A Comprehensive Survey on the Cyber-Security of Smart Grids: Cyber-Attacks, Detection, Countermeasure Techniques, and Future Directions

One of the significant challenges that smart grid networks face is cyber-security. Several studies have been conducted to highlight those security challenges. However, the majority of these surveys classify attacks based on the security requirements, confidentiality, integrity, and availability, without taking into consideration the accountability requirement. In addition, some of these surveys focused on the Transmission Control Protocol/Internet Protocol (TCP/IP) model, which does not differentiate between the application, session, and presentation and the data link and physical layers of the Open System Interconnection (OSI) model. In this survey paper, we provide a classification of attacks based on the OSI model and discuss in more detail the cyber-attacks that can target the different layers of smart grid networks communication. We also propose new classifications for the detection and countermeasure techniques and describe existing techniques under each category. Finally, we discuss challenges and future research directions

An efficient Intrusion Detection System against cyber-physical attacks in the smart grid

International audienceWithout robust security mechanisms, the smart grid remains vulnerable to many attacks that can cause serious damages. Since state estimation is a critical entity to monitor and control electricity production and distribution, intruders are more attracted by this entity in order to disrupt the smart grid reliability. In this context, we propose an Intrusion Detection System (IDS) architecture to detect lethal attacks with a focus on two smart grid security issues: (i) Firstly, against integrity issue with price manipulation attack, we propose a Cumulative Sum (CUSUM) algorithm that detects this attack even with granular price changes; (ii) Secondly, the availability issue with Denial of Service (DoS) attack against which we develop an efficient method to monitor and detect any misbehaving node. Performance evaluations show the robustness of the proposed IDS system compared to existing mechanisms. The achieved detection rate is above 95% and the false positive rate is below 5%

False data injection attack detection in smart grid

Smart grid is a distributed and autonomous energy delivery infrastructure that constantly monitors the operational state of its overall network using smart techniques and state estimation. State estimation is a powerful technique that is used to determine the overall operational state of the system based on a limited set of measurements collected through metering systems. Cyber-attacks pose serious risks to a smart grid state estimation that can cause disruptions and power outages resulting in huge economical losses and are therefore a big concern to a reliable national grid operation. False data injection attacks (FDIAs), engineered on the basis of the knowledge of the network configuration, are difficult to detect using the traditional data detection mechanisms. These detection schemes have been found vulnerable and failed to detect these FDIAs. FDIAs specifically target the state data and can manipulate the state measurements in such a way that these false measurements appear real to the main control systems. This research work explores the possibility of FDIA detection using state estimation in a distributed and partitioned smart grid. In order to detect FDIAs we use measurements for residual-based testing which creates an objective function; and the probability of erroneous data is determined from this residual test. In this test, a preset threshold is determined based on the prior history of the state data. FDIA cases are simulated within a smart grid considering that the Chi-square detection state estimator fails in identifying such attacks. We compute the objective function using the standard weighted least problem and then test the objective function against the value in the Chi-square table. The gain matrix and the Jacobian matrix are computed. The state variables are computed in the form of a voltage magnitude. The state variables are computed after the inception of an attack to assess these state magnitude results. Different sizes of partitioning are used to improve the overall sensitivity of the Chi-square results. Our additional estimator is based on a Kalman estimation that consists of the state prediction and state correction steps. In the first step, it obtains the state and matrix covariance prediction, and in the second step, it calculates the Kalman gain and the state and matrix covariance update steps. The set of points is created for the state vector x at a time instant t. The initial vector and covariance matrix are based on a priori knowledge of the historical estimates. A set of sigma points is estimated by the state update function. Sigma points refer to the minimal set of sampling points that are selected and transformed using nonlinear function, and the new mean and the covariance are formed out of these transformed points. The idea behind this is that it is easier to compute a Gaussian distribution than an arbitrary nonlinear function. The filter gain, the mean and the covariance are used to estimate the next state. Our simulation results show that the combination of Kalman estimation and distributed state estimation improves the overall stability index and vulnerability assessment score of the smart grid. We built a stability index table for a smart grid based on the state estimates value after the inception of an FDIA. The vulnerability assessment score of the smart grid is based on common vulnerability scoring system (CVSS) and state estimates under the influence of an FDIA. The simulations are conducted in the MATPOWER program and different electrical bus systems such as IEEE 14, 30, 39, 118 and 300 are tested. All the contributions have been published in reputable journals and conferences.Doctor of Philosoph

Teknologi og organisasjon i likevekt

Denne oppgaven utforsker utviklingen av cyberfysiske systemer med utgangspunkt i kraftsystemet, og forskningen på cyberfysisk systemsikring av smartnett. Dette perspektivet kombineres med sosiotekniske perspektiver på ulykker, hvor organisasjon og teknologi sees i samspill og gjensidighet med hverandre. Oppgaven tilnærmer seg derfor cyberfysisk systemsikring av kraftsystemer fra et sosioteknisk perspektiv gjennom følgende problemstilling: - Hvordan kan utviklingen av cyberfysiske systemer vise seg som sosiotekniske utfordringer for risiko og sikkerhet i organisasjoner? For å svare på denne problemstillingen tar oppgaven for seg sosioteknisk litteratur og teorier. Dette settes så i sammenheng med resultatene fra en litteraturstudie av 20 artikler om cyberfysisk systemsikring av smartnett. Gjennom en kvalitativ analyse fremhever dette studiet egenskaper ved risiko, systemsvikt og sikkerhet i cyberfysiske systemer slik presentert i forskningslitteraturen på cyberfysisk systemsikring. Det mest fremtredende funnet fra litteraturstudiet er å vise forskningslitteraturens fokus på nye tekniske sårbarheter som har oppstått i skjæringspunktet mellom digital og fysisk teknologi og nye angrepsstrategier som utnytter sårbarheter, og tilhørende sikkerhetsbarrierer som kan forhindre dette. Cyberfysisk utvikling viser seg i en forstand som nye tekniske utfordringer for organisasjoner, hvor tettere koblinger og komplekse interaksjoner gjør systemene vanskeligere å forstå og håndtere. Denne utviklingen blir også forverret i samspill med usikkerhet og tvetydighet knyttet til trusselbildet systemene står overfor. Vektleggingen av tekniske forhold i cyberfysisk systemsikring er nødvendig for utviklingen og sikringen av systemene, men systemene er stadig avhengig av mennesker og organisasjoner som designer, implementerer og drifter systemene. Oppgaven argumenterer for at sårbarheter, risiko og sikkerhet er konsepter som konstrueres av mennesker og grupper i organisasjoner, og former og formes av organisasjonens omgivelser. Den mest sentrale sosiotekniske utfordringen som diskuteres er: fremstillingen av systemene som cyberfysiske, kan potensielt neglisjere menneskelige og organisatoriske faktorer som samspiller med teknologiens utvikling og drift. Det argumenteres også for at det cyberfysiske systemperspektivet er teknosentrisk, og derfor plasseres ikke organisasjon og teknologi i likevekt

State of the art of cyber-physical systems security: An automatic control perspective

Cyber-physical systems are integrations of computation, networking, and physical processes. Due to the tight cyber-physical coupling and to the potentially disrupting consequences of failures, security here is one of the primary concerns. Our systematic mapping study sheds light on how security is actually addressed when dealing with cyber-physical systems from an automatic control perspective. The provided map of 138 selected studies is defined empirically and is based on, for instance, application fields, various system components, related algorithms and models, attacks characteristics and defense strategies. It presents a powerful comparison framework for existing and future research on this hot topic, important for both industry and academia