Analysis of Moving Target Defense Against False Data Injection Attacks on Power Grid

Recent studies have considered thwarting false data injection (FDI) attacks against state estimation in power grids by proactively perturbing branch susceptances. This approach is known as moving target defense (MTD). However, despite of the deployment of MTD, it is still possible for the attacker to launch stealthy FDI attacks generated with former branch susceptances. In this paper, we prove that, an MTD has the capability to thwart all FDI attacks constructed with former branch susceptances only if (i) the number of branches $l$ in the power system is not less than twice that of the system states $n$ (i.e., $l \geq 2n$, where $n + 1$ is the number of buses); (ii) the susceptances of more than $n$ branches, which cover all buses, are perturbed. Moreover, we prove that the state variable of a bus that is only connected by a single branch (no matter it is perturbed or not) can always be modified by the attacker. Nevertheless, in order to reduce the attack opportunities of potential attackers, we first exploit the impact of the susceptance perturbation magnitude on the dimension of the \emph{stealthy attack space}, in which the attack vector is constructed with former branch susceptances. Then, we propose that, by perturbing an appropriate set of branches, we can minimize the dimension of the \emph{stealthy attack space} and maximize the number of covered buses. Besides, we consider the increasing operation cost caused by the activation of MTD. Finally, we conduct extensive simulations to illustrate our findings with IEEE standard test power systems

State of the art of cyber-physical systems security: An automatic control perspective

Cyber-physical systems are integrations of computation, networking, and physical processes. Due to the tight cyber-physical coupling and to the potentially disrupting consequences of failures, security here is one of the primary concerns. Our systematic mapping study sheds light on how security is actually addressed when dealing with cyber-physical systems from an automatic control perspective. The provided map of 138 selected studies is defined empirically and is based on, for instance, application fields, various system components, related algorithms and models, attacks characteristics and defense strategies. It presents a powerful comparison framework for existing and future research on this hot topic, important for both industry and academia

Achieving High Renewable Energy Integration in Smart Grids with Machine Learning

The integration of high levels of renewable energy into smart grids is crucial for achieving a sustainable and efficient energy infrastructure. However, this integration presents significant technical and operational challenges due to the intermittent nature and inherent uncertainty of renewable energy sources (RES). Therefore, the energy storage system (ESS) has always been bound to renewable energy, and its charge and discharge control has become an important part of the integration. The addition of RES and ESS comes with their complex control, communication, and monitor capabilities, which also makes the grid more vulnerable to attacks, brings new challenges to the cybersecurity. A large number of works have been devoted to the optimization integration of the RES and ESS system to the traditional grid, along with combining the ESS scheduling control with the traditional Optimal Power Flow (OPF) control. Cybersecurity problem focusing on the RES integrated grid has also gradually aroused researchers’ interest. In recent years, machine learning techniques have emerged in different research field including optimizing renewable energy integration in smart grids. Reinforcement learning (RL), which trains agent to interact with the environment by making sequential decisions to maximize the expected future reward, is used as an optimization tool. This dissertation explores the application of RL algorithms and models to achieve high renewable energy integration in smart grids. The research questions focus on the effectiveness, benefits of renewable energy integration to individual consumers and electricity utilities, applying machine learning techniques in optimizing the behaviors of the ESS and the generators and other components in the grid. The objectives of this research are to investigate the current algorithms of renewable energy integration in smart grids, explore RL algorithms, develop novel RL-based models and algorithms for optimization control and cybersecurity, evaluate their performance through simulations on real-world data set, and provide practical recommendations for implementation. The research approach includes a comprehensive literature review to understand the challenges and opportunities associated with renewable energy integration. Various optimization algorithms, such as linear programming (LP), dynamic programming (DP) and various RL algorithms, such as Deep Q-Learning (DQN) and Deep Deterministic Policy Gradient (DDPG), are applied to solve problems during renewable energy integration in smart grids. Simulation studies on real-world data, including different types of loads, solar and wind energy profiles, are used to evaluate the performance and effectiveness of the proposed machine learning techniques. The results provide insights into the capabilities and limitations of machine learning in solving the optimization problems in the power system. Compared with traditional optimization tools, the RL approach has the advantage of real-time implementation, with the cost being the training time and unguaranteed model performance. Recommendations and guidelines for practical implementation of RL algorithms on power systems are provided in the appendix

