Secure Control and Operation of Energy Cyber-Physical Systems Through Intelligent Agents

The operation of the smart grid is expected to be heavily reliant on microprocessor-based control. Thus, there is a strong need for interoperability standards to address the heterogeneous nature of the data in the smart grid. In this research, we analyzed in detail the security threats of the Generic Object Oriented Substation Events (GOOSE) and Sampled Measured Values (SMV) protocol mappings of the IEC 61850 data modeling standard, which is the most widely industry-accepted standard for power system automation and control. We found that there is a strong need for security solutions that are capable of defending the grid against cyber-attacks, minimizing the damage in case a cyber-incident occurs, and restoring services within minimal time. To address these risks, we focused on correlating cyber security algorithms with physical characteristics of the power system by developing intelligent agents that use this knowledge as an important second line of defense in detecting malicious activity. This will complement the cyber security methods, including encryption and authentication. Firstly, we developed a physical-model-checking algorithm, which uses artificial neural networks to identify switching-related attacks on power systems based on load flow characteristics. Secondly, the feasibility of using neural network forecasters to detect spoofed sampled values was investigated. We showed that although such forecasters have high spoofed-data-detection accuracy, they are prone to the accumulation of forecasting error. In this research, we proposed an algorithm to detect the accumulation of the forecasting error based on lightweight statistical indicators. The effectiveness of the proposed algorithms was experimentally verified on the Smart Grid testbed at FIU. The test results showed that the proposed techniques have a minimal detection latency, in the range of microseconds. Also, in this research we developed a network-in-the-loop co-simulation platform that seamlessly integrates the components of the smart grid together, especially since they are governed by different regulations and owned by different entities. Power system simulation software, microcontrollers, and a real communication infrastructure were combined together to provide a cohesive smart grid platform. A data-centric communication scheme was selected to provide an interoperability layer between multi-vendor devices, software packages, and to bridge different protocols together

Automation, Protection and Control of Substation Based on IEC 61850

Reliability of power system protection system has been a key issue in the substation operation due to the use of multi-vendor equipment of proprietary features, environmental issues, and complex fault diagnosis. Failure to address these issues could have a significant effect on the performance of the entire electricity grid. With the introduction of IEC 61850 standard, substation automation system (SAS) has significantly altered the scenario in utilities and industries as indicated in this thesis

Denial-of-service attack on iec 61850-based substation automation system: A crucial cyber threat towards smart substation pathways

The generation of the mix-based expansion of modern power grids has urged the utilization of digital infrastructures. The introduction of Substation Automation Systems (SAS), advanced networks and communication technologies have drastically increased the complexity of the power system, which could prone the entire power network to hackers. The exploitation of the cyber security vulnerabilities by an attacker may result in devastating consequences and can leave millions of people in severe power outage. To resolve this issue, this paper presents a network model developed in OPNET that has been subjected to various Denial of Service (DoS) attacks to demonstrate cyber security aspect of an international electrotechnical commission (IEC) 61850 based digital substations. The attack scenarios have exhibited significant increases in the system delay and the prevention of messages, i.e., Generic Object-Oriented Substation Events (GOOSE) and Sampled Measured Values (SMV), from being transmitted within an acceptable time frame. In addition to that, it may cause malfunction of the devices such as unresponsiveness of Intelligent Electronic Devices (IEDs), which could eventually lead to catastrophic scenarios, especially under different fault conditions. The simulation results of this work focus on the DoS attack made on SAS. A detailed set of rigorous case studies have been conducted to demonstrate the effects of these attacks.Scopu

Generating substation network simulations from substation configuration description files

International audienceThe IEC 61850 standard has become the reference standard for substation configuration in smart electric grids, introducing data and service models to achieve interoperability between the network nodes. As the standard is currently based on the switched Ethernet architecture, there is a lot of work on its performance evaluation for guaranteeing real-time constraints. However, there still lacks a link between the substation configuration and its underlying Ethernet performance models (analytic or simulation). For bridging this gap, we propose in this paper a tool, called Simulation Tool for Analysis of substation netwoRkS (STARS) allowing the performance evaluation of any substation configuration through automatic generation of the corresponding simulation model from the Substation Configuration Description (SCD) file. STARS is based on the OMNeT++ simulator allowing the mapping of a real IEC 61850 system configuration to simulation parameters. It also provides a simple network configuration interface. This paper gives an overview of the STARS features through a simple example and points out its future evolution towards co-simulation of substation control algorithms, network performance, and electric grid behaviors

