Detection and Mitigation of Cyber Attacks on Time Synchronization Protocols for the Smart Grid

The current electric grid is considered as one of the greatest engineering achievements of the twentieth century. It has been successful in delivering power to consumers for decades. Nevertheless, the electric grid has recently experienced several blackouts that raised several concerns related to its availability and reliability. The aspiration to provide reliable and efficient energy, and contribute to environment protection through the increasing utilization of renewable energies are driving the need to deploy the grid of the future, the smart grid. It is expected that this grid will be self-healing from power disturbance events, operating resiliently against physical and cyber attack, operating efficiently, and enabling new products and services. All these call for a grid with more Information and Communication Technologies (ICT). As such, power grids are increasingly absorbing ICT technologies to provide efficient, secure and reliable two-way communication to better manage, operate, maintain and control electric grid components. On the other hand, the successful deployment of the smart grid is predicated on the ability to secure its operations. Such a requirement is of paramount importance especially in the presence of recent cyber security incidents. Furthermore, those incidents are subject to an augment with the increasing integration of ICT technologies and the vulnerabilities they introduce to the grid. The exploitation of these vulnerabilities might lead to attacks that can, for instance, mask the system observability and initiate cascading failures resulting in undesirable and severe consequences. In this thesis, we explore the security aspects of a key enabling technology in the smart grid, accurate time synchronization. Time synchronization is an immense requirement across the domains of the grid, from generation to transmission, distribution, and consumer premises. We focus on the substation, a basic block of the smart grid system, along with its recommended time synchronization mechanism - the Precision Time Protocol (PTP) - in order to address threats associated with PTP, and propose practical and efficient detection, prevention, mitigation techniques and methodologies that will harden and enhance the security and usability of PTP in a substation. In this respect, we start this thesis with a security assessment of PTP that identifies PTP security concerns, and then address those concerns in the subsequent chapters. We tackle the following main threats associated with PTP: 1) PTP vulnerability to fake timestamp injection through a compromised component 2) PTP vulnerability to the delay attack and 3) The lack of a mechanism that secures the PTP network. Next, and as a direct consequence of the importance of time synchronization in the smart grid, we consider the wide area system to demonstrate the vulnerability of relative data alignment in Phasor Data Concentrators to time synchronization attacks. These problems will be extensively studied throughout this thesis, followed by discussions that highlight open research directions worth further investigations

Machine Learning based Anomaly Detection for Cybersecurity Monitoring of Critical Infrastructures

openManaging critical infrastructures requires to increasingly rely on Information and Communi- cation Technologies. The last past years showed an incredible increase in the sophistication of attacks. For this reason, it is necessary to develop new algorithms for monitoring these infrastructures. In this scenario, Machine Learning can represent a very useful ally. After a brief introduction on the issue of cybersecurity in Industrial Control Systems and an overview of the state of the art regarding Machine Learning based cybersecurity monitoring, the present work proposes three approaches that target different layers of the control network architecture. The first one focuses on covert channels based on the DNS protocol, which can be used to establish a command and control channel, allowing attackers to send malicious commands. The second one focuses on the field layer of electrical power systems, proposing a physics-based anomaly detection algorithm for Distributed Energy Resources. The third one proposed a first attempt to integrate physical and cyber security systems, in order to face complex threats. All these three approaches are supported by promising results, which gives hope to practical applications in the next future.openXXXIV CICLO - SCIENZE E TECNOLOGIE PER L'INGEGNERIA ELETTRONICA E DELLE TELECOMUNICAZIONI - Elettromagnetismo, elettronica, telecomunicazioniGaggero, GIOVANNI BATTIST

Real-Time Machine Learning Models To Detect Cyber And Physical Anomalies In Power Systems

A Smart Grid is a cyber-physical system (CPS) that tightly integrates computation and networking with physical processes to provide reliable two-way communication between electricity companies and customers. However, the grid availability and integrity are constantly threatened by both physical faults and cyber-attacks which may have a detrimental socio-economic impact. The frequency of the faults and attacks is increasing every year due to the extreme weather events and strong reliance on the open internet architecture that is vulnerable to cyber-attacks. In May 2021, for instance, Colonial Pipeline, one of the largest pipeline operators in the U.S., transports refined gasoline and jet fuel from Texas up the East Coast to New York was forced to shut down after being attacked by ransomware, causing prices to rise at gasoline pumps across the country. Enhancing situational awareness within the grid can alleviate these risks and avoid their adverse consequences. As part of this process, the phasor measurement units (PMU) are among the suitable assets since they collect time-synchronized measurements of grid status (30-120 samples/s), enabling the operators to react rapidly to potential anomalies. However, it is still challenging to process and analyze the open-ended source of PMU data as there are more than 2500 PMU distributed across the U.S. and Canada, where each of which generates more than 1.5 TB/month of streamed data. Further, the offline machine learning algorithms cannot be used in this scenario, as they require loading and scanning the entire dataset before processing. The ultimate objective of this dissertation is to develop early detection of cyber and physical anomalies in a real-time streaming environment setting by mining multi-variate large-scale synchrophasor data. To accomplish this objective, we start by investigating the cyber and physical anomalies, analyzing their impact, and critically reviewing the current detection approaches. Then, multiple machine learning models were designed to identify physical and cyber anomalies; the first one is an artificial neural network-based approach for detecting the False Data Injection (FDI) attack. This attack was specifically selected as it poses a serious risk to the integrity and availability of the grid; Secondly, we extend this approach by developing a Random Forest Regressor-based model which not only detects anomalies, but also identifies their location and duration; Lastly, we develop a real-time hoeffding tree-based model for detecting anomalies in steaming networks, and explicitly handling concept drifts. These models have been tested and the experimental results confirmed their superiority over the state-of-the-art models in terms of detection accuracy, false-positive rate, and processing time, making them potential candidates for strengthening the grid\u27s security

