Smart Grid Security: Threats, Challenges, and Solutions

The cyber-physical nature of the smart grid has rendered it vulnerable to a multitude of attacks that can occur at its communication, networking, and physical entry points. Such cyber-physical attacks can have detrimental effects on the operation of the grid as exemplified by the recent attack which caused a blackout of the Ukranian power grid. Thus, to properly secure the smart grid, it is of utmost importance to: a) understand its underlying vulnerabilities and associated threats, b) quantify their effects, and c) devise appropriate security solutions. In this paper, the key threats targeting the smart grid are first exposed while assessing their effects on the operation and stability of the grid. Then, the challenges involved in understanding these attacks and devising defense strategies against them are identified. Potential solution approaches that can help mitigate these threats are then discussed. Last, a number of mathematical tools that can help in analyzing and implementing security solutions are introduced. As such, this paper will provide the first comprehensive overview on smart grid security

Attack resilient GPS based timing for phasor measurement units using multi-receiver direct time estimation

Modern power distribution systems are incorporating Phasor Measurement Units (PMUs) to measure the instantaneous voltage and current phasors at different nodes in the power grid. These PMUs depend on Global Positioning Systems (GPS) for precise time and synchronization. However, GPS civil signals are vulnerable to external attacks because of its low power and unencrypted signal structure. Therefore, there is a need for the development of attack resilient GPS time transfer techniques to ensure power grid stability. To counteract these adverse effects, we propose an innovative Multi-Receiver Direct Time Estimation (MR-DTE) algorithm by utilizing the measurements from multiple GPS receivers driven by a common clock. The raw GPS signals from each receiver are processed using a robust signal processing technique known as Direct Time Estimation (DTE). DTE directly correlates the received GPS signal with the corresponding signal replica for each of the pre-generated set of clock states. The optimal set of clock candidates is then determined by maximum likelihood estimation. We further leverage the known geographical diversity of multiple receivers and apply Kalman Filter to obtain robust GPS timing. We evaluate the improved robustness of our MR-DTE algorithm against external timing attacks based on GPS field experiments. In addition, we design a verification and validation power grid testbed using Real-Time Digital Simulator (RTDS) to demonstrate the impact of jamming, meaconing (i.e., record-andreplay attack) and satellite data-level anomalies on PMUs. Later, we utilize our power grid testbed to validate the attack-resilience of our proposed MR-DTE algorithm in comparison to the existing techniques such as traditional scalar tracking and Position-Information-Aided Vector Tracking

Delay-Aware Semantic Sampling in Power Electronic Systems

In power electronic systems (PES), attacks on data availability such as latency attacks, data dropouts, and time-synchronization attacks (TSAs) continue to pose significant threats to both the communication network and the control system performance. As per the conventional norms of communication engineering, PES still rely on time synchronized sampling, which translates every received message with equal importance. In this paper, we go beyond event-triggered sampling/estimation to integrate semantic principles into the sampling process for each distributed energy resource (DER), which not only compensates for delayed communicated signals by reconstruction of a new signal from the inner control layer dynamics, but also evaluates the reconstruction stage using key semantic requirements, namely Freshness, Relevance and Priority for good dynamic performance. As a result, the sparsity provided by event-driven sampling of internal control loop dynamics translates as semantics in PES. The proposed scheme has been extensively tested and validated on a modified IEEE 37-bus AC distribution system, under many operating conditions and noisy environment in OPAL-RT environment to establish its robustness, model-free design ability and adaptive behavior to dynamic cyber graph topologies

CPS Attacks Mitigation Approaches on Power Electronic Systems with Security Challenges for Smart Grid Applications: A Review

This paper presents an inclusive review of the cyber-physical (CP) attacks, vulnerabilities, mitigation approaches on the power electronics and the security challenges for the smart grid applications. With the rapid evolution of the physical systems in the power electronics applications for interfacing renewable energy sources that incorporate with cyber frameworks, the cyber threats have a critical impact on the smart grid performance. Due to the existence of electronic devices in the smart grid applications, which are interconnected through communication networks, these networks may be subjected to severe cyber-attacks by hackers. If this occurs, the digital controllers can be physically isolated from the control loop. Therefore, the cyber-physical systems (CPSs) in the power electronic systems employed in the smart grid need special treatment and security. In this paper, an overview of the power electronics systems security on the networked smart grid from the CP perception, as well as then emphases on prominent CP attack patterns with substantial influence on the power electronics components operation along with analogous defense solutions. Furthermore, appraisal of the CPS threats attacks mitigation approaches, and encounters along the smart grid applications are discussed. Finally, the paper concludes with upcoming trends and challenges in CP security in the smart grid applications

