Impact Assessment of Hypothesized Cyberattacks on Interconnected Bulk Power Systems

The first-ever Ukraine cyberattack on power grid has proven its devastation by hacking into their critical cyber assets. With administrative privileges accessing substation networks/local control centers, one intelligent way of coordinated cyberattacks is to execute a series of disruptive switching executions on multiple substations using compromised supervisory control and data acquisition (SCADA) systems. These actions can cause significant impacts to an interconnected power grid. Unlike the previous power blackouts, such high-impact initiating events can aggravate operating conditions, initiating instability that may lead to system-wide cascading failure. A systemic evaluation of "nightmare" scenarios is highly desirable for asset owners to manage and prioritize the maintenance and investment in protecting their cyberinfrastructure. This survey paper is a conceptual expansion of real-time monitoring, anomaly detection, impact analyses, and mitigation (RAIM) framework that emphasizes on the resulting impacts, both on steady-state and dynamic aspects of power system stability. Hypothetically, we associate the combinatorial analyses of steady state on substations/components outages and dynamics of the sequential switching orders as part of the permutation. The expanded framework includes (1) critical/noncritical combination verification, (2) cascade confirmation, and (3) combination re-evaluation. This paper ends with a discussion of the open issues for metrics and future design pertaining the impact quantification of cyber-related contingencies

Cyber-Based Contingency Analysis and Insurance Implications of Power Grid

Cybersecurity for power communication infrastructure is a serious subject that has been discussed for a decade since the first North American Electric Reliability Corporation (NERC) critical infrastructure protection (CIP) initiative in 2006. Its credibility on plausibility has been evidenced by attack events in the recent past. Although this is a very high impact, rare probability event, the establishment of quantitative measures would help asset owners in making a series of investment decisions. First, this dissertation tackles attackers\u27 strategies based on the current communication architecture between remote IP-based (unmanned) power substations and energy control centers. Hypothetically, the identification of intrusion paths will lead to the worst-case scenarios that the attackers could do harm to the grid, e.g., how this switching attack may perturb to future cascading outages within a control area when an IP-based substation is compromised. Systematic approaches are proposed in this dissertation on how to systematically determine pivotal substations and how investment can be prioritized to maintain and appropriate a reasonable investment in protecting their existing cyberinfrastructure. More specifically, the second essay of this dissertation focuses on digital protecting relaying, which could have similar detrimental effects on the overall grid\u27s stability. The R-k contingency analyses are proposed to verify with steady-state and dynamic simulations to ensure consistencies of simulation outcome in the proposed modeling in a power system. This is under the assumption that attackers are able to enumerate all electronic devices and computers within a compromised substation network. The essay also assists stakeholders (the defenders) in planning out exhaustively to identify the critical digital relays to be deployed in substations. The systematic methods are the combinatorial evaluation to incorporate the simulated statistics in the proposed metrics that are used based on the physics and simulation studies using existing power system tools. Finally, a risk transfer mechanism of cyber insurance against disruptive switching attacks is studied comprehensively based on the aforementioned two attackers\u27 tactics. The evaluation hypothetically assesses the occurrence of anomalies and how these footprints of attackers can lead to a potential cascading blackout as well as to restore the power back to normal stage. The research proposes a framework of cyber insurance premium calculation based on the ruin probability theory, by modeling potential electronic intrusion and its direct impacts. This preliminary actuarial model can further improve the security of the protective parameters of the critical infrastructure via incentivizing investment in security technologies

On the Detection of Cyber-Attacks in the Communication Network of IEC 61850 Electrical Substations

The availability of the data within the network communication remains one of the most critical requirement when compared to integrity and confidentiality. Several threats such as Denial of Service (DoS) or flooding attacks caused by Generic Object Oriented Substation Event (GOOSE) poisoning attacks, for instance, might hinder the availability of the communication within IEC 61850 substations. To tackle such threats, a novel method for the Early Detection of Attacks for the GOOSE Network Traffic (EDA4GNeT) is developed in the present work. Few of previously available intrusion detection systems take into account the specific features of IEC 61850 substations and offer a good trade-off between the detection performance and the detection time. Moreover, to the best of our knowledge, none of the existing works proposes an early anomaly detection method of GOOSE attacks in the network traffic of IEC 61850 substations that account for the specific characteristics of the network data in electrical substations. The EDA4GNeT method considers the dynamic behavior of network traffic in electrical substations. The mathematical modeling of the GOOSE network traffic first enables the development of the proposed method for anomaly detection. In addition, the developed model can also support the management of the network architecture in IEC 61850 substations based on appropriate performance studies. To test the novel anomaly detection method and compare the obtained results with available techniques, two use cases are used

