Impact Assessment of Hypothesized Cyberattacks on Interconnected Bulk Power Systems

The first-ever Ukraine cyberattack on power grid has proven its devastation by hacking into their critical cyber assets. With administrative privileges accessing substation networks/local control centers, one intelligent way of coordinated cyberattacks is to execute a series of disruptive switching executions on multiple substations using compromised supervisory control and data acquisition (SCADA) systems. These actions can cause significant impacts to an interconnected power grid. Unlike the previous power blackouts, such high-impact initiating events can aggravate operating conditions, initiating instability that may lead to system-wide cascading failure. A systemic evaluation of "nightmare" scenarios is highly desirable for asset owners to manage and prioritize the maintenance and investment in protecting their cyberinfrastructure. This survey paper is a conceptual expansion of real-time monitoring, anomaly detection, impact analyses, and mitigation (RAIM) framework that emphasizes on the resulting impacts, both on steady-state and dynamic aspects of power system stability. Hypothetically, we associate the combinatorial analyses of steady state on substations/components outages and dynamics of the sequential switching orders as part of the permutation. The expanded framework includes (1) critical/noncritical combination verification, (2) cascade confirmation, and (3) combination re-evaluation. This paper ends with a discussion of the open issues for metrics and future design pertaining the impact quantification of cyber-related contingencies

Cyber-Based Contingency Analysis and Insurance Implications of Power Grid

Cybersecurity for power communication infrastructure is a serious subject that has been discussed for a decade since the first North American Electric Reliability Corporation (NERC) critical infrastructure protection (CIP) initiative in 2006. Its credibility on plausibility has been evidenced by attack events in the recent past. Although this is a very high impact, rare probability event, the establishment of quantitative measures would help asset owners in making a series of investment decisions. First, this dissertation tackles attackers\u27 strategies based on the current communication architecture between remote IP-based (unmanned) power substations and energy control centers. Hypothetically, the identification of intrusion paths will lead to the worst-case scenarios that the attackers could do harm to the grid, e.g., how this switching attack may perturb to future cascading outages within a control area when an IP-based substation is compromised. Systematic approaches are proposed in this dissertation on how to systematically determine pivotal substations and how investment can be prioritized to maintain and appropriate a reasonable investment in protecting their existing cyberinfrastructure. More specifically, the second essay of this dissertation focuses on digital protecting relaying, which could have similar detrimental effects on the overall grid\u27s stability. The R-k contingency analyses are proposed to verify with steady-state and dynamic simulations to ensure consistencies of simulation outcome in the proposed modeling in a power system. This is under the assumption that attackers are able to enumerate all electronic devices and computers within a compromised substation network. The essay also assists stakeholders (the defenders) in planning out exhaustively to identify the critical digital relays to be deployed in substations. The systematic methods are the combinatorial evaluation to incorporate the simulated statistics in the proposed metrics that are used based on the physics and simulation studies using existing power system tools. Finally, a risk transfer mechanism of cyber insurance against disruptive switching attacks is studied comprehensively based on the aforementioned two attackers\u27 tactics. The evaluation hypothetically assesses the occurrence of anomalies and how these footprints of attackers can lead to a potential cascading blackout as well as to restore the power back to normal stage. The research proposes a framework of cyber insurance premium calculation based on the ruin probability theory, by modeling potential electronic intrusion and its direct impacts. This preliminary actuarial model can further improve the security of the protective parameters of the critical infrastructure via incentivizing investment in security technologies

