State Estimation Fusion for Linear Microgrids over an Unreliable Network

Microgrids should be continuously monitored in order to maintain suitable voltages over time. Microgrids are mainly monitored remotely, and their measurement data transmitted through lossy communication networks are vulnerable to cyberattacks and packet loss. The current study leverages the idea of data fusion to address this problem. Hence, this paper investigates the effects of estimation fusion using various machine-learning (ML) regression methods as data fusion methods by aggregating the distributed Kalman filter (KF)-based state estimates of a linear smart microgrid in order to achieve more accurate and reliable state estimates. This unreliability in measurements is because they are received through a lossy communication network that incorporates packet loss and cyberattacks. In addition to ML regression methods, multi-layer perceptron (MLP) and dependent ordered weighted averaging (DOWA) operators are also employed for further comparisons. The results of simulation on the IEEE 4-bus model validate the effectiveness of the employed ML regression methods through the RMSE, MAE and R-squared indices under the condition of missing and manipulated measurements. In general, the results obtained by the Random Forest regression method were more accurate than those of other methods.This research was partially funded by public research projects of Spanish Ministry of Science and Innovation, references PID2020-118249RB-C22 and PDC2021-121567-C22 - AEI/10.13039/ 501100011033, and by the Madrid Government (Comunidad de Madrid-Spain) under the Multiannual Agreement with UC3M in the line of Excellence of University Professors, reference EPUC3M17

Comprehensive Survey and Taxonomies of False Injection Attacks in Smart Grid: Attack Models, Targets, and Impacts

Smart Grid has rapidly transformed the centrally controlled power system into a massively interconnected cyber-physical system that benefits from the revolutions happening in the communications (e.g. 5G) and the growing proliferation of the Internet of Things devices (such as smart metres and intelligent electronic devices). While the convergence of a significant number of cyber-physical elements has enabled the Smart Grid to be far more efficient and competitive in addressing the growing global energy challenges, it has also introduced a large number of vulnerabilities culminating in violations of data availability, integrity, and confidentiality. Recently, false data injection (FDI) has become one of the most critical cyberattacks, and appears to be a focal point of interest for both research and industry. To this end, this paper presents a comprehensive review in the recent advances of the FDI attacks, with particular emphasis on 1) adversarial models, 2) attack targets, and 3) impacts in the Smart Grid infrastructure. This review paper aims to provide a thorough understanding of the incumbent threats affecting the entire spectrum of the Smart Grid. Related literature are analysed and compared in terms of their theoretical and practical implications to the Smart Grid cybersecurity. In conclusion, a range of technical limitations of existing false data attack research is identified, and a number of future research directions is recommended.Comment: Double-column of 24 pages, prepared based on IEEE Transaction articl

AI-enabled modeling and monitoring of data-rich advanced manufacturing systems

The infrastructure of cyber-physical systems (CPS) is based on a meta-concept of cybermanufacturing systems (CMS) that synchronizes the Industrial Internet of Things (IIoTs), Cloud Computing, Industrial Control Systems (ICSs), and Big Data analytics in manufacturing operations. Artificial Intelligence (AI) can be incorporated to make intelligent decisions in the day-to-day operations of CMS. Cyberattack spaces in AI-based cybermanufacturing operations pose significant challenges, including unauthorized modification of systems, loss of historical data, destructive malware, software malfunctioning, etc. However, a cybersecurity framework can be implemented to prevent unauthorized access, theft, damage, or other harmful attacks on electronic equipment, networks, and sensitive data. The five main cybersecurity framework steps are divided into procedures and countermeasure efforts, including identifying, protecting, detecting, responding, and recovering. Given the major challenges in AI-enabled cybermanufacturing systems, three research objectives are proposed in this dissertation by incorporating cybersecurity frameworks. The first research aims to detect the in-situ additive manufacturing (AM) process authentication problem using high-volume video streaming data. A side-channel monitoring approach based on an in-situ optical imaging system is established, and a tensor-based layer-wise texture descriptor is constructed to describe the observed printing path. Subsequently, multilinear principal component analysis (MPCA) is leveraged to reduce the dimension of the tensor-based texture descriptor, and low-dimensional features can be extracted for detecting attack-induced alterations. The second research work seeks to address the high-volume data stream problems in multi-channel sensor fusion for diverse bearing fault diagnosis. This second approach proposes a new multi-channel sensor fusion method by integrating acoustics and vibration signals with different sampling rates and limited training data. The frequency-domain tensor is decomposed by MPCA, resulting in low-dimensional process features for diverse bearing fault diagnosis by incorporating a Neural Network classifier. By linking the second proposed method, the third research endeavor is aligned to recovery systems of multi-channel sensing signals when a substantial amount of missing data exists due to sensor malfunction or transmission issues. This study has leveraged a fully Bayesian CANDECOMP/PARAFAC (FBCP) factorization method that enables to capture of multi-linear interaction (channels × signals) among latent factors of sensor signals and imputes missing entries based on observed signals

