A Defense-in-depth Cybersecurity for Smart Substations

The increase of cyber-attacks on industrial and power systems in the recent years make the cybersecurity of supervisory control and data acquisition and substation automation systemsa high important engineering issue. This paper proposes a defense in depth cybersecurity solution for smart substations in different layers of the substation automation system. In fact, it presents possible vulnerabilities in the substation automation system and propose a multiple layer solution based on best practice in cyber security such as the hardening ofdevices, whitelisting, network configuration, network segmentation, role-based account management and cyber security management and deployement

Performance evaluation of IEC 61850 MMS messages under cybersecurity considerations

IEC 62351-4 standard is published to address cybersecurity vulnerabilities of IEC 61850 Manufacturing Message Specification (MMS) messages. This standard includes a set of cipher suites that are recommended for securing MMS messages. However, these are only a set of recommendations. There is no work in the literature that implements them on an IEC 61850 MMS message and reports the performances. In order to fill this importance knowledge gap, this short communication reports results of implementing cipher suites recommended by IEC 62351-4 on IEC 61850 messages. In addition to implementation details, real message exchanges are demonstrated with lab experiments. Finally, changing certificate and message sizes are reported. The results show that cipher suite selection is critical as some suites have 29.67 % smaller certificate size than others. The novelty of this short communication is showing details of IEC 62351 application and relevant changes on message sizes and structures of IEC 61850 MMS messages. There is no similar work or publication showing such procedures and results

A Fixed-Latency Architecture to Secure GOOSE and Sampled Value Messages in Substation Systems

International Electrotechnical Commission (IEC) 62351-6 standard specifies the security mechanisms to protect real-time communications based on IEC 61850. Generic Object Oriented Substation Events (GOOSE) and Sampled Value (SV) messages must be generated, transmitted and processed in less than 3 ms, which challenges the introduction of IEC 62351-6. After evaluating the security threats to IEC 61850 communications and the state of the art in GOOSE and SV security, this work presents a novel architecture based on wire-speed processing able to provide message authentication and confidentiality. This architecture has been implemented and tested to evaluate its performance, resource usage, and the latency introduced. Other proposals in the scientific literature do not support real-time traffic, so they are not suitable for GOOSE and SV messages. Whereas the others exceed the target latency of 3 ms or do not comply with the standards, our design authenticates and encrypts real-time IEC 61850 data in less than 7 mu s-predictable latency-, and complies with IEC 62351:2020.This work was supported in part by the Ministerio de Economia y Competitividad of Spain under Project TEC2017-84011-R, in part by Fondo Europeo de Desarrollo Regional (FEDER) Funds through the Doctorados Industriales program under Grant DI-15-07857, and in part by the Department of Education, Linguistic Policy and Culture of the Basque Government through the Fund for Research Groups of the Basque University System under Grant IT978-16

Enhancing Cyber-Resiliency of DER-based SmartGrid: A Survey

The rapid development of information and communications technology has enabled the use of digital-controlled and software-driven distributed energy resources (DERs) to improve the flexibility and efficiency of power supply, and support grid operations. However, this evolution also exposes geographically-dispersed DERs to cyber threats, including hardware and software vulnerabilities, communication issues, and personnel errors, etc. Therefore, enhancing the cyber-resiliency of DER-based smart grid - the ability to survive successful cyber intrusions - is becoming increasingly vital and has garnered significant attention from both industry and academia. In this survey, we aim to provide a systematical and comprehensive review regarding the cyber-resiliency enhancement (CRE) of DER-based smart grid. Firstly, an integrated threat modeling method is tailored for the hierarchical DER-based smart grid with special emphasis on vulnerability identification and impact analysis. Then, the defense-in-depth strategies encompassing prevention, detection, mitigation, and recovery are comprehensively surveyed, systematically classified, and rigorously compared. A CRE framework is subsequently proposed to incorporate the five key resiliency enablers. Finally, challenges and future directions are discussed in details. The overall aim of this survey is to demonstrate the development trend of CRE methods and motivate further efforts to improve the cyber-resiliency of DER-based smart grid.Comment: Submitted to IEEE Transactions on Smart Grid for Publication Consideratio

