Malware in smart grid

With the advancement in communication technology of Smart Grid, cyber-attacks are becoming the serious threat. Specifically, the vulnerabilities created due to the successful malware installation in smart grid is a very serious concern since it can be exploited to disable the system along with taking control or damaging the critical infrastructure permanently. The main idea behind this thesis is to explore the malware issue in the remedial action scheme (RAS), widely used for wide area protection, of smart grid. This thesis is concerned mainly on the cyber part of the Smart Grid. The main contribution of the work is divided into two major parts. In the first part, we modelled the stealthy coordinated cyber-attack with a malware at its core. The purpose of this attack is to damage the grid without getting detected by legitimate users. The attack uses a Trojan Horse malware to get a backdoor access to one of the RAS controllers. Once malware is installed, the attacker gets control of the RAS controller whenever he desires. This includes outside the LAN of the RAS controller as well. Specifically, the malware provides undetectable communication between the attacker and the device, and provides attacker the ability to execute commands in the affected device. Once the malware installation is successful, we perform the coordinate cyber-attacks by replacing the existing RAS controller script with a malicious one which plays with a generator to damage the system. This part is intended to demonstrate the dangers of the malware in Smart grid. In the second part, the defense scheme against the malware attack is proposed. The main idea is to detect and disable the device operating for RAS controller that is affected by some type of malware. This is done by introducing the one other device called Overseer. The Overseer should not have any access or control over any part of the actual grid (relays, generators, etc.). However, it should be able to communicate with all RAS controllers. RAS controllers are also upgraded so that they will take an extra measurement from a randomly selected generator which is reported to the Overseer with all the other measurements they normally take periodically. The main task of the overseer is to oversee the RAS controllers by taking updates from them. Through the usage of the proposed architecture, the overseer can detect a RAS controller which is acting maliciously. Once the malicious controller is detected, it can disable it using denial of service (DOS) attack on it until the situation is fixed. It is to be noted that the Smart Grid requires RAS controllers to perform corrective action during disturbances in the grid, they are just there to keep track of the grid during normal functioning of the power system. This means that grid does not need RAS controllers to function normally. Another possibility is when the Overseer is infected. Since Overseer has no access/control over the grid, the worst thing an attacker can do is to DOS a RAS controller which, again, will not affect the grid

Secure Control of Cyber-Physical Systems

Cyber-Physical Systems (CPS) are smart co-engineered interacting networks of physical and computational components. They refer to a large class of technologies and infrastructure in almost all life aspects including, for example, smart grids, autonomous vehicles, Internet of Things (IoT), advanced medical devices, and water supply systems. The development of CPS aims to improve the capabilities of traditional engineering systems by introducing advanced computational capacity and communications among system entities. On the other hand, the adoption of such technologies introduces a threat and exposes the system to cyber-attacks. Given the unique properties of CPSs, i.e. physically interacting with its environment, malicious parties might be interested in exploiting the physical properties of the system in the form of a cyber-physical attack. In a large class of CPSs, the physical systems are controlled using a feedback control loop. In this thesis, we investigate, from many angles, how CPSs' control systems can be prone to cyber-physical attacks and how to defend them against such attacks using arguments drawn from control theory. In our first contribution, by considering Smart Grid applications, we address the problem of designing a Denial of Service (DoS)-resilient controller for recovering the system's transient stability robustly. We propose a Model Predictive Control (MPC) controller based on the set-theoretic (ST) arguments, which is capable of dealing with both model uncertainties, actuator limitations, and DoS. Unlike traditional MPC solutions, the proposed controller has the capability of moving most of the required computations into an offline phase. The online phase requires the solution of a quadratic programming problem, which can be efficiently solved in real-time. Then, stemming from the same ST based MPC controller idea, we propose a novel physical watermarking technique for the active detection of replay attacks in CPSs. The proposed strategy exploits the ST-MPC paradigm to design control inputs that, whenever needed, can be safely and continuously applied to the system for an apriori known number of steps. Such a control scheme enables the design of a physical watermarked control signal. We prove that, in the attack-free case, the generators' transient stability is achieved for all admissible watermarking signals and that the closed-loop system enjoys uniformly ultimately bounded stability. In our second contribution, we address the attacker's ability to collect useful information about the control system in the reconnaissance phase of a cyber-physical attack. By using existing system identification tools, an attacker who has access to the control loop can identify the dynamics of the underlying control system. We develop a decoy-based moving target defense mechanism by leveraging an auxiliary set of virtual state-based decoy systems. Simulation results show that the provided solution degrades the attacker's ability to identify the underlying state-space model of the considered system from the intercepted control inputs and sensor measurements. It also does not impose any penalty on the control performance of the underlying system. Finally, in our third contribution, we introduce a covert channel technique, enabling a compromised networked controller to leak information to an eavesdropper who has access to the measurement channel. We show that this can be achieved without establishing any additional explicit communication channels by properly altering the control logic and exploiting robust reachability arguments. A dual-mode receding horizon MPC strategy is used as an illustrative example to show how such an undetectable covert channel can be established