Modeling Coupled Nonlinear Multilayered Dynamics: Cyber Attack and Disruption of an Electric Grid

We study the consequences of cyberattack, defense, and recovery in systems for which a physical system is enabled by a cyber system by extending previous applications of models from the population biology of disease to the cyber system and coupling the state of the cyber system to the physical system, using the synchronous model for the electric grid. In analogy to disease models in which individuals are susceptible, infected, or recovered, in the cyber system, components can be uncompromised and vulnerable to attack, uncompromised and temporarily invulnerable to attack, compromised, or reset and thus not able to contribute to the performance of the physical system. We model cyber defensive countermeasures in analogy to the adaptive immune system. We link the physical and cyber systems through a metric of performance of the physical system that depends upon the state of the cyber system using (i) a generic nonlinear relationship between the state of the cyber system and the performance of the physical system and (ii) the synchronous motor model of an electric grid consisting of a utility with many customers whose smart meters can become compromised, in which a steady state in the difference in rotor angles is the metric of performance. We use the coupled models, both of which have emergent properties, to investigate two situations. First, when an attacker that relies on stealth compromise is hidden until it is either detected during routine maintenance or an attack is initiated. The probability that compromise remains undetected declines with time and the level of compromise increases with time. Because of these dynamics, an optimal time of attack emerges, and we explore how it varies with parameters of the cyber system. Second, we illustrate one of the Electric Power Research Institute scenarios for the reverse engineering of Advanced Metering Infrastructure (AMI) by coupling the synchronous motor equations for the generator and utility to the model of compromise. We derive a canonical condition for grid failure that relates the level of compromise at the time of detection of compromise and the dissipation parameter in the synchronous motor model. We conclude by discussing the innovative aspects of our methods, which include (i) a fraction of decoy components in the cyber system, which are not connected to the rest of the cyber system or the physical system and thus do not spread compromise but increase the probability of detection of compromise, (ii) allowing components of the cyber system to return to the un-compromised state either temporarily invulnerable or immediately vulnerable, (iii) adaptive Defensive Counter Measures that respond in a nonlinear fashion to attack and compromise (in analogy to killer T cells of the immune system), (iv) a generic metric of performance of the physical system that depends upon the state of the cyber system, and (v) coupling a model of the electric grid to the model of compromise of the cyber system that leads to a condition for failure of the grid in terms of parameters of both compromise and the synchronous motor model, directions for future investigations, and connections to recent studies on broadly the same topics. We include a pseudocode as an Appendix and indicate how to obtain R script for the models from the first author.publishedVersio

Classifying resilience approaches for protecting smart grids against cyber threats

Smart grids (SG) draw the attention of cyber attackers due to their vulnerabilities, which are caused by the usage of heterogeneous communication technologies and their distributed nature. While preventing or detecting cyber attacks is a well-studied field of research, making SG more resilient against such threats is a challenging task. This paper provides a classification of the proposed cyber resilience methods against cyber attacks for SG. This classification includes a set of studies that propose cyber-resilient approaches to protect SG and related cyber-physical systems against unforeseen anomalies or deliberate attacks. Each study is briefly analyzed and is associated with the proper cyber resilience technique which is given by the National Institute of Standards and Technology in the Special Publication 800-160. These techniques are also linked to the different states of the typical resilience curve. Consequently, this paper highlights the most critical challenges for achieving cyber resilience, reveals significant cyber resilience aspects that have not been sufficiently considered yet and, finally, proposes scientific areas that should be further researched in order to enhance the cyber resilience of SG.Open Access funding provided thanks to the CRUE-CSIC agreement with Springer Nature. Funding for open access charge: Universidad de Málaga / CBUA

