Impact Assessment of Hypothesized Cyberattacks on Interconnected Bulk Power Systems

The first-ever Ukraine cyberattack on power grid has proven its devastation by hacking into their critical cyber assets. With administrative privileges accessing substation networks/local control centers, one intelligent way of coordinated cyberattacks is to execute a series of disruptive switching executions on multiple substations using compromised supervisory control and data acquisition (SCADA) systems. These actions can cause significant impacts to an interconnected power grid. Unlike the previous power blackouts, such high-impact initiating events can aggravate operating conditions, initiating instability that may lead to system-wide cascading failure. A systemic evaluation of "nightmare" scenarios is highly desirable for asset owners to manage and prioritize the maintenance and investment in protecting their cyberinfrastructure. This survey paper is a conceptual expansion of real-time monitoring, anomaly detection, impact analyses, and mitigation (RAIM) framework that emphasizes on the resulting impacts, both on steady-state and dynamic aspects of power system stability. Hypothetically, we associate the combinatorial analyses of steady state on substations/components outages and dynamics of the sequential switching orders as part of the permutation. The expanded framework includes (1) critical/noncritical combination verification, (2) cascade confirmation, and (3) combination re-evaluation. This paper ends with a discussion of the open issues for metrics and future design pertaining the impact quantification of cyber-related contingencies

Assessing the criticality of interdependent power and gas systems using complex networks and load flow techniques

Gas and electricity transmission systems are increasingly interconnected, and an attack on certain assets can cause serious energy supply disruptions, as stated in recommendation (EU) 2019/553 on cybersecurity in the energy sector, recently approved by the European Commission. This study aims to assess the vulnerability of coupled natural gas and electricity infrastructures and proposes a method based on graph theory that incorporates the effects of interdependencies between networks. This study is built in a joint framework, where two different attack strategies are applied to the integrated systems: (1) disruptions to facilities with most links and (2) disruptions to the most important facilities in terms of flow. The vulnerability is measured after each network attack by quantifying the unmet load (UL) through a power flow analysis and calculating the topological damage of the systems with the geodesic vulnerability (v) index. The proposed simulation framework is applied to a case study that consists of the IEEE 118-bus test system and a 25-node high-pressure natural gas network, where both are coupled through seven gas-fired power plants (GFPPs) and three electric compressors (ECs). The methodology is useful for estimating vulnerability in both systems in a coupled manner, studying the propagation of interdependencies in the two networks and showing the applicability of the v index as a substitute for the UL index

Nuevas técnicas para modelizar y analizar la vulnerabilidad de infraestructuras críticas de energía interdependientes

La interdependencia entre las redes de gas y electricidad es motivo de preocupación debido a la creciente utilización del gas para la generación de electricidad en centrales de ciclo combinado y al uso de energía eléctrica de los compresores en la red de gas. Estas redes están sujetas a riesgos de interrupción del suministro derivados de posibles problemas técnicos o amenazas intencionadas. Por lo tanto, resulta conveniente modelizar y analizar la vulnerabilidad de estas infraestructuras críticas de energía interdependientes.En esta tesis doctoral se presenta, en primer lugar, una metodología para analizar conjuntamente los flujos de electricidad y gas. El conjunto de ecuaciones no lineales que representan la operación del sistema de potencia se resuelve utilizando el método de Newton-Raphson, mientras que las ecuaciones en la red de gas se resuelven utilizando el enfoque de transformada análoga-lineal. Se presentan dos casos de estudio para demostrar la simplicidad de la metodología propuesta. Los resultados obtenidos se verifican contra el método Newton-Raphson tradicional con el fin de comprobar la solución alcanzada, encontrando un buen desempeño de la metodología conjunta aplicada. La aplicación del enfoque propuesto permite el análisis de la vulnerabilidad de las infraestructuras energéticas interdependientes. También, se desarrolla una metodología para evaluar la vulnerabilidad estructural de las redes de energía eléctrica y gas acopladas, considerando interdependencias en el proceso de fallos en cascada. La vulnerabilidad se evalúa empleando el índice de desconexión de carga y las medidas de centralidad de vulnerabilidad geodésica e impacto en la conectividad. El estudio muestra una elevada correlación entre el índice de desconexión de carga y el índice de vulnerabilidad geodésica. De esta manera, la teoría de grafos puede usarse como sustituto de los enfoques de flujos de carga que demandan un conocimiento detallado de los parámetros eléctricos e hidráulicos de los sistemas bajo estudio y son computacionalmente más intensivos que los métodos estadísticos de grafos. Como resultado, se propone un nuevo método para estimar la vulnerabilidad de las redes de energía eléctrica y gas conjuntas utilizando el índice de vulnerabilidad geodésica. Asimismo, se estudia el comportamiento de las redes de electricidad y gas natural de España, tanto de manera separada como conjunta. Los resultados muestran que la red de gas natural es menos robusta que la red eléctrica y que la red acoplada es más vulnerable que la red eléctrica ante fallos aleatorios y deliberados. Además, eliminar los nodos más fuertemente conectados de los dos sistemas independientes resultaría una estrategia de ataque eficaz para el rápido colapso de las infraestructuras acopladas interdependientes. Por último, se evalúa la robustez estructural de los planes de expansión de las infraestructuras de electricidad y gas natural en España. Los casos de estudio corresponden a las principales inversiones propuestas por los operadores de los sistemas en 2015-2020. Los resultados demuestran que la construcción de algunas instalaciones para la expansión de ambas redes no mejora la robustez estructural de la red acoplada; sin embargo, cuando se tiene en cuenta todo el programa de inversión se produce una mejora relativa de hasta un 6% con respecto al caso base. La metodología propuesta en esta tesis corrobora que la aplicación de la teoría de grafos es adecuada para analizar la planificación de activos de una infraestructura energética crítica, requiriendo únicamente la topología y el programa de inversiones para evaluar el desempeño de la red acoplada en caso de fallos en cascada. En suma, esta tesis doctoral pone de relieve la importancia de que los sistemas energéticos se aborden como redes acopladas debido a sus fuertes interacciones. Una perturbación en un sistema puede no ser crítica si las infraestructuras están separadas, pero dado que ambas redes son interdependientes, el impacto resultante podría causar fallos en el otro sistema. En otras palabras, las interdependencias aumentan el impacto de las perturbaciones.<br /

