Reliability Evaluation and Defense Strategy Development for Cyber-physical Power Systems

With the smart grid initiatives in recent years, the electric power grid is rapidly evolving into a complicated and interconnected cyber-physical system. Unfortunately, the wide deployment of cutting-edge communication, control and computer technologies in the power system, as well as the increasing terrorism activities, make the power system at great risk of attacks from both cyber and physical domains. It is pressing and meaningful to investigate the plausible attack scenarios and develop efficient methods for defending the power system against them. To defend the power grid, it is critical to first study how the attacks could happen and affect the power system, which are the basis for the defense strategy development. Thus, this dissertation quantifies the influence of several typical attacks on power system reliability. Specifically, three representative attack are considered, i.e., intrusion against substations, regional LR attack, and coordinated attacks. For the intrusion against substations, the occurrence frequency of the attack events is modeled based on statistical data and human dynamics; game-theoretical approaches are adopted to model induvial and consecutive attack cases; Monte Carlo simulation is deployed to obtain the desired reliability indices, which incorporates both the attacks and the random failures. For the false data injection attack, a practical regional load redistribution (LR) attack strategy is proposed; the man-in-the-middle (MITM) intrusion process is modeled with a semi-Markov process method; the reliability indices are obtained based on the regional LR attack strategy and the MITM intrusion process using Monte Carlo simulation. For the coordinated attacks, a few typical coordination strategies are proposed considering attacking the current-carrying elements as well as attacking the measurements; a bilevel optimization method is applied to develop the optimal coordination strategy. Further, efficient and effective defense strategies are proposed from the perspectives of power system operation strategy and identification of critical elements. Specially, a robustness-oriented power grid operation strategy is proposed considering the element random failures and the risk of man-made attacks. Using this operation strategy, the power system operation is robust, and can minimize the load loss in case of malicious man-made attacks. Also, a multiple-attack-scenario (MAS) defender-attack-defender model is proposed to identify the critical branches that should be defended when an attack is anticipated but the defender has uncertainty about the capability of the attacker. If those identified critical branches are protected, the expected load loss will be minimal

Power Market Cybersecurity and Profit-targeting Cyberattacks

The COVID-19 pandemic has forced many companies and business to operate through remote platforms, which has made everyday life and everyone more digitally connected than ever before. The cybersecurity has become a bigger priority in all aspects of life. A few real-world cases have demonstrated the current capability of cyberattacks as in [1], [2], and [3]. These cases invalidate the traditional belief that cyberattacks are unable to penetrate real-world industrial systems. Beyond the physical damage, some attackers target financial arbitrage advantages brought by false data injection attacks (FDIAs) [4]. Malicious breaches into power market operations could induce catastrophic consequences on fair financial settlements and reliable transmission services. In this dissertation, an in-depth study is conducted to investigate power market cybersecurity and profit-targeting cyberattacks. In the first work, we demonstrate the importance of market-level behavior in defending cyberattacks and designing cyberattacks. A market-level defense analysis is developed to help operators identify cyberattacks, and an LMP-disguising attack strategy is developed to disguise the abnormal LMPs, which can bypass both the bad data detection and market-level detection. In the second work, we propose a comprehensive CVA model for delivering a detailed analysis of four aspects of vulnerability: highly probable cyberattack targets, devastating attack targets, risky load levels, and mitigation ability under different degrees of defense. In the third work, we identify that revenue adequacy, a fundamental power market operation criterion, has not been analyzed under the context of cybersecurity, and we explore the impact of FDIAs targeting real-time (RT) market operations on ISO revenue adequacy analytically and numerically. In the last work, we extend the power system cybersecurity analysis to multi-energy system (MES) framework. An optimally coordinated (OC-FDIA) targeting MES is proposed. Then, we show that the OC-FDIA cause much more severe damages than single-system FDIA and uncoordinated FDIAs. Further, an effective countermeasure is developed against the proposed OCFDIA based on deep learning technique (DL)

Impact Assessment, Detection, And Mitigation Of False Data Attacks In Electrical Power Systems

