Evaluación de la vulnerabilidad de sistemas eléctricos por medio de programación multinivel: una revisión bibliográfica

Vulnerability studies can identify critical elements in electric power systems in order to take protective measures against possible scenarios that may result in load shedding, which can be caused by natural events or deliberate attacks. This article is a literature review on the latter kind, i.e., the interdiction problem, which assumes there is a disruptive agent whose objective is to maximize the damage to the system, while the network operator acts as a defensive agent. The non-simultaneous interaction of these two agents creates a multilevel optimization problem, and the literature has reported several interdiction models and solution methods to address it. The main contribution of this paper is presenting the considerations that should be taken into account to analyze, model, and solve the interdiction problem, including the most common solution techniques, applied methodologies, and future studies. This literature review found that most research in this area is focused on the analysis of transmission systems considering linear approximations of the network, and a few interdiction studies use an AC model of the network or directly treat distribution networks from a multilevel standpoint. Future challenges in this field include modeling and incorporating new defense options for the network operator, such as distributed generation, demand response, and the topological reconfiguration of the system.f the system.Los estudios de vulnerabilidad pueden identificar elementos críticos en los sistemas de distribución de potencia eléctrica con el fin de tomar medidas de protección contra posibles escenarios que pueden resultar en desconexión de carga (también llamado deslastre de carga), que puede ser ocasionada por eventos naturales o ataques deliberados. Este artículo es una reseña bibliográfica sobre el segundo tipo de casos, es decir, los del problema de interdicción, en el que se asume la existencia de un agente disruptivo cuyo objetivo es maximizar los daños ocasionados al sistema mientras el operador de red actúa como agente de defensa del mismo. La interacción no simultánea de estos dos agentes crea un problema de optimización multinivel y en la bibliografía se reportan varios modelos de interdicción y soluciones para abordar el problema. La contribución principal de este artículo es la presentación de consideraciones que deben tomarse en cuenta para analizar, modelar y resolver el problema de la interdicción, incluyendo las soluciones, métodos y técnicas más comunes para solucionarlo, así como futuros estudios al respecto. Esta revisión encontró que la mayoría de la investigación en el tema se enfoca en el análisis de los sistemas de transmisión, considerando las aproximaciones lineales de la red; algunos estudios en interdicción usan un modelo AC de la red o tratan las redes de distribución directamente desde un enfoque multinivel. Algunos retos en este campo son el modelado y la inclusión de nuevas opciones de defensa para el operador de la red, como la generación distribuida, la respuesta a la demanda y la reconfiguración topológica del sistema.&nbsp

Solution Techniques for Large-Scale Optimization Problems on the Transmission Grid

