Assessing the Cyber Threat Landscape for Virtual Power Plants

Virtual Power Plants (VPPs) aggregate and coordinate Distributed Energy Resources (DER) as a single entity aiding in decarbonization of the energy generation mix. The infrastructure of VPPs relies heavily on rigorous and accurate exchange of information between the DER and the VPP, as well as other grid entities. This exposes them to possible cyber threats that impede their functions and can have negative impacts on the stability and reliability of the grid. In this paper, the threat landscape is evaluated against threats that affect VPPs. A heuristic method of assessing the impact and likelihood of attacks is constructed based on a) proposed methods in literature, b) standardization bodies, and c) in relation to a VPPs security profile. Our findings indicate that False Data Injection attacks are posing the greatest risk, competing with disruption of their functions due to Denial of Service

Machine Learning based Anomaly Detection for Cybersecurity Monitoring of Critical Infrastructures

openManaging critical infrastructures requires to increasingly rely on Information and Communi- cation Technologies. The last past years showed an incredible increase in the sophistication of attacks. For this reason, it is necessary to develop new algorithms for monitoring these infrastructures. In this scenario, Machine Learning can represent a very useful ally. After a brief introduction on the issue of cybersecurity in Industrial Control Systems and an overview of the state of the art regarding Machine Learning based cybersecurity monitoring, the present work proposes three approaches that target different layers of the control network architecture. The first one focuses on covert channels based on the DNS protocol, which can be used to establish a command and control channel, allowing attackers to send malicious commands. The second one focuses on the field layer of electrical power systems, proposing a physics-based anomaly detection algorithm for Distributed Energy Resources. The third one proposed a first attempt to integrate physical and cyber security systems, in order to face complex threats. All these three approaches are supported by promising results, which gives hope to practical applications in the next future.openXXXIV CICLO - SCIENZE E TECNOLOGIE PER L'INGEGNERIA ELETTRONICA E DELLE TELECOMUNICAZIONI - Elettromagnetismo, elettronica, telecomunicazioniGaggero, GIOVANNI BATTIST

On the Impact of Synchronization Attacks on Distributed and Cooperative Control in Microgrid Systems

International audienceMicrogrids are adopted to provide distributed generation of renewable energy resources and scalable integration of loads. To ensure the reliability of their power system operations, distributed and cooperative control schemes are proposed by integrating communication networks at their control layers. However, the information exchanged at the communication channels is vulnerable to malicious attacks aiming to introduce voltage instability and blackouts. In this paper, we design and evaluate a novel type of attacks on the cooperative control and communication layers in microgrids, where the attacker targets the communication links between distributed generators (DGs) and manipulates the reference voltage data exchanged by their controllers. We analyze the control-theoretic and detectability properties of this attack to assess its impact on reference voltage synchronization at the different control layers of a microgrid. Results from numerical simulation are presented to demonstrate this attack, and the maximum voltage deviation and inaccurate reference voltage synchronization it causes in the microgrid

Denial-of-service attack on iec 61850-based substation automation system: A crucial cyber threat towards smart substation pathways

The generation of the mix-based expansion of modern power grids has urged the utilization of digital infrastructures. The introduction of Substation Automation Systems (SAS), advanced networks and communication technologies have drastically increased the complexity of the power system, which could prone the entire power network to hackers. The exploitation of the cyber security vulnerabilities by an attacker may result in devastating consequences and can leave millions of people in severe power outage. To resolve this issue, this paper presents a network model developed in OPNET that has been subjected to various Denial of Service (DoS) attacks to demonstrate cyber security aspect of an international electrotechnical commission (IEC) 61850 based digital substations. The attack scenarios have exhibited significant increases in the system delay and the prevention of messages, i.e., Generic Object-Oriented Substation Events (GOOSE) and Sampled Measured Values (SMV), from being transmitted within an acceptable time frame. In addition to that, it may cause malfunction of the devices such as unresponsiveness of Intelligent Electronic Devices (IEDs), which could eventually lead to catastrophic scenarios, especially under different fault conditions. The simulation results of this work focus on the DoS attack made on SAS. A detailed set of rigorous case studies have been conducted to demonstrate the effects of these attacks.Scopu

