (and thereby its offered resilience to the power grid).Our fifth study (chapter 5) focuses on the resilience of Wide Area Measurement Systems (WAMS) which is an integral part of modern electrical grid infrastructure. The problem of the global positioning system (GPS) spoofing attacks on smart grid endowed with phasor measurement units (PMUs) is addressed, taking into account the dynamical behavior of the states of the system. It is shown how GPS spoofing introduces a timing synchronization error in the phasor readings recorded by the PMU and alters the measurement matrix of the dynamical model. A generalized likelihood ratio-based hypotheses testing procedure is devised to detect changes in the measurement matrix when the system is subjected to a spoofing attack. Monte Carlo simulations are performed on the 9-bus, 3-machine test grid to demonstrate the implication of the spoofing attack on dynamic state estimation and to analyze the performance of the proposed hypotheses test. Asymptotic performance analysis of the proposed test, which can be used for large-scale smart grid networks, is also presented

Application-Based Measures for Developing Cyber-Resilient Control and Protection Schemes in Power Networks

Electric power systems are a part of the most-crucial infrastructure on which societies depend. In order to operate efficiently and reliably, the physical layer in large electric power networks is coupled with a cyber system of information and communication technologies, which includes compound devices and schemes, such as SCADA systems and IEDs. These communication-base schemes and components are mainly a part of protection and control systems, which are known as the backbones of power networks, since the former detects abnormal conditions and returns the system to its normal state by initiating a quick corrective action, and the latter preserves the integrity of the system and stabilizes it following physical disturbances. This dissertation concentrates on the cyber-security of protection and control systems in power networks by unveiling a vulnerable protective relay, i.e., the LCDR, and a susceptible controller, i.e., the AGC system, and proposing application-based measures for making them resilient against cyber threats. LCDRs are a group of protective relays that are highly dependent on communication systems, since they require time-synchronized remote measurements from all terminals of the line they are protecting. In AC systems, this type of relay is widely used for protecting major transmission lines, particularly higher voltage ones carrying giga-watts of power. On the other hand, due to the limitations of other protection schemes, LCDRs has been identified as a reliable protection for medium-voltage lines in DC systems. Therefore, the cyber-security of LCDRs is of great importance. On this basis, this dissertation first shows the problem in both AC and DC systems and reveals the consequences and destructiveness of cyber-attacks against LCDRs through case studies. Then, it presents three solutions to address his problem, two for AC networks and one for DC grids. For AC systems, this dissertation presents two methods, one that can be used for SV-based LCDRs, and another one that works for both SV-based and phasor-based relays. Both methods are initiated after LCDRs pickup, to confirm the occurrence of faults and differentiate them from cyber-attacks. To detect attacks, the first method compares the estimated and locally-measured voltages at LCDR's local terminal during faults for both PS and NS. To estimate the local voltage for each sequence, the proposed technique uses an UIO, the state-space model of the faulty line, and remote and local measurements, all associated with that sequence. The difference between the measured and estimated local voltages for each sequence remains close to zero during real internal faults because, in this condition, the state-space model based on which the UIO operates correctly represents the line. Nevertheless, the state-space model mismatch during attacks leads to a large difference between measured and estimated values in both sequences. The second proposed method for an AC LCDR detects attacks by comparing the calculated and locally-measured superimposed voltages in each sequence after the relay picks up. A large difference between the calculated and measured superimposed voltages in any sequence reveals that the remote current measurements are not authentic. Given that local measurements cannot be manipulated by cyber-attacks, any difference between the calculated and measured superimposed voltages is due to the inauthenticity of remote current measurements. The proposed method for DC LCDRs is comprised of POCs installed in series with each converter. During faults, the resultant RLC circuit causes the POCs to resonate and generate a damped sinusoidal component with a specific frequency. However, this specific frequency is not generated during cyber-attacks or other events. Thus, LCDRs' pickup without detecting this specific frequency denotes a cyber-attack. Given that the frequency extraction process is carried out locally by each LCDR, the proposed approach cannot be targeted by cyber-attacks. On the other hand, an AGC system, which is the secondary controller of the LFC system, is a communication-dependent vulnerable controller that maintains tie-lines' power at their scheduled values and regulates grid frequency by adjusting the set-points of a power plant's governors. This dissertation proves the destructiveness of cyber-attacks against AGC systems by proposing a SHA that disrupts the normal operation of the AGC system quickly and undetectably. Afterwards, two methods are proposed for detecting and identifying intrusions against AGC systems and making them attack-resilient. Both methods work without requiring load data in the system, in contrast to other methods presented in the literature. To detect attacks, the first method estimates the LFC system's states using a UIO, and calculates the UIO's RF, defined as the difference between the estimated and measured states. In normal conditions, the estimated and measured values for LFC states are ideally the same. Therefore, an increase in the UIO's RF over a predefined threshold signifies an attack. This method also identifies attacks, i.e., determines which system parameter(s) is (are) targeted, by designing a number of identification UIOs. The general idea behind the second proposed method for detecting and identifying attacks against AGC systems is similar to the first one; yet, the second one takes into account the effect of noise as well. Therefore, instead of a UIO, the second method utilizes a SUIE for estimating the states of the LFC system and minimizing the effect of noise on the estimated states. Similarly, increasing the SUIE's RF over a predefined threshold indicates the occurrence of an attack