Detection and Mitigation of Cyber Attacks on Time Synchronization Protocols for the Smart Grid

The current electric grid is considered as one of the greatest engineering achievements of the twentieth century. It has been successful in delivering power to consumers for decades. Nevertheless, the electric grid has recently experienced several blackouts that raised several concerns related to its availability and reliability. The aspiration to provide reliable and efficient energy, and contribute to environment protection through the increasing utilization of renewable energies are driving the need to deploy the grid of the future, the smart grid. It is expected that this grid will be self-healing from power disturbance events, operating resiliently against physical and cyber attack, operating efficiently, and enabling new products and services. All these call for a grid with more Information and Communication Technologies (ICT). As such, power grids are increasingly absorbing ICT technologies to provide efficient, secure and reliable two-way communication to better manage, operate, maintain and control electric grid components. On the other hand, the successful deployment of the smart grid is predicated on the ability to secure its operations. Such a requirement is of paramount importance especially in the presence of recent cyber security incidents. Furthermore, those incidents are subject to an augment with the increasing integration of ICT technologies and the vulnerabilities they introduce to the grid. The exploitation of these vulnerabilities might lead to attacks that can, for instance, mask the system observability and initiate cascading failures resulting in undesirable and severe consequences. In this thesis, we explore the security aspects of a key enabling technology in the smart grid, accurate time synchronization. Time synchronization is an immense requirement across the domains of the grid, from generation to transmission, distribution, and consumer premises. We focus on the substation, a basic block of the smart grid system, along with its recommended time synchronization mechanism - the Precision Time Protocol (PTP) - in order to address threats associated with PTP, and propose practical and efficient detection, prevention, mitigation techniques and methodologies that will harden and enhance the security and usability of PTP in a substation. In this respect, we start this thesis with a security assessment of PTP that identifies PTP security concerns, and then address those concerns in the subsequent chapters. We tackle the following main threats associated with PTP: 1) PTP vulnerability to fake timestamp injection through a compromised component 2) PTP vulnerability to the delay attack and 3) The lack of a mechanism that secures the PTP network. Next, and as a direct consequence of the importance of time synchronization in the smart grid, we consider the wide area system to demonstrate the vulnerability of relative data alignment in Phasor Data Concentrators to time synchronization attacks. These problems will be extensively studied throughout this thesis, followed by discussions that highlight open research directions worth further investigations

Machine Learning Based Detection of False Data Injection Attacks in Wide Area Monitoring Systems

The Smart Grid (SG) is an upgraded, intelligent, and a more reliable version of the traditional Power Grid due to the integration of information and communication technologies. The operation of the SG requires a dense communication network to link all its components. But such a network renders it prone to cyber attacks jeopardizing the integrity and security of the communicated data between the physical electric grid and the control centers. One of the most prominent components of the SG are Wide Area Monitoring Systems (WAMS). WAMS are a modern platform for grid-wide information, communication, and coordination that play a major role in maintaining the stability of the grid against major disturbances. In this thesis, an anomaly detection framework is proposed to identify False Data Injection (FDI) attacks in WAMS using different Machine Learning (ML) and Deep Learning (DL) techniques, i.e., Deep Autoencoders (DAE), Long-Short Term Memory (LSTM), and One-Class Support Vector Machine (OC-SVM). These algorithms leverage diverse, complex, and high-volume power measurements coming from communications between different components of the grid to detect intelligent FDI attacks. The injected false data is assumed to target several major WAMS monitoring applications, such as Voltage Stability Monitoring (VSM), and Phase Angle Monitoring (PAM). The attack vector is considered to be smartly crafted based on the power system data, so that it can pass the conventional bad data detection schemes and remain stealthy. Due to the lack of realistic attack data, machine learning-based anomaly detection techniques are used to detect FDI attacks. To demonstrate the impact of attacks on the realistic WAMS traffic and to show the effectiveness of the proposed detection framework, a Hardware-In-the-Loop (HIL) co-simulation testbed is developed. The performance of the implemented techniques is compared on the testbed data using different metrics: Accuracy, F1 score, and False Positive Rate (FPR) and False Negative Rate (FNR). The IEEE 9-bus and IEEE 39-bus systems are used as benchmarks to investigate the framework scalability. The experimental results prove the effectiveness of the proposed models in detecting FDI attacks in WAMS

