Survey on synchrophasor data quality and cybersecurity challenges, and evaluation of their interdependencies

Synchrophasor devices guarantee situation awareness for real-time monitoring and operational visibility of smart grid. With their widespread implementation, significant challenges have emerged, especially in communication, data quality and cybersecurity. The existing literature treats these challenges as separate problems, when in reality, they have a complex interplay. This paper conducts a comprehensive review of quality and cybersecurity challenges for synchrophasors, and identifies the interdependencies between them. It also summarizes different methods used to evaluate the dependency and surveys how quality checking methods can be used to detect potential cyberattacks. This paper serves as a starting point for researchers entering the fields of synchrophasor data analytics and security

On The Security of Wide Area Measurement System and Phasor Data Collection

Smart grid is a typical cyber-physical system that presents the dependence of power system operations on cyber infrastructure for control, monitoring, and protection purposes. The rapid deployment of phasor measurements in smart grid transmission system has opened opportunities to utilize new applications and enhance the grid operations. Thus, the smart grid has become more dependent on communication and information technologies such as Wide Area Measurement Systems (WAMS). WAMS are used to collect real-time measurements from different sensors such as Phasor Measurement Units (PMUs) installed across widely dispersed areas. Such system will improve real-time monitoring and control; however, recent studies have pointed out that the use of WAMS introduces significant vulnerabilities to cyber-attacks that can be leveraged by attackers. Therefore, preventing or reducing the damage of cyber attacks onWAMS is critical to the security of the smart grid. In this thesis, we focus our attention on the relation between WAMS security and the IP routing protocol, which is an essential aspect to the collection of sensors measurements. Synchrophasor measurements from different PMUs are transferred through a data network and collected at one or multiple data concentrators. The timely collection of phasors from PMU dispersed across the grid allows to maintain system observability and take corrective actions when needed. This collection is made possible through Phasor Data Concentrators (PDCs) that time-align and aggregate phasor measurements, and forward the resulting stream to be used by monitoring and control applications. WAMS applications relying on these measurements have strict and stringent delay requirements, e.g., end-to-end delay as well as delay variation between measurements from different PMUs. Measurements arriving past a predetermined time period at a data concentrator will be dropped, causing incompleteness of data and affecting WAMS applications and hence the system’s operations. It has been shown that non-functional properties, such as data delay and packet drops, have a negative impact on the system functionality. We show that simply forwarding measurements from PMUs through shortest routes to phasor data collectors may result in data being dropped at their destinations. We believe therefore that there is a strong interplay between the routing paths (delays along the paths) for gathering the measurements and the value of timeout period. This is particularly troubling when a malicious attacker deliberately causes delays on some communication links along the shortest routes. Therefore, we present a mathematical model for constructing forwarding trees for PMUs’ measurements which satisfy the end to end delay as well as the delay variation requirements of WAMS applications at data concentrators. We show that a simple shortest path routing will result in larger fraction of data drop and that our method will find a suitable solution. Then, we study the relation between cyber-attack propagation and IP multicast routing. To this extent, we formulate the problem as the construction of a multicast tree that minimizes the propagation of cyber-attacks while satisfying real-time and capacity requirements. The proposed attack propagation multicast tree is evaluated using different IEEE test systems. Finally, cyber-attacks resulting in the disconnection of PDC(s) from WAMS initiate a loss of its phasor stream and incompleteness in the observability of the power system. Recovery strategies based on the re-routing of lost phasors to other connected and available PDCs need to be designed while considering the functional requirements of WAMS. We formulate a recovery strategy from loss of compromised or failed PDC(s) in the WAMS network based on the rerouting of disconnected PMUs to functional PDCs. The proposed approach is mathematically formulated as a linear program and tested on standard IEEE test systems. These problems will be extensively studied throughout this thesis

A survey on smart grid communication system

published_or_final_versio

On the assessment of cyber risks and attack surfaces in a real-time co-simulation cybersecurity testbed for inverter-based microgrids

The integration of variable distributed generations (DGs) and loads in microgrids (MGs) has made the reliance on communication systems inevitable for information exchange in both control and protection architectures to enhance the overall system reliability, resiliency and sustainability. This communication backbone in turn also exposes MGs to potential malicious cyber attacks. To study these vulnerabilities and impacts of various cyber attacks, testbeds play a crucial role in managing their complexity. This research work presents a detailed study of the development of a real-time co-simulation testbed for inverter-based MGs. It consists of a OP5700 real-time simulator, which is used to emulate both the physical and cyber layer of an AC MG in real time through HYPERSIM software; and SEL-3530 Real-Time Automation Controller (RTAC) hardware configured with ACSELERATOR RTAC SEL-5033 software. A human–machine interface (HMI) is used for local/remote monitoring and control. The creation and management of HMI is carried out in ACSELERATOR Diagram Builder SEL-5035 software. Furthermore, communication protocols such as Modbus, sampled measured values (SMVs), generic object-oriented substation event (GOOSE) and distributed network protocol 3 (DNP3) on an Ethernet-based interface were established, which map the interaction among the corresponding nodes of cyber-physical layers and also synchronizes data transmission between the systems. The testbed not only provides a real-time co-simulation environment for the validation of the control and protection algorithms but also extends to the verification of various detection and mitigation algorithms. Moreover, an attack scenario is also presented to demonstrate the ability of the testbed. Finally, challenges and future research directions are recognized and discussed