The global energy market has seen a massive increase in investment and capital flow in the last few decades. This has completely transformed the way power grids operate - legacy systems are now being replaced by advanced smart grid infrastructures that attest to better connectivity and increased reliability. One popular example is the extensive deployment of phasor measurement units, which is referred to PMUs, that constantly provide time-synchronized phasor measurements at a high resolution compared to conventional meters. This enables system operators to monitor in real-time the vast electrical network spanning thousands of miles. However, a targeted cyber attack on PMUs can prompt operators to take wrong actions that can eventually jeopardize the power system reliability. Such threats originating from the cyber-space continue to increase as power grids become more dependent on PMU communication networks. Additionally, these threats are becoming increasingly efficient in remaining undetected for longer periods while gaining deep access into the power networks. An attack on the energy sector immediately impacts national defense, emergency services, and all aspects of human life. Cyber attacks against the electric grid may soon become a tactic of high-intensity warfare between nations in near future and lead to social disorder. Within this context, this dissertation investigates the cyber security of PMUs that affects critical decision-making for a reliable operation of the power grid. In particular, this dissertation focuses on false data attacks, a key vulnerability in the PMU architecture, that inject, alter, block, or delete data in devices or in communication network channels. This dissertation addresses three important cyber security aspects - (1) impact assessment, (2) detection, and (3) mitigation of false data attacks. A comprehensive background of false data attack models targeting various steady-state control blocks is first presented. By investigating inter-dependencies between the cyber and the physical layers, this dissertation then identifies possible points of ingress and categorizes risk at different levels of threats. In particular, the likelihood of cyber attacks against the steady-state power system control block causing the worst-case impacts such as cascading failures is investigated. The case study results indicate that false data attacks do not often lead to widespread blackouts, but do result in subsequent line overloads and load shedding. The impacts are magnified when attacks are coordinated with physical failures of generators, transformers, or heavily loaded lines. Further, this dissertation develops a data-driven false data attack detection method that is independent of existing in-built security mechanisms in the state estimator. It is observed that a convolutional neural network classifier can quickly detect and isolate false measurements compared to other deep learning and traditional classifiers. Finally, this dissertation develops a recovery plan that minimizes the consequence of threats when sophisticated attacks remain undetected and have already caused multiple failures. Two new controlled islanding methods are developed that minimize the impact of attacks under the lack of, or partial information on the threats. The results indicate that the system operators can successfully contain the negative impacts of cyber attacks while creating stable and observable islands. Overall, this dissertation presents a comprehensive plan for fast and effective detection and mitigation of false data attacks, improving cyber security preparedness, and enabling continuity of operations

Impact Assessment, Detection, and Mitigation of False Data Attacks in Electrical Power Systems

The global energy market has seen a massive increase in investment and capital flow in the last few decades. This has completely transformed the way power grids operate - legacy systems are now being replaced by advanced smart grid infrastructures that attest to better connectivity and increased reliability. One popular example is the extensive deployment of phasor measurement units, which is referred to PMUs, that constantly provide time-synchronized phasor measurements at a high resolution compared to conventional meters. This enables system operators to monitor in real-time the vast electrical network spanning thousands of miles. However, a targeted cyber attack on PMUs can prompt operators to take wrong actions that can eventually jeopardize the power system reliability. Such threats originating from the cyber-space continue to increase as power grids become more dependent on PMU communication networks. Additionally, these threats are becoming increasingly efficient in remaining undetected for longer periods while gaining deep access into the power networks. An attack on the energy sector immediately impacts national defense, emergency services, and all aspects of human life. Cyber attacks against the electric grid may soon become a tactic of high-intensity warfare between nations in near future and lead to social disorder. Within this context, this dissertation investigates the cyber security of PMUs that affects critical decision-making for a reliable operation of the power grid. In particular, this dissertation focuses on false data attacks, a key vulnerability in the PMU architecture, that inject, alter, block, or delete data in devices or in communication network channels. This dissertation addresses three important cyber security aspects - (1) impact assessment, (2) detection, and (3) mitigation of false data attacks. A comprehensive background of false data attack models targeting various steady-state control blocks is first presented. By investigating inter-dependencies between the cyber and the physical layers, this dissertation then identifies possible points of ingress and categorizes risk at different levels of threats. In particular, the likelihood of cyber attacks against the steady-state power system control block causing the worst-case impacts such as cascading failures is investigated. The case study results indicate that false data attacks do not often lead to widespread blackouts, but do result in subsequent line overloads and load shedding. The impacts are magnified when attacks are coordinated with physical failures of generators, transformers, or heavily loaded lines. Further, this dissertation develops a data-driven false data attack detection method that is independent of existing in-built security mechanisms in the state estimator. It is observed that a convolutional neural network classifier can quickly detect and isolate false measurements compared to other deep learning and traditional classifiers. Finally, this dissertation develops a recovery plan that minimizes the consequence of threats when sophisticated attacks remain undetected and have already caused multiple failures. Two new controlled islanding methods are developed that minimize the impact of attacks under the lack of, or partial information on the threats. The results indicate that the system operators can successfully contain the negative impacts of cyber attacks while creating stable and observable islands. Overall, this dissertation presents a comprehensive plan for fast and effective detection and mitigation of false data attacks, improving cyber security preparedness, and enabling continuity of operations

Characterising the security of power system topologies through a combined assessment of reliability, robustness, and resilience

Electricity has a prominent role in modern economies; therefore, ensuring the availability of electricity supply should be a top priority for policymakers. The joint assessment of reliability, robustness, and resilience can be a useful criterion to characterise different topologies and improve the security of supply. This paper proposes a novel integrated analysis of these three attributes to quantify the security of power grid topologies. Hence, eight case studies with different topologies created using the IEEE 24-bus reliability test system were analysed. Reliability was evaluated by applying the sequential Monte Carlo approach, robustness was evaluated by simulating cascading failures, and resilience was evaluated by analysing recovery curves. The different indicators associated with each of the three evaluations were then calculated. The results obtained were discussed both graphically and quantitatively in a novel three-dimensional representation, where the importance of joint analysis was also highlighted. The proposed method can serve as an additional tool for planners to identify possible investments or improvements in power system topologies

