Vulnerability Analysis of False Data Injection Attacks on Supervisory Control and Data Acquisition and Phasor Measurement Units

abstract: The electric power system is monitored via an extensive network of sensors in tandem with data processing algorithms, i.e., an intelligent cyber layer, that enables continual observation and control of the physical system to ensure reliable operations. This data collection and processing system is vulnerable to cyber-attacks that impact the system operation status and lead to serious physical consequences, including systematic problems and failures. This dissertation studies the physical consequences of unobservable false data injection (FDI) attacks wherein the attacker maliciously changes supervisory control and data acquisition (SCADA) or phasor measurement unit (PMU) measurements, on the electric power system. In this context, the dissertation is divided into three parts, in which the first two parts focus on FDI attacks on SCADA and the last part focuses on FDI attacks on PMUs. The first part studies the physical consequences of FDI attacks on SCADA measurements designed with limited system information. The attacker is assumed to have perfect knowledge inside a sub-network of the entire system. Two classes of attacks with different assumptions on the attacker's knowledge outside of the sub-network are introduced. In particular, for the second class of attacks, the attacker is assumed to have no information outside of the attack sub-network, but can perform multiple linear regression to learn the relationship between the external network and the attack sub-network with historical data. To determine the worst possible consequences of both classes of attacks, a bi-level optimization problem wherein the first level models the attacker's goal and the second level models the system response is introduced. The second part of the dissertation concentrates on analyzing the vulnerability of systems to FDI attacks from the perspective of the system. To this end, an off-line vulnerability analysis framework is proposed to identify the subsets of the test system that are more prone to FDI attacks. The third part studies the vulnerability of PMUs to FDI attacks. Two classes of more sophisticated FDI attacks that capture the temporal correlation of PMU data are introduced. Such attacks are designed with a convex optimization problem and can always bypass both the bad data detector and the low-rank decomposition (LD) detector.Dissertation/ThesisDoctoral Dissertation Electrical Engineering 201

On Statistical QoS Provisioning for Smart Grid

Current power system is in the transition from traditional power grid to Smart Grid. A key advantage of Smart Grid is its integration of advanced communication technologies, which can provide real-time system-wide two-way information links. Since the communication system and power system are deeply coupled within the Smart Grid system, it makes Quality of Service (QoS) performance analysis much more complex than that in either system alone. In order to address this challenge, the effective rate theory is studied and extended in this thesis, where a new H transform based framework is proposed. Various scenarios are investigated using the new proposed effective rate framework, including both independent and correlated fading channels. With the effective rate as a connection between the communication system and the power system, an analysis of the power grid observability under communication constraints is performed. Case studies show that the effective rate provides a cross layer analytical framework within the communication system, while its statistical characterisation of the communication delay has the potential to be applied as a general coupling point between the communication system and the power system, especially when real-time applications are considered. Besides the theoretical QoS performance analysis within Smart Grid, a new Software Defined Smart Grid testbed is proposed in this thesis. This testbed provides a versatile evaluation and development environment for Smart Grid QoS performance studies. It exploits the Real Time Digital Simulator (RTDS) to emulate different power grid configurations and the Software Defined Radio (SDR) environment to implement the communication system. A data acquisition and actuator module is developed, which provides an emulation of various Intelligent Electronic Devices (IEDs). The implemented prototype demonstrates that the proposed testbed has the potential to evaluate real time Smart Grid applications such as real time voltage stability control