In this thesis, we are interested in solution techniques and primal heuristics for several large-scale optimization problems on the transmission grid. While some of these problems have been studied for a long time, none of the techniques proposed previously allowed them to be solved exactly on large-scale networks, rendering them of little use in practice. We will present methodology which yields high quality solutions on large networks. In Chapter 2, we consider the DC optimal transmission switching (DCOTS) problem. In this problem, we simultaneously optimize the grid topology (i.e., choose which lines are on and off) and the generator dispatch, using a DC optimal power flow (DCOPF) model. It is well-known that transmission switching is an affordable way to reduce congestion in the grid, reducing generation costs. However, DCOTS has so far been a prohibitively difficult model to solve, particularly given that dispatch problems are solved every 5 to 10 minutes for most independent system operators. We present a data-driven approach which assumes that DCOTS has been solved to optimality offline for a variety of demand profiles. We then use the k-nearest neighbors (KNN) method as a primal heuristic, directly mapping from demand profiles to topologies. This scales well since the computational time is dominated by the time to solve k linear programs. We find that we can generate high-quality primal solutions within the time constraints imposed by real-time operations. In addition, we find that defining the feature space for KNN differently can also yield equally good results: In particular, using dual information from the DCOPF problem can be effective. In Chapter 3, we propose a scalable lower bound for a worst-case attack on transmission grid relays. This is a bilevel interdiction problem in which an attacker first targets relays within an attack budget, compromising all components controlled by the relays he chooses, and aiming to maximize load shed. Then, a defender redispatches the generators, solving a DCOPF model and minimizing the load shed. Since the inner problem is convex, it is possible to dualize it, resulting in a mixed-integer single-level reformulation. However, the difficulty arises in linearizing this reformulation. Without bounds on the dual variables of DCOPF, this is not possible to do exactly. Prior literature has used heuristic bounds on the duals. However, in addition to providing a lower bound only, this comes at a computational cost: The more conservatively the bounds are chosen, the larger the big-M values are in the resulting mixed-integer programming (MIP) formulation. This worsens the continuous relaxation and makes it increasingly difficult for even commercial solvers. Instead, we propose using a different lower bound: We relax DCOPF to capacitated network flow, dropping the constraints corresponding to Ohm's law. We show that, on uncongested networks, the injections we get from solving this relaxation are a good approximation of those from solving DCOPF. We can again dualize this problem, creating a single-level formulation. The duals of the relaxed defender problem are bounded in absolute value by 1, meaning we can linearize the single-level formulation and solve it exactly. Furthermore this MIP scales extremely well when solving with a commercial solver. Last, in Chapter 4, we present methodology to solve a trilevel interdiction problem where the inner bilevel problem is the worst-case relay attack problem from Chapter 3. In this problem, we optimize the design of the Supervisory Control and Data Acquisition (SCADA) network controlling the transmission grid in order to minimize the impact of a worst-case cyberattack. Specifically, we decide where the cyber networks in the SCADA system should be subdivided, with communication limited between these subdivisions, a technique called network segmentation. The resulting problem is a trilevel interdiction model with pure integer first and second player problems and a convex third-player problem. We show that it can be solved for large-scale power networks using a covering decomposition approach in which we iteratively fix a network design and generate a worst-case attack. We then find a new design that makes all the generated attacks infeasible. When there is no such design, then the design corresponding to the least-damaging attack generated so far is optimal. We show empirically that this method is scalable for large power networks and moderate network designer and attacker budgets.Ph.D

Dependable Embedded Systems

This Open Access book introduces readers to many new techniques for enhancing and optimizing reliability in embedded systems, which have emerged particularly within the last five years. This book introduces the most prominent reliability concerns from today’s points of view and roughly recapitulates the progress in the community so far. Unlike other books that focus on a single abstraction level such circuit level or system level alone, the focus of this book is to deal with the different reliability challenges across different levels starting from the physical level all the way to the system level (cross-layer approaches). The book aims at demonstrating how new hardware/software co-design solution can be proposed to ef-fectively mitigate reliability degradation such as transistor aging, processor variation, temperature effects, soft errors, etc. Provides readers with latest insights into novel, cross-layer methods and models with respect to dependability of embedded systems; Describes cross-layer approaches that can leverage reliability through techniques that are pro-actively designed with respect to techniques at other layers; Explains run-time adaptation and concepts/means of self-organization, in order to achieve error resiliency in complex, future many core systems

Holistic Resilience Quantification Framework of Rural Communities

Communities need to prepare for anticipated hazards, adapt to varying conditions, and resist and recover rapidly from disturbances. Protecting the built environment from natural and man-made hazards and understanding the impact of these hazards helps allocate resources efficiently. Recently, an indicator-based and time-dependent approach was developed for defining and measuring the functionality and disaster resilience continuously at the community level. This computational method uses seven dimensions that find qualitative characteristics and transforms them into quantitative measures. The proposed framework is used to study the resilience of rural communities’ subject to severe flooding events. Harlan County in the Appalachian region is chosen as a case study to evaluate the proposed resilience quantification framework subject to severe flooding. The results show the validity of the proposed approach as a decision-support mechanism to assess and enhance the resilience of rural communities

Developing Infrastructure Adaptation Pathways to Combat Hurricane Intensification: A Coupled Storm Simulation and Economic Modeling Framework for Coastal Installations