ESTABLISHMENT OF CYBER-PHYSICAL CORRELATION AND VERIFICATION BASED ON ATTACK SCENARIOS IN POWER SUBSTATIONS

Insurance businesses for the cyberworld are an evolving opportunity. However, a quantitative model in today\u27s security technologies may not be established. Besides, a generalized methodology to assess the systematic risks remains underdeveloped. There has been a technical challenge to capture intrusion risks of the cyber-physical system, including estimating the impact of the potential cascaded events initiated by the hacker\u27s malicious actions. This dissertation attempts to integrate both modeling aspects: 1) steady-state probabilities for the Internet protocol-based substation switching attack events based on hypothetical cyberattacks, 2) potential electricity losses. The phenomenon of sequential attacks can be characterized using a time-domain simulation that exhibits dynamic cascaded events. Such substation attack simulation studies can establish an actuarial framework for grid operation. The novelty is three-fold. First, the development to extend features of steady-state probabilities is established based on 1) modified password models, 2) new models on digital relays with two-step authentications, and 3) honeypot models. A generalized stochastic Petri net is leveraged to formulate the detailed statuses and transitions of components embedded in a Cyber-net. Then, extensive modeling of steady-state probabilities is qualitatively performed. Methodologies on how transition probabilities and rates are extracted from network components and actuarial applications are summarized and discussed. Second, dynamic models requisite for switching attacks against multiple substations or digital relays deployed in substations are formulated. Imperative protection and control models to represent substation attacks are clarified with realistic model parameters. Specifically, wide-area protections, i.e., special protection systems (SPSs), are elaborated, asserting that event-driven SPSs may be skipped for this type of case study. Third, the substation attack replay using a proven commercially available time-domain simulation tool is validated in IEEE system models to study attack combinations\u27 critical paths. As the time-domain simulation requires a higher computational cost than power flow-based steady-state simulation, a balance of both methods is established without missing the critical dynamic behavior. The direct impact of substation attacks, i.e., electricity losses, is compared between steady-state and dynamic analyses. Steady-state analysis results are prone to be pessimistic for a smaller number of compromised substations. Finally, simulation findings based on the risk-based metrics and technical implementation are extensively discussed with future work

Security of Process Bus in Digital Substation

Cyber security attacks in substations have been a issue for a very long time [1]. It is necessary to secure the communication between devices in substation automation system. Generally, Substation Automation Systems uses Intelligent Electronic devices (IED) for monitoring, control and protection of substation. In the past, single purpose and mostly hard-wire interconnected devices were safety and control devices. More and more features have been built into multi-function intelligent electronic devices (IEDs) over time. The need for contact between the devices in the scheme has increased by increasing the number of functions per unit. The lack of wide-ranging knowledge of data communication technologies, protocols, remote access and risks to cybersecurity would improve the prospects for cyber-initiated events. Enabling support for authentication and authorization, auditability and logging as well as product and system hardening are critical features for safeguarding electric power grids and power networks. The introduction of a centralized account management system in the substation automation system is a simple solution for adding and removing users who have or are deprived of access. For utilities that have to stick to laws, this is a big advantage. The security logging mechanisms are a must in the case of intrusion prevention, finding unexpected use patterns and for safety forensics. It has to be precise, readily distributed and easily gathered [2]. Adopting new solutions for substations. These systems are following standards and trends, as of which one of them is in particular Ethernet and TCP/IP based communication protocols. The substation automation multicast messages are Generic Object Driven Substation Event (GOOSE) and Sampled Measured Value (SMV), Manufacturing Message Specification (MMS). The two recent standards published to protect the systems are IEC 61850 and IEC 62351. The mainstream development for substation automation is IEC61850. It provides an integrated solution for ensuring communication in substation automation between intelligent electronic devices (IED). On the one side, these standard mandates that GOOSE and SV messages must be used by the RSA cryptosystem to provide source authenticity. This report provides a realistic consideration and review of the implementation in a substation automation system of a stable sampled measured value (SeSV) message. IEC Working Group 15 of Technical Committee 57 released IEC62351 on protection for IEC61850 profiles because of the lack of security features in the standard. However, the use of IEC62351 standards-based SV authentication methods is still not integrated and computational capabilities and performance are not validated and checked with commercial-grade devices. Therefore this report demonstrates the performance of SeSV allowed security feature packets transmitted between security and control devices by appending the extended IEC61850 packets to a message authentication code (MAC). A prototype implementation on a low-cost embedded commodity device has shown that with negligible time delay, the MAC-enabled SV message can completely protect the process bus communication in the digital substation.Master of ScienceComputer and Information Science, College of Engineering and Computer ScienceUniversity of Michigan-Dearbornhttp://deepblue.lib.umich.edu/bitstream/2027.42/166307/1/Ramya Karnati Final Thesis.pdfDescription of Ramya Karnati Final Thesis.pdf : Thesi

