Analysis of Bulk Power System Resilience Using Vulnerability Graph

Critical infrastructure such as a Bulk Power System (BPS) should have some quantifiable measure of resiliency and definite rule-sets to achieve a certain resilience value. Industrial Control System (ICS) and Supervisory Control and Data Acquisition (SCADA) networks are integral parts of BPS. BPS or ICS are themselves not vulnerable because of their proprietary technology, but when the control network and the corporate network need to have communications for performance measurements and reporting, the ICS or BPS become vulnerable to cyber-attacks. Thus, a systematic way of quantifying resiliency and identifying crucial nodes in the network is critical for addressing the cyber resiliency measurement process. This can help security analysts and power system operators in the decision-making process. This thesis focuses on the resilience analysis of BPS and proposes a ranking algorithm to identify critical nodes in the network. Although there are some ranking algorithms already in place, but they lack comprehensive inclusion of the factors that are critical in the cyber domain. This thesis has analyzed a range of factors which are critical from the point of view of cyber-attacks and come up with a MADM (Multi-Attribute Decision Making) based ranking method. The node ranking process will not only help improve the resilience but also facilitate hardening the network from vulnerabilities and threats. The proposed method is called MVNRank which stands for Multiple Vulnerability Node Rank. MVNRank algorithm takes into account the asset value of the hosts, the exploitability and impact scores of vulnerabilities as quantified by CVSS (Common Vulnerability Scoring System). It also considers the total number of vulnerabilities and severity level of each vulnerability, degree centrality of the nodes in vulnerability graph and the attacker’s distance from the target node. We are using a multi-layered directed acyclic graph (DAG) model and ranking the critical nodes in the corporate and control network which falls in the paths to the target ICS. We don\u27t rank the ICS nodes but use them to calculate the potential power loss capability of the control center nodes using the assumed ICS connectivity to BPS. Unlike most of the works, we have considered multiple vulnerabilities for each node in the network while generating the rank by using a weighted average method. The resilience computation is highly time consuming as it considers all the possible attack paths from the source to the target node which increases in a multiplicative manner based on the number of nodes and vulnerabilities. Thus, one of the goals of this thesis is to reduce the simulation time to compute resilience which is achieved as illustrated in the simulation results

Reliability in a smart power system with cyber-physical interactive operation of photovoltaic systems and heat pumps

The connectivity of the power grid is increasing with the internet of things, and low carbon technologies being deployed to help enhance smart grid performance and reliability. Meanwhile, they also increase the digital complexity and dependency of cyber assets, which might be vulnerable to cyber-physical threats, and hence may impact the reliability of power systems. Due to cyber-threats’ unpredictable nature, the interactive operation of low carbon technologies with cyber-physical systems is becoming a challenging task for smart grids. This thesis proposes novel mathematical frameworks to estimate the availability of photovoltaics and heat pumps with cyber-physical components. These frameworks are developed to quantify the level of risk posed by cyber-threats to the interactive operation of photovoltaics and heat pumps, using Markov-Chains. The availability framework considers the severity of random cyber-attacks on photovoltaics and the probability of cyber-threats with mean time to detection-time on heat pump operation. Sensitivities of the repair times of cyber-physical component for photovoltaics and sensitivities of cyber-attack-detection time for heat pumps are also evaluated. The impact of cyber threats on the interactive operation of photovoltaics and heat pumps are considerable and inconsistent, however the propagation of cyber-threats can be restricted by appropriate means of photovoltaics. For heat pumps, operational reliability substantially decreases due to the unavailability of their control panel. Contributions of this thesis include an availability model for photovoltaic configurations, an innovative approach to assess the reliability of a photovoltaic integrated power system with cyber-physical interactions, the availability estimation of heat pump with variable detection time, and an enhanced cyber-intrusion process model for reliability analysis of heat pumps. The findings offer insight into the impact of cyber-physical system availability and its importance on power system reliability

Modélisation conjointe de la sûreté et de la sécurité pour l’évaluation des risques dans les systèmes cyber-physiques

