Agent Interaction and State Determination in SCADA Systems

In critical infrastructure environments, we argue that both adversaries and operators will utilize agents to manage dynamic attack/defence interactions in future. Agent behavior and, in particular, agent interaction require adequate modelling tools to reason over such situations in distributed environments where the state (malicious or non-malicious) of a channel or process can vary dynamically depending on the actions of opposing sides in attack and defence. For this purpose, we propose an extension to applied $\pi$-calculus to model agent behavior. We apply this extended calculus to the formal analysis of a class of agent-based attacks and its detection to demonstrate its utility.

An Application of Con-Resistant Trust to Improve the Reliability of Special Protection Systems within the Smart Grid

This thesis explores an application of a con-resistant trust mechanism to improve the performance of communications-based special protection systems to further enhance their effectiveness and resiliency. New initiatives in the energy sector are paving the way for the emergent communications-based smart grid technology. Smart grids incorporate modern technologies in an effort to be more reliable and efficient. However, with the benefits of this new technology comes added risk. This research utilizes a con-resistant trust mechanism as a method to quickly identify malicious or malfunctioning protection system nodes in order to mitigate the resulting instabilities in the smart grid. The feasibility and performance of this trust architecture is demonstrated through experiments comparing a simulated special protection system implemented with a con-resistant trust mechanism and without via an analysis of variance statistical model. The simulations yield positive results when implementing the con-resistant trust mechanism within the communications-based special protection system for the smart grid

FAST : a fault detection and identification software tool

The aim of this work is to improve the reliability and safety of complex critical control systems by contributing to the systematic application of fault diagnosis. In order to ease the utilization of fault detection and isolation (FDI) tools in the industry, a systematic approach is required to allow the process engineers to analyze a system from this perspective. In this way, it should be possible to analyze this system to find if it provides the required fault diagnosis and redundancy according to the process criticality. In addition, it should be possible to evaluate what-if scenarios by slightly modifying the process (f.i. adding sensors or changing their placement) and evaluating the impact in terms of the fault diagnosis and redundancy possibilities. Hence, this work proposes an approach to analyze a process from the FDI perspective and for this purpose provides the tool FAST which covers from the analysis and design phase until the final FDI supervisor implementation in a real process. To synthesize the process information, a very simple format has been defined based on XML. This format provides the needed information to systematically perform the Structural Analysis of that process. Any process can be analyzed, the only restriction is that the models of the process components need to be available in the FAST tool. The processes are described in FAST in terms of process variables, components and relations and the tool performs the structural analysis of the process obtaining: (i) the structural matrix, (ii) the perfect matching, (iii) the analytical redundancy relations (if any) and (iv) the fault signature matrix. To aid in the analysis process, FAST can operate stand alone in simulation mode allowing the process engineer to evaluate the faults, its detectability and implement changes in the process components and topology to improve the diagnosis and redundancy capabilities. On the other hand, FAST can operate on-line connected to the process plant through an OPC interface. The OPC interface enables the possibility to connect to almost any process which features a SCADA system for supervisory control. When running in on-line mode, the process is monitored by a software agent known as the Supervisor Agent. FAST has also the capability of implementing distributed FDI using its multi-agent architecture. The tool is able to partition complex industrial processes into subsystems, identify which process variables need to be shared by each subsystem and instantiate a Supervision Agent for each of the partitioned subsystems. The Supervision Agents once instantiated will start diagnosing their local components and handle the requests to provide the variable values which FAST has identified as shared with other agents to support the distributed FDI process.Per tal de facilitar la utilització d'eines per la detecció i identificació de fallades (FDI) en la indústria, es requereix un enfocament sistemàtic per permetre als enginyers de processos analitzar un sistema des d'aquesta perspectiva. D'aquesta forma, hauria de ser possible analitzar aquest sistema per determinar si proporciona el diagnosi de fallades i la redundància d'acord amb la seva criticitat. A més, hauria de ser possible avaluar escenaris de casos modificant lleugerament el procés (per exemple afegint sensors o canviant la seva localització) i avaluant l'impacte en quant a les possibilitats de diagnosi de fallades i redundància. Per tant, aquest projecte proposa un enfocament per analitzar un procés des de la perspectiva FDI i per tal d'implementar-ho proporciona l'eina FAST la qual cobreix des de la fase d'anàlisi i disseny fins a la implementació final d'un supervisor FDI en un procés real. Per sintetitzar la informació del procés s'ha definit un format simple basat en XML. Aquest format proporciona la informació necessària per realitzar de forma sistemàtica l'Anàlisi Estructural del procés. Qualsevol procés pot ser analitzat, només hi ha la restricció de que els models dels components han d'estar disponibles en l'eina FAST. Els processos es descriuen en termes de variables de procés, components i relacions i l'eina realitza l'anàlisi estructural obtenint: (i) la matriu estructural, (ii) el Perfect Matching, (iii) les relacions de redundància analítica, si n'hi ha, i (iv) la matriu signatura de fallades. Per ajudar durant el procés d'anàlisi, FAST pot operar aïlladament en mode de simulació permetent a l'enginyer de procés avaluar fallades, la seva detectabilitat i implementar canvis en els components del procés i la topologia per tal de millorar les capacitats de diagnosi i redundància. Per altra banda, FAST pot operar en línia connectat al procés de la planta per mitjà d'una interfície OPC. La interfície OPC permet la possibilitat de connectar gairebé a qualsevol procés que inclogui un sistema SCADA per la seva supervisió. Quan funciona en mode en línia, el procés està monitoritzat per un agent software anomenat l'Agent Supervisor. Addicionalment, FAST té la capacitat d'implementar FDI de forma distribuïda utilitzant la seva arquitectura multi-agent. L'eina permet dividir sistemes industrials complexes en subsistemes, identificar quines variables de procés han de ser compartides per cada subsistema i generar una instància d'Agent Supervisor per cadascun dels subsistemes identificats. Els Agents Supervisor un cop activats, començaran diagnosticant els components locals i despatxant les peticions de valors per les variables que FAST ha identificat com compartides amb altres agents, per tal d'implementar el procés FDI de forma distribuïda.Postprint (published version

