Topology Attacks on Power System Operation and Consequences Analysis

abstract: The large distributed electric power system is a hierarchical network involving the transportation of power from the sources of power generation via an intermediate densely connected transmission network to a large distribution network of end-users at the lowest level of the hierarchy. At each level of the hierarchy (generation/ trans- mission/ distribution), the system is managed and monitored with a combination of (a) supervisory control and data acquisition (SCADA); and (b) energy management systems (EMSs) that process the collected data and make control and actuation de- cisions using the collected data. However, at all levels of the hierarchy, both SCADA and EMSs are vulnerable to cyber attacks. Furthermore, given the criticality of the electric power infrastructure, cyber attacks can have severe economic and social con- sequences. This thesis focuses on cyber attacks on SCADA and EMS at the transmission level of the electric power system. The goal is to study the consequences of three classes of cyber attacks that can change topology data. These classes include: (i) unobservable state-preserving cyber attacks that only change the topology data; (ii) unobservable state-and-topology cyber-physical attacks that change both states and topology data to enable a coordinated physical and cyber attack; and (iii) topology- targeted man-in-the-middle (MitM) communication attacks that alter topology data shared during inter-EMS communication. Specically, attack class (i) and (ii) focus on the unobservable attacks on single regional EMS while class (iii) focuses on the MitM attacks on communication links between regional EMSs. For each class of attacks, the theoretical attack model and the implementation of attacks are provided, and the worst-case attack and its consequences are exhaustively studied. In particularly, for class (ii), a two-stage optimization problem is introduced to study worst-case attacks that can cause a physical line over ow that is unobservable in the cyber layer. The long-term implication and the system anomalies are demonstrated via simulation. For attack classes (i) and (ii), both mathematical and experimental analyses sug- gest that these unobservable attacks can be limited or even detected with resiliency mechanisms including load monitoring, anomalous re-dispatches checking, and his- torical data comparison. For attack class (iii), countermeasures including anomalous tie-line interchange verication, anomalous re-dispatch alarms, and external contin- gency lists sharing are needed to thwart such attacks.Dissertation/ThesisMasters Thesis Electrical Engineering 201

False Data Injection Attacks on Phasor Measurements That Bypass Low-rank Decomposition

This paper studies the vulnerability of phasor measurement units (PMUs) to false data injection (FDI) attacks. Prior work demonstrated that unobservable FDI attacks that can bypass traditional bad data detectors based on measurement residuals can be identified by detector based on low-rank decomposition (LD). In this work, a class of more sophisticated FDI attacks that captures the temporal correlation of PMU data is introduced. Such attacks are designed with a convex optimization problem and can always bypass the LD detector. The vulnerability of this attack model is illustrated on both the IEEE 24-bus RTS and the IEEE 118-bus systems.Comment: 6 pages, 4 figures, submitted to 2017 IEEE International Conference on Smart Grid Communications (SmartGridComm

Vulnerability Assessment of Large-scale Power Systems to False Data Injection Attacks

This paper studies the vulnerability of large-scale power systems to false data injection (FDI) attacks through their physical consequences. Prior work has shown that an attacker-defender bi-level linear program (ADBLP) can be used to determine the worst-case consequences of FDI attacks aiming to maximize the physical power flow on a target line. This ADBLP can be transformed into a single-level mixed-integer linear program, but it is hard to solve on large power systems due to numerical difficulties. In this paper, four computationally efficient algorithms are presented to solve the attack optimization problem on large power systems. These algorithms are applied on the IEEE 118-bus system and the Polish system with 2383 buses to conduct vulnerability assessments, and they provide feasible attacks that cause line overflows, as well as upper bounds on the maximal power flow resulting from any attack.Comment: 6 pages, 5 figure

Local Cyber-physical Attack with Leveraging Detection in Smart Grid

A well-designed attack in the power system can cause an initial failure and then results in large-scale cascade failure. Several works have discussed power system attack through false data injection, line-maintaining attack, and line-removing attack. However, the existing methods need to continuously attack the system for a long time, and, unfortunately, the performance cannot be guaranteed if the system states vary. To overcome this issue, we consider a new type of attack strategy called combinational attack which masks a line-outage at one position but misleads the control center on line outage at another position. Therefore, the topology information in the control center is interfered by our attack. We also offer a procedure of selecting the vulnerable lines of its kind. The proposed method can effectively and continuously deceive the control center in identifying the actual position of line-outage. The system under attack will be exposed to increasing risks as the attack continuously. Simulation results validate the efficiency of the proposed attack strategy.Comment: Accepted by IEEE SmartGridComm 201

Vulnerability Analysis of False Data Injection Attacks on Supervisory Control and Data Acquisition and Phasor Measurement Units

abstract: The electric power system is monitored via an extensive network of sensors in tandem with data processing algorithms, i.e., an intelligent cyber layer, that enables continual observation and control of the physical system to ensure reliable operations. This data collection and processing system is vulnerable to cyber-attacks that impact the system operation status and lead to serious physical consequences, including systematic problems and failures. This dissertation studies the physical consequences of unobservable false data injection (FDI) attacks wherein the attacker maliciously changes supervisory control and data acquisition (SCADA) or phasor measurement unit (PMU) measurements, on the electric power system. In this context, the dissertation is divided into three parts, in which the first two parts focus on FDI attacks on SCADA and the last part focuses on FDI attacks on PMUs. The first part studies the physical consequences of FDI attacks on SCADA measurements designed with limited system information. The attacker is assumed to have perfect knowledge inside a sub-network of the entire system. Two classes of attacks with different assumptions on the attacker's knowledge outside of the sub-network are introduced. In particular, for the second class of attacks, the attacker is assumed to have no information outside of the attack sub-network, but can perform multiple linear regression to learn the relationship between the external network and the attack sub-network with historical data. To determine the worst possible consequences of both classes of attacks, a bi-level optimization problem wherein the first level models the attacker's goal and the second level models the system response is introduced. The second part of the dissertation concentrates on analyzing the vulnerability of systems to FDI attacks from the perspective of the system. To this end, an off-line vulnerability analysis framework is proposed to identify the subsets of the test system that are more prone to FDI attacks. The third part studies the vulnerability of PMUs to FDI attacks. Two classes of more sophisticated FDI attacks that capture the temporal correlation of PMU data are introduced. Such attacks are designed with a convex optimization problem and can always bypass both the bad data detector and the low-rank decomposition (LD) detector.Dissertation/ThesisDoctoral Dissertation Electrical Engineering 201