The Role of Deep Learning in Advancing Proactive Cybersecurity Measures for Smart Grid Networks: A Survey

As smart grids (SG) increasingly rely on advanced technologies like sensors and communication systems for efficient energy generation, distribution, and consumption, they become enticing targets for sophisticated cyberattacks. These evolving threats demand robust security measures to maintain the stability and resilience of modern energy systems. While extensive research has been conducted, a comprehensive exploration of proactive cyber defense strategies utilizing Deep Learning (DL) in {SG} remains scarce in the literature. This survey bridges this gap, studying the latest DL techniques for proactive cyber defense. The survey begins with an overview of related works and our distinct contributions, followed by an examination of SG infrastructure. Next, we classify various cyber defense techniques into reactive and proactive categories. A significant focus is placed on DL-enabled proactive defenses, where we provide a comprehensive taxonomy of DL approaches, highlighting their roles and relevance in the proactive security of SG. Subsequently, we analyze the most significant DL-based methods currently in use. Further, we explore Moving Target Defense, a proactive defense strategy, and its interactions with DL methodologies. We then provide an overview of benchmark datasets used in this domain to substantiate the discourse.{ This is followed by a critical discussion on their practical implications and broader impact on cybersecurity in Smart Grids.} The survey finally lists the challenges associated with deploying DL-based security systems within SG, followed by an outlook on future developments in this key field.Comment: To appear in the IEEE internet of Things journa

Classifying resilience approaches for protecting smart grids against cyber threats

Smart grids (SG) draw the attention of cyber attackers due to their vulnerabilities, which are caused by the usage of heterogeneous communication technologies and their distributed nature. While preventing or detecting cyber attacks is a well-studied field of research, making SG more resilient against such threats is a challenging task. This paper provides a classification of the proposed cyber resilience methods against cyber attacks for SG. This classification includes a set of studies that propose cyber-resilient approaches to protect SG and related cyber-physical systems against unforeseen anomalies or deliberate attacks. Each study is briefly analyzed and is associated with the proper cyber resilience technique which is given by the National Institute of Standards and Technology in the Special Publication 800-160. These techniques are also linked to the different states of the typical resilience curve. Consequently, this paper highlights the most critical challenges for achieving cyber resilience, reveals significant cyber resilience aspects that have not been sufficiently considered yet and, finally, proposes scientific areas that should be further researched in order to enhance the cyber resilience of SG.Open Access funding provided thanks to the CRUE-CSIC agreement with Springer Nature. Funding for open access charge: Universidad de Málaga / CBUA

ASGARDS-H: Enabling Advanced Smart Grid cyber-physical Attacks, Risk and Data Studies with HELICS

Smart infrastructures are increasingly built with cyber-physical systems that connect physical operational technology (OT) devices, networks and systems over a cyberspace of ubiquitous information technology (IT). A key objective of such interconnection is to offer a data coverage that will enable comprehensive visibility of dynamic environments and events. The arrival of Internet-of-Things, 5G, and beyond in smart infrastructures will enable the collection of unprecedented volumes of data from these various sources for critical visibility of the entire infrastructure with advanced situational awareness. To break the barriers between the different data silos that limit advanced machine learning techniques against cyber-physical attacks and damages and to allow the development of advanced cross-domain awareness models, the thesis tried to develop a modular, complete and scalable co-simulation platform allowing the generation of standardized datasets for research and development of smart distribution grid security. It addresses the lack of realistic training and testing data for machine learning models to enable the development of more advanced techniques. Our contributions are as follows. First, a modular platform for software-based co-simulation testbed generation is developed using the HELICS co-simulation framework. Second, scenarios of instabilities, faults, cyber-physical attacks are built to allow the generation of a realistic and multi-sourced dataset. Third, well-defined datasets are generated from the developed scenarios to enable and empower data-driven approaches toward smart distribution grid security