ESTABLISHMENT OF CYBER-PHYSICAL CORRELATION AND VERIFICATION BASED ON ATTACK SCENARIOS IN POWER SUBSTATIONS

Insurance businesses for the cyberworld are an evolving opportunity. However, a quantitative model in today\u27s security technologies may not be established. Besides, a generalized methodology to assess the systematic risks remains underdeveloped. There has been a technical challenge to capture intrusion risks of the cyber-physical system, including estimating the impact of the potential cascaded events initiated by the hacker\u27s malicious actions. This dissertation attempts to integrate both modeling aspects: 1) steady-state probabilities for the Internet protocol-based substation switching attack events based on hypothetical cyberattacks, 2) potential electricity losses. The phenomenon of sequential attacks can be characterized using a time-domain simulation that exhibits dynamic cascaded events. Such substation attack simulation studies can establish an actuarial framework for grid operation. The novelty is three-fold. First, the development to extend features of steady-state probabilities is established based on 1) modified password models, 2) new models on digital relays with two-step authentications, and 3) honeypot models. A generalized stochastic Petri net is leveraged to formulate the detailed statuses and transitions of components embedded in a Cyber-net. Then, extensive modeling of steady-state probabilities is qualitatively performed. Methodologies on how transition probabilities and rates are extracted from network components and actuarial applications are summarized and discussed. Second, dynamic models requisite for switching attacks against multiple substations or digital relays deployed in substations are formulated. Imperative protection and control models to represent substation attacks are clarified with realistic model parameters. Specifically, wide-area protections, i.e., special protection systems (SPSs), are elaborated, asserting that event-driven SPSs may be skipped for this type of case study. Third, the substation attack replay using a proven commercially available time-domain simulation tool is validated in IEEE system models to study attack combinations\u27 critical paths. As the time-domain simulation requires a higher computational cost than power flow-based steady-state simulation, a balance of both methods is established without missing the critical dynamic behavior. The direct impact of substation attacks, i.e., electricity losses, is compared between steady-state and dynamic analyses. Steady-state analysis results are prone to be pessimistic for a smaller number of compromised substations. Finally, simulation findings based on the risk-based metrics and technical implementation are extensively discussed with future work

Embedded computing systems design: architectural and application perspectives

Questo elaborato affronta varie problematiche legate alla progettazione e all'implementazione dei moderni sistemi embedded di computing, ponendo in rilevo, e talvolta in contrapposizione, le sfide che emergono all'avanzare della tecnologia ed i requisiti che invece emergono a livello applicativo, derivanti dalle necessità degli utenti finali e dai trend di mercato. La discussione sarà articolata tenendo conto di due punti di vista: la progettazione hardware e la loro applicazione a livello di sistema. A livello hardware saranno affrontati nel dettaglio i problemi di interconnettività on-chip. Aspetto che riguarda la parallelizzazione del calcolo, ma anche l'integrazione di funzionalità eterogenee. Sarà quindi discussa un'architettura d'interconnessione denominata Network-on-Chip (NoC). La soluzione proposta è in grado di supportare funzionalità avanzate di networking direttamente in hardware, consentendo tuttavia di raggiungere sempre un compromesso ottimale tra prestazioni in termini di traffico e requisiti di implementazioni a seconda dell'applicazione specifica. Nella discussione di questa tematica, verrà posto l'accento sul problema della configurabilità dei blocchi che compongono una NoC. Quello della configurabilità, è un problema sempre più sentito nella progettazione dei sistemi complessi, nei quali si cerca di sviluppare delle funzionalità, anche molto evolute, ma che siano semplicemente riutilizzabili. A tale scopo sarà introdotta una nuova metodologia, denominata Metacoding che consiste nell'astrarre i problemi di configurabilità attraverso linguaggi di programmazione di alto livello. Sulla base del metacoding verrà anche proposto un flusso di design automatico in grado di semplificare la progettazione e la configurazione di una NoC da parte del designer di rete. Come anticipato, la discussione si sposterà poi a livello di sistema, per affrontare la progettazione di tali sistemi dal punto di vista applicativo, focalizzando l'attenzione in particolare sulle applicazioni di monitoraggio remoto. A tal riguardo saranno studiati nel dettaglio tutti gli aspetti che riguardano la progettazione di un sistema per il monitoraggio di pazienti affetti da scompenso cardiaco cronico. Si partirà dalla definizione dei requisiti, che, come spesso accade a questo livello, derivano principalmente dai bisogni dell'utente finale, nel nostro caso medici e pazienti. Verranno discusse le problematiche di acquisizione, elaborazione e gestione delle misure. Il sistema proposto introduce vari aspetti innovativi tra i quali il concetto di protocollo operativo e l'elevata interoperabilità offerta. In ultima analisi, verranno riportati i risultati relativi alla sperimentazione del sistema implementato. Infine, il tema del monitoraggio remoto sarà concluso con lo studio delle reti di distribuzione elettrica intelligenti: le Smart Grid, cercando di fare uno studio dello stato dell'arte del settore, proponendo un'architettura di Home Area Network (HAN) e suggerendone una possibile implementazione attraverso Commercial Off the Shelf (COTS)

