Cyber attacks and faults discrimination in intelligent electronic device-based energy management systems

Intelligent electronic devices (IEDs) along with advanced information and communication technology (ICT)-based networks are emerging in the legacy power grid to obtain real-time system states and provide the energy management system (EMS) with wide-area monitoring and advanced control capabilities. Cyber attackers can inject malicious data into the EMS to mislead the state estimation process and disrupt operations or initiate blackouts. A machine learning algorithm (MLA)-based approach is presented in this paper to detect false data injection attacks (FDIAs) in an IED-based EMS. In addition, stealthy construction of FDIAs and their impact on the detection rate of MLAs are analyzed. Furthermore, the impacts of natural disturbances such as faults on the system are considered, and the research work is extended to distinguish between cyber attacks and faults by using state-of-the-art MLAs. In this paper, state-of-the-art MLAs such as Random Forest, OneR, Naive Bayes, SVM, and AdaBoost are used as detection classifiers, and performance parameters such as detection rate, false positive rate, precision, recall, and f-measure are analyzed for different case scenarios on the IEEE benchmark 14-bus system. The experimental results are validated using real-time load flow data from the New York Independent System Operator (NYISO)

Comprehensive Survey and Taxonomies of False Injection Attacks in Smart Grid: Attack Models, Targets, and Impacts

Smart Grid has rapidly transformed the centrally controlled power system into a massively interconnected cyber-physical system that benefits from the revolutions happening in the communications (e.g. 5G) and the growing proliferation of the Internet of Things devices (such as smart metres and intelligent electronic devices). While the convergence of a significant number of cyber-physical elements has enabled the Smart Grid to be far more efficient and competitive in addressing the growing global energy challenges, it has also introduced a large number of vulnerabilities culminating in violations of data availability, integrity, and confidentiality. Recently, false data injection (FDI) has become one of the most critical cyberattacks, and appears to be a focal point of interest for both research and industry. To this end, this paper presents a comprehensive review in the recent advances of the FDI attacks, with particular emphasis on 1) adversarial models, 2) attack targets, and 3) impacts in the Smart Grid infrastructure. This review paper aims to provide a thorough understanding of the incumbent threats affecting the entire spectrum of the Smart Grid. Related literature are analysed and compared in terms of their theoretical and practical implications to the Smart Grid cybersecurity. In conclusion, a range of technical limitations of existing false data attack research is identified, and a number of future research directions is recommended.Comment: Double-column of 24 pages, prepared based on IEEE Transaction articl

Cyber-Physical Security of Power Distribution Systems

Smart grids have been witnessing continuous and rapid radical developments in the recent years. With the aim towards a more sustainable energy system, the share of distributed generation resources is ever-increasing and transforming the traditional operations of the power grids. Along with these allocated resources, an ensemble of smart measurement devices, multiple communication layers, sophisticated distributed control techniques and interconnection of system equipment represent the pillars that support the modernization of these power networks. This progress has undoubtedly enabled a more efficient and accurate operation of the power networks. At the same time, it has created vulnerability points and challenges that endanger the safety and security of the smart grids operation. The cyber-physical security of smart grids has consequently become a priority and a major challenge to ensure a reliable and safe operation of the power grid. The resiliency of the grid depends on our ability to design smart grid that can withstand threats and be able to mitigate against different attack scenarios. Cyber-physical security is currently an active area of research, and threats that target critical operation components have been classified and investigated in the literature. However, many of the research efforts have focused on the threats on the transmission level, with the intention of extending the protection, detection and mitigation strategies to the distribution level. Nevertheless, many of the performed analysis is not suitable for Power Distribution Systems (PDS) due to the inherently different characteristics of these systems. This thesis first investigates and addresses the stealthy False Data Injection (FDI) attacks on the PDS, which target the Distribution Systems Optimal Power (DSOPF) Flow and are not detectable by traditional Bad Data Detection (BDD) methods. The attacks formulation is based on the Branch Current State Estimation (BCSE), which allows separation of the phases, thus full analysis on the unbalanced three-phase system is performed. In specific, it is shown how an adversary, having access to system measurements and topology, is able to maximize the system losses. By launching FDI attacks that target the Distribution Systems State Estimation (DSSE), the adversary constructs the attack vectors that drive the objective function in the opposite direction of optimality. Optimal attack strategy effects is investigated. The results demonstrate the increase in system losses after corrupting the measurements. Second, a machine learning technique is proposed as a protection measure against the cyber-physical threats to detect the FDI attacks. Although FDI vectors cannot be detected by conventional BDD techniques, exploiting the historical data enables a more thorough analysis and a better detection advantage of anomalies in the measurements. Recurrent Neural Networks (RNN) is applied on the stream of data measurements to identify any anomaly, which represents a compromised measurement, by analyzing multiple points across the measurement vector and multiple time steps. The temporal correlation of data points is the basis of identifying attack vectors. The results of the RNN model indicate an overall strong ability to detect the stealthy attacks