ESTABLISHMENT OF CYBER-PHYSICAL CORRELATION AND VERIFICATION BASED ON ATTACK SCENARIOS IN POWER SUBSTATIONS

Insurance businesses for the cyberworld are an evolving opportunity. However, a quantitative model in today\u27s security technologies may not be established. Besides, a generalized methodology to assess the systematic risks remains underdeveloped. There has been a technical challenge to capture intrusion risks of the cyber-physical system, including estimating the impact of the potential cascaded events initiated by the hacker\u27s malicious actions. This dissertation attempts to integrate both modeling aspects: 1) steady-state probabilities for the Internet protocol-based substation switching attack events based on hypothetical cyberattacks, 2) potential electricity losses. The phenomenon of sequential attacks can be characterized using a time-domain simulation that exhibits dynamic cascaded events. Such substation attack simulation studies can establish an actuarial framework for grid operation. The novelty is three-fold. First, the development to extend features of steady-state probabilities is established based on 1) modified password models, 2) new models on digital relays with two-step authentications, and 3) honeypot models. A generalized stochastic Petri net is leveraged to formulate the detailed statuses and transitions of components embedded in a Cyber-net. Then, extensive modeling of steady-state probabilities is qualitatively performed. Methodologies on how transition probabilities and rates are extracted from network components and actuarial applications are summarized and discussed. Second, dynamic models requisite for switching attacks against multiple substations or digital relays deployed in substations are formulated. Imperative protection and control models to represent substation attacks are clarified with realistic model parameters. Specifically, wide-area protections, i.e., special protection systems (SPSs), are elaborated, asserting that event-driven SPSs may be skipped for this type of case study. Third, the substation attack replay using a proven commercially available time-domain simulation tool is validated in IEEE system models to study attack combinations\u27 critical paths. As the time-domain simulation requires a higher computational cost than power flow-based steady-state simulation, a balance of both methods is established without missing the critical dynamic behavior. The direct impact of substation attacks, i.e., electricity losses, is compared between steady-state and dynamic analyses. Steady-state analysis results are prone to be pessimistic for a smaller number of compromised substations. Finally, simulation findings based on the risk-based metrics and technical implementation are extensively discussed with future work

A Study of Perceptions on Incident Response Exercises, Information Sharing, Situational Awareness, and Incident Response Planning in Power Grid Utilities

The power grid is facing increasing risks from a cybersecurity attack. Attacks that shut off electricity in Ukraine have already occurred, and successful compromises of the power grid that did not shut off electricity to customers have been privately disclosed in North America. The objective of this study is to identify how perceptions of various factors emphasized in the electric sector affect incident response planning. Methods used include a survey of 229 power grid personnel and the use of partial least squares structural equation modeling to identify causal relationships. This study reveals the relationships between perceptions by personnel responsible for cybersecurity, regarding incident response exercises, information sharing, and situational awareness, and incident response planning. The results confirm that the efforts by the industry on these topics have advanced planning for a potential attack

Bus Split Contingency Analysis Implementation in the NetVision DAM EMS

Implementation of the bus coupler outage scenarios, commonly known as bus splitting, in the NetVision DAM energy management system (EMS) contingency analysis is presented in this paper. In order to identify the bus coupler branches in the network model, the existing topology processor was upgraded. The description of the topological algorithm for detection of the bus couplers is given. Based on the topology analysis results, calculation subnodes are created. Calculation model was modified in order to include the bus couplers and the subnodes as the new calculation objects. These modifications are fundamental for the introduction of the bus coupler outages in the contingency analysis. Implications of the bus coupler outages on the load flow mathematical model are discussed. Implemented NetVision DAM solution for the analysis of such outage scenarios is presented

Cascading verification initiated by switching attacks through compromised digital relays

Attackers are able to enumerate all devices and computers within a compromised substation network. Digital relays deployed in the substation are the devices with IP addresses that can be discovered in the process of trial-and-error search. This paper is concerned with studies of cyberattacks manipulating digital relays to disruptively disconnect the associated breakers. The plausible enumeration of such disruptive attack for each relay in a substation is verified with the dynamic simulation studies with the special protection system for frequency, voltage, and rotor angle stability. A pertinent approach with smaller scale contingency analysis results is proposed to reduce the enormous computation burden. The devised enumeration reduction method is evaluated using IEEE test cases. The proposed method provides an extensive enumeration strategy that can be used by utility engineers to identify the pivotal relays in the system and can be further strengthened with security protection