Protecting the power grid: strategies against distributed controller compromise

The electric power grid is a complex, interconnected cyber-physical system comprised of collaborating elements for monitoring and control. Distributed controllers play a prominent role in deploying this cohesive execution and are ubiquitous in the grid. As global information is shared and acted upon, faster response to system changes is achieved. However, failure or malfunction of a few or even one distributed controller in the entire system can cause cascading, detrimental effects. In the worst case, widespread blackouts can result, as exemplified by several historic cases. Furthermore, if controllers are maliciously compromised by an adversary, they can be manipulated to drive the power system to an unsafe state. Due to the shift from proprietary control protocols to popular, accessible network protocols and other modernization factors, the power system is extremely vulnerable to cyber attacks. Cyber attacks against the grid have increased significantly in recent years and can cause severe, physical consequences. Attack vectors for distributed controllers range from execution of malicious commands that can cause sensitive equipment damage to forced system topology changes creating instability. These vulnerabilities and risks need to be fully understood, and greater technical capabilities are necessary to create resilient and dynamic defenses. Proactive strategies must be developed to protect the power grid from distributed controller compromise or failure. This research investigates the role distributed controllers play in the grid and how their loss or compromise impacts the system. Specifically, an analytic method based on controllability analysis is derived using clustering and factorization techniques on controller sensitivities. In this manner, insight into the control support groups and sets of critical, essential, and redundant controllers for distributed controllers in the power system is achieved. Subsequently, we introduce proactive strategies that utilize these roles and grouping results for responding to controller compromise using the remaining set. These actions can be taken immediately to reduce system stress and mitigate compromise consequences as the compromise itself is investigated and eliminated by appropriate security mechanisms. These strategies are demonstrated with several compromise scenarios, and an overall framework is presented. Additionally, the controller role and group insights are applied to aid in developing an analytic corrective control selection for fast and automated remedial action scheme (RAS) design. Techniques to aid the verification of control commands and the detection of abnormal control action behavior are also presented. In particular, an augmented DC power flow algorithm using real-time measurements is developed that obtains both faster speed and higher accuracy than existing linear methods. For detecting abnormal behavior, a generator control action classification framework is presented that leverages known power system behaviors to enhance the use of data mining tools. Finally, the importance of incorporating power system knowledge into machine learning applications is emphasized with a study that improves power system neural network construction using modal analysis. This dissertation details these methodologies and their roles in realizing a more cohesive and resilient power system in the increasingly cyber-physical world

An Assessment of PIER Electric Grid Research 2003-2014 White Paper

This white paper describes the circumstances in California around the turn of the 21st century that led the California Energy Commission (CEC) to direct additional Public Interest Energy Research funds to address critical electric grid issues, especially those arising from integrating high penetrations of variable renewable generation with the electric grid. It contains an assessment of the beneficial science and technology advances of the resultant portfolio of electric grid research projects administered under the direction of the CEC by a competitively selected contractor, the University of California’s California Institute for Energy and the Environment, from 2003-2014

Proactive defense strategies against net load redistribution attacks in cyber-physical smart grids

Doctor of PhilosophyDepartment of Electrical and Computer EngineeringHongyu WuRecent advances in the cyber-physical smart grid (CPSG) have enabled a broad range of new devices based on information and communication technology (ICT). An open network environment in CPSG provides frequent interaction between information and physical components. However, this interaction also exposes the ICT-enabled devices to a growing threat of cyberattacks. Such threats have been alerted by recent cybersecurity incidents, and the security issues have strongly restricted the development of CPSG. Among various CPS cybersecurity incidents, cyber data attacks invade the cyber layer to destroy data integrity. Through elaborately eavesdropping on the transferred measurement data, the attacks can mislead the state estimation (SE) while keeping stealthy to conventional bad data detection (BDD). Due to the SE being the critical function of CPSG control, the cyber data attacks may cause massive economic loss, power system instability, or even cascading failures. Therefore, this dissertation focuses on the detection of stealthy data integrity attacks. This dissertation first performs a thorough review of the state-of-the-art cyber-physical security of the smart grid. By focusing on the physical layer of the CPSG, this work provides an abstracted and unified state-space model in which cyber-physical attack and defense models can be effectively generalized. The existing cyber-physical attacks are categorized in terms of their target components. In addition, this work discusses several operational and informational defense approaches that present the current state-of-the-art in the field, including moving target defense (MTD), watermarking, and data-driven strategies. The challenges and future opportunities associated with the smart grid cyber-physical security is also discussed. Further, a real-time digital simulator, namely Typhoon HIL, is utilized to visualize the random MTD against false data injection (FDI) attacks. Given the review section as a background, a hidden, coordinated net load redistribution attack (NLRA) in an AC distribution system is proposed. The attacker's goal is to create violations in nodal voltage magnitude estimation. An attacker can implement the NLRA strategy by using the local information of an attack region and power flow enhanced deep learning (PFEDL) state estimators. The NLRA is modeled as an attacker's modified AC optimal power flow problem to maximize the attack impact. Case study results indicate the PFEDL-based SE can provide the attacker with accurate system states in a low observable distribution system where conventional lease square-based SE cannot converge. The stealthiness of the hidden NLRA is validated in multiple attack cases. The influence of NLRA on the distribution system is assessed, and the impact of attack regions, attack timing, and attack area size are also revealed. Next, this dissertation highlights that current MTD strategies myopically perturb the reactance of D-FACTS lines without considering the system voltage stability. Voltage instability induced by MTDs is illustrated in a three-bus system and two more complicated systems with real-world load profiles. Further, a novel MTD framework that explicitly considers system voltage stability using continuation power flow and voltage stability indices is proposed to avoid MTD-induced voltage instability. In addition, this dissertation mathematically derives the sensitivity matrix of voltage stability index to line impedance, on which an optimization problem for maximizing voltage stability index is formulated. This framework is tested on the IEEE 14-bus and the IEEE 118-bus transmission systems, in which sophisticated attackers launch NLRAs. The simulation results show the effectiveness of the proposed framework in circumventing voltage instability while maintaining the detection effectiveness of MTD. Case studies are conducted with and without the proposed framework under different MTD planning and operational methods. The impacts of the proposed two methods on attack detection effectiveness and system economic metrics are also revealed. Finally, this dissertation proposes utilizing smart inverters to implement a novel meter encoding scheme in distribution systems. The proposed meter encoding scheme is a software-based active detection method, which neither requires additional hardware devices nor causes system instability, compared with MTD and watermarking. By elaborately constructing the encoding vector, the proposed smart-inverter-based meter encoding can mislead the attacker's SE while being hidden from alert attackers. In addition, by utilizing the topology of radial distribution systems, the proposed encoding scheme encodes fewer meters than current schemes when protecting the same number of buses, which decreases the encoding cost. Simulation results from the IEEE 69-bus distribution system demonstrate that the proposed meter encoding scheme can mislead the attacker's state estimation on all the downstream buses of an encoded bus without arousing the attacker's suspicion. FDI attacks constructed based on the misled estimated states are highly possible to trigger the defender's BDD alarm