Reliability in a smart power system with cyber-physical interactive operation of photovoltaic systems and heat pumps

The connectivity of the power grid is increasing with the internet of things, and low carbon technologies being deployed to help enhance smart grid performance and reliability. Meanwhile, they also increase the digital complexity and dependency of cyber assets, which might be vulnerable to cyber-physical threats, and hence may impact the reliability of power systems. Due to cyber-threats’ unpredictable nature, the interactive operation of low carbon technologies with cyber-physical systems is becoming a challenging task for smart grids. This thesis proposes novel mathematical frameworks to estimate the availability of photovoltaics and heat pumps with cyber-physical components. These frameworks are developed to quantify the level of risk posed by cyber-threats to the interactive operation of photovoltaics and heat pumps, using Markov-Chains. The availability framework considers the severity of random cyber-attacks on photovoltaics and the probability of cyber-threats with mean time to detection-time on heat pump operation. Sensitivities of the repair times of cyber-physical component for photovoltaics and sensitivities of cyber-attack-detection time for heat pumps are also evaluated. The impact of cyber threats on the interactive operation of photovoltaics and heat pumps are considerable and inconsistent, however the propagation of cyber-threats can be restricted by appropriate means of photovoltaics. For heat pumps, operational reliability substantially decreases due to the unavailability of their control panel. Contributions of this thesis include an availability model for photovoltaic configurations, an innovative approach to assess the reliability of a photovoltaic integrated power system with cyber-physical interactions, the availability estimation of heat pump with variable detection time, and an enhanced cyber-intrusion process model for reliability analysis of heat pumps. The findings offer insight into the impact of cyber-physical system availability and its importance on power system reliability

Threat Assessment for Multistage Cyber Attacks in Smart Grid Communication Networks

In smart grids, managing and controlling power operations are supported by information and communication technology (ICT) and supervisory control and data acquisition (SCADA) systems. The increasing adoption of new ICT assets in smart grids is making smart grids vulnerable to cyber threats, as well as raising numerous concerns about the adequacy of current security approaches. As a single act of penetration is often not sufficient for an attacker to achieve his/her goal, multistage cyber attacks may occur. Due to the interdependence between the power grid and the communication network, a multistage cyber attack not only affects the cyber system but impacts the physical system. This thesis investigates an application-oriented stochastic game-theoretic cyber threat assessment framework, which is strongly related to the information security risk management process as standardized in ISO/IEC 27005. The proposed cyber threat assessment framework seeks to address the specific challenges (e.g., dynamic changing attack scenarios and understanding cascading effects) when performing threat assessments for multistage cyber attacks in smart grid communication networks. The thesis looks at the stochastic and dynamic nature of multistage cyber attacks in smart grid use cases and develops a stochastic game-theoretic model to capture the interactions of the attacker and the defender in multistage attack scenarios. To provide a flexible and practical payoff formulation for the designed stochastic game-theoretic model, this thesis presents a mathematical analysis of cascading failure propagation (including both interdependency cascading failure propagation and node overloading cascading failure propagation) in smart grids. In addition, the thesis quantifies the characterizations of disruptive effects of cyber attacks on physical power grids. Furthermore, this thesis discusses, in detail, the ingredients of the developed stochastic game-theoretic model and presents the implementation steps of the investigated stochastic game-theoretic cyber threat assessment framework. An application of the proposed cyber threat assessment framework for evaluating a demonstrated multistage cyber attack scenario in smart grids is shown. The cyber threat assessment framework can be integrated into an existing risk management process, such as ISO 27000, or applied as a standalone threat assessment process in smart grid use cases