Creating a Network Model for the Integration of Dynamic and Static Supervisory Control and Data Acquisition (SCADA) Test Environment

Since 9/11 protecting our critical infrastructure has become a national priority. Presidential Decision Directive 63 mandates and lays a foundation for ensuring all aspects of our nation\u27s critical infrastructure remain secure. Key in this debate is the fact that much of our electrical power grid fails to meet the spirit of this requirement. My research leverages the power afforded by Electric Power and Communication Synchronizing Simulator (EPOCHS) developed with the assistance of Dr. Hopkinson, et al. The power environment is modeled in an electrical simulation environment called PowerWorld©. The network is modeled in OPNET® and populated with self-similar network and Supervisory Control and Data Acquisition (SCADA). The two are merged into one working tool that can realistically model and provide a dynamic network environment coupled with a robust communication methodology. This new suite of tools will enhance the way we model and test hybrid SCADA networks. By combining the best of both worlds we get an effective and robust methodology that correctly predicts the impact of SCADA traffic on a LAN and vice versa. This ability to properly assess data flows will allow professionals in the power industry to develop tools that effectively model future concepts for our critical infrastructure

Game-Theoretic and Machine-Learning Techniques for Cyber-Physical Security and Resilience in Smart Grid

The smart grid is the next-generation electrical infrastructure utilizing Information and Communication Technologies (ICTs), whose architecture is evolving from a utility-centric structure to a distributed Cyber-Physical System (CPS) integrated with a large-scale of renewable energy resources. However, meeting reliability objectives in the smart grid becomes increasingly challenging owing to the high penetration of renewable resources and changing weather conditions. Moreover, the cyber-physical attack targeted at the smart grid has become a major threat because millions of electronic devices interconnected via communication networks expose unprecedented vulnerabilities, thereby increasing the potential attack surface. This dissertation is aimed at developing novel game-theoretic and machine-learning techniques for addressing the reliability and security issues residing at multiple layers of the smart grid, including power distribution system reliability forecasting, risk assessment of cyber-physical attacks targeted at the grid, and cyber attack detection in the Advanced Metering Infrastructure (AMI) and renewable resources. This dissertation first comprehensively investigates the combined effect of various weather parameters on the reliability performance of the smart grid, and proposes a multilayer perceptron (MLP)-based framework to forecast the daily number of power interruptions in the distribution system using time series of common weather data. Regarding evaluating the risk of cyber-physical attacks faced by the smart grid, a stochastic budget allocation game is proposed to analyze the strategic interactions between a malicious attacker and the grid defender. A reinforcement learning algorithm is developed to enable the two players to reach a game equilibrium, where the optimal budget allocation strategies of the two players, in terms of attacking/protecting the critical elements of the grid, can be obtained. In addition, the risk of the cyber-physical attack can be derived based on the successful attack probability to various grid elements. Furthermore, this dissertation develops a multimodal data-driven framework for the cyber attack detection in the power distribution system integrated with renewable resources. This approach introduces the spare feature learning into an ensemble classifier for improving the detection efficiency, and implements the spatiotemporal correlation analysis for differentiating the attacked renewable energy measurements from fault scenarios. Numerical results based on the IEEE 34-bus system show that the proposed framework achieves the most accurate detection of cyber attacks reported in the literature. To address the electricity theft in the AMI, a Distributed Intelligent Framework for Electricity Theft Detection (DIFETD) is proposed, which is equipped with Benford’s analysis for initial diagnostics on large smart meter data. A Stackelberg game between utility and multiple electricity thieves is then formulated to model the electricity theft actions. Finally, a Likelihood Ratio Test (LRT) is utilized to detect potentially fraudulent meters

Engineering and built environment project conference 2016: book of abstracts - Toowoomba, Australia, 19-23 September 2016

Book of Abstracts of the USQ Engineering and Built Environment Conference 2016, held Toowoomba, Australia, 19-23 September 2016. These proceedings include extended abstracts of the verbal presentations that are delivered at the project conference. The work reported at the conference is the research undertaken by students in meeting the requirements of courses ENG4111/ENG4112 Research Project for undergraduate or ENG8411/ENG8412 Research Project and Dissertation for postgraduate students