Investigating the Cybersecurity of Smart Grids Based on Cyber-Physical Twin Approach

While the increasing penetration of information and communication technology into distribution grid brings numerous benefits, it also opens up a new threat landscape, particularly through cyberattacks. To provide a basis for countermeasures against such threats, this paper addresses the investigation of the impact and manifestations of cyberattacks on smart grids by replicating the power grid in a secure, isolated, and controlled laboratory environment as a cyber-physical twin. Currently, detecting intrusions by unauthorized third parties into the central monitoring and control system of grid operators, especially attacks within the grid perimeter, is a major challenge. The development and validation of methods to detect and prevent coordinated and timed attacks on electric power systems depends not only on the availability and quality of data from such attack scenarios, but also on suitable realistic investigation environments. However, to create a comprehensive investigation environment, a realistic representation of the study object is required to thoroughly investigate critical cyberattacks on grid operations and evaluate their impact on the power grid using real data. In this paper, we demonstrate our cyber-physical twin approach using a microgrid in the context of a cyberattack case study.Comment: IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm) 202

SELINDA: a secure, scalable and light-weight data collection protocol for smart grids

Security in the smart grid is a challenge as an increasing number of sensors and measurement devices are connected to the power grid. General purpose security protocols are not suitable for providing data security to devices with limited memory, computational power and network connectivity. In this paper, we develop a secure and light-weight scalable security protocol that allows a power system operator (PO) to collect data from measurement devices (MDs) using data collectors (DCs). The security protocol trades off between computations and device memory requirements and provides flexible association between DC and MDs. These features allow data to be securely transferred from MDs to PO via mobile or untrustworthy DCs. We analyze the complexity and security of the protocol and validate its performance using experiments. Our results confirm that our proposed protocol collects data in a secure, fast and efficient manner. © 2013 IEEE.published_or_final_versio

Automated security analysis in a SCADA system

Supervisory control and data acquisition (SCADA) is a computer system for analysing, and monitoring data, as well as, controlling a plant in industries such as power grids, oil, gas refining, and water control. SCADA belongs to the category of critical systems that are needed to maintain the infrastructure of cities and households. Therefore, the security aspect of such a system has a significant role. The early SCADA systems were designed with the operation as the primary concern rather than security since they were a monolithic networked system without external access. However, the systems evolved, and SCADA systems were embedded with web technologies for users to monitor the data externally. These changes improved the efficiency of monitoring and productivity; however, this caused a problem of potential cyber-attacks to a SCADA system. One such example was Ukraine's power grid blackout in 2015. Therefore, it is beneficial for the security of a SCADA system to create a threat modeling technique that can understand the critical components of SCADA, discover potential threats, and propose possible mitigation strategies. One issue when creating a threat model is the significant difference of SCADA from traditional Operational Technology (OT) systems. Another significant issue is that SCADA is a highly customisable system, and each SCADA instance can have different components. Therefore, for this work, we implemented a threat modeling language scadaLang, which is specific to the domain of a SCADA system. We started by defining the major assets of a SCADA system, attackers, entry surfaces, and built attacks and defense strategies. Then we developed a threat modeling domain-specific language scadaLang that can create a threat model for a particular instance of SCADA taking the differences in components and connections into account. As a result, we achieved a threat modeling language for SCADA, ensured the reliability of the results by peer-reviewing of an engineer familiar with the domain of the problem, and proposed a Turing test to ensure the validity of the result of scadaLang as the future development of the project