Cyber physical systems (CPS) denote systems that embed programmable components in order to control a physical process or infrastructure. CPS are henceforth widely used in different industries like energy, aeronautics, automotive, medical or chemical industry. Among the variety of existing CPS stand SCADA (Supervisory Control And Data Acquisition) systems that offer the necessary means to control and supervise critical infrastructures. Their failure or malfunction can engender adverse consequences on the system and its environment.SCADA systems used to be isolated and based on simple components and proprietary standards. They are nowadays increasingly integrating information and communication technologies (ICT) in order to facilitate supervision and control of the industrial process and to reduce exploitation costs. This trend induces more complexity in SCADA systems and exposes them to cyber-attacks that exploit vulnerabilities already existent in the ICT components. Such attacks can reach some critical components within the system and alter its functioning causing safety harms.We associate throughout this dissertation safety with accidental risks originating from the system and security with malicious risks with a focus on cyber-attacks. In this context of industrial systems supervised by new SCADA systems, safety and security requirements and risks converge and can have mutual interactions. A joint risk analysis covering both safety and security aspects would be necessary to identify these interactions and optimize the risk management.In this thesis, we give first a comprehensive survey of existing approaches considering both safety and security issues for industrial systems, and highlight their shortcomings according to the four following criteria that we believe essential for a good model-based approach: formal, automatic, qualitative and quantitative and robust (i.e. easily integrates changes on system into the model).Next, we propose a new model-based approach for a safety and security joint risk analysis: S-cube (SCADA Safety and Security modeling), that satisfies all the above criteria. The S-cube approach enables to formally model CPS and yields the associated qualitative and quantitative risk analysis. Thanks to graphical modeling, S-cube enables to input the system architecture and to easily consider different hypothesis about it. It enables next to automatically generate safety and security risk scenarios likely to happen on this architecture and that lead to a given undesirable event, with an estimation of their probabilities.The S-cube approach is based on a knowledge base that describes the typical components of industrial architectures encompassing information, process control and instrumentation levels. This knowledge base has been built upon a taxonomy of attacks and failure modes and a hierarchical top-down reasoning mechanism. It has been implemented using the Figaro modeling language and the associated tools. In order to build the model of a system, the user only has to describe graphically the physical and functional (in terms of software and data flows) architectures of the system. The association of the knowledge base and the system architecture produces a dynamic state based model: a Continuous Time Markov Chain. Because of the combinatorial explosion of the states, this CTMC cannot be exhaustively built, but it can be explored in two ways: by a search of sequences leading to an undesirable event, or by Monte Carlo simulation. This yields both qualitative and quantitative results.We finally illustrate the S-cube approach on a realistic case study: a pumped storage hydroelectric plant, in order to show its ability to yield a holistic analysis encompassing safety and security risks on such a system. We investigate the results obtained in order to identify potential safety and security interactions and give recommendations.Les Systèmes Cyber Physiques (CPS) intègrent des composants programmables afin de contrôler un processus physique. Ils sont désormais largement répandus dans différentes industries comme l’énergie, l’aéronautique, l’automobile ou l’industrie chimique. Parmi les différents CPS existants, les systèmes SCADA (Supervisory Control And Data Acquisition) permettent le contrôle et la supervision des installations industrielles critiques. Leur dysfonctionnement peut engendrer des impacts néfastes sur l’installation et son environnement.Les systèmes SCADA ont d’abord été isolés et basés sur des composants et standards propriétaires. Afin de faciliter la supervision du processus industriel et réduire les coûts, ils intègrent de plus en plus les technologies de communication et de l’information (TIC). Ceci les rend plus complexes et les expose à des cyber-attaques qui exploitent les vulnérabilités existantes des TIC. Ces attaques peuvent modifier le fonctionnement du système et nuire à sa sûreté.On associe dans la suite la sûreté aux risques de nature accidentelle provenant du système, et la sécurité aux risques d’origine malveillante et en particulier les cyber-attaques. Dans ce contexte où les infrastructures industrielles sont contrôlées par les nouveaux systèmes SCADA, les risques et les exigences liés à la sûreté et à la sécurité convergent et peuvent avoir des interactions mutuelles. Une analyse de risque qui couvre à la fois la sûreté et la sécurité est indispensable pour l’identification de ces interactions ce qui conditionne l’optimalité de la gestion de risque.Dans cette thèse, on donne d’abord un état de l’art complet des approches qui traitent la sûreté et la sécurité des systèmes industriels et on souligne leur carences par rapport aux quatre critères suivants qu’on juge nécessaires pour une bonne approche basée sur les modèles : formelle, automatique, qualitative et quantitative, et robuste (i.e. intègre facilement dans le modèle des variations d’hypothèses sur le système).On propose ensuite une nouvelle approche orientée modèle d’analyse conjointe de la sûreté et de la sécurité : S-cube (SCADA Safety and Security modeling), qui satisfait les critères ci-dessus. Elle permet une modélisation formelle des CPS et génère l’analyse de risque qualitative et quantitative associée. Grâce à une modélisation graphique de l’architecture du système, S-cube permet de prendre en compte différentes hypothèses et de générer automatiquement les scenarios de risque liés à la sûreté et à la sécurité qui amènent à un évènement indésirable donné, avec une estimation de leurs probabilités.L’approche S-cube est basée sur une base de connaissance (BDC) qui décrit les composants typiques des architectures industrielles incluant les systèmes d’information, le contrôle et la supervision, et l’instrumentation. Cette BDC a été conçue sur la base d’une taxonomie d’attaques et modes de défaillances et un mécanisme de raisonnement hiérarchique. Elle a été mise en œuvre à l’aide du langage de modélisation Figaro et ses outils associés. Afin de construire le modèle du système, l’utilisateur saisit graphiquement l’architecture physique et fonctionnelle (logiciels et flux de données) du système. L’association entre la BDC et ce modèle produit un modèle d’états dynamiques : une chaîne de Markov à temps continu. Pour limiter l’explosion combinatoire, cette chaîne n’est pas construite mais peut être explorée de deux façons : recherche de séquences amenant à un évènement indésirable ou simulation de Monte Carlo, ce qui génère des résultats qualitatifs et quantitatifs.On illustre enfin l’approche S-cube sur un cas d’étude réaliste : un système de stockage d’énergie par pompage, et on montre sa capacité à générer une analyse holistique couvrant les risques liés à la sûreté et à la sécurité. Les résultats sont ensuite analysés afin d’identifier les interactions potentielles entre sûreté et sécurité et de donner des recommandations