Review of the State-of-the-Art on Adaptive Protection for Microgrids based on Communications

The dominance of distributed energy resources in microgrids and the associated weather dependency require flexible protection. They include devices capable of adapting their protective settings as a reaction to (potential) changes in system state. Communication technologies have a key role in this system since the reactions of the adaptive devices shall be coordinated. This coordination imposes strict requirements: communications must be available and ultra-reliable with bounded latency in the order of milliseconds. This paper reviews the state-of-the-art in the field and provides a thorough analysis of the main related communication technologies and optimization techniques. We also present our perspective on the future of communication deployments in microgrids, indicating the viability of 5G wireless systems and multi-connectivity to enable adaptive protection.Comment: Accepted to IEEE Trans. on Industrial Informatic

The IEC 61850 sampled measured values protocol: Analysis, threat identification, and feasibility of using NN forecasters to detect spoofed packets \u3csup\u3e†\u3c/sup\u3e

The operation of the smart grid is anticipated to rely profoundly on distributed microprocessor-based control. Therefore, interoperability standards are needed to address the heterogeneous nature of the smart grid data. Since the IEC 61850 emerged as a wide-spread interoperability standard widely accepted by the industry, the Sampled Measured Values method has been used to communicate digitized voltage and current measurements. Realizing that current and voltage measurements (i.e., feedback measurements) are necessary for reliable and secure noperation of the power grid, firstly, this manuscript provides a detailed analysis of the Sampled Measured Values protocol emphasizing its advantages, then, it identifies vulnerabilities in this protocol and explains the cyber threats associated to these vulnerabilities. Secondly, current efforts to mitigate these vulnerabilities are outlined and the feasibility of using neural network forecasters to detect spoofed sampled values is investigated. It was shown that although such forecasters have high spoofed data detection accuracy, they are prone to the accumulation of forecasting error. Accordingly, this paper also proposes an algorithm to detect the accumulation of the forecasting error based on lightweight statistical indicators. The effectiveness of the proposed methods is experimentally verified in a laboratory-scale smart grid testbed

Securing Restricted Publisher-Subscriber Communications in Smart Grid Substations

Smart Grid applications require accurate and correct data transmission from publisher to subscribers with critical communication latency requirements. Since the smart grid is being supported by distributed communication networks, deployed using various wired and wireless technologies, including IP-based networks, securing the communication infrastructure is both critically important and challenging. In this paper, we propose a secure and efficient data delivery scheme, based on a restricted yet dynamic publisher-subscriber architecture, for the published messages from a publisher to the subscribers distributed in the smart grid network. The scheme ensures that the published message is delivered from an authentic publisher to only those authorized subscribers by verifying publisher's signature and access structure of all subscribers. Operation overheads are reduced by performing only one encryption and decryption or hashing per subscriber location using a proxy node as a remote terminal unit. Our analysis shows that the scheme is resistant against replay, man-in-the-middle, and impersonation attacks. Performance evaluation shows that the scheme can support 600 subscribers given the communication latency requirement of 3 ms. We provide the performance of the scheme under different scenarios, and observe that the efficiency of our scheme increases as the ratio of the geographical locations within a substation to the number of subscribers increases

Implementation of IEC 61850 in Solar Applications

IEC 61850 has become one of the core technologies in the substation automation due its high-speed reliable operation Ethernet-based communication with a high security. Its reliability and performance makes a significant contribution to a fail-safe substation operation. IEC 61850 also allows both vertical and horizontal communications in the substation automation. Main characteristic of IEC 61850 is the use of GOOSE messages. All communication services run parallel via one LAN connection and the same GOOSE message can be broadcasted to several IEDs in once. This results in less wiring and faster data exchange between applications. Moreover, one of the core features of IEC 61850 is the interoperability between IEDs from different vendors. The separation of communication and data model allows to reliably retaining engineering data for a long time even if when upgrading or changing the system. IEC publishes updated documentations every while and add new parts to the standard due to the rabidly increase of IEC 61850 applications demand. As the market of solar applications has been increasing last few years, hence, the needs of new technologies to be implemented in solar applications is increasing as well. This thesis beside several other current researches nowadays is investigating the implementation of IEC 61850 in solar applications. The thesis outlines the current needs of solar applications by collecting statistical data using two surveys then concludes the implementation requirement. In the end of the research, IEC 61850 Data sets and current used parameters by Vacon were compared, and simulation example of photovoltaic array is given to conclude the benefits of using IEC 61850 in solar systems.fi=Opinnäytetyö kokotekstinä PDF-muodossa.|en=Thesis fulltext in PDF format.|sv=Lärdomsprov tillgängligt som fulltext i PDF-format