Climate change projections suggest intensification of extreme weather events, including hurricanes, is expected throughout the 21st century. This will lead to increased destruction for coastal military bases unless infrastructure resiliency and adaptation measures are implemented. This research focuses on examining the simulation of probabilistic, climate-intensified hurricane events at Eglin Air Force Base. FEMA Hazus models are combined with climate projections for wind Intensity, tide, and sea-level rise to produce an assessment of losses to the installation. Damage estimates and hurricane intensity outputs are downscaled to the facility-level so that climate adaptation signals can be identified. The facility losses and climate signals are used as inputs for a dynamic adaptation pathway model. Utilizing a variety of infrastructure investment strategies, the pathway model is used to calculate the expected benefits, risks, and costs associated with adaptation. Such pathways can be used to inform campus and installation master plans and are vital to reducing coastal bases vulnerability to future hurricane events

Interdependent infrastructures and multi-mode attacks and failures: improving the security of urban water systems and fire response

This dissertation examines the interdependence between urban water distribution systems and urban fire response. The focus on interdependent critical infrastructures is driven by concern for security of water systems and the effects on related infrastructures if water distribution systems are damaged by terrorist attack or natural disaster. A model of interdependent infrastructures (principally water distribution systems and fire response) is developed called the Model of Urban Fire Spread (MUFS). The model includes the capacity to simulate firefighting water demands in a community water system hydraulic model, building-to-building urban fire spread, and suppression activities. MUFS is an improvement over previous similar models because it allows simulation of urban fires at the level of individual buildings and it permits simulation of interdependent infrastructures working in concert. MUFS is used to simulate a series of multi-mode attacks and failures (MMAFs) – events which disable the water distribution system and simultaneously ignite an urban fire. The consequences of MMAF scenarios are analyzed to determine the most serious modes of infrastructure failure and urban fire ignition. Various methods to determine worst-case configurations of urban fire ignition points are also examined. These MMAF scenarios are used to inform the design of potential mitigation measures to decrease the consequences of the urban fire. The effectiveness of mitigation methods is determined using the MUFS simulation tool. Novel metrics are developed to quantify the effectiveness of the mitigation methods from the time-series development of their consequences. A cost-benefit analysis of the various mitigation measures is conducted to provide additional insight into the methods’ effectiveness and better inform the decision-making process of selecting mitigation methods. Planned future work includes further refinement of the representation of fire propagation and suppression in MUFS and investigation of historical MMAF events to validate simulation predictions. Future efforts will continue development of appropriate optimization methods for determining worst-case MMAF scenarios. This work should be of interest to water utility managers and emergency planners, who can adapt the methodology to analyze their communities’ vulnerability to MMAFs and design mitigation techniques to meet their unique needs, as well as to researchers interested in infrastructure modeling and disaster simulation

Analysis and Mitigation of Remote Side-Channel and Fault Attacks on the Electrical Level