Achieving High Renewable Energy Integration in Smart Grids with Machine Learning

The integration of high levels of renewable energy into smart grids is crucial for achieving a sustainable and efficient energy infrastructure. However, this integration presents significant technical and operational challenges due to the intermittent nature and inherent uncertainty of renewable energy sources (RES). Therefore, the energy storage system (ESS) has always been bound to renewable energy, and its charge and discharge control has become an important part of the integration. The addition of RES and ESS comes with their complex control, communication, and monitor capabilities, which also makes the grid more vulnerable to attacks, brings new challenges to the cybersecurity. A large number of works have been devoted to the optimization integration of the RES and ESS system to the traditional grid, along with combining the ESS scheduling control with the traditional Optimal Power Flow (OPF) control. Cybersecurity problem focusing on the RES integrated grid has also gradually aroused researchers’ interest. In recent years, machine learning techniques have emerged in different research field including optimizing renewable energy integration in smart grids. Reinforcement learning (RL), which trains agent to interact with the environment by making sequential decisions to maximize the expected future reward, is used as an optimization tool. This dissertation explores the application of RL algorithms and models to achieve high renewable energy integration in smart grids. The research questions focus on the effectiveness, benefits of renewable energy integration to individual consumers and electricity utilities, applying machine learning techniques in optimizing the behaviors of the ESS and the generators and other components in the grid. The objectives of this research are to investigate the current algorithms of renewable energy integration in smart grids, explore RL algorithms, develop novel RL-based models and algorithms for optimization control and cybersecurity, evaluate their performance through simulations on real-world data set, and provide practical recommendations for implementation. The research approach includes a comprehensive literature review to understand the challenges and opportunities associated with renewable energy integration. Various optimization algorithms, such as linear programming (LP), dynamic programming (DP) and various RL algorithms, such as Deep Q-Learning (DQN) and Deep Deterministic Policy Gradient (DDPG), are applied to solve problems during renewable energy integration in smart grids. Simulation studies on real-world data, including different types of loads, solar and wind energy profiles, are used to evaluate the performance and effectiveness of the proposed machine learning techniques. The results provide insights into the capabilities and limitations of machine learning in solving the optimization problems in the power system. Compared with traditional optimization tools, the RL approach has the advantage of real-time implementation, with the cost being the training time and unguaranteed model performance. Recommendations and guidelines for practical implementation of RL algorithms on power systems are provided in the appendix

Sparsity and Coordination Constraints on Stealth Data Injection Attacks

In this thesis, data injection attacks (DIAs) to smart grid within Bayesian framework is studied from two perspectives: centralized and decentralized systems. The fundamental limits of the data injection attacks are characterized by the information measures. Specifically, two metrics, mutual information and the Kullback-Leibler (KL) divergence, quantifies the disruption caused by the attacks and the corresponding stealthiness, respectively. From the perspective of centralized system, a unique attacker constructs the attacks that jointly minimize the mutual information acquired from the measurements about the state variables and the KL divergence between the distribution of measurements with and without attacks. One of the main contributions in the centralized attack construction is the sparsity constraints. Two scenarios where the attacks between different locations are independent and correlated are studied, respectively. In independent attacks, the challenge of the combinatorial character of identifying the support of the sparse attack vector is circumvented by obtaining the closed-form solution to single measurement attack problem followed by a greedy construction that leverages the insight distilled. In correlated attacks, the challenge is tackled by incorporating an additional measurement that yields sequential sensor selection problem. The sequential procedure allows the attacker to identify the additional sensor first and character the corresponding covariances between the additional measurement and the compromised measurements. Following the studies on sparse attacks, a novel metric that describes the vulnerability of the measurements on smart grids to data integrity attacks is proposed. The new metric, coined vulnerability index (VuIx), leverages information theoretic measures to assess the attack effect on the fundamental limits of the disruption and detection tradeoff. The result of computing the VuIx of the measurements in the system yields an ordering of the measurements vulnerability based on the level of the exposure to data integrity attacks. The assessment on the measurements vulnerability of IEEE test systems observes that power injection measurements are overwhelmingly more vulnerable to data integrity attacks than power flow measurements. From the perspective of decentralized system, the attack constructions are determined by a group of attackers in a cooperative manner. The interaction between the attackers is formulated as a game with a normal form. The uniqueness of the Nash Equilibrium (NE) is characterized in different games where the attackers have different objectives. Closed-form expression for the best response of the attackers in different games are obtained and followed by best response dynamics that leads to the NEs. The sparsity constraint is considered in decentralized system where the attackers have limited access to sensors. The attack construction with sparsity constraints in decentralized system is also formulated as a game with a normal form. The uniqueness of the NE and the closed-form expression for the best response are obtained