Decentralized estimation and control for power systems

This thesis presents a decentralized alternative to the centralized state-estimation and control technologies used in current power systems. Power systems span over vast geographical areas, and therefore require a robust and reliable communication network for centralized estimation and control. The supervisory control and data acquisition (SCADA) systems provide such a communication architecture and are currently employed for centralized estimation and control of power systems in a static manner. The SCADA systems operate at update rates which are not fast enough to provide appropriate estimation or control of transient or dynamic events occurring in power systems. Packet-switching based networked control system (NCS) is a faster alternative to SCADA systems, but it suffers from some other problems such as packet dropouts, random time delays and packet disordering. A stability analysis framework for NCS in power systems has been presented in the thesis considering these problems. Some other practical limitations and problems associated with real-time centralized estimation and control are computational bottlenecks, cyber threats and issues in acquiring system-wide parameters and measurements. The aforementioned problems can be solved by a decentralized methodology which only requires local parameters and measurements for estimation and control of a local unit in the system. The cumulative effect of control at all the units should be such that the global oscillations and instabilities in the power system are controlled. Such a decentralized methodology has been presented in the thesis. The method for decentralization is based on a new concept of `pseudo-inputs' in which some of the measurements are treated as inputs. Unscented Kalman filtering (UKF) is applied on the decentralized system for dynamic state estimation (DSE). An extended linear quadratic regulator (ELQR) has been proposed for the optimal control of each local unit such that the whole power system is stabilized and all the oscillations are adequately damped. ELQR requires DSE as a prerequisite. The applicability of integrated system for dynamic estimation and control has been demonstrated on a model 16-machine 68-bus benchmark system

Advancements in Real-Time Simulation of Power and Energy Systems

Modern power and energy systems are characterized by the wide integration of distributed generation, storage and electric vehicles, adoption of ICT solutions, and interconnection of different energy carriers and consumer engagement, posing new challenges and creating new opportunities. Advanced testing and validation methods are needed to efficiently validate power equipment and controls in the contemporary complex environment and support the transition to a cleaner and sustainable energy system. Real-time hardware-in-the-loop (HIL) simulation has proven to be an effective method for validating and de-risking power system equipment in highly realistic, flexible, and repeatable conditions. Controller hardware-in-the-loop (CHIL) and power hardware-in-the-loop (PHIL) are the two main HIL simulation methods used in industry and academia that contribute to system-level testing enhancement by exploiting the flexibility of digital simulations in testing actual controllers and power equipment. This book addresses recent advances in real-time HIL simulation in several domains (also in new and promising areas), including technique improvements to promote its wider use. It is composed of 14 papers dealing with advances in HIL testing of power electronic converters, power system protection, modeling for real-time digital simulation, co-simulation, geographically distributed HIL, and multiphysics HIL, among other topics