POWER DISTRIBUTION SYSTEM RELIABILITY AND RESILIENCY AGAINST EXTREME EVENTS

The objective of a power system is to provide electricity to its customers as economically as possible with an acceptable level of reliability while safeguarding the environment. Power system reliability has well-established quantitative metrics, regulatory standards, compliance incentives and jurisdictions of responsibilities. The increase in occurrence of extreme events like hurricane/tornadoes, floods, wildfires, storms, cyber-attacks etc. which are not considered in routine reliability evaluation has raised concern over the potential economic losses due to prolonged and large-scale power outages, and the overall sustainability and adaptability of power systems. This concern has motivated the utility planners, operators, and policy makers to acknowledge the importance of system resiliency against such events. However, power system resiliency evaluation is comparatively new, and lacks widely accepted standards, assessment methods and metrics. The thesis presents comparative review and analysis of power system resilience models, methodologies, and metrics in present literature and utility applications. It presents studies on two very different types of extreme events, (i) man-made and (ii) natural disaster, and analyzes their impacts on the resiliency of a distribution system. It draws conclusions on assessing and improving power system resiliency based on the impact of the extreme event, response from the distribution system, and effectiveness of the mitigating measures to tackle the extreme event. The advancement in technologies has seen an increasing integration of cyber and physical layer of the distribution system. The distribution system operators avails from the symbiotic relation of the cyber-physical layer, but the interdependency has also been its Achilles heel. The evolving infrastructure is being exposed to increase in cyber-attacks. It is of paramount importance to address the aforementioned issue by developing holistic approaches to comprehensibly upgrade the distribution system preventing huge financial loss and societal repercussions. The thesis models a type of cyber-attack using false data injection and evaluates its impact on the distribution system. It does so by developing a resilience assessment methodology accompanied by quantitative metrics. It also performs reliability evaluation to present the underlying principle and differences between reliability and resiliency. The thesis also introduces new indices to demonstrate the effectiveness of a bad-data detection strategy against such cyber-attacks. Extreme events like hurricane/tornadoes, floods, wildfires, storm, cyber-attack etc. are responsible for catastrophic damage to critical infrastructure and huge financial loss. Power distribution system is an important critical infrastructure driving the socio-economic growth of the country. High winds are one of the most common form of extreme events that are responsible for outages due to failure of poles, equipment damage etc. The thesis models effective extreme wind events with the help of fragility curves, and presents an analysis of their impacts on the distribution system. It also presents infrastructural and operational resiliency enhancement strategies and quantifies the effectiveness of the strategy with the metrics developed. It also demonstrates the dependency of resiliency of distribution system on the structural strength of transmission lines and presents measures to ensure the independency of the distribution system. The thesis presents effective resilience assessment methodology that can be valuable for distribution system utility planners, and operators to plan and ensure a resilient distribution system

Cyber-Threat Assessment for the Air Traffic Management System: A Network Controls Approach

