Evaluating Resilience of Electricity Distribution Networks via A Modification of Generalized Benders Decomposition Method

This paper presents a computational approach to evaluate the resilience of electricity Distribution Networks (DNs) to cyber-physical failures. In our model, we consider an attacker who targets multiple DN components to maximize the loss of the DN operator. We consider two types of operator response: (i) Coordinated emergency response; (ii) Uncoordinated autonomous disconnects, which may lead to cascading failures. To evaluate resilience under response (i), we solve a Bilevel Mixed-Integer Second-Order Cone Program which is computationally challenging due to mixed-integer variables in the inner problem and non-convex constraints. Our solution approach is based on the Generalized Benders Decomposition method, which achieves a reasonable tradeoff between computational time and solution accuracy. Our approach involves modifying the Benders cut based on structural insights on power flow over radial DNs. We evaluate DN resilience under response (ii) by sequentially computing autonomous component disconnects due to operating bound violations resulting from the initial attack and the potential cascading failures. Our approach helps estimate the gain in resilience under response (i), relative to (ii)

Attack-Resilient Supervisory Control of Discrete-Event Systems

In this work, we study the problem of supervisory control of discrete-event systems (DES) in the presence of attacks that tamper with inputs and outputs of the plant. We consider a very general system setup as we focus on both deterministic and nondeterministic plants that we model as finite state transducers (FSTs); this also covers the conventional approach to modeling DES as deterministic finite automata. Furthermore, we cover a wide class of attacks that can nondeterministically add, remove, or rewrite a sensing and/or actuation word to any word from predefined regular languages, and show how such attacks can be modeled by nondeterministic FSTs; we also present how the use of FSTs facilitates modeling realistic (and very complex) attacks, as well as provides the foundation for design of attack-resilient supervisory controllers. Specifically, we first consider the supervisory control problem for deterministic plants with attacks (i) only on their sensors, (ii) only on their actuators, and (iii) both on their sensors and actuators. For each case, we develop new conditions for controllability in the presence of attacks, as well as synthesizing algorithms to obtain FST-based description of such attack-resilient supervisors. A derived resilient controller provides a set of all safe control words that can keep the plant work desirably even in the presence of corrupted observation and/or if the control words are subjected to actuation attacks. Then, we extend the controllability theorems and the supervisor synthesizing algorithms to nondeterministic plants that satisfy a nonblocking condition. Finally, we illustrate applicability of our methodology on several examples and numerical case-studies

Disaster-Resilient Control Plane Design and Mapping in Software-Defined Networks

Communication networks, such as core optical networks, heavily depend on their physical infrastructure, and hence they are vulnerable to man-made disasters, such as Electromagnetic Pulse (EMP) or Weapons of Mass Destruction (WMD) attacks, as well as to natural disasters. Large-scale disasters may cause huge data loss and connectivity disruption in these networks. As our dependence on network services increases, the need for novel survivability methods to mitigate the effects of disasters on communication networks becomes a major concern. Software-Defined Networking (SDN), by centralizing control logic and separating it from physical equipment, facilitates network programmability and opens up new ways to design disaster-resilient networks. On the other hand, to fully exploit the potential of SDN, along with data-plane survivability, we also need to design the control plane to be resilient enough to survive network failures caused by disasters. Several distributed SDN controller architectures have been proposed to mitigate the risks of overload and failure, but they are optimized for limited faults without addressing the extent of large-scale disaster failures. For disaster resiliency of the control plane, we propose to design it as a virtual network, which can be solved using Virtual Network Mapping techniques. We select appropriate mapping of the controllers over the physical network such that the connectivity among the controllers (controller-to-controller) and between the switches to the controllers (switch-to-controllers) is not compromised by physical infrastructure failures caused by disasters. We formally model this disaster-aware control-plane design and mapping problem, and demonstrate a significant reduction in the disruption of controller-to-controller and switch-to-controller communication channels using our approach.Comment: 6 page

Self-triggered Coordination over a Shared Network under Denial-of-Service

The issue of security has become ever more prevalent in the analysis and design of cyber-physical systems. In this paper, we analyze a consensus network in the presence of Denial-of-Service (DoS) attacks, namely attacks that prevent communication among the network agents. By introducing a notion of Persistency-of-Communication (PoC), we provide a characterization of DoS frequency and duration such that consensus is not destroyed. An example is given to substantiate the analysis