Impact Assessment of Hypothesized Cyberattacks on Interconnected Bulk Power Systems

The first-ever Ukraine cyberattack on power grid has proven its devastation by hacking into their critical cyber assets. With administrative privileges accessing substation networks/local control centers, one intelligent way of coordinated cyberattacks is to execute a series of disruptive switching executions on multiple substations using compromised supervisory control and data acquisition (SCADA) systems. These actions can cause significant impacts to an interconnected power grid. Unlike the previous power blackouts, such high-impact initiating events can aggravate operating conditions, initiating instability that may lead to system-wide cascading failure. A systemic evaluation of "nightmare" scenarios is highly desirable for asset owners to manage and prioritize the maintenance and investment in protecting their cyberinfrastructure. This survey paper is a conceptual expansion of real-time monitoring, anomaly detection, impact analyses, and mitigation (RAIM) framework that emphasizes on the resulting impacts, both on steady-state and dynamic aspects of power system stability. Hypothetically, we associate the combinatorial analyses of steady state on substations/components outages and dynamics of the sequential switching orders as part of the permutation. The expanded framework includes (1) critical/noncritical combination verification, (2) cascade confirmation, and (3) combination re-evaluation. This paper ends with a discussion of the open issues for metrics and future design pertaining the impact quantification of cyber-related contingencies

Application of Complex Network Theory in Power System Security Assessment

The power demand increases every year around the world with the growth of population and the expansion of cities. Meanwhile, the structure of a power system becomes increasing complex. Moreover, increasing renewable energy sources (RES) has linked to the power network at different voltage levels. These new features are expected to have a negative impact on the security of the power system. In recent years, complex network (CN) theory has been studied intensively in solving practical problems of large-scale complex systems. A new direction for power system security assessment has been provided with the developments in the CN field. In this thesis, we carry out investigations on models and approaches that aim to make the security assessment from an overview system level with CN theory. Initially, we study the impact of the renewable energy (RE) penetration level on the vulnerability in the future grid (FG). Data shows that the capacity of RE has been increasing over by 10% annually all over the world. To demonstrate the impact of unpredictable fluctuating characteristics of RES on the power system stability, a CN model given renewable energy integration for the vulnerability analysis is introduced. The numerical simulations are investigated based on the simplified 14-generator model of the South Eastern Australia power system. Based on the simulation results, the impact of different penetrations of RES and demand side management on the Australian FG is discussed. Secondly, the distributed optimization performance of the communication network topology in the photovoltaic (PV) and energy storage (ES) combined system is studied with CN theory. A Distributed Alternating Direction Method of Multipliers (D-ADMM) is proposed to accelerate the convergence speed in a large dimensional communication system. It is shown that the dynamic performance of this approach is highly-sensitive to the communication network topology. We study the variation of convergence speed under different communication network topology. Based on this research, guidance on how to design a relatively more optimal communication network is given as well. Then, we focus on a new model of vulnerability analysis. The existing CN models usually neglect the detailed electrical characteristics of a power grid. In order to address the issue, an innovative model which considers power flow (PF), one of the most important characteristics in a power system, is proposed for the analysis of power grid vulnerability. Moreover, based on the CN theory and the Max-Flow theorem, a new vulnerability index is presented to identify the vulnerable lines in a power system. The comparative simulations between the power flow model and existing models are investigated on the IEEE 118-bus system. Based on the PF model, we improve a power system cascading risk assessment model. In this research the risk is defined by the consequence and probabilities of the failures in the system, which is affected by both power factors and the network structure. Furthermore, a cascading event simulation module is designed to identify the cascading chain in the system during a failure. This innovation can form a better module for the cascading risk assessment of a power system. Finally, we argue that the current cyber-physical network model have their limitations and drawbacks. The existing “point-wise” failure model is not appropriate to present the interdependency of power grid and communication network. The interactions between those two interdependent networks are much more complicated than they were described in some the prior literatures. Therefore, we propose a new interdependency model which is based on earlier research in this thesis. The simulation results confirm the effectiveness of the new model in explaining the cascading mechanism in this kind of networks