On The Security of Wide Area Measurement System and Phasor Data Collection

Smart grid is a typical cyber-physical system that presents the dependence of power system operations on cyber infrastructure for control, monitoring, and protection purposes. The rapid deployment of phasor measurements in smart grid transmission system has opened opportunities to utilize new applications and enhance the grid operations. Thus, the smart grid has become more dependent on communication and information technologies such as Wide Area Measurement Systems (WAMS). WAMS are used to collect real-time measurements from different sensors such as Phasor Measurement Units (PMUs) installed across widely dispersed areas. Such system will improve real-time monitoring and control; however, recent studies have pointed out that the use of WAMS introduces significant vulnerabilities to cyber-attacks that can be leveraged by attackers. Therefore, preventing or reducing the damage of cyber attacks onWAMS is critical to the security of the smart grid. In this thesis, we focus our attention on the relation between WAMS security and the IP routing protocol, which is an essential aspect to the collection of sensors measurements. Synchrophasor measurements from different PMUs are transferred through a data network and collected at one or multiple data concentrators. The timely collection of phasors from PMU dispersed across the grid allows to maintain system observability and take corrective actions when needed. This collection is made possible through Phasor Data Concentrators (PDCs) that time-align and aggregate phasor measurements, and forward the resulting stream to be used by monitoring and control applications. WAMS applications relying on these measurements have strict and stringent delay requirements, e.g., end-to-end delay as well as delay variation between measurements from different PMUs. Measurements arriving past a predetermined time period at a data concentrator will be dropped, causing incompleteness of data and affecting WAMS applications and hence the system’s operations. It has been shown that non-functional properties, such as data delay and packet drops, have a negative impact on the system functionality. We show that simply forwarding measurements from PMUs through shortest routes to phasor data collectors may result in data being dropped at their destinations. We believe therefore that there is a strong interplay between the routing paths (delays along the paths) for gathering the measurements and the value of timeout period. This is particularly troubling when a malicious attacker deliberately causes delays on some communication links along the shortest routes. Therefore, we present a mathematical model for constructing forwarding trees for PMUs’ measurements which satisfy the end to end delay as well as the delay variation requirements of WAMS applications at data concentrators. We show that a simple shortest path routing will result in larger fraction of data drop and that our method will find a suitable solution. Then, we study the relation between cyber-attack propagation and IP multicast routing. To this extent, we formulate the problem as the construction of a multicast tree that minimizes the propagation of cyber-attacks while satisfying real-time and capacity requirements. The proposed attack propagation multicast tree is evaluated using different IEEE test systems. Finally, cyber-attacks resulting in the disconnection of PDC(s) from WAMS initiate a loss of its phasor stream and incompleteness in the observability of the power system. Recovery strategies based on the re-routing of lost phasors to other connected and available PDCs need to be designed while considering the functional requirements of WAMS. We formulate a recovery strategy from loss of compromised or failed PDC(s) in the WAMS network based on the rerouting of disconnected PMUs to functional PDCs. The proposed approach is mathematically formulated as a linear program and tested on standard IEEE test systems. These problems will be extensively studied throughout this thesis

Redundancy in Communication Networks for Smart Grids

Traditional electric power grids are currently undergoing fundamental changes: Representative examples are the increase in the penetration of volatile and decentralized renewable-energy sources and the emerging distributed energy-storage systems. These changes are not viable without the introduction of automation in grid monitoring and control, which implies the application of information and communication technologies (ICT) in power systems. Consequently, there is a transition toward smart grids. IEEE defines smart grid as follows: "The integration of power, communications, and information technologies for an improved electric power infrastructure serving loads while providing for an ongoing evolution of end-use applications" . The indispensable components of the future smart grids are the communication networks. Many well-established techniques and best practices, applied in other domains, are revisited and applied in new ways. Nevertheless, some gaps still need to be bridged due to the specific requirements of the smart-grid communication networks. Concretely, a challenging objective is to fulfill reliability and low-delay requirements over the wide-area networks, commonly used in smart grids. The main ``playground" for the work presented in this thesis is the smart-grid pilot of the EPFL campus. It is deployed on the operational $20kV$ medium-voltage distribution network of the campus. At the time of the writing of this thesis, the real-time monitoring of this active distribution network has been already put in place, as the first step toward the introduction of control and protection. The monitoring infrastructure relies on a communication network that is a representative example of the smart-grid communication networks. Keeping all this in mind, in this thesis, the main topic that we focus on, is the assurance of data communication over redundant network-infrastructure in industrial environments. This thesis consists of two parts that correspond to the two aspects of the topic that we address. In the first part of the thesis, we evaluate existing, well-established, technologies and solutions in the context of the EPFL smart-grid pilot. We report on the architecture of the communication network that we built on our campus. In addition, we go into more detail by reporting on some of the characteristics of the devices used in the network. We also discuss security aspects of the MPLS Transport Profile (MPLS-TP) which is one of the proposed technologies in the context of smart grids. In the second part of this thesis, we propose new solutions. While designing our campus smart-grid network, we analyzed the imposed requirements and recognized the need for a solution for reliable packet delivery within stringent delay constraints over a redundant network-infrastructure. The existing solutions for exploiting network redundancy, such as the parallel redundancy protocol (PRP), are not viable for IP-layer wide-area networks, a key element of emerging smart grids. Other solutions (MPLS-TP for example) do not meet the stringent delay requirement. To address this issue, we present a transport-layer solution: the IP-layer parallel redundancy protocol (iPRP). In the rest of the thesis, we analyze the methods for implementing fail-independent paths that are fundamental for the optimal operation of iPRP, in SDN-based networks. We also evaluate the benefits of iPRP in wireless environments. We show that, with a help of iPRP, the performance of the communication based on the Wi-Fi technology can be significantly improved