False data injection attack detection in smart grid

Smart grid is a distributed and autonomous energy delivery infrastructure that constantly monitors the operational state of its overall network using smart techniques and state estimation. State estimation is a powerful technique that is used to determine the overall operational state of the system based on a limited set of measurements collected through metering systems. Cyber-attacks pose serious risks to a smart grid state estimation that can cause disruptions and power outages resulting in huge economical losses and are therefore a big concern to a reliable national grid operation. False data injection attacks (FDIAs), engineered on the basis of the knowledge of the network configuration, are difficult to detect using the traditional data detection mechanisms. These detection schemes have been found vulnerable and failed to detect these FDIAs. FDIAs specifically target the state data and can manipulate the state measurements in such a way that these false measurements appear real to the main control systems. This research work explores the possibility of FDIA detection using state estimation in a distributed and partitioned smart grid. In order to detect FDIAs we use measurements for residual-based testing which creates an objective function; and the probability of erroneous data is determined from this residual test. In this test, a preset threshold is determined based on the prior history of the state data. FDIA cases are simulated within a smart grid considering that the Chi-square detection state estimator fails in identifying such attacks. We compute the objective function using the standard weighted least problem and then test the objective function against the value in the Chi-square table. The gain matrix and the Jacobian matrix are computed. The state variables are computed in the form of a voltage magnitude. The state variables are computed after the inception of an attack to assess these state magnitude results. Different sizes of partitioning are used to improve the overall sensitivity of the Chi-square results. Our additional estimator is based on a Kalman estimation that consists of the state prediction and state correction steps. In the first step, it obtains the state and matrix covariance prediction, and in the second step, it calculates the Kalman gain and the state and matrix covariance update steps. The set of points is created for the state vector x at a time instant t. The initial vector and covariance matrix are based on a priori knowledge of the historical estimates. A set of sigma points is estimated by the state update function. Sigma points refer to the minimal set of sampling points that are selected and transformed using nonlinear function, and the new mean and the covariance are formed out of these transformed points. The idea behind this is that it is easier to compute a Gaussian distribution than an arbitrary nonlinear function. The filter gain, the mean and the covariance are used to estimate the next state. Our simulation results show that the combination of Kalman estimation and distributed state estimation improves the overall stability index and vulnerability assessment score of the smart grid. We built a stability index table for a smart grid based on the state estimates value after the inception of an FDIA. The vulnerability assessment score of the smart grid is based on common vulnerability scoring system (CVSS) and state estimates under the influence of an FDIA. The simulations are conducted in the MATPOWER program and different electrical bus systems such as IEEE 14, 30, 39, 118 and 300 are tested. All the contributions have been published in reputable journals and conferences.Doctor of Philosoph

Subspace Methods for Data Attack on State Estimation: A Data Driven Approach

Data attacks on state estimation modify part of system measurements such that the tempered measurements cause incorrect system state estimates. Attack techniques proposed in the literature often require detailed knowledge of system parameters. Such information is difficult to acquire in practice. The subspace methods presented in this paper, on the other hand, learn the system operating subspace from measurements and launch attacks accordingly. Conditions for the existence of an unobservable subspace attack are obtained under the full and partial measurement models. Using the estimated system subspace, two attack strategies are presented. The first strategy aims to affect the system state directly by hiding the attack vector in the system subspace. The second strategy misleads the bad data detection mechanism so that data not under attack are removed. Performance of these attacks are evaluated using the IEEE 14-bus network and the IEEE 118-bus network.Comment: 12 page

A nested decision tree for event detection in smart grids

Procedings of: 20th International Conference on Renewable Energies and Power Quality (ICREPQ'22), 27-29 July 2022, Vigo, Spain.Digitalization process experienced by traditional power networks towards smart grids extend the challenges faced by power grid operators to the field of cybersecurity. False data injection attacks, one of the most common cyberattacks in smart grids, could lead the power grid to sabotage itself. In this paper, an event detection algorithm for cyberattack in smart grids is developed based on a decision tree. In order to find the most accurate algorithm, two different decision trees with two different goals have been trained: one classifies the status of the network, corresponding to an event, and the other will classify the location where the event is detected. To train the decision trees, a dataset made by co-simulating a power network and a communication network has been used. The decision trees are going to be compared in different settings by changing the division criteria, the dataset used to train them and the misclassification cost. After looking at their performance independently, the best way to combine them into a single algorithm is presented.This research was funded by Fundación Iberdrola España, within the 2020 research support scholarship program

Impact Assessment, Detection, And Mitigation Of False Data Attacks In Electrical Power Systems