Modeling, Simulation, and Analysis of Cascading Outages in Power Systems

Interconnected power systems are prone to cascading outages leading to large-area blackouts. Modeling, simulation, analysis, and mitigation of cascading outages are still challenges for power system operators and planners.Firstly, the interaction model and interaction graph proposed by [27] are demonstrated on a realistic Northeastern Power Coordinating Council (NPCC) power system, identifying key links and components that contribute most to the propagation of cascading outages. Then a multi-layer interaction graph for analysis and mitigation of cascading outages is proposed. It provides a practical, comprehensive framework for prediction of outage propagation and decision making on mitigation strategies. It has multiple layers to respectively identify key links and components, which contribute the most to outage propagation. Based on the multi-layer interaction graph, effective mitigation strategies can be further developed. A three-layer interaction graph is constructed and demonstrated on the NPCC power system.Secondly, this thesis proposes a novel steady-state approach for simulating cascading outages. The approach employs a power flow-based model that considers static power-frequency characteristics of both generators and loads. Thus, the system frequency deviation can be calculated under cascading outages and control actions such as under-frequency load shedding can be simulated. Further, a new AC optimal power flow model considering frequency deviation (AC-OPFf) is proposed to simulate remedial control against system collapse. Case studies on the two-area, IEEE 39-bus, and NPCC power systems show that the proposed approach can more accurately capture the propagation of cascading outages when compared with a conventional approach using the conventional power flow and AC optimal power flow models.Thirdly, in order to reduce the potential risk caused by cascading outages, an online strategy of critical component-based active islanding is proposed. It is performed when any component belonging to a predefined set of critical components is involved in the propagation path. The set of critical components whose fail can cause large risk are identified based on the interaction graph. Test results on the NPCC power system show that the cascading outage risk can be reduced significantly by performing the proposed active islanding when compared with the risk of other scenarios without active islanding

Reliability Evaluation and Defense Strategy Development for Cyber-physical Power Systems

With the smart grid initiatives in recent years, the electric power grid is rapidly evolving into a complicated and interconnected cyber-physical system. Unfortunately, the wide deployment of cutting-edge communication, control and computer technologies in the power system, as well as the increasing terrorism activities, make the power system at great risk of attacks from both cyber and physical domains. It is pressing and meaningful to investigate the plausible attack scenarios and develop efficient methods for defending the power system against them. To defend the power grid, it is critical to first study how the attacks could happen and affect the power system, which are the basis for the defense strategy development. Thus, this dissertation quantifies the influence of several typical attacks on power system reliability. Specifically, three representative attack are considered, i.e., intrusion against substations, regional LR attack, and coordinated attacks. For the intrusion against substations, the occurrence frequency of the attack events is modeled based on statistical data and human dynamics; game-theoretical approaches are adopted to model induvial and consecutive attack cases; Monte Carlo simulation is deployed to obtain the desired reliability indices, which incorporates both the attacks and the random failures. For the false data injection attack, a practical regional load redistribution (LR) attack strategy is proposed; the man-in-the-middle (MITM) intrusion process is modeled with a semi-Markov process method; the reliability indices are obtained based on the regional LR attack strategy and the MITM intrusion process using Monte Carlo simulation. For the coordinated attacks, a few typical coordination strategies are proposed considering attacking the current-carrying elements as well as attacking the measurements; a bilevel optimization method is applied to develop the optimal coordination strategy. Further, efficient and effective defense strategies are proposed from the perspectives of power system operation strategy and identification of critical elements. Specially, a robustness-oriented power grid operation strategy is proposed considering the element random failures and the risk of man-made attacks. Using this operation strategy, the power system operation is robust, and can minimize the load loss in case of malicious man-made attacks. Also, a multiple-attack-scenario (MAS) defender-attack-defender model is proposed to identify the critical branches that should be defended when an attack is anticipated but the defender has uncertainty about the capability of the attacker. If those identified critical branches are protected, the expected load loss will be minimal

Intelligent Novel Methods for Identifying Critical Components and Their Combinations for Hypothesized Cyber-physical Attacks Against Electric Power Grids

As a revolutionary change to the traditional power grid, the smart grid is expected to introduce a myriad of noteworthy benefits by integrating the advanced information and communication technologies in terms of system costs, reliability, environmental impacts, operational flexibility, etc. However, the wider deployment of cyber networks in the power grid will bring about important issues on power system cyber security. Meanwhile, the power grid is becoming more vulnerable to various physical attacks due to vandalism and probable terrorist attacks. In an envisioned smart grid environment, attackers have more entry points to various parts of the power grid for launching a well-planned and highly destructive attack in a coordinated manner. Thus, it is important to address the smart grid cyber-physical security issues in order to strengthen the robustness and resiliency of the smart grid in the face of various adverse events. One key step of this research topic is to efficiently identify the vulnerable parts of the smart grid. In this thesis, from the perspective of smart grid cyber-physical security, three critical component combination identification methods are proposed to reveal the potential vulnerability of the smart grid. First, two performance indices based critical component combination recognition methods are proposed for more effectively identifying the critical component combinations in the multi-component attack scenarios. The optimal selection of critical components is determined according to the criticality of the components, which can be modeled by various performance indices. Further, the space-pruning based enumerative search strategy is investigated to comprehensively and effectively identify critical combinations of multiple same or different types of components. The pruned search space is generated based on the criticality of potential target component which is obtained from low-order enumeration data. Specifically, the combinatorial line-generator attack strategy is investigated by exploring the strategy for attacking multiple different types of components. Finally, an effective, novel approach is proposed for identifying critical component combinations, which is termed search space conversion and reduction strategy based intelligent search method (SCRIS). The conversion and reduction of the search space is achieved based on the criticality of the components which is obtained from an efficient sampling method. The classic intelligent search algorithm, Particle Swarm Optimization (PSO), is improved and deployed for more effectively identifying critical component combinations. MATLAB is used as the simulation platform in this study. The IEEE 30, 39, 118 and Polish 2383-bus systems are adopted for verifying the effectiveness of the proposed attack strategies. According to the simulation results, the proposed attack strategies turn out to be effective and computationally efficient. This thesis can provide some useful insight into vulnerability identification in a smart grid environment, and defensive strategies can be developed in view of this work to prevent malicious coordinated multi-component attacks which may initiate cascading failures in a cyber-physical environment