Air transportation networks are being disrupted with increasing frequency by failures in their cyber- (computing, communication, control) systems. Whether these cyber- failures arise due to deliberate attacks or incidental errors, they can have far-reaching impact on the performance of the air traffic control and management systems. For instance, a computer failure in the Washington DC Air Route Traffic Control Center (ZDC) on August 15, 2015, caused nearly complete closure of the Centers airspace for several hours. This closure had a propagative impact across the United States National Airspace System, causing changed congestion patterns and requiring placement of a suite of traffic management initiatives to address the capacity reduction and congestion. A snapshot of traffic on that day clearly shows the closure of the ZDC airspace and the resulting congestion at its boundary, which required augmented traffic management at multiple locations. Cyber- events also have important ramifications for private stakeholders, particularly the airlines. During the last few months, computer-system issues have caused several airlines fleets to be grounded for significant periods of time: these include United Airlines (twice), LOT Polish Airlines, and American Airlines. Delays and regional stoppages due to cyber- events are even more common, and may have myriad causes (e.g., failure of the Department of Homeland Security systems needed for security check of passengers, see [3]). The growing frequency of cyber- disruptions in the air transportation system reflects a much broader trend in the modern society: cyber- failures and threats are becoming increasingly pervasive, varied, and impactful. In consequence, an intense effort is underway to develop secure and resilient cyber- systems that can protect against, detect, and remove threats, see e.g. and its many citations. The outcomes of this wide effort on cyber- security are applicable to the air transportation infrastructure, and indeed security solutions are being implemented in the current system. While these security solutions are important, they only provide a piecemeal solution. Particular computers or communication channels are protected from particular attacks, without a holistic view of the air transportation infrastructure. On the other hand, the above-listed incidents highlight that a holistic approach is needed, for several reasons. First, the air transportation infrastructure is a large scale cyber-physical system with multiple stakeholders and diverse legacy assets. It is impractical to protect every cyber- asset from known and unknown disruptions, and instead a strategic view of security is needed. Second, disruptions to the cyber- system can incur complex propagative impacts across the air transportation network, including its physical and human assets. Also, these implications of cyber- events are exacerbated or modulated by other disruptions and operational specifics, e.g. severe weather, operator fatigue or error, etc. These characteristics motivate a holistic and strategic perspective on protecting the air transportation infrastructure from cyber- events. The analysis of cyber- threats to the air traffic system is also inextricably tied to the integration of new autonomy into the airspace. The replacement of human operators with cyber functions leaves the network open to new cyber threats, which must be modeled and managed. Paradoxically, the mitigation of cyber events in the airspace will also likely require additional autonomy, given the fast time scale and myriad pathways of cyber-attacks which must be managed. The assessment of new vulnerabilities upon integration of new autonomy is also a key motivation for a holistic perspective on cyber threats

Vulnérabilité, interdépendance et analyse des risques des postes sources et des modes d’exploitation décentralisés des réseaux électriques

In view of the increasing use of Information and Communication Technol-ogies in power systems, it is essential to study the interdependencies between these coupled heterogeneous systems. This thesis focuses on the modeling of multi- infrastructure systems. This includes interdependencies and the three major failures families: common mode, escalat-ing and cascading. It is indeed necessary to identify the weaknesses that can trigger one or multiple failure(s) and cascade through these interdependent infrastructures, causing unex-pected and increasingly more serious failures to other infrastructures. In this context, different approaches, based on the theory of Complex Networks, are developed to identify the most critical components in the coupled heterogeneous system. One of the major scientific barriers addressed in this thesis is the development of a unified mathematical model to represent the behavior.Au vu de l’utilisation croissante des technologies de l’information et de la communication dans les réseaux électriques, il est indispensable d’étudier l’étroite liaison entre ces infrastructures et d’avoir une vision intégrée du système couplé. Cette thèse porte ainsi sur la modélisation des systèmes multi-infrastructures. Cela inclut les interdépendances et les trajectoires de défaillances de type modes communs, aggravations et cascades. Il est en effet nécessaire d’identifier les points de faiblesse qui peuvent déclencher une ou de multiples défaillance(s), se succéder en cascade au travers de ces infrastructures liées et ainsi entrainer des défaillances inattendues et de plus en plus graves dans des autres infrastructures. Dans cette optique, différents modèles basés sur la théorie des Réseaux Complexes sont développés afin d’identifier les composants les plus importantes, et pourtant critiques, dans le système interconnecté. Un des principaux verrous scientifiques levé dans cette thèse est relatif au développement d'un modèle mathématique « unifié » afin de représenter les comportements des multiples infrastructures non-homogènes qui ont des interdépendances asymétriques

Advancements in Enhancing Resilience of Electrical Distribution Systems: A Review on Frameworks, Metrics, and Technological Innovations