Strain Elevation Tension Spring embedding and Cascading failures on the power-grid

Understanding the dynamics and properties of networks is of great importance in our highly connected data-driven society. When the networks relate to infrastructure, such understanding can have a substantial impact on public welfare. As such, there is a need for algorithms that can provide insights into the observable and latent properties of these structures. This thesis presents a novel embedding algorithm: the Strain Elevation Tension Spring embedding (SETSe), as a method of understanding complex networks. The algorithm is a deterministic physics model that incorporates both node and edge features into the final embedding. SETSe distinguishes itself from most embeddings methods by not having a loss function in the conventional sense and by not trying to place similar nodes close together. Instead, SETSe acts as a smoothing function for node features across the network topology. This approach produces embeddings that are intuitive and interpretable. In this thesis, I demonstrate how SETSe outperforms alternative embedding methods on node level and graph level tasks using networks made from stochastic block models and social networks with over 40,000 nodes and over 1 million edges. I also highlight a weakness of traditional methods to analysing cascading failures on power grids and demonstrate that SETSe is not susceptible to such issues. I then show how SETSe can be used as a measure of robustness in addition to providing a means to create interpretable maps in the geographical space given its smoothing embedding method. The framework has been made widely available through two open source R packages contributions, 1) the implementation of SETSe ("rsetse" on CRAN), and 2) a package for analysing cascading failures on power grids

Evaluating network criticality of interdependent infrastructure systems: applications for electrical power distribution and rail transport

Critical infrastructure provides essential services of economic and social value. However, the pressures of demand growth, congestion, capacity constraints and hazards such as extreme weather increase the need for infrastructure resilience. The increasingly interdependent nature of infrastructure also heightens the risk of cascading failure between connected systems. Infrastructure companies must meet the twin-challenge of day-to-day operations and long-term planning with increasingly constrained budgets and resources. With a need for an effective process of resource allocation, this thesis presents a network criticality assessment methodology for prioritising locations across interdependent infrastructure systems, using metrics of the expected consequence of an asset failure for operational service performance. Existing literature is focused mainly upon simulating the vulnerability of national-scale infrastructure, with assumptions of both system dynamics and dependencies for simplicity. This thesis takes a data-driven and evidence-based approach, using historical performance databases to inherently capture system behaviour, whilst network diagrams are used to directly identify asset dependencies. Network criticality assessments are produced for three applications of increasing complexity from (i) electricity distribution, to (ii) railway transport, to (iii) electrified railway dependencies on external power supplies, using case studies of contrasting infrastructure management regions. This thesis demonstrates how network criticality assessments can add value to subjective tacit knowledge and high-level priorities both within and between infrastructure systems. The spatial distribution of criticality is highlighted, whilst the key contribution of the research is the identification of high-resolution single points of failure and their spatial correlation across systems, particularly within urban areas. Service-level metrics also have a broad applicability for a range of functions, including incident response, maintenance and long-term investment. The role of network criticality within a holistic and systemic decision-making process is explored, for risk assessment and resilience interventions. The limitations of the research, regarding sample-size caveats and the definition of system boundaries within performance databases, lead to recommendations on cross-system fault reporting and the improvement of information systems