Data-driven cyber attack detection and mitigation for decentralized wide-area protection and control in smart grids

Modern power systems have already evolved into complicated cyber physical systems (CPS), often referred to as smart grids, due to the continuous expansion of the electrical infrastructure, the augmentation of the number of heterogeneous system components and players, and the consequential application of a diversity of information and telecommunication technologies to facilitate the Wide Area Monitoring, Protection and Control (WAMPAC) of the day-to-day power system operation. Because of the reliance on cyber technologies, WAMPAC, among other critical functions, is prone to various malicious cyber attacks. Successful cyber attacks, especially those sabotage the operation of Bulk Electric System (BES), can cause great financial losses and social panics. Application of conventional IT security solutions is indispensable, but it often turns out to be insufficient to mitigate sophisticated attacks that deploy zero-day vulnerabilities or social engineering tactics. To further improve the resilience of the operation of smart grids when facing cyber attacks, it is desirable to make the WAMPAC functions per se capable of detecting various anomalies automatically, carrying out adaptive activity adjustments in time and thus staying unimpaired even under attack. Most of the existing research efforts attempt to achieve this by adding novel functional modules, such as model-based anomaly detectors, to the legacy centralized WAMPAC functions. In contrast, this dissertation investigates the application of data-driven algorithms in cyber attack detection and mitigation within a decentralized architecture aiming at improving the situational awareness and self-adaptiveness of WAMPAC. First part of the research focuses on the decentralization of System Integrity Protection Scheme (SIPS) with Multi-Agent System (MAS), within which the data-driven anomaly detection and optimal adaptive load shedding are further explored. An algorithm named as Support Vector Machine embedded Layered Decision Tree (SVMLDT) is proposed for the anomaly detection, which provides satisfactory detection accuracy as well as decision-making interpretability. The adaptive load shedding is carried out by every agent individually with dynamic programming. The load shedding relies on the load profile propagation among peer agents and the attack adaptiveness is accomplished by maintaining the historical mean of load shedding proportion. Load shedding only takes place after the consensus pertaining to the anomaly detection is achieved among all interconnected agents and it serves the purpose of mitigating certain cyber attacks. The attack resilience of the decentralized SIPS is evaluated using IEEE 39 bus model. It is shown that, unlike the traditional centralized SIPS, the proposed solution is able to carry out the remedial actions under most Denial of Service (DoS) attacks. The second part investigates the clustering based anomalous behavior detection and peer-assisted mitigation for power system generation control. To reduce the dimensionality of the data, three metrics are designed to interpret the behavior conformity of generator within the same balancing area. Semi-supervised K-means clustering and a density sensitive clustering algorithm based on Hieararchical DBSCAN (HDBSCAN) are both applied in clustering in the 3D feature space. Aiming to mitigate the cyber attacks targeting the generation control commands, a peer-assisted strategy is proposed. When the control commands from control center is detected as anomalous, i.e. either missing or the payload of which have been manipulated, the generating unit utilizes the peer data to infer and estimate a new generation adjustment value as replacement. Linear regression is utilized to obtain the relation of control values received by different generating units, Moving Target Defense (MTD) is adopted during the peer selection and 1-dimensional clustering is performed with the inferred control values, which are followed by the final control value estimation. The mitigation strategy proposed requires that generating units can communicate with each other in a peer-to-peer manner. Evaluation results suggest the efficacy of the proposed solution in counteracting data availability and data integrity attacks targeting the generation controls. However, the strategy stays effective only if less than half of the generating units are compromised and it is not able to mitigate cyber attacks targeting the measurements involved in the generation control

Industrial control system security design

Náplní diplomové práce je návrh bezpečnostních opatření pro zabezpečení průmyslového řídícího systému. Obsahuje analýzu komunikačního prostředí a specifik průmyslových komunikačních systémů, srovnání dostupných technologických prostředků a návrh řešení v souladu s požadavky investora.The subject of the master's thesis is a design of security measures for securing of an industrial control system. It includes an analysis of characteristics of communication environment and specifics of industrial communication systems, a comparison of available technological means and a design of a solution according to investor's requirements.