Cyber Switching Attacks on Smart Grids

As we live in smart grid revolution, the conventional power systems turn into a fast pace toward smart grids, this transition creates new and significant challenges on the electrical network security level; In addition to the important features of the smart grids, cyber security transpire to be a serious issue due to connecting all the loads, generation units, renewable resources, substations and switches via communication network. Cyber-physical attacks are classified as the major threatening of smart grids security, this attacks may lead to a many severe repercussions in the smart grid such as large blackout and destruction of infrastructures. Switching attack is one of the most serious cyber-physical attacks on smart grids because it is direct, fast, and effective in destabilizing the grids. We start the thesis by introducing a state-of-the-art on cyber attacks from the power layer point of view i.e. the cyber attacks that affect the smart grid stability and what are the power system based solutions have been done so far to prevent or reduce the cyber attacks severity .As we focus on cyber switching attack and the method of preventing it, firstly a study on the attack principles and effects is introduced, we construct the attack on a single machine connected to an infinite bus through a transmission line. The attack on the target generator implemented by modeling the system using swing equation on Matlab platform, then we verified the result by implementing the same attack on Simulink Platform. Finally we present a novel solution to mitigate such type of attacks by using Thyristor-Controlled Braking Resistor (TCBR).The suggested solution is able to recapture the machine stability directly after the attack

Dynamic modeling, stability analysis and control of interconnected microgrids:A review

This paper reviews concepts of interconnected microgrids (IMGs) as well as compare and classify their modeling, stability analysis, and control methods. To develop benefits of isolated microgrids (MGs) such as reliability improvement and their renewable energy integration, they should be interconnected, share power, support the voltage/frequency of overloaded MGs, etc. Despite maximizing their benefits and decreasing weaknesses of isolated MGs, IMGs require maintaining stability in different operation modes and employing appropriate control methods. Moreover, a basic requirement for stability analysis and controller design is system modeling. Since many articles have addressed these topics on IMGs from different views, a comparison is necessary. Therefore, IMG dynamic modeling methods are classified and their main features and challenges are discussed. Then, stability analysis and control methods of IMGs are reviewed and compared. The provided review is supported by conceptual diagrams, classification tables, off-line and real-time simulations using MATLAB and OPAL-RT simulator for comparison. Furthermore, a data set is provided to study fundamentals as well as research gaps, which are addressed for future works

Foundations of Infrastructure CPS

Infrastructures have been around as long as urban centers, supporting a society’s needs for its planning, operation, and safety. As we move deeper into the 21st century, these infrastructures are becoming smart – they monitor themselves, communicate, and most importantly self-govern, which we denote as Infrastructure CPS. Cyber-physical systems are now becoming increasingly prevalent and possibly even mainstream. With the basics of CPS in place, such as stability, robustness, and reliability properties at a systems level, and hybrid, switched, and eventtriggered properties at a network level, we believe that the time is right to go to the next step, Infrastructure CPS, which forms the focus of the proposed tutorial. We discuss three different foundations, (i) Human Empowerment, (ii) Transactive Control, and (iii) Resilience. This will be followed by two examples, one on the nexus between power and communication infrastructure, and the other between natural gas and electricity, both of which have been investigated extensively of late, and are emerging to be apt illustrations of Infrastructure CPS

Resilient nonlinear control for attacked cyber-physical systems

In this paper, the problem of resilient nonlinear control for cyber-physical systems (CPSs) over attacked networks is studied. The motivation for this paper comes from growing applications that demand the secure control of CPSs in industry 4.0. The nonlinear physical system considered can be attacked by changing the temporal characteristics of the network, causing fixed time or time-varying delays and changing the orders of received packets. The systems under attack can be destabilized if the controller is not designed to be robust with an adversarial attack. In order to cope with nonlinearity of the physical system, a nonlinear generalized minimum variance controller and a modified Kalman estimator are derived. A worst-case controller is presented for fixed-time delay. In the situations of time-varying delays and out-of-order transmissions, an opportunistic estimator and a resilient controller are designed through an on-line algorithm in the sense that it is calculated by using the information in the received packets immediately. The ability to use the received information immediately leads to the improvement of the controller's performance. Simulation results are provided to show the applicability and performance of control law developed

Smart grids as distributed learning control

The topic of smart grids has received a lot of attention but from a scientific point of view it is a highly imprecise concept. This paper attempts to describe what could ultimately work as a control process to fulfill the aims usually stated for such grids without throwing away some important principles established by the pioneers in power system control. In modern terms, we need distributed (or multi-agent) learning control which is suggested to work with a certain consensus mechanism which appears to leave room for achieving cyber-physical security, robustness and performance goals. © 2012 IEEE.published_or_final_versio

State of the art of cyber-physical systems security: An automatic control perspective

Cyber-physical systems are integrations of computation, networking, and physical processes. Due to the tight cyber-physical coupling and to the potentially disrupting consequences of failures, security here is one of the primary concerns. Our systematic mapping study sheds light on how security is actually addressed when dealing with cyber-physical systems from an automatic control perspective. The provided map of 138 selected studies is defined empirically and is based on, for instance, application fields, various system components, related algorithms and models, attacks characteristics and defense strategies. It presents a powerful comparison framework for existing and future research on this hot topic, important for both industry and academia