Node Type Distribution and Its Impacts on Performance of Power Grids

The theory of complex networks has been studied extensively since its inception. However, until now, the impact of the node-type distributions is related to network topology and cannot be evaluated independently. In this paper, a network structure is modeled via an adjacency matrix (network topology) and a set of node type distribution vectors. Three specific issues that need to be considered for node type distributions in smart grid testing and planning are summarized in this paper. First, a set of metrics are proposed and defined to evaluate the impact of node-type distributions on network performance independently. Second, another metric named the generation distribution factor is proposed to evaluate the distribution of generation buses resulting from the specific function and purpose of power grids and by considering the distribution of load buses as given conditions. Third, another metric, i.e., the power supply redundancy metric based on entropy, is proposed to evaluate the inequality of load in power supply. Finally, a discrimination factor is defined to ensure the overall evaluation and comparison of different networks is made for this inequality. All proposed metrics can be applied to the IEEE-30, IEEE-118, IEEE-300 bus systems, as well as Italian power grid components. The simulation results indicate that the IEEE-118 system has the best node type distribution and minimum discrimination; the Italian system has the worst node-type distribution and most serious discrimination of load power supply

Structure of complex networks: Quantifying edge-to-edge relations by failure-induced flow redistribution

The analysis of complex networks has so far revolved mainly around the role of nodes and communities of nodes. However, the dynamics of interconnected systems is commonly focalised on edge processes, and a dual edge-centric perspective can often prove more natural. Here we present graph-theoretical measures to quantify edge-to-edge relations inspired by the notion of flow redistribution induced by edge failures. Our measures, which are related to the pseudo-inverse of the Laplacian of the network, are global and reveal the dynamical interplay between the edges of a network, including potentially non-local interactions. Our framework also allows us to define the embeddedness of an edge, a measure of how strongly an edge features in the weighted cuts of the network. We showcase the general applicability of our edge-centric framework through analyses of the Iberian Power grid, traffic flow in road networks, and the C. elegans neuronal network.Comment: 24 pages, 6 figure

How to Think About Resilient Infrastructure Systems

abstract: Resilience is emerging as the preferred way to improve the protection of infrastructure systems beyond established risk management practices. Massive damages experienced during tragedies like Hurricane Katrina showed that risk analysis is incapable to prevent unforeseen infrastructure failures and shifted expert focus towards resilience to absorb and recover from adverse events. Recent, exponential growth in research is now producing consensus on how to think about infrastructure resilience centered on definitions and models from influential organizations like the US National Academy of Sciences. Despite widespread efforts, massive infrastructure failures in 2017 demonstrate that resilience is still not working, raising the question: Are the ways people think about resilience producing resilient infrastructure systems? This dissertation argues that established thinking harbors misconceptions about infrastructure systems that diminish attempts to improve their resilience. Widespread efforts based on the current canon focus on improving data analytics, establishing resilience goals, reducing failure probabilities, and measuring cascading losses. Unfortunately, none of these pursuits change the resilience of an infrastructure system, because none of them result in knowledge about how data is used, goals are set, or failures occur. Through the examination of each misconception, this dissertation results in practical, new approaches for infrastructure systems to respond to unforeseen failures via sensing, adapting, and anticipating processes. Specifically, infrastructure resilience is improved by sensing when data analytics include the modeler-in-the-loop, adapting to stress contexts by switching between multiple resilience strategies, and anticipating crisis coordination activities prior to experiencing a failure. Overall, results demonstrate that current resilience thinking needs to change because it does not differentiate resilience from risk. The majority of research thinks resilience is a property that a system has, like a noun, when resilience is really an action a system does, like a verb. Treating resilience as a noun only strengthens commitment to risk-based practices that do not protect infrastructure from unknown events. Instead, switching to thinking about resilience as a verb overcomes prevalent misconceptions about data, goals, systems, and failures, and may bring a necessary, radical change to the way infrastructure is protected in the future.Dissertation/ThesisDoctoral Dissertation Civil, Environmental and Sustainable Engineering 201

