False Data Injection Attacks on Phasor Measurements That Bypass Low-rank Decomposition

This paper studies the vulnerability of phasor measurement units (PMUs) to false data injection (FDI) attacks. Prior work demonstrated that unobservable FDI attacks that can bypass traditional bad data detectors based on measurement residuals can be identified by detector based on low-rank decomposition (LD). In this work, a class of more sophisticated FDI attacks that captures the temporal correlation of PMU data is introduced. Such attacks are designed with a convex optimization problem and can always bypass the LD detector. The vulnerability of this attack model is illustrated on both the IEEE 24-bus RTS and the IEEE 118-bus systems.Comment: 6 pages, 4 figures, submitted to 2017 IEEE International Conference on Smart Grid Communications (SmartGridComm

Combined network intrusion and phasor data anomaly detection for secure dynamic control centers

The dynamic operation of power transmission systems requires the acquisition of reliable and accurate measurement and state information. The use of TCP/IP-based communication protocols such as IEEE C37.118 or IEC 61850 introduces different gateways to launch cyber-attacks and to compromise major system operation functionalities. Within this study, a combined network intrusion and phasor data anomaly detection system is proposed to enable a secure system operation in the presence of cyber-attacks for dynamic control centers. This includes the utilization of expert-rules, one-class classifiers, as well as recurrent neural networks to monitor different network packet and measurement information. The effectiveness of the proposed network intrusion and phasor data anomaly detection system is shown within a real-time simulation testbed considering multiple operation and cyber-attack conditions

On The Security of Wide Area Measurement System and Phasor Data Collection

Smart grid is a typical cyber-physical system that presents the dependence of power system operations on cyber infrastructure for control, monitoring, and protection purposes. The rapid deployment of phasor measurements in smart grid transmission system has opened opportunities to utilize new applications and enhance the grid operations. Thus, the smart grid has become more dependent on communication and information technologies such as Wide Area Measurement Systems (WAMS). WAMS are used to collect real-time measurements from different sensors such as Phasor Measurement Units (PMUs) installed across widely dispersed areas. Such system will improve real-time monitoring and control; however, recent studies have pointed out that the use of WAMS introduces significant vulnerabilities to cyber-attacks that can be leveraged by attackers. Therefore, preventing or reducing the damage of cyber attacks onWAMS is critical to the security of the smart grid. In this thesis, we focus our attention on the relation between WAMS security and the IP routing protocol, which is an essential aspect to the collection of sensors measurements. Synchrophasor measurements from different PMUs are transferred through a data network and collected at one or multiple data concentrators. The timely collection of phasors from PMU dispersed across the grid allows to maintain system observability and take corrective actions when needed. This collection is made possible through Phasor Data Concentrators (PDCs) that time-align and aggregate phasor measurements, and forward the resulting stream to be used by monitoring and control applications. WAMS applications relying on these measurements have strict and stringent delay requirements, e.g., end-to-end delay as well as delay variation between measurements from different PMUs. Measurements arriving past a predetermined time period at a data concentrator will be dropped, causing incompleteness of data and affecting WAMS applications and hence the system’s operations. It has been shown that non-functional properties, such as data delay and packet drops, have a negative impact on the system functionality. We show that simply forwarding measurements from PMUs through shortest routes to phasor data collectors may result in data being dropped at their destinations. We believe therefore that there is a strong interplay between the routing paths (delays along the paths) for gathering the measurements and the value of timeout period. This is particularly troubling when a malicious attacker deliberately causes delays on some communication links along the shortest routes. Therefore, we present a mathematical model for constructing forwarding trees for PMUs’ measurements which satisfy the end to end delay as well as the delay variation requirements of WAMS applications at data concentrators. We show that a simple shortest path routing will result in larger fraction of data drop and that our method will find a suitable solution. Then, we study the relation between cyber-attack propagation and IP multicast routing. To this extent, we formulate the problem as the construction of a multicast tree that minimizes the propagation of cyber-attacks while satisfying real-time and capacity requirements. The proposed attack propagation multicast tree is evaluated using different IEEE test systems. Finally, cyber-attacks resulting in the disconnection of PDC(s) from WAMS initiate a loss of its phasor stream and incompleteness in the observability of the power system. Recovery strategies based on the re-routing of lost phasors to other connected and available PDCs need to be designed while considering the functional requirements of WAMS. We formulate a recovery strategy from loss of compromised or failed PDC(s) in the WAMS network based on the rerouting of disconnected PMUs to functional PDCs. The proposed approach is mathematically formulated as a linear program and tested on standard IEEE test systems. These problems will be extensively studied throughout this thesis

Vulnerability Analysis of False Data Injection Attacks on Supervisory Control and Data Acquisition and Phasor Measurement Units