Restoration of an active MV distribution grid with a battery ESS: A real case study

In order to improve power system operation, Battery Energy Storage Systems (BESSs) have been installed in high voltage/medium voltage stations by Distribution System Operators (DSOs) around the world. Support for restoration of MV distribution networks after a blackout or HV interruption is among the possible new functionalities of BESSs. With the aim to improve quality of service, the present paper investigates whether a BESS, installed in the HV/MV substation, can improve the restoration process indicators of a distribution grid. As a case study, an actual active distribution network of e-distribuzione, the main Italian DSO, has been explored. The existing network is located in central Italy. It supplies two municipalities of approximately 10,000 inhabitants and includes renewable generation plants. Several configurations are considered, based on: the state of the grid at blackout time; the BESS state of charge; and the involvement of Dispersed Generation (DG) in the restoration process. Three restoration plans (RPs) have been defined, involving the BESS alone, or in coordination with DG. A MATLAB®/Simulink® program has been designed to simulate the restoration process in each configuration and restoration plan. The results show that the BESS improves restoration process quality indicators in different simulated configurations, allowing the operation in controlled island mode of parts of distribution grids, during interruptions or blackout conditions. The defined restoration plans set the priority and the sequence of controlled island operations of parts of the grid to ensure a safe and better restoration. In conclusion, the results demonstrate that a BESS can be a valuable element towards an improved restoration procedure

Application of Game Theory to Improve the Defense of the Smart Grid

This thesis presents the development and evaluation of a distributed agent based system using reputation based trust and game theoretic techniques to improve the defense of the future smart grid from cyber-attack and equipment malfunctions. Future smart grid capabilities promise to leverage network technologies to revolutionize the production, transmission, distribution and consumption of electrical power. However, the internet like communication also increase the power grid\u27s vulnerability to cyber-attack. This thesis uses simulation linking power systems with communication networks to demonstrate the benefits of a Distributed Decision Making Communication Enable Special Protection System (SPS) using reputation based trust and game theory to protect the power grid from malicious and non-malicious malfunctions. The simulations show that a distributed approach to SPS load shedding successfully maintains power grid stability after an electrical disturbance while using reputation based trust to defend the load shedding from cyber-attack and equipment malfunction. Additional simulations demonstrate the application of game theory to defend the SPS load shedding process when available resources prevent the monitoring and defense of every part of the power grid. The demonstrated capability increases the resiliency of the power grid by preventing uncontrolled blackouts through detection and mitigation of attacks, improving the system\u27s reliability