Cyber-Physical Security of Wide-Area Frequency-based Applications in Power Systems

Modern power systems are continuously developing into large and interconnected ones. However, at the same time, restructuring within the power industry and reduced investment in transmission system expansions mean that power systems are operating closer and closer to their limits, leaving them more vulnerable to fault outages than before. The aspects of protection and control within power systems have thus become increasingly important as well as complicated. Concurrently, the continuous technological development in communication and measurement has accelerated the occurrence and application of Wide-Area Monitoring, Protection and Control (WAMPAC), a new kind of advanced scheme based on wide-area measurements. The blackouts happening in North America as well as in other countries over the past few years are also providing more incentives to scientists and engineers to study wide-area protection and control systems. Communication networks in smart grids bring increased connectivity at the cost of increased security vulnerabilities and challenges. A smart grid can be a prime target for cyber terrorism because of its critical nature. As a result, smart grid security has already attracted significant attention from governments, the energy industry, and consumers, leading to several important studies. WAMPAC is the concept of using system-wide information via a centralized control center or Energy Management System (EMS) to monitor and control the whole system. Based on the situation and the required control action, the control center shares selected data with specific remote locations that are in need of the data. The utilization of system-wide information makes it easier to monitor the entire system and make better control and protection decisions by the EMS. Although the communication system is the backbone of these recent schemes, it makes them vulnerable to different types of cyber attacks. This thesis aims to investigate the problem of cyber security in frequency-related WAMPAC schemes. Two main schemes are considered as case studies: Automatic Generation Control(AGC) and Wide-Area Under-Frequency Load Shedding (WAUFLS) protection schemes. In addition, the cyber security of Power System State Estimation (PSSE), as a Wide-Area Monitoring (WAM) scheme, has been revisited. As WAMPAC schemes are so varied in their purpose and implementation, there is no general analysis to illustrate the potential impact of a cyber attack on all such schemes. However, some general types of system responses are considered in this work. First, with regard to AGC systems, a Kalman filter-based approach is proposed to detect False Data Injection (FDI) in AGC systems. Because detecting FDI and removing the compromised measurements are not enough in practical situations, the use of a simultaneous input and state estimation-based algorithm to detect and concurrently compensate for FDI attacks against the measurements of AGC systems is investigated. Throughout the use of this algorithm, the FDI attack signal is dealt with as an unknown input and its value is estimated accordingly. Then, the estimated value for the FDI is used to compensate for the effect of the attack so that the control center makes its decisions based on the corrected sensor signals, not the manipulated ones. Unlike other approaches, and as an extension to this work, the effect of AGC nonlinearities is studied during the attack time. Recurrent Neural Networks (RNN)-based approach is proposed to detect FDI during a time where any of the nonlinearities is affecting the system. The RNN-based approach is used to classify and identify the attacks according to their behavior. Second, with regard to WAUFLS protection schemes, this thesis investigates the problem of cyber attacks on WAUFLS. This is followed by a detailed analysis showing that an adversary can launch an FDI attack against existing WAUFLS schemes in three different ways depending on they access level to system data, which may lead to equipment damage and/or system-wide blackout. To address this issue, a new mitigation scheme, that is ro-bust against cyber attacks, is proposed to mitigate the effect of FDI attacks on WAUFLS. The proposed scheme depends on trusted system states to run power flow, so the power mismatch in the system is calculated. Finally, the calculated magnitude of disturbance is used to decide on the amount and locations of the load shedding. All proposed detection and mitigation methods in the thesis are tested using simulations of practical systems. In addition, sensitivity analysis is given after each method