Network Slicing in 5G Connected Data Network for Smart Grid Communications Using Programmable Data Plane

Due to the technological advancements in communications, contemporary smartgrids have started to adopt Fifth Generation (5G) mobile networks for communications. Communication between Supervisory Control and Data Acquisition (SCADA) systems and Remote Terminal Units (RTUs) in smart grid environment utilizes the IEC 60870-5-104 protocol. It is a Transmission Control Protocol/Internet Protocol (TCP/IP) based protocol where data is transmitted in unencrypted form. Smart grids adopting 5G networking for communications are not isolated appropriately. Therefore, smart grids are still insecure against cyberattacks. With respect to recent developments in data plane programming, new networking paradigms can be realized including progressive ways of isolating smart grid traffic from normal traffic in a data plane. The aim of the thesis is to explore the usage of data plane programming to isolate and secure smart grid traffic into a network slice in 5G networks. This thesis successfully develops a flexible and efficient 5G network slicing solution based on P4 (Programming Protocol-Independent Packet Processors) language framework. Slice isolation is achieved with varied packet rates in slices as well as blocking devices from one slice communicating to the devices in another slice. The network slicing solution enables 5G equipped RTUs to be connected with SCADA in the Data Network in an isolated manner. A P4-based packet tagging solution is also presented where smart grid packets are tagged with specific Differentiated Services Code Point (DSCP) in the Internet Protocol (IP) headers to aid network slicing. DSCP values in the IP headers are used by the P4-based slicing solution to classify smart grid packets appropriately and push them into network slices. Both the network slicing and the DSCP tagging solutions are implemented with P4 software switch known as the Behavioral Model version 2 (BMv2). The network slicing performance is assessed in an experimental 5G testbed, which is powered by an opensourced 5G core. Basestation and User Equipment (UE) elements for connecting the RTU are simulated using appropriate software. The network slices are examined carefully in this thesis as well as their ability to provide Quality of Service (QoS) for the services hosted in the slices

Data Analytics and Machine Learning to Enhance the Operational Visibility and Situation Awareness of Smart Grid High Penetration Photovoltaic Systems

Electric utilities have limited operational visibility and situation awareness over grid-tied distributed photovoltaic systems (PV). This will pose a risk to grid stability when the PV penetration into a given feeder exceeds 60% of its peak or minimum daytime load. Third-party service providers offer only real-time monitoring but not accurate insights into system performance and prediction of productions. PV systems also increase the attack surface of distribution networks since they are not under the direct supervision and control of the utility security analysts. Six key objectives were successfully achieved to enhance PV operational visibility and situation awareness: (1) conceptual cybersecurity frameworks for PV situation awareness at device, communications, applications, and cognitive levels; (2) a unique combinatorial approach using LASSO-Elastic Net regularizations and multilayer perceptron for PV generation forecasting; (3) applying a fixed-point primal dual log-barrier interior point method to expedite AC optimal power flow convergence; (4) adapting big data standards and capability maturity models to PV systems; (5) using K-nearest neighbors and random forests to impute missing values in PV big data; and (6) a hybrid data-model method that takes PV system deration factors and historical data to estimate generation and evaluate system performance using advanced metrics. These objectives were validated on three real-world case studies comprising grid-tied commercial PV systems. The results and conclusions show that the proposed imputation approach improved the accuracy by 91%, the estimation method performed better by 75% and 10% for two PV systems, and the use of the proposed forecasting model improved the generalization performance and reduced the likelihood of overfitting. The application of primal dual log-barrier interior point method improved the convergence of AC optimal power flow by 0.7 and 0.6 times that of the currently used deterministic models. Through the use of advanced performance metrics, it is shown how PV systems of different nameplate capacities installed at different geographical locations can be directly evaluated and compared over both instantaneous as well as extended periods of time. The results of this dissertation will be of particular use to multiple stakeholders of the PV domain including, but not limited to, the utility network and security operation centers, standards working groups, utility equipment, and service providers, data consultants, system integrator, regulators and public service commissions, government bodies, and end-consumers