Cyber-Physical Power System (CPPS): A Review on Modelling, Simulation, and Analysis with Cyber Security Applications

Cyber-Physical System (CPS) is a new kind of digital technology that increases its attention across academia, government, and industry sectors and covers a wide range of applications like agriculture, energy, medical, transportation, etc. The traditional power systems with physical equipment as a core element are more integrated with information and communication technology, which evolves into the Cyber-Physical Power System (CPPS). The CPPS consists of a physical system tightly integrated with cyber systems (control, computing, and communication functions) and allows the two-way flows of electricity and information for enabling smart grid technologies. Even though the digital technologies monitoring and controlling the electric power grid more efficiently and reliably, the power grid is vulnerable to cybersecurity risk and involves the complex interdependency between cyber and physical systems. Analyzing and resolving the problems in CPPS needs the modelling methods and systematic investigation of a complex interaction between cyber and physical systems. The conventional way of modelling, simulation, and analysis involves the separation of physical domain and cyber domain, which is not suitable for the modern CPPS. Therefore, an integrated framework needed to analyze the practical scenario of the unification of physical and cyber systems. A comprehensive review of different modelling, simulation, and analysis methods and different types of cyber-attacks, cybersecurity measures for modern CPPS is explored in this paper. A review of different types of cyber-attack detection and mitigation control schemes for the practical power system is presented in this paper. The status of the research in CPPS around the world and a new path for recommendations and research directions for the researchers working in the CPPS are finally presented.publishedVersio

Impact Assessment, Detection, And Mitigation Of False Data Attacks In Electrical Power Systems

The global energy market has seen a massive increase in investment and capital flow in the last few decades. This has completely transformed the way power grids operate - legacy systems are now being replaced by advanced smart grid infrastructures that attest to better connectivity and increased reliability. One popular example is the extensive deployment of phasor measurement units, which is referred to PMUs, that constantly provide time-synchronized phasor measurements at a high resolution compared to conventional meters. This enables system operators to monitor in real-time the vast electrical network spanning thousands of miles. However, a targeted cyber attack on PMUs can prompt operators to take wrong actions that can eventually jeopardize the power system reliability. Such threats originating from the cyber-space continue to increase as power grids become more dependent on PMU communication networks. Additionally, these threats are becoming increasingly efficient in remaining undetected for longer periods while gaining deep access into the power networks. An attack on the energy sector immediately impacts national defense, emergency services, and all aspects of human life. Cyber attacks against the electric grid may soon become a tactic of high-intensity warfare between nations in near future and lead to social disorder. Within this context, this dissertation investigates the cyber security of PMUs that affects critical decision-making for a reliable operation of the power grid. In particular, this dissertation focuses on false data attacks, a key vulnerability in the PMU architecture, that inject, alter, block, or delete data in devices or in communication network channels. This dissertation addresses three important cyber security aspects - (1) impact assessment, (2) detection, and (3) mitigation of false data attacks. A comprehensive background of false data attack models targeting various steady-state control blocks is first presented. By investigating inter-dependencies between the cyber and the physical layers, this dissertation then identifies possible points of ingress and categorizes risk at different levels of threats. In particular, the likelihood of cyber attacks against the steady-state power system control block causing the worst-case impacts such as cascading failures is investigated. The case study results indicate that false data attacks do not often lead to widespread blackouts, but do result in subsequent line overloads and load shedding. The impacts are magnified when attacks are coordinated with physical failures of generators, transformers, or heavily loaded lines. Further, this dissertation develops a data-driven false data attack detection method that is independent of existing in-built security mechanisms in the state estimator. It is observed that a convolutional neural network classifier can quickly detect and isolate false measurements compared to other deep learning and traditional classifiers. Finally, this dissertation develops a recovery plan that minimizes the consequence of threats when sophisticated attacks remain undetected and have already caused multiple failures. Two new controlled islanding methods are developed that minimize the impact of attacks under the lack of, or partial information on the threats. The results indicate that the system operators can successfully contain the negative impacts of cyber attacks while creating stable and observable islands. Overall, this dissertation presents a comprehensive plan for fast and effective detection and mitigation of false data attacks, improving cyber security preparedness, and enabling continuity of operations