Control methods for network dynamics and criticality phenomena

This dissertation studies the role of the network structure on the emergence and mitigation of critical phenomena in complex power networks. In particular, the event to consider is the emergence of cascading failures due to congestion mechanism. The main contributions of this thesis are the proposal of a vulnerability analysis framework to study network influence on critical phenomena and the design of a control framework combining Network theory with Markov Decision Processes and Stochastic Games in order to choose best strategies to reduce the impact of cascading failures. The vulnerability analysis framework includes the identification of main properties influencing cascading failures triggering and propagation, the study of the central role of cut-sets in cascading propagation and the proposal of new metrics to evaluate global and local vulnerability. The control framework includes control strategies to generate worst-case failure scenarios and optimal solutions for damage control on those scenarios employing the dynamic setting of transmission lines capacity. This dissertation is developed around these two contributions, as is described in the following. The first part of this thesis studies the influence of the network connectivity in failure triggering and propagation. Network science theory had been used to study relevant network connectivity properties. A methodology based on the connectivity properties is evaluated to measure the network robustness. A cascading failures model based on hybrid systems theory is proposed to define the congestion mechanism and describe the structure-function power network interdependence. The network Cut-sets (CS) identified as central elements for failures propagation are used to propose a critical link identification algorithm evaluated over the Quasy Stable State (QSS) approach of the proposed cascading failures model. The second part of this dissertation proposes a network-based vulnerability analysis framework and propose a control framework to integrate network properties, electric properties, eventtriggered failures, and control. Several algorithms are developed to evaluate different triggers and propagation events. The framework is developed analytically by the integration of Networks theory with Markov Decision Processes and Stochastic Games. Finally, using the previously obtained results about connectivity and vulnerability, a control strategy is designed to mitigate the damage of failures propagation by dynamically control the transmission lines capacity. An attacker-defender stochastic game framework is used to formulate the control problem. In the problem, the defender selects lines which are the best candidates to apply transmission capacity control as a response to the imminent risk of cascading failures related to the attacker actions. To solve the control problem, we propose a system of multi-population state-dependent replicator dynamics where their fitness change with the long term discounted expected reward in the game. The solution of the replicator equations converges to the Nash equilibrium of the game and coincides with the best strategy for control the cascading failures damage related to worst scenarios produced by optimal attacks.Resumen Esta disertación estudia el rol que la estructura de la red y su dinámica tiene en la ocurrencia ´ de fenómenos críticos y su posible mitigación con aplicación particular en sistemas de potencia ´ siendo estos modelados como redes complejas. En particular se considera como fenómeno crítico la propagación de fallas en cascada debidas a mecanismos de congestión. La contribuciones principales de esta tesis son la integracion del concepto de conjuntos de corte y métricas de congestión en el analisis de vulnerabilidad de redes durante eventos de falla, y la propuesta de una estrategia de ´ control para disminuir el impacto de la propagacion de fallas en red mediante el control din ´ amico ´ de la capacidad de las l´ıneas. La disertacion se desarrolla alrededor de estas dos contribuciones ´ como se describe a continuacion. ´ La primera parte de esta tesis estudia la influencia de la conectividad de la red en la generacion´ y propagacion de fallas en cascada en las redes de potencia. Teor ´ ´ıa de redes complejas es utilizada para evaluar diferente propiedades de conectividad de la red y la evaluacion de su cambio bajo la ´ influencia de escenarios de falla diseados es asimilado como medida de robustez de la estructura. Los conjuntos de corte (Cut-sets) de la red son identificados como elementos propagadores de fallas en la red y un algoritmo de identificacion de elementos cr ´ ´ıticos basado en esta teor´ıa es propuesto. Un modelo de fallas en cascado dinamico basado en teor ´ ´ıa de sistemas h´ıbridos es propuesto para describir el mecanismo de propagacion de fallas por congestion. ´ La segunda parte de esta tesis desarrolla un framework de evaluacion de vulnerabilidad de re- ´ des de potencia sujetas a fallas en cascada y propone estrategias de control para mitigar el dao causado por estos fenomenos. El modelo de fallas en cascada propuesto en la parte previa es sim- ´ plificado hasta una version de estado cuasi estable (Quasy Stable State) e integrado en algoritmos ´ de ataques de red para evaluar diferentes eventos detonantes y su propagacion. El framework se ´ desarrolla anal`ıticamente tras integrar teor´ıa de redes complejas, procesos de Markov y juegos estoca sticos. Finalmente usando informaci ´ on en cuanto a la interacci ´ on entre propiedades el ´ ectricas ´ y estructurales y la evaluacion de vulnerabilidad de la red, se propone una estrategia de mitigaci ´ on´ de impacto de la propagacion de fallas en red mediante estrategias de control din ´ amico de la ca- ´ pacidad de transmision de las l ´ ´ıneas. El framework de vulnerabilidad es integrado en un juego estocastico de atacante-defensor, ´ donde el defensor selecciona las mejores candidatas para control de capacidad de transmisión como respuesta a amenazas de disparo de efectos en cascada debidas a acciones del atacante. Para solucionar el problema de control de vulnerabilidad de la red formulado como juego estocásticoDoctorad