Security assessment of cross-border electricity interconnections

Cross-border electricity interconnections are important for ensuring energy exchange and addressing undesirable events such as power outages and blackouts. This paper assesses the performance of interconnection lines by measuring their impacts on the main reliability and vulnerability indicators of interconnected power systems. The reliability study is performed using the sequential Monte Carlo simulation technique, while the vulnerability assessment is carried out by proposing a cascading failures methodology. The conclusions obtained show that highly connected infrastructures have simultaneously high reliability and limited robustness, which suggests that both approaches show different operational characteristics of the power system. Nevertheless, an appropriate increase in the number and capacity of the interconnections can help to improve both security parameters of the power supply. Seven case studies are performed based on the IEEE RTS-96 test system. The results can be used to help transmission system operators better understand the behaviour and performance of electrical networks

Tie-line modelling in interconnected synchrophasor network for monitoring grid observability, cyber intrusion and reliability

The incorporation of a tie-line between two areas may be beneficial in two ways. First, the reserve capacity of the assisting area support to the assisted area, and second, the number of Phasor Measurement Unit (PMU) requirements will become smaller for complete observability of the interconnected grid. The objective function is formulated to integrate the observability and reliability analysis for the two interconnected synchrophasor networks. The effect of Zero Injection Bus (ZIB) is included in the observability constraints to reduce the number of PMUs deployed in the system. The number of optimal PMU deployments will be greater for two interconnected systems in comparison with a single area. Therefore, interconnected systems become more vulnerable to cyber risk. The paper discusses the cumulative analysis of system observability and reliability during an anomaly situation that occurs with a PMU device due to a cyber-attack. The reliability indices Interconnected System Load Interruption Probability (ISLIP) and Interconnected System Demand Not Supplied (ISDNS) are evaluated when an anomaly occurs with optimally deployed PMU in the network by including and excluding the effect of ZIB. By doing so, the most reliable location for PMU deployment can be obtained for both the area. Reliability Test System (RTS)-24 bus is used for each area to modify the test system by incorporating tie-lines between them

Reliability Evaluation and Defense Strategy Development for Cyber-physical Power Systems

With the smart grid initiatives in recent years, the electric power grid is rapidly evolving into a complicated and interconnected cyber-physical system. Unfortunately, the wide deployment of cutting-edge communication, control and computer technologies in the power system, as well as the increasing terrorism activities, make the power system at great risk of attacks from both cyber and physical domains. It is pressing and meaningful to investigate the plausible attack scenarios and develop efficient methods for defending the power system against them. To defend the power grid, it is critical to first study how the attacks could happen and affect the power system, which are the basis for the defense strategy development. Thus, this dissertation quantifies the influence of several typical attacks on power system reliability. Specifically, three representative attack are considered, i.e., intrusion against substations, regional LR attack, and coordinated attacks. For the intrusion against substations, the occurrence frequency of the attack events is modeled based on statistical data and human dynamics; game-theoretical approaches are adopted to model induvial and consecutive attack cases; Monte Carlo simulation is deployed to obtain the desired reliability indices, which incorporates both the attacks and the random failures. For the false data injection attack, a practical regional load redistribution (LR) attack strategy is proposed; the man-in-the-middle (MITM) intrusion process is modeled with a semi-Markov process method; the reliability indices are obtained based on the regional LR attack strategy and the MITM intrusion process using Monte Carlo simulation. For the coordinated attacks, a few typical coordination strategies are proposed considering attacking the current-carrying elements as well as attacking the measurements; a bilevel optimization method is applied to develop the optimal coordination strategy. Further, efficient and effective defense strategies are proposed from the perspectives of power system operation strategy and identification of critical elements. Specially, a robustness-oriented power grid operation strategy is proposed considering the element random failures and the risk of man-made attacks. Using this operation strategy, the power system operation is robust, and can minimize the load loss in case of malicious man-made attacks. Also, a multiple-attack-scenario (MAS) defender-attack-defender model is proposed to identify the critical branches that should be defended when an attack is anticipated but the defender has uncertainty about the capability of the attacker. If those identified critical branches are protected, the expected load loss will be minimal