A Study on the Hierarchical Control Structure of the Islanded Microgrid

The microgrid is essential in promoting the power system’s resilience through its ability to host small-scale DG units. Furthermore, the microgrid can isolate itself during main grid faults and supply its demands. However, islanded operation of the microgrid is challenging due to difficulties in frequency and voltage control. In islanded mode, grid-forming units collaborate to control the frequency and voltage. A hierarchical control structure employing the droop control technique provides these control objectives in three consecutive levels: primary, secondary, and tertiary. However, challenges associated with DG units in the vicinity of distribution networks limit the effectiveness of the islanded mode of operation.In MV and LV distribution networks, the X/R ratio is low; hence, the frequency and voltage are related to the active and reactive power by line parameters. Therefore, frequency and voltage must be tuned for changes in active or reactive powers. Furthermore, the line parameters mismatch causes the voltage to be measured differently at each bus due to the different voltage drops in the lines. Hence, a trade-off between voltage regulation and reactive power-sharing is formed, which causes either circulating currents for voltage mismatch or overloading for reactive power mismatch. Finally, the economic dispatch is usually implemented in tertiary control, which takes minutes to hours. Therefore, an estimation algorithm is required for load and renewable energy quantities forecasting. Hence, prediction errors may occur that affect the stability and optimality of the control. This dissertation aims to improve the power system resilience by enhancing the operation of the islanded microgrid by addressing the above-mentioned issues. Firstly, a linear relationship described by line parameters is used in droop control at the primary control level to accurately control the frequency and voltage based on measured active and reactive power. Secondly, an optimization-based consensus secondary control is presented to manage the trade-off between voltage regulation and reactive power-sharing in the inductive grid with high line parameters mismatch. Thirdly, the economic dispatch-based secondary controller is implemented in secondary control to avoid prediction errors by depending on the measured active and reactive powers rather than the load and renewable energy generation estimation. The developed methods effectively resolve the frequency and voltage control issues in MATLAB/SIMULINK simulations

Application-Based Measures for Developing Cyber-Resilient Control and Protection Schemes in Power Networks