A Criterion for Designing Emergency Control Schemes to Counteract Communication Failures in Wide-Area Damping Control

© The Authors 2023. This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/Communication failures and transmission delays are two major issues associated with Wide-Area Damping Controllers (WADCs). While transmission delays have been extensively studied and various solutions have been proposed, little research has been done on communication failures and most of the proposed methods are based on preventive controls. However, in today’s liberalized electricity markets, preventive controls are no longer acceptable and the trend is to use emergency controls instead. This paper proposes a novel emergency control scheme to counteract the loss of remote signals related to the input and to the output of the WADC (i.e. sensor and actuator failures). The proposed scheme is based on a simple criterion, which overcomes the complexity of the previous methods. Modal analysis and time domain simulations are performed to verify the performance of the proposed method. The simulation results show that the proposed method performs well in handling communication failures and can maintain good damping performance. This research work is particularly important in view of the trend towards the wide-scale adoption of wide-area measurement technologies, while the vulnerability to cyber-attacks is increasing.Peer reviewe

Security assessment of the smart grid : a review focusing on the NAN architecture

Abstract: This paper presents a comprehensive review on the security aspect of the smart grid communication network. The paper focus on the Neighborhood Area Network (NAN) cybersecurity and it laid emphasis on how the NAN architecture is such an attractive target to intruders and attackers. The paper aims at summarizing recent research efforts on some of the attacks and the various techniques employed in tackling them as they were discussed in recent literatures and research works. Furthermore, the paper presents a detailed review on the smart grid communication layers, wireless technology standards, networks and the security challenges the grid is currently facing. The work concludes by explaining current and future directions NAN communication security could consider in terms of data privacy measures. The data privacy measures are discussed in terms of prevention and detection techniques

Classifying resilience approaches for protecting smart grids against cyber threats

Smart grids (SG) draw the attention of cyber attackers due to their vulnerabilities, which are caused by the usage of heterogeneous communication technologies and their distributed nature. While preventing or detecting cyber attacks is a well-studied field of research, making SG more resilient against such threats is a challenging task. This paper provides a classification of the proposed cyber resilience methods against cyber attacks for SG. This classification includes a set of studies that propose cyber-resilient approaches to protect SG and related cyber-physical systems against unforeseen anomalies or deliberate attacks. Each study is briefly analyzed and is associated with the proper cyber resilience technique which is given by the National Institute of Standards and Technology in the Special Publication 800-160. These techniques are also linked to the different states of the typical resilience curve. Consequently, this paper highlights the most critical challenges for achieving cyber resilience, reveals significant cyber resilience aspects that have not been sufficiently considered yet and, finally, proposes scientific areas that should be further researched in order to enhance the cyber resilience of SG.Open Access funding provided thanks to the CRUE-CSIC agreement with Springer Nature. Funding for open access charge: Universidad de Málaga / CBUA

Electric System Vulnerabilities: a State of the Art of Defense Technologies

Vulnerability of the European electrical infrastructure appears to be growing due to several factors: - demand is always growing, and, although this growth may be forecast, it cannot be anytime easily faced; - transactions increase, following electrical system liberalisation, and this involves operating the whole infrastructure closer to the system capacity and security limits; - an increased control systems complexity, required for secure system operation, may in turn raise system vulnerability, due both to accidental faults and malicious attacks; - critical infrastructures, and the electrical system primarily, are well known to be a privileged target in warfare, as well as terrorist attacks. In recent years, both Europe and America have experienced a significant number of huge blackouts, whose frequency and impact looks progressively growing. These events had common roots in the fact that current risk assessment methodologies and current system controls appear to be no longer adequate. Beyond the growing complexity of the electrical system as a whole, two main reasons can be listed: - system analysis procedures based on these methodologies did not identify security threats emerging from failures of critical physical components; - on-line controls were not able to avoid system collapse. This report provides a state-of-the-art of the technology on both regards: - as far as risk assessment methodologies are concerned, an overview of the conceptual power system reliability framework is provided, and the current N-1 principle for risk assessment in power systems is introduced, together with off-the-shelf enforcement methodologies, like optimal power flow. Emerging methodologies for dynamic security assessment are also discussed. The power system reliability approach is compared with the global approach to dependability introduced by computer scientists, and the conceptual clashes pointed out. Ways ahead to conciliate both views are outlined. - concerning power system controls, the report overviews the existing defense plans, making specific reference to the current Italian situation. The two major recent blackout events in the American North East and Italy are analysed, and the drawbacks of the existing arrangements and the installed control systems are discussed. Emerging technologies, such as phasor measurement units and wide area protection are introduced. Their likely impact on the existing control room is discussed. Finally, potential cyber vulnerabilities of the new control systems are introduced, the role of communication standards in that context is discussed, and an overview of the current state of the art is presented.JRC.G.6-Sensors, radar technologies and cybersecurit