Acquisition Data Analytics for Supply Chain Cybersecurity

Acquisition Research Program Sponsored Report SeriesSponsored Acquisition Research & Technical ReportsCybersecurity is a national priority, but the analysis required for acquisition personnel to objectively assess the integrity of the supply chain for cyber compromise is highly complex. This paper presents a process for supply chain data analytics for acquisition decision makers, addressing data collection, assessment, and reporting. The method includes workflows from initial purchase request through vendor selection and maintenance to audits across the lifecycle of an asset. Artificial intelligence can help acquisition decision makers automate the complexity of supply chain information assurance.Approved for public release; distribution is unlimited.Approved for public release; distribution is unlimited

Enhancing Cyber-Resiliency of DER-based SmartGrid: A Survey

The rapid development of information and communications technology has enabled the use of digital-controlled and software-driven distributed energy resources (DERs) to improve the flexibility and efficiency of power supply, and support grid operations. However, this evolution also exposes geographically-dispersed DERs to cyber threats, including hardware and software vulnerabilities, communication issues, and personnel errors, etc. Therefore, enhancing the cyber-resiliency of DER-based smart grid - the ability to survive successful cyber intrusions - is becoming increasingly vital and has garnered significant attention from both industry and academia. In this survey, we aim to provide a systematical and comprehensive review regarding the cyber-resiliency enhancement (CRE) of DER-based smart grid. Firstly, an integrated threat modeling method is tailored for the hierarchical DER-based smart grid with special emphasis on vulnerability identification and impact analysis. Then, the defense-in-depth strategies encompassing prevention, detection, mitigation, and recovery are comprehensively surveyed, systematically classified, and rigorously compared. A CRE framework is subsequently proposed to incorporate the five key resiliency enablers. Finally, challenges and future directions are discussed in details. The overall aim of this survey is to demonstrate the development trend of CRE methods and motivate further efforts to improve the cyber-resiliency of DER-based smart grid.Comment: Submitted to IEEE Transactions on Smart Grid for Publication Consideratio

Reliability Evaluation and Defense Strategy Development for Cyber-physical Power Systems

With the smart grid initiatives in recent years, the electric power grid is rapidly evolving into a complicated and interconnected cyber-physical system. Unfortunately, the wide deployment of cutting-edge communication, control and computer technologies in the power system, as well as the increasing terrorism activities, make the power system at great risk of attacks from both cyber and physical domains. It is pressing and meaningful to investigate the plausible attack scenarios and develop efficient methods for defending the power system against them. To defend the power grid, it is critical to first study how the attacks could happen and affect the power system, which are the basis for the defense strategy development. Thus, this dissertation quantifies the influence of several typical attacks on power system reliability. Specifically, three representative attack are considered, i.e., intrusion against substations, regional LR attack, and coordinated attacks. For the intrusion against substations, the occurrence frequency of the attack events is modeled based on statistical data and human dynamics; game-theoretical approaches are adopted to model induvial and consecutive attack cases; Monte Carlo simulation is deployed to obtain the desired reliability indices, which incorporates both the attacks and the random failures. For the false data injection attack, a practical regional load redistribution (LR) attack strategy is proposed; the man-in-the-middle (MITM) intrusion process is modeled with a semi-Markov process method; the reliability indices are obtained based on the regional LR attack strategy and the MITM intrusion process using Monte Carlo simulation. For the coordinated attacks, a few typical coordination strategies are proposed considering attacking the current-carrying elements as well as attacking the measurements; a bilevel optimization method is applied to develop the optimal coordination strategy. Further, efficient and effective defense strategies are proposed from the perspectives of power system operation strategy and identification of critical elements. Specially, a robustness-oriented power grid operation strategy is proposed considering the element random failures and the risk of man-made attacks. Using this operation strategy, the power system operation is robust, and can minimize the load loss in case of malicious man-made attacks. Also, a multiple-attack-scenario (MAS) defender-attack-defender model is proposed to identify the critical branches that should be defended when an attack is anticipated but the defender has uncertainty about the capability of the attacker. If those identified critical branches are protected, the expected load loss will be minimal