Electric power systems are a part of the most-crucial infrastructure on which societies depend. In order to operate efficiently and reliably, the physical layer in large electric power networks is coupled with a cyber system of information and communication technologies, which includes compound devices and schemes, such as SCADA systems and IEDs. These communication-base schemes and components are mainly a part of protection and control systems, which are known as the backbones of power networks, since the former detects abnormal conditions and returns the system to its normal state by initiating a quick corrective action, and the latter preserves the integrity of the system and stabilizes it following physical disturbances. This dissertation concentrates on the cyber-security of protection and control systems in power networks by unveiling a vulnerable protective relay, i.e., the LCDR, and a susceptible controller, i.e., the AGC system, and proposing application-based measures for making them resilient against cyber threats. LCDRs are a group of protective relays that are highly dependent on communication systems, since they require time-synchronized remote measurements from all terminals of the line they are protecting. In AC systems, this type of relay is widely used for protecting major transmission lines, particularly higher voltage ones carrying giga-watts of power. On the other hand, due to the limitations of other protection schemes, LCDRs has been identified as a reliable protection for medium-voltage lines in DC systems. Therefore, the cyber-security of LCDRs is of great importance. On this basis, this dissertation first shows the problem in both AC and DC systems and reveals the consequences and destructiveness of cyber-attacks against LCDRs through case studies. Then, it presents three solutions to address his problem, two for AC networks and one for DC grids. For AC systems, this dissertation presents two methods, one that can be used for SV-based LCDRs, and another one that works for both SV-based and phasor-based relays. Both methods are initiated after LCDRs pickup, to confirm the occurrence of faults and differentiate them from cyber-attacks. To detect attacks, the first method compares the estimated and locally-measured voltages at LCDR's local terminal during faults for both PS and NS. To estimate the local voltage for each sequence, the proposed technique uses an UIO, the state-space model of the faulty line, and remote and local measurements, all associated with that sequence. The difference between the measured and estimated local voltages for each sequence remains close to zero during real internal faults because, in this condition, the state-space model based on which the UIO operates correctly represents the line. Nevertheless, the state-space model mismatch during attacks leads to a large difference between measured and estimated values in both sequences. The second proposed method for an AC LCDR detects attacks by comparing the calculated and locally-measured superimposed voltages in each sequence after the relay picks up. A large difference between the calculated and measured superimposed voltages in any sequence reveals that the remote current measurements are not authentic. Given that local measurements cannot be manipulated by cyber-attacks, any difference between the calculated and measured superimposed voltages is due to the inauthenticity of remote current measurements. The proposed method for DC LCDRs is comprised of POCs installed in series with each converter. During faults, the resultant RLC circuit causes the POCs to resonate and generate a damped sinusoidal component with a specific frequency. However, this specific frequency is not generated during cyber-attacks or other events. Thus, LCDRs' pickup without detecting this specific frequency denotes a cyber-attack. Given that the frequency extraction process is carried out locally by each LCDR, the proposed approach cannot be targeted by cyber-attacks. On the other hand, an AGC system, which is the secondary controller of the LFC system, is a communication-dependent vulnerable controller that maintains tie-lines' power at their scheduled values and regulates grid frequency by adjusting the set-points of a power plant's governors. This dissertation proves the destructiveness of cyber-attacks against AGC systems by proposing a SHA that disrupts the normal operation of the AGC system quickly and undetectably. Afterwards, two methods are proposed for detecting and identifying intrusions against AGC systems and making them attack-resilient. Both methods work without requiring load data in the system, in contrast to other methods presented in the literature. To detect attacks, the first method estimates the LFC system's states using a UIO, and calculates the UIO's RF, defined as the difference between the estimated and measured states. In normal conditions, the estimated and measured values for LFC states are ideally the same. Therefore, an increase in the UIO's RF over a predefined threshold signifies an attack. This method also identifies attacks, i.e., determines which system parameter(s) is (are) targeted, by designing a number of identification UIOs. The general idea behind the second proposed method for detecting and identifying attacks against AGC systems is similar to the first one; yet, the second one takes into account the effect of noise as well. Therefore, instead of a UIO, the second method utilizes a SUIE for estimating the states of the LFC system and minimizing the effect of noise on the estimated states. Similarly, increasing the SUIE's RF over a predefined threshold indicates the occurrence of an attack

Analysis and design of security mechanisms in the context of Advanced Persistent Threats against critical infrastructures

Industry 4.0 can be defined as the digitization of all components within the industry, by combining productive processes with leading information and communication technologies. Whereas this integration has several benefits, it has also facilitated the emergence of several attack vectors. These can be leveraged to perpetrate sophisticated attacks such as an Advanced Persistent Threat (APT), that ultimately disrupts and damages critical infrastructural operations with a severe impact. This doctoral thesis aims to study and design security mechanisms capable of detecting and tracing APTs to ensure the continuity of the production line. Although the basic tools to detect individual attack vectors of an APT have already been developed, it is important to integrate holistic defense solutions in existing critical infrastructures that are capable of addressing all potential threats. Additionally, it is necessary to prospectively analyze the requirements that these systems have to satisfy after the integration of novel services in the upcoming years. To fulfill these goals, we define a framework for the detection and traceability of APTs in Industry 4.0, which is aimed to fill the gap between classic security mechanisms and APTs. The premise is to retrieve data about the production chain at all levels to correlate events in a distributed way, enabling the traceability of an APT throughout its entire life cycle. Ultimately, these mechanisms make it possible to holistically detect and anticipate attacks in a timely and autonomous way, to deter the propagation and minimize their impact. As a means to validate this framework, we propose some correlation algorithms that implement it (such as the Opinion Dynamics solution) and carry out different experiments that compare the accuracy of response techniques that take advantage of these traceability features. Similarly, we conduct a study on the feasibility of these detection systems in various Industry 4.0 scenarios