In der fortlaufenden Miniaturisierung von integrierten Schaltungen werden physikalische Grenzen erreicht, wobei beispielsweise Einzelatomtransistoren eine mögliche untere Grenze für Strukturgrößen darstellen. Zudem ist die Herstellung der neuesten Generationen von Mikrochips heutzutage finanziell nur noch von großen, multinationalen Unternehmen zu stemmen. Aufgrund dieser Entwicklung ist Miniaturisierung nicht länger die treibende Kraft um die Leistung von elektronischen Komponenten weiter zu erhöhen. Stattdessen werden klassische Computerarchitekturen mit generischen Prozessoren weiterentwickelt zu heterogenen Systemen mit hoher Parallelität und speziellen Beschleunigern. Allerdings wird in diesen heterogenen Systemen auch der Schutz von privaten Daten gegen Angreifer zunehmend schwieriger. Neue Arten von Hardware-Komponenten, neue Arten von Anwendungen und eine allgemein erhöhte Komplexität sind einige der Faktoren, die die Sicherheit in solchen Systemen zur Herausforderung machen. Kryptografische Algorithmen sind oftmals nur unter bestimmten Annahmen über den Angreifer wirklich sicher. Es wird zum Beispiel oft angenommen, dass der Angreifer nur auf Eingaben und Ausgaben eines Moduls zugreifen kann, während interne Signale und Zwischenwerte verborgen sind. In echten Implementierungen zeigen jedoch Angriffe über Seitenkanäle und Faults die Grenzen dieses sogenannten Black-Box-Modells auf. Während bei Seitenkanalangriffen der Angreifer datenabhängige Messgrößen wie Stromverbrauch oder elektromagnetische Strahlung ausnutzt, wird bei Fault Angriffen aktiv in die Berechnungen eingegriffen, und die falschen Ausgabewerte zum Finden der geheimen Daten verwendet. Diese Art von Angriffen auf Implementierungen wurde ursprünglich nur im Kontext eines lokalen Angreifers mit Zugriff auf das Zielgerät behandelt. Jedoch haben bereits Angriffe, die auf der Messung der Zeit für bestimmte Speicherzugriffe basieren, gezeigt, dass die Bedrohung auch durch Angreifer mit Fernzugriff besteht. In dieser Arbeit wird die Bedrohung durch Seitenkanal- und Fault-Angriffe über Fernzugriff behandelt, welche eng mit der Entwicklung zu mehr heterogenen Systemen verknüpft sind. Ein Beispiel für neuartige Hardware im heterogenen Rechnen sind Field-Programmable Gate Arrays (FPGAs), mit welchen sich fast beliebige Schaltungen in programmierbarer Logik realisieren lassen. Diese Logik-Chips werden bereits jetzt als Beschleuniger sowohl in der Cloud als auch in Endgeräten eingesetzt. Allerdings wurde gezeigt, wie die Flexibilität dieser Beschleuniger zur Implementierung von Sensoren zur Abschätzung der Versorgungsspannung ausgenutzt werden kann. Zudem können durch eine spezielle Art der Aktivierung von großen Mengen an Logik Berechnungen in anderen Schaltungen für Fault Angriffe gestört werden. Diese Bedrohung wird hier beispielsweise durch die Erweiterung bestehender Angriffe weiter analysiert und es werden Strategien zur Absicherung dagegen entwickelt

Bio+Terror: Science, Security, Simulation

The United States government has spent more than $125 billion since 2001 to prepare the nation for bioterrorism. This dissertation examines the emergence of bioterrorism as a credible threat in the contemporary moment, considering how the preparedness practices of the security state constitute new biopolitical formations. To explore how changing ways of knowing disease and risk are reshaping communities, this multi-sited study investigates the material outcomes of biosecurity in people\u27s lives. It shows how complex histories of disease and terror are remade in the modern age to bring about new spaces and forms of biological citizenship.Through interview, observation and detailed historical research, this research considers three sites where bioterrorism is reshaping public life. At Montana\u27s Rocky Mountain Laboratory, the community protest of the first high-security Biosafety Level-4 facility built in the 21st century exemplifies how public fear of microbes reshapes laboratory spaces and constructs environmental geographies around new conceptions of life, risk, and disease. The creation and implementation of new biopreparedness programs at the Centers for Disease Control and Prevention in Atlanta show how the alliance of public health practices with the nation\u27s security complex brings a new level of militarism to everyday practices of health and wellness. Finally, a case study of bioterrorism simulation exercises in New Mexico considers how the public rehearsal of terrorism events creates a perpetual state of emergency as governments and citizens publicly perform their responses to a crisis.By studying the technoscientific extensions of war in the modern age, this research questions how the care-giving acts of governance have been militarized and how enlisting the bioscience industry in the War on Terror is changing societal norms of knowing life, death, nature, and disease, grounded in these re-articulations of life itself. The emerging spaces and economies of terrorism preparedness exemplify how the fusion of new genomic biologies with national security practices brings material change to the spaces where people live and work. This research aims to convince scholars as well as policymakers and activists that the ways in which bioterrorism has been produced have consequences in how people live