GNSS Related Threats to Power Grid Applications

As power grid environments are moving towards the smart grid vision of the future, the traditional schemes for power grid protection and control are making way for new applications. The advancements in this field have made the requirements for power grid’s time synchronization accuracy and precision considerably more demanding. So far, the signals provided by Global Navigation Satellite Systems have generally addressed the need for highly accurate and stable reference time in power grid applications. These signals however are highly susceptible to tampering as they are being transmitted. Since electrical power transmission and distribution are critical functions for any modern society, the risks and impacts affiliated with satellite-based time synchronization in power grids ought to be examined. This thesis aims to address the matter. The objective is to examine how Global Navigation Satellite Systems are utilized in the power grids, how different attacks would potentially be carried out by employing interference and disturbance to GNSS signals and receivers and how the potential threats can be mitigated. A major part of the research is done through literature review, and the core concepts and different implementations of Global Navigation Satellite Systems are firstly introduced. The literature review also involves the introduction of different power grid components and subsystems, that utilize Global Positioning System for time synchronization. Threat modeling techniques traditionally practiced in software development are applied to power grid components and subsystems to gain insight about the possible threats and their impacts. The threats recognized through this process are evaluated and potential techniques for mitigating the most notable threats are presented.Sähköverkot ovat siirtymässä kohti tulevaisuuden älykkäitä sähköverkkoja ja perinteiset sähköverkon suojaus- ja ohjausmenetelmät tekevät tilaa uusille sovelluksille. Alan kehitys on tehnyt aikasynkronoinnin tarkkuusvaatimuksista huomattavasti aikaisempaa vaativampia. Tarkka aikareferenssi sähköverkoissa on tähän saakka saavutettu satelliittinavigointijärjestelmien tarjoamien signaalien avulla. Nämä signaalit ovat kuitenkin erittäin alttiita erilaisille hyökkäyksille. Sähkönjakelujärjestelmät ovat kriittinen osa nykyaikaista yhteiskuntaa ja riskejä sekä seuraamuksia, jotka liittyvät satelliittipohjaisten aikasynkronointimenetelmien hyödyntämiseen sähköverkoissa, tulisi tarkastella. Tämä tutkielma pyrkii vastaamaan tähän tarpeeseen. Päämääränä on selvittää, miten satelliittinavigointijärjestelmiä hyödynnetään sähköverkoissa, kuinka erilaisia hyökkäyksiä voidaan toteuttaa satelliittisignaaleja häiritsemällä ja satelliittisignaalivastaanottimia harhauttamalla ja kuinka näiden muodostamia uhkia voidaan lieventää. Valtaosa tästä tutkimuksesta on toteutettu kirjallisuuskatselmoinnin pohjalta. Työ kattaa satelliittinavigointijärjestelmien perusteet ja esittelee erilaisia tapoja, kuinka satelliittisignaaleja hyödynnetään sähköverkoissa erityisesti aikasynkronoinnin näkökulmasta. Työssä hyödynnettiin perinteisesti ohjelmistokehityksessä käytettyjä uhkamallinnusmenetelmiä mahdollisten uhkien ja seurausten analysointiin. Lopputuloksena esitellään riskiarviot uhkamallinnuksen pohjalta tunnistetuista uhkista, sekä esitellään erilaisia menettelytapoja uhkien lieventämiseksi

Data-driven cyber attack detection and mitigation for decentralized wide-area protection and control in smart grids