abstract: The electric power system is monitored via an extensive network of sensors in tandem with data processing algorithms, i.e., an intelligent cyber layer, that enables continual observation and control of the physical system to ensure reliable operations. This data collection and processing system is vulnerable to cyber-attacks that impact the system operation status and lead to serious physical consequences, including systematic problems and failures. This dissertation studies the physical consequences of unobservable false data injection (FDI) attacks wherein the attacker maliciously changes supervisory control and data acquisition (SCADA) or phasor measurement unit (PMU) measurements, on the electric power system. In this context, the dissertation is divided into three parts, in which the first two parts focus on FDI attacks on SCADA and the last part focuses on FDI attacks on PMUs. The first part studies the physical consequences of FDI attacks on SCADA measurements designed with limited system information. The attacker is assumed to have perfect knowledge inside a sub-network of the entire system. Two classes of attacks with different assumptions on the attacker's knowledge outside of the sub-network are introduced. In particular, for the second class of attacks, the attacker is assumed to have no information outside of the attack sub-network, but can perform multiple linear regression to learn the relationship between the external network and the attack sub-network with historical data. To determine the worst possible consequences of both classes of attacks, a bi-level optimization problem wherein the first level models the attacker's goal and the second level models the system response is introduced. The second part of the dissertation concentrates on analyzing the vulnerability of systems to FDI attacks from the perspective of the system. To this end, an off-line vulnerability analysis framework is proposed to identify the subsets of the test system that are more prone to FDI attacks. The third part studies the vulnerability of PMUs to FDI attacks. Two classes of more sophisticated FDI attacks that capture the temporal correlation of PMU data are introduced. Such attacks are designed with a convex optimization problem and can always bypass both the bad data detector and the low-rank decomposition (LD) detector.Dissertation/ThesisDoctoral Dissertation Electrical Engineering 201

The Resilience Of Smart Energy Systems Against Adversarial Attacks, Operational Degradation And Variabilities

The presented research investigates selected topics concerning resilience of critical energy infrastructures against certain types of operational disturbances and/or failures whether natural or man-made. A system is made resilient through the deployment of physical devices enabling real-time monitoring, strong feedback control system, advanced system security and protection strategies or through prompt and accurate man-made actions or both. Our work seeks to develop well-planned strategies that act as a foundation for such resiliency enabling techniques.The research conducted thus far addresses three attributes of a resilient system, namely security, efficiency, and robustness, for three types of systems associated with current or future energy infrastructures. First (chapter 1), we study the security aspect of cyber-physical systems which integrate physical system dynamics with digital cyberinfrastructure. The smart electricity grid is a common example of this system type. In this work, an abstract theoretical framework is proposed to study data injection/modification attacks on Markov modeled dynamical systems from the perspective of an adversary. The adversary is capable of modifying a temporal sequence of data and the physical controller is equipped with prior statistical knowledge about the data arrival process to detect the presence of an adversary. The goal of the adversary is to modify the arrivals to minimize a utility function of the controller while minimizing the detectability of his presence as measured by the K-L divergence between the prior and posterior distribution of the arriving data. The trade-off between these two metrics– controller utility and the detectability cost is studied analytically for different underlying dynamics.Our second study (chapter 2) reviews the state of the art ocean wave generation technologies along with system level modeling while providing an initial study of the impacts of integration on a typical electrical grid network as compared to the closest related technology, wind energy extraction. In particular, wave power is computed from high resolution measured raw wave data to evaluate the effects of integrating wave generation into a small power network model. The system with no renewable energy sources and the system with comparable wind generation have been used as a reference for evaluation. Simulations show that wave power integration has good prospects in reducing the requirements of capacity and ramp reserves, thus bringing the overall cost of generation down.Our third study(chapter 3) addresses the robustness of resilient ocean wave generation systems. As an early-stage but rapidly developing technology, wave power extraction systems must have strong resilience requirements in harsh, corrosive ocean environments while enabling economic operation throughput their lifetime. Such systems are comprised of Wave Energy Converters (WECs) that are deployed offshore and that derive power from rolling ocean waves. The Levelized Cost of Electricity (LCOE) for WECs is high and one important way to reduce this cost is to employ strategies that minimize the cost of maintenance of WECs in a wave farm. In this work, an optimal maintenance strategy is proposed for a group of WECs, resulting in an adaptive scheduling of the time of repair, based on the state of the entire farm. The state-based maintenance strategy seeks to find an optimal trade-off between the moderate revenue generated from a farm with some devices being in a deteriorated or failed state and the high repair cost that typifies ocean wave farm maintenance practices. The formulation uses a Markov Decision Process (MDP) approach to devise an optimal policy which is based on the count of WECs in different operational states.Our fourth study (chapter 4) focuses on enabling resilient electricity grids with Grid Scale Storage (GSS). GSS offers resilient operations to power grids where the generation, transmission, distribution and consumption of electricity has traditionally been ``just in time . GSS offers the ability to buffer generated energy and dispatch it for consumption later, e.g., during generation outage and shortages. Our research addresses how to operate GSS to generate revenue efficiency in frequency regulation markets. Operation of GSS in frequency regulation markets is desirable due to its fast response capabilities and the corresponding revenues. However, GSS health is strongly dependent on its operation and understanding the trade-offs between revenues and degradation factors is essential. This study answers whether or not operating GSS at high efficiency regularly reduces its long-term performance (and thereby its offered resilience to the power grid).Our fifth study (chapter 5) focuses on the resilience of Wide Area Measurement Systems (WAMS) which is an integral part of modern electrical grid infrastructure. The problem of the global positioning system (GPS) spoofing attacks on smart grid endowed with phasor measurement units (PMUs) is addressed, taking into account the dynamical behavior of the states of the system. It is shown how GPS spoofing introduces a timing synchronization error in the phasor readings recorded by the PMU and alters the measurement matrix of the dynamical model. A generalized likelihood ratio-based hypotheses testing procedure is devised to detect changes in the measurement matrix when the system is subjected to a spoofing attack. Monte Carlo simulations are performed on the 9-bus, 3-machine test grid to demonstrate the implication of the spoofing attack on dynamic state estimation and to analyze the performance of the proposed hypotheses test. Asymptotic performance analysis of the proposed test, which can be used for large-scale smart grid networks, is also presented