Reliability in a smart power system with cyber-physical interactive operation of photovoltaic systems and heat pumps

The connectivity of the power grid is increasing with the internet of things, and low carbon technologies being deployed to help enhance smart grid performance and reliability. Meanwhile, they also increase the digital complexity and dependency of cyber assets, which might be vulnerable to cyber-physical threats, and hence may impact the reliability of power systems. Due to cyber-threats’ unpredictable nature, the interactive operation of low carbon technologies with cyber-physical systems is becoming a challenging task for smart grids. This thesis proposes novel mathematical frameworks to estimate the availability of photovoltaics and heat pumps with cyber-physical components. These frameworks are developed to quantify the level of risk posed by cyber-threats to the interactive operation of photovoltaics and heat pumps, using Markov-Chains. The availability framework considers the severity of random cyber-attacks on photovoltaics and the probability of cyber-threats with mean time to detection-time on heat pump operation. Sensitivities of the repair times of cyber-physical component for photovoltaics and sensitivities of cyber-attack-detection time for heat pumps are also evaluated. The impact of cyber threats on the interactive operation of photovoltaics and heat pumps are considerable and inconsistent, however the propagation of cyber-threats can be restricted by appropriate means of photovoltaics. For heat pumps, operational reliability substantially decreases due to the unavailability of their control panel. Contributions of this thesis include an availability model for photovoltaic configurations, an innovative approach to assess the reliability of a photovoltaic integrated power system with cyber-physical interactions, the availability estimation of heat pump with variable detection time, and an enhanced cyber-intrusion process model for reliability analysis of heat pumps. The findings offer insight into the impact of cyber-physical system availability and its importance on power system reliability

Collapse Vulnerability and Fragility Analysis of Substandard RC Bridges Rehabilitated with Different Repair Jackets under Post-Mainshock Cascading Events

Past earthquakes have signaled the increased collapse vulnerability of mainshock-damaged bridge piers and urgent need of repair interventions prior to subsequent cascading hazard events, such as aftershocks, triggered by the mainshock (MS). The overarching goal of this study is to quantify the collapse vulnerability of mainshock-damaged substandard RC bridge piers rehabilitated with different repair jackets (FRP, conventional thick steel and hybrid jacket) under aftershock (AS) attacks of various intensities. The efficacy of repair jackets on post-MS resilience of repaired bridges is quantified for a prototype two-span single-column bridge bent with lap-splice deficiency at column-footing interface. Extensive number of incremental dynamic time history analyses on numerical finite element bridge models with deteriorating properties under back-to-back MS-AS sequences were utilized to evaluate the efficacy of different repair jackets on the post-repair behavior of RC bridges subjected to AS attacks. Results indicate the dramatic impact of repair jacket application on post-MS resilience of damaged bridge piers—up to 45.5 % increase of structural collapse capacity—subjected to aftershocks of multiple intensities. Besides, the efficacy of repair jackets is found to be proportionate to the intensity of AS attacks. Moreover, the steel jacket exhibited to be the most vulnerable repair intervention compared to CFRP, irrespective of the seismic sequence (severe MS-severe or moderate AS) or earthquake type (near-fault or far-fault)

A dynamic game model for assessing risk of coordinated physical-cyber attacks in an AC/DC hybrid transmission system

The widely used intelligent measuring equipment not only makes the operation of AC/DC hybrid transmission system more safe and reliable, but also inevitably brings new problems and challenges such as the threats and hidden dangers of cyber attacks. Given this, how to effectively and comprehensively assess the inherent vulnerabilities of AC/DC hybrid transmission systems under the coordinated physical-cyber attacks is of critical significance. In this paper, a three-stage physical-cyber attack and defense risk assessment framework based on dynamic game theory is proposed. In the framework, the dynamic game process between attacker and defender is carried out for the power grid risk, which is expressed as the product of the attacker’s success probability in attacking the substation and the load loss caused by the attack. Regarding the probability of a successful attack, it depends on the number of funds invested by both attacker and defender sides considering the marginal effect, while the corresponding load loss caused depends on the cyber attack vector and the optimal load shedding scheme. For the solution of the proposed three-stage dynamic game framework, it is converted into a bi-level mathematical programming problem, in which the upper-level problem is solved by using the backward induction method to get the subgame perfect Nash equilibrium, and the lower-level problem is solved by using an improved particle swarm optimization algorithm to get the optimal amount of load shedding. Finally, the case study is performed on a modified IEEE 14-node AC/DC hybrid transmission test system, and the inherent weaknesses of the power grid are identified based on the risk assessment results, verifying the effectiveness of the proposed framework and method