Control Behavior Integrity for Distributed Cyber-Physical Systems

Cyber-physical control systems, such as industrial control systems (ICS), are increasingly targeted by cyberattacks. Such attacks can potentially cause tremendous damage, affect critical infrastructure or even jeopardize human life when the system does not behave as intended. Cyberattacks, however, are not new and decades of security research have developed plenty of solutions to thwart them. Unfortunately, many of these solutions cannot be easily applied to safety-critical cyber-physical systems. Further, the attack surface of ICS is quite different from what can be commonly assumed in classical IT systems. We present Scadman, a system with the goal to preserve the Control Behavior Integrity (CBI) of distributed cyber-physical systems. By observing the system-wide behavior, the correctness of individual controllers in the system can be verified. This allows Scadman to detect a wide range of attacks against controllers, like programmable logic controller (PLCs), including malware attacks, code-reuse and data-only attacks. We implemented and evaluated Scadman based on a real-world water treatment testbed for research and training on ICS security. Our results show that we can detect a wide range of attacks--including attacks that have previously been undetectable by typical state estimation techniques--while causing no false-positive warning for nominal threshold values.Comment: 15 pages, 8 figure

Electric System Vulnerabilities: a State of the Art of Defense Technologies

Vulnerability of the European electrical infrastructure appears to be growing due to several factors: - demand is always growing, and, although this growth may be forecast, it cannot be anytime easily faced; - transactions increase, following electrical system liberalisation, and this involves operating the whole infrastructure closer to the system capacity and security limits; - an increased control systems complexity, required for secure system operation, may in turn raise system vulnerability, due both to accidental faults and malicious attacks; - critical infrastructures, and the electrical system primarily, are well known to be a privileged target in warfare, as well as terrorist attacks. In recent years, both Europe and America have experienced a significant number of huge blackouts, whose frequency and impact looks progressively growing. These events had common roots in the fact that current risk assessment methodologies and current system controls appear to be no longer adequate. Beyond the growing complexity of the electrical system as a whole, two main reasons can be listed: - system analysis procedures based on these methodologies did not identify security threats emerging from failures of critical physical components; - on-line controls were not able to avoid system collapse. This report provides a state-of-the-art of the technology on both regards: - as far as risk assessment methodologies are concerned, an overview of the conceptual power system reliability framework is provided, and the current N-1 principle for risk assessment in power systems is introduced, together with off-the-shelf enforcement methodologies, like optimal power flow. Emerging methodologies for dynamic security assessment are also discussed. The power system reliability approach is compared with the global approach to dependability introduced by computer scientists, and the conceptual clashes pointed out. Ways ahead to conciliate both views are outlined. - concerning power system controls, the report overviews the existing defense plans, making specific reference to the current Italian situation. The two major recent blackout events in the American North East and Italy are analysed, and the drawbacks of the existing arrangements and the installed control systems are discussed. Emerging technologies, such as phasor measurement units and wide area protection are introduced. Their likely impact on the existing control room is discussed. Finally, potential cyber vulnerabilities of the new control systems are introduced, the role of communication standards in that context is discussed, and an overview of the current state of the art is presented.JRC.G.6-Sensors, radar technologies and cybersecurit

Exploiting phasor measurement units for enhanced transmission network operation and control

This thesis was submitted for the degree of Doctor of Engineering and awarded by Brunel UniversityIn order to achieve binding Government targets towards the decarbonisation of the electricity network, the GB power system is undergoing an unprecedented amount of change. A series of new technologies designed to integrate massive volumes of renewable generation, predominantly in the form of offshore wind, asynchronously connecting to the periphery of the transmission system, are transforming the requirements of the network. This displacement of traditional thermal generation is leading to a significant reduction in system inertia, thus making the task of system operation more challenging. It is therefore deemed necessary to develop tools and technologies that provide far greater insight into the state of the power system in real-time and give rise to methods for improving offline modelling practices through an enhanced understanding of the systems performance. To that extent PMUs are seen as one of the key enablers of the Smart Grid, providing accurate time-synchronised measurements on the state of the power system, allowing the true dynamics of the power system to be captured and analysed. This thesis provides an analysis of the existing PMU deployment on the GB transmission system with a view to the future system monitoring requirements. A critical evaluation and comparison is also provided on the suitability of a University based Low Voltage PMU network to further enhance the visibility of the GB system. In addition a novel event detection algorithm based on Detrended Fluctuation Analysis is developed and demonstrated, designed to determine the exact start time of a transmission event, as well as the suitability of such an event for additional transmission system analysis, namely inertia estimation. Finally, a reliable method for the estimation of total system inertia is proposed that includes an estimate of the contribution from residual sources, of which there is currently no visibility. The proposed method identifies the importance of regional inertia and its impact to the operation of the GB transmission system.Engineering and Physical Sciences Research Council (EPSRC) and National Grid

Resilience-oriented control and communication framework for cyber-physical microgrids

Climate change drives the energy supply transition from traditional fossil fuel-based power generation to renewable energy resources. This transition has been widely recognised as one of the most significant developing pathways promoting the decarbonisation process toward a zero-carbon and sustainable society. Rapidly developing renewables gradually dominate energy systems and promote the current energy supply system towards decentralisation and digitisation. The manifestation of decentralisation is at massive dispatchable energy resources, while the digitisation features strong cohesion and coherence between electrical power technologies and information and communication technologies (ICT). Massive dispatchable physical devices and cyber components are interdependent and coupled tightly as a cyber-physical energy supply system, while this cyber-physical energy supply system currently faces an increase of extreme weather (e.g., earthquake, flooding) and cyber-contingencies (e.g., cyberattacks) in the frequency, intensity, and duration. Hence, one major challenge is to find an appropriate cyber-physical solution to accommodate increasing renewables while enhancing power supply resilience. The main focus of this thesis is to blend centralised and decentralised frameworks to propose a collaboratively centralised-and-decentralised resilient control framework for energy systems i.e., networked microgrids (MGs) that can operate optimally in the normal condition while can mitigate simultaneous cyber-physical contingencies in the extreme condition. To achieve this, we investigate the concept of "cyber-physical resilience" including four phases, namely prevention/upgrade, resistance, adaption/mitigation, and recovery. Throughout these stages, we tackle different cyber-physical challenges under the concept of microgrid ranging from a centralised-to-decentralised transitional control framework coping with cyber-physical out of service, a cyber-resilient distributed control methodology for networked MGs, a UAV assisted post-contingency cyber-physical service restoration, to a fast-convergent distributed dynamic state estimation algorithm for a class of interconnected systems.Open Acces