The global energy market has seen a massive increase in investment and capital flow in the last few decades. This has completely transformed the way power grids operate - legacy systems are now being replaced by advanced smart grid infrastructures that attest to better connectivity and increased reliability. One popular example is the extensive deployment of phasor measurement units, which is referred to PMUs, that constantly provide time-synchronized phasor measurements at a high resolution compared to conventional meters. This enables system operators to monitor in real-time the vast electrical network spanning thousands of miles. However, a targeted cyber attack on PMUs can prompt operators to take wrong actions that can eventually jeopardize the power system reliability. Such threats originating from the cyber-space continue to increase as power grids become more dependent on PMU communication networks. Additionally, these threats are becoming increasingly efficient in remaining undetected for longer periods while gaining deep access into the power networks. An attack on the energy sector immediately impacts national defense, emergency services, and all aspects of human life. Cyber attacks against the electric grid may soon become a tactic of high-intensity warfare between nations in near future and lead to social disorder. Within this context, this dissertation investigates the cyber security of PMUs that affects critical decision-making for a reliable operation of the power grid. In particular, this dissertation focuses on false data attacks, a key vulnerability in the PMU architecture, that inject, alter, block, or delete data in devices or in communication network channels. This dissertation addresses three important cyber security aspects - (1) impact assessment, (2) detection, and (3) mitigation of false data attacks. A comprehensive background of false data attack models targeting various steady-state control blocks is first presented. By investigating inter-dependencies between the cyber and the physical layers, this dissertation then identifies possible points of ingress and categorizes risk at different levels of threats. In particular, the likelihood of cyber attacks against the steady-state power system control block causing the worst-case impacts such as cascading failures is investigated. The case study results indicate that false data attacks do not often lead to widespread blackouts, but do result in subsequent line overloads and load shedding. The impacts are magnified when attacks are coordinated with physical failures of generators, transformers, or heavily loaded lines. Further, this dissertation develops a data-driven false data attack detection method that is independent of existing in-built security mechanisms in the state estimator. It is observed that a convolutional neural network classifier can quickly detect and isolate false measurements compared to other deep learning and traditional classifiers. Finally, this dissertation develops a recovery plan that minimizes the consequence of threats when sophisticated attacks remain undetected and have already caused multiple failures. Two new controlled islanding methods are developed that minimize the impact of attacks under the lack of, or partial information on the threats. The results indicate that the system operators can successfully contain the negative impacts of cyber attacks while creating stable and observable islands. Overall, this dissertation presents a comprehensive plan for fast and effective detection and mitigation of false data attacks, improving cyber security preparedness, and enabling continuity of operations

Impact Assessment, Detection, and Mitigation of False Data Attacks in Electrical Power Systems

The global energy market has seen a massive increase in investment and capital flow in the last few decades. This has completely transformed the way power grids operate - legacy systems are now being replaced by advanced smart grid infrastructures that attest to better connectivity and increased reliability. One popular example is the extensive deployment of phasor measurement units, which is referred to PMUs, that constantly provide time-synchronized phasor measurements at a high resolution compared to conventional meters. This enables system operators to monitor in real-time the vast electrical network spanning thousands of miles. However, a targeted cyber attack on PMUs can prompt operators to take wrong actions that can eventually jeopardize the power system reliability. Such threats originating from the cyber-space continue to increase as power grids become more dependent on PMU communication networks. Additionally, these threats are becoming increasingly efficient in remaining undetected for longer periods while gaining deep access into the power networks. An attack on the energy sector immediately impacts national defense, emergency services, and all aspects of human life. Cyber attacks against the electric grid may soon become a tactic of high-intensity warfare between nations in near future and lead to social disorder. Within this context, this dissertation investigates the cyber security of PMUs that affects critical decision-making for a reliable operation of the power grid. In particular, this dissertation focuses on false data attacks, a key vulnerability in the PMU architecture, that inject, alter, block, or delete data in devices or in communication network channels. This dissertation addresses three important cyber security aspects - (1) impact assessment, (2) detection, and (3) mitigation of false data attacks. A comprehensive background of false data attack models targeting various steady-state control blocks is first presented. By investigating inter-dependencies between the cyber and the physical layers, this dissertation then identifies possible points of ingress and categorizes risk at different levels of threats. In particular, the likelihood of cyber attacks against the steady-state power system control block causing the worst-case impacts such as cascading failures is investigated. The case study results indicate that false data attacks do not often lead to widespread blackouts, but do result in subsequent line overloads and load shedding. The impacts are magnified when attacks are coordinated with physical failures of generators, transformers, or heavily loaded lines. Further, this dissertation develops a data-driven false data attack detection method that is independent of existing in-built security mechanisms in the state estimator. It is observed that a convolutional neural network classifier can quickly detect and isolate false measurements compared to other deep learning and traditional classifiers. Finally, this dissertation develops a recovery plan that minimizes the consequence of threats when sophisticated attacks remain undetected and have already caused multiple failures. Two new controlled islanding methods are developed that minimize the impact of attacks under the lack of, or partial information on the threats. The results indicate that the system operators can successfully contain the negative impacts of cyber attacks while creating stable and observable islands. Overall, this dissertation presents a comprehensive plan for fast and effective detection and mitigation of false data attacks, improving cyber security preparedness, and enabling continuity of operations