A Threat-Vulnerability Based Risk Analysis Model for Cyber Physical System Security

The ability to network machinery and devices that are otherwise isolated is highly attractive to industry. This has led to growth in the use of cyber-physical systems (CPSs) with existing infrastructure. However, coupling physical and cyber processes leaves CPSs vulnerable to security attacks. A threat-vulnerability based risk model is developed through a detailed analysis of CPS security attack structures and threats. The Stuxnet malware attack is used to test the viability of the proposed model. An analysis of the Natanz system shows that, with an actual case security-risk score at Mitigation level 5, the infested facilities barely avoided a situation worse than the one which occurred. The paper concludes with a discussion on the need for risk analysis as part of CPS security and highlights the future work of modelling and comparing existing security solutions using the proposed model so to identify the sectors where CPS security is still lacking

Cyber risk modeling and attack-resilient control for power grid

The electric power grid is a cyber-physical system (CPS) that forms the lifeline of modern society. Sophisticated control applications that constantly monitor critical power system variables, such as voltage and frequency, enable system operators to deliver reliable and high-quality power. The advanced devices and communication infrastructure of the Supervisory Control and Data Acquisition (SCADA) system enable control applications ranging from substation-level voltage control schemes to system-wide automatic generation control (AGC). However, inherent cyber security vulnerabilities in the infrastructure put system operation at risk by providing an attack surface to cyber threat actors. A smart attacker, that is, a cyber threat actor with expertise in physical power system operation could cause severe damage to the power grid infrastructure and its reliability by stealthily manipulating SCADA operation. This dissertation explores such impacts to power grid operation from cyber attacks and more importantly, introduces novel mitigation schemes to minimize or negate the impacts. It has two primary components - risk modeling of coordinated cyber attacks and attack resilient control. The first component of this thesis focuses on coordinated cyber attacks, that is, attacks target multiple power system components simultaneously. The notion of spatial and temporal coordinated cyber attacks and their impact on power system transmission infrastructure is introduced. The impact from these attacks was captured in terms of traditional power system stability metrics. The results reveal that these extreme events demand a rethink of both power system planning and operations methods by way of including cyber-originated contingencies within the scope. To this end, a systematic risk modeling framework is proposed as mitigation to be used in power systems planning. The risk for a substation is modeled as the product of the vulnerability of its SCADA infrastructure and the impact from its compromise. The vulnerability is obtained by modeling the SCADA network using Stochastic Petri Nets. Impact to system reliability is quantified in terms of transmission line overloads and the resulting forced load shedding. The methodology is applied to a test power system and the attack vectors are ranked according to risk. This methodology could therefore employed by system planners to evaluate infrastructural upgrade requirements and identify security enhancements. An enhancement to the contingency analysis application is proposed as mitigation during online operation. The proposed algorithm efficiently captures impactful coordinated vectors by significantly reducing the number of cases to be evaluated. Results reveal the algorithm\u27s ability to identify almost all impactful attack vectors for a line under review without the need for a complete study. The second component of the thesis explores the impact of data integrity attacks on power system control applications. Specifically, the impact of data integrity attacks on Automatic Generation Control (AGC) is examined and Attack-Resilient Control (ARC) is proposed as mitigation. ARC for AGC proposes the use of physical system information to design algorithms for detect and mitigation of cyber attacks. Specifically, model-based anomaly detection and attack mitigation algorithm was developed for AGC using short-term load forecast data. The performance of AGC was tested on a standard test system with and without ARC. The results show that ARC for AGC is able to detect data integrity attacks, maintain system within stability margins and enhance overall system security by providing defense-in-depth. Future work includes expanding the risk analysis framework to include different types of coordinated attacks and to compare impact expressed in different power system metrics. Mitigation of temporal coordinated attacks and transient stability analysis of spatial and temporal attacks are also a part of future work. Finally, the attack resilient control framework should be enhanced to differentiate abnormal measurements due to cyber attacks from legitimate aberrations due to power system contingencies

Assessing and augmenting SCADA cyber security: a survey of techniques

SCADA systems monitor and control critical infrastructures of national importance such as power generation and distribution, water supply, transportation networks, and manufacturing facilities. The pervasiveness, miniaturisations and declining costs of internet connectivity have transformed these systems from strictly isolated to highly interconnected networks. The connectivity provides immense benefits such as reliability, scalability and remote connectivity, but at the same time exposes an otherwise isolated and secure system, to global cyber security threats. This inevitable transformation to highly connected systems thus necessitates effective security safeguards to be in place as any compromise or downtime of SCADA systems can have severe economic, safety and security ramifications. One way to ensure vital asset protection is to adopt a viewpoint similar to an attacker to determine weaknesses and loopholes in defences. Such mind sets help to identify and fix potential breaches before their exploitation. This paper surveys tools and techniques to uncover SCADA system vulnerabilities. A comprehensive review of the selected approaches is provided along with their applicability

Smart Grid Security: Threats, Challenges, and Solutions

The cyber-physical nature of the smart grid has rendered it vulnerable to a multitude of attacks that can occur at its communication, networking, and physical entry points. Such cyber-physical attacks can have detrimental effects on the operation of the grid as exemplified by the recent attack which caused a blackout of the Ukranian power grid. Thus, to properly secure the smart grid, it is of utmost importance to: a) understand its underlying vulnerabilities and associated threats, b) quantify their effects, and c) devise appropriate security solutions. In this paper, the key threats targeting the smart grid are first exposed while assessing their effects on the operation and stability of the grid. Then, the challenges involved in understanding these attacks and devising defense strategies against them are identified. Potential solution approaches that can help mitigate these threats are then discussed. Last, a number of mathematical tools that can help in analyzing and implementing security solutions are introduced. As such, this paper will provide the first comprehensive overview on smart grid security