Modern power systems have already evolved into complicated cyber physical systems (CPS), often referred to as smart grids, due to the continuous expansion of the electrical infrastructure, the augmentation of the number of heterogeneous system components and players, and the consequential application of a diversity of information and telecommunication technologies to facilitate the Wide Area Monitoring, Protection and Control (WAMPAC) of the day-to-day power system operation. Because of the reliance on cyber technologies, WAMPAC, among other critical functions, is prone to various malicious cyber attacks. Successful cyber attacks, especially those sabotage the operation of Bulk Electric System (BES), can cause great financial losses and social panics. Application of conventional IT security solutions is indispensable, but it often turns out to be insufficient to mitigate sophisticated attacks that deploy zero-day vulnerabilities or social engineering tactics. To further improve the resilience of the operation of smart grids when facing cyber attacks, it is desirable to make the WAMPAC functions per se capable of detecting various anomalies automatically, carrying out adaptive activity adjustments in time and thus staying unimpaired even under attack. Most of the existing research efforts attempt to achieve this by adding novel functional modules, such as model-based anomaly detectors, to the legacy centralized WAMPAC functions. In contrast, this dissertation investigates the application of data-driven algorithms in cyber attack detection and mitigation within a decentralized architecture aiming at improving the situational awareness and self-adaptiveness of WAMPAC. First part of the research focuses on the decentralization of System Integrity Protection Scheme (SIPS) with Multi-Agent System (MAS), within which the data-driven anomaly detection and optimal adaptive load shedding are further explored. An algorithm named as Support Vector Machine embedded Layered Decision Tree (SVMLDT) is proposed for the anomaly detection, which provides satisfactory detection accuracy as well as decision-making interpretability. The adaptive load shedding is carried out by every agent individually with dynamic programming. The load shedding relies on the load profile propagation among peer agents and the attack adaptiveness is accomplished by maintaining the historical mean of load shedding proportion. Load shedding only takes place after the consensus pertaining to the anomaly detection is achieved among all interconnected agents and it serves the purpose of mitigating certain cyber attacks. The attack resilience of the decentralized SIPS is evaluated using IEEE 39 bus model. It is shown that, unlike the traditional centralized SIPS, the proposed solution is able to carry out the remedial actions under most Denial of Service (DoS) attacks. The second part investigates the clustering based anomalous behavior detection and peer-assisted mitigation for power system generation control. To reduce the dimensionality of the data, three metrics are designed to interpret the behavior conformity of generator within the same balancing area. Semi-supervised K-means clustering and a density sensitive clustering algorithm based on Hieararchical DBSCAN (HDBSCAN) are both applied in clustering in the 3D feature space. Aiming to mitigate the cyber attacks targeting the generation control commands, a peer-assisted strategy is proposed. When the control commands from control center is detected as anomalous, i.e. either missing or the payload of which have been manipulated, the generating unit utilizes the peer data to infer and estimate a new generation adjustment value as replacement. Linear regression is utilized to obtain the relation of control values received by different generating units, Moving Target Defense (MTD) is adopted during the peer selection and 1-dimensional clustering is performed with the inferred control values, which are followed by the final control value estimation. The mitigation strategy proposed requires that generating units can communicate with each other in a peer-to-peer manner. Evaluation results suggest the efficacy of the proposed solution in counteracting data availability and data integrity attacks targeting the generation controls. However, the strategy stays effective only if less than half of the generating units are compromised and it is not able to mitigate cyber attacks targeting the measurements involved in the generation control

Assessing the Cyber Threat Landscape for Virtual Power Plants

Virtual Power Plants (VPPs) aggregate and coordinate Distributed Energy Resources (DER) as a single entity aiding in decarbonization of the energy generation mix. The infrastructure of VPPs relies heavily on rigorous and accurate exchange of information between the DER and the VPP, as well as other grid entities. This exposes them to possible cyber threats that impede their functions and can have negative impacts on the stability and reliability of the grid. In this paper, the threat landscape is evaluated against threats that affect VPPs. A heuristic method of assessing the impact and likelihood of attacks is constructed based on a) proposed methods in literature, b) standardization bodies, and c) in relation to a VPPs security profile. Our findings indicate that False Data Injection attacks are posing the greatest risk, competing with disruption of their functions due to Denial of Service

Emerging technologies and future trends in substation automation systems for the protection, monitoring and control of electrical substations

Tese de Mestrado Integrado. Engenharia Electrotécnica e de Computadores (Automação). Faculdade de Engenharia. Universidade do Porto. 201