This comprehensive review paper explores power system resilience, emphasizing its evolution, comparison with reliability, and conducting a thorough analysis of the definition and characteristics of resilience. The paper presents the resilience frameworks and the application of quantitative power system resilience metrics to assess and quantify resilience. Additionally, it investigates the relevance of complex network theory in the context of power system resilience. An integral part of this review involves examining the incorporation of data-driven techniques in enhancing power system resilience. This includes the role of data-driven methods in enhancing power system resilience and predictive analytics. Further, the paper explores the recent techniques employed for resilience enhancement, which includes planning and operational techniques. Also, a detailed explanation of microgrid (MG) deployment, renewable energy integration, and peer-to-peer (P2P) energy trading in fortifying power systems against disruptions is provided. An analysis of existing research gaps and challenges is discussed for future directions toward improvements in power system resilience. Thus, a comprehensive understanding of power system resilience is provided, which helps in improving the ability of distribution systems to withstand and recover from extreme events and disruptions

Some Considerations on Dependability Issues and Cyber-Security of Cyber-Physical Systems

International audienceFor the last recent years, there has been a convergence between computer engineering approaches and automation aspects (industrial systems, internet of things) also called cyber-physical systems, for the development of process-based cyber-security strategies. Classically, security studies are based on risk analysis. Compared to classical IT approaches, the actual process (for instance a nuclear power plant or a chemical process) or system (autonomous car, drone) are taken into account in our approach for two reasons. The first reason is that the vulnerabilities of such systems or processes vary dynamically as a function of the time, the second reason is because the "standards" context is depending on the application domain and relationships with the IEC 61508 functional safety standard seems relevant. The paper presents a state of the art of problematics and proposed some approaches to these issues

Critical Infrastructures: Enhancing Preparedness & Resilience for the Security of Citizens and Services Supply Continuity: Proceedings of the 52nd ESReDA Seminar Hosted by the Lithuanian Energy Institute & Vytautas Magnus University

Critical Infrastructures Preparedness and Resilience is a major societal security issue in modern society. Critical Infrastructures (CIs) provide vital services to modern societies. Some CIs’ disruptions may endanger the security of the citizen, the safety of the strategic assets and even the governance continuity. The European Safety, Reliability and Data Association (ESReDA) as one of the most active EU networks in the field has initiated a project group on the “Critical Infrastructure/Modelling, Simulation and Analysis – Data”. The main focus of the project group is to report on the state of progress in MS&A of the CIs preparedness & resilience with a specific focus on the corresponding data availability and relevance. In order to report on the most recent developments in the field of the CIs preparedness & resilience MS&A and the availability of the relevant data, ESReDA held its 52nd Seminar on the following thematic: “Critical Infrastructures: Enhancing Preparedness & Resilience for the security of citizens and services supply continuity”. The 52nd ESReDA Seminar was a very successful event, which attracted about 50 participants from industry, authorities, operators, research centres, academia and consultancy companies.JRC.G.10-Knowledge for Nuclear Security and Safet

Quantitative dependability and interdependency models for large-scale cyber-physical systems

Cyber-physical systems link cyber infrastructure with physical processes through an integrated network of physical components, sensors, actuators, and computers that are interconnected by communication links. Modern critical infrastructures such as smart grids, intelligent water distribution networks, and intelligent transportation systems are prominent examples of cyber-physical systems. Developed countries are entirely reliant on these critical infrastructures, hence the need for rigorous assessment of the trustworthiness of these systems. The objective of this research is quantitative modeling of dependability attributes -- including reliability and survivability -- of cyber-physical systems, with domain-specific case studies on smart grids and intelligent water distribution networks. To this end, we make the following research contributions: i) quantifying, in terms of loss of reliability and survivability, the effect of introducing computing and communication technologies; and ii) identifying and quantifying interdependencies in cyber-physical systems and investigating their effect on fault propagation paths and degradation of dependability attributes. Our proposed approach relies on observation of system behavior in response to disruptive events. We utilize a Markovian technique to formalize a unified reliability model. For survivability evaluation, we capture temporal changes to a service index chosen to represent the extent of functionality retained. In modeling of interdependency, we apply correlation and causation analyses to identify links and use graph-theoretical metrics for quantifying them. The metrics and models we propose can be instrumental in guiding investments in fortification of and failure mitigation for critical infrastructures. To verify the success of our proposed approach in meeting these goals, we introduce a failure prediction tool capable of identifying system components that are prone to failure as a result of a specific disruptive event. Our prediction tool can enable timely preventative actions and mitigate the consequences of accidental failures and malicious attacks --Abstract, page iii