Enhancing Trust in the Smart Grid by Applying a Modified Exponentially Weighted Averages Algorithm

The main contribution of this thesis is the development and application of a modified Exponentially Weighted Moving Algorithm (EWMA) algorithm, and its ability to robustly function in the face varying numbers of bad (malicious or malfunctioning) Special Protection System (SPS) nodes. Simulation results support the use of the proposed modified EWMA reputation based trust module in SPSs within a smart grid environment. This modification results in the ability to easily maintain the system above the minimum acceptable frequency of 58.8 Hz at the 95% confidence interval, when challenged with test cases containing 5, 10 and 15 bad node test cases out of 31 total load nodes. These promising results are realized by incorporating the optimal modified EWMA strategy, as identified by Receiver Operating Characteristic (ROC) techniques, where an optimal strategy is revealed. The optimal strategy maximizes true positives while minimizing false positives. Implementation of a modified EWMA within a reputation based special protection system does not account for each scenario that an electrical power engineer may face in the field. Instead, this research demonstrates that such an algorithm provides a robust environment to test within, in the hope of successfully meeting challenges and/or opportunities of the future

Plug-and-Participate for Limited Devices in the Field of Industrial Automation

Ausgangspunkt und gleichzeitig Motivation dieser Arbeit ist die heutige Marktsituation: Starke Kundenbedürfnisse nach individuellen Gütern stehen oftmals eher auf Massenproduktion ausgerichteten Planungs- und Automatisierungssystemen gegenüber - die Befriedigung individueller Kundenbedürfnisse setzt aber Flexibilität und Anpassungsfähigkeit voraus. Ziel dieser Arbeit ist es daher, einen Beitrag zu leisten, der es Unternehmen ermöglichen soll, auf diese individuellen Bedürfnisse flexibel reagieren zu können. Hierbei kann es im Rahmen der Dissertation natürlich nicht um eine Revolutionierung der gesamten Automatisierungs- und Planungslandschaft gehen; vielmehr ist die Lösung, die der Autor der Arbeit präsentiert, ein integraler Bestandteil eines Automatisierungskonzeptes, das im Rahmen des PABADIS Projektes entwickelt wurde: Während PABADIS das gesamte Spektrum von Planung und Maschineninfrastruktur zum Inhalt hat, bezieht sich der Kern dieser Arbeit weitestgehend auf den letztgenannten Punkt - Maschineninfrastruktur. Ziel war es, generische Maschinenfunktionalität in einem Netzwerk anzubieten, durch das Fertigungsaufträge selbstständig navigieren. Als Lösung präsentiert diese Dissertation ein Plug-and-Participate basiertes Konzept, welches beliebige Automatisierungsfunktionen in einer spontanen Gemeinschaft bereitstellt. Basis ist ein generisches Interface, in dem die generellen Anforderungen solcher ad-hoc Infrastrukturen aggregiert sind. Die Implementierung dieses Interfaces in der PABADIS Referenzimplementierung sowie die Gegenüberstellung der Systemanforderungen und Systemvoraussetzungen zeigte, das klassische Plug-and-Participate Technologien wie Jini und UPnP aufgrund ihrer Anforderungen nicht geeignet sind - Automatisierungsgeräte stellen oftmals nur eingeschränkte Ressourcen bereit. Daher wurde als zweites Ergebnis neben dem Plug-and-Participate basierten Automatisierungskonzept eine Plug-and-Participate Technologie entwickelt - Pini - die den Gegebenheiten der Automatisierungswelt gerecht wird und schließlich eine Anwendung von PABADIS auf heutigen Automatisierungsanlagen erlaubt. Grundlegende Konzepte von Pini, die dies ermöglichen, sind die gesamte Grundarchitektur auf Basis eines verteilten Lookup Service, die Art und Weise der Dienstrepräsentation sowie die effiziente Nutzung der angebotenen Dienste. Mit Pini und darauf aufbauenden Konzepten wie PLAP ist es nun insbesondere möglich, Automatisierungssysteme wie PABADIS auf heutigen Anlagen zu realisieren. Das wiederum ist ein Schritt in Richtung Kundenorientierung - solche Systeme sind mit Hinblick auf Flexibilität und Anpassungsfähigkeit gestaltet worden, um Kundenbedürfnissen effizient gerecht zu werden