Security of Process Bus in Digital Substation

Cyber security attacks in substations have been a issue for a very long time [1]. It is necessary to secure the communication between devices in substation automation system. Generally, Substation Automation Systems uses Intelligent Electronic devices (IED) for monitoring, control and protection of substation. In the past, single purpose and mostly hard-wire interconnected devices were safety and control devices. More and more features have been built into multi-function intelligent electronic devices (IEDs) over time. The need for contact between the devices in the scheme has increased by increasing the number of functions per unit. The lack of wide-ranging knowledge of data communication technologies, protocols, remote access and risks to cybersecurity would improve the prospects for cyber-initiated events. Enabling support for authentication and authorization, auditability and logging as well as product and system hardening are critical features for safeguarding electric power grids and power networks. The introduction of a centralized account management system in the substation automation system is a simple solution for adding and removing users who have or are deprived of access. For utilities that have to stick to laws, this is a big advantage. The security logging mechanisms are a must in the case of intrusion prevention, finding unexpected use patterns and for safety forensics. It has to be precise, readily distributed and easily gathered [2]. Adopting new solutions for substations. These systems are following standards and trends, as of which one of them is in particular Ethernet and TCP/IP based communication protocols. The substation automation multicast messages are Generic Object Driven Substation Event (GOOSE) and Sampled Measured Value (SMV), Manufacturing Message Specification (MMS). The two recent standards published to protect the systems are IEC 61850 and IEC 62351. The mainstream development for substation automation is IEC61850. It provides an integrated solution for ensuring communication in substation automation between intelligent electronic devices (IED). On the one side, these standard mandates that GOOSE and SV messages must be used by the RSA cryptosystem to provide source authenticity. This report provides a realistic consideration and review of the implementation in a substation automation system of a stable sampled measured value (SeSV) message. IEC Working Group 15 of Technical Committee 57 released IEC62351 on protection for IEC61850 profiles because of the lack of security features in the standard. However, the use of IEC62351 standards-based SV authentication methods is still not integrated and computational capabilities and performance are not validated and checked with commercial-grade devices. Therefore this report demonstrates the performance of SeSV allowed security feature packets transmitted between security and control devices by appending the extended IEC61850 packets to a message authentication code (MAC). A prototype implementation on a low-cost embedded commodity device has shown that with negligible time delay, the MAC-enabled SV message can completely protect the process bus communication in the digital substation.Master of ScienceComputer and Information Science, College of Engineering and Computer ScienceUniversity of Michigan-Dearbornhttp://deepblue.lib.umich.edu/bitstream/2027.42/166307/1/Ramya Karnati Final Thesis.pdfDescription of Ramya Karnati Final Thesis.pdf : Thesi

An Investigation into the testing and commissioning requirements of IEC 61850 Station Bus Substations

The emergence of the new IEC 61850 standard generates a potential to deliver a safe, reliable and effective cost reduction in the way substations are designed and constructed. The IEC 61850 Station Bus systems architecture for a substation protection and automation system is based on a horizontal communication concept replicating what conventional copper wiring performed between Intelligent Electronic Devices (IED’s). The protection and control signals that are traditionally sent and received across a network of copper cables within the substation are now communicated over Ethernet based Local Area Networks (LAN) utilising Generic Object Oriented Substation Event (GOOSE) messages. Implementing a station bus system generates a substantial change to existing design and construction practices. With this significant change, it is critical to develop a methodology for testing and commissioning of protection systems using GOOSE messaging. Analysing current design standards and philosophies established a connection between current conventional practices and future practices using GOOSE messaging at a station bus level. A potential design of the GOOSE messaging protection functions was implemented using the new technology hardware and software. Identification of potential deviations from the design intent, examination of their possible causes and assessment of their consequences was achieved using a Hazard and Operability study (HAZOP). This assessment identified the parts of the intended design that required validating or verifying through the testing and commissioning process. The introduction of a test coverage matrix was developed to identify and optimise the relevant elements, settings, parameters, functions, systems and characteristics that will require validating or verifying through inspection, testing, measurement or simulations during the testing and commissioning process. Research conducted identified hardware and software that would be utilised to validate or verify the IEC 61850 system through inspection, testing, measurement or simulations. The Hazard and Operability study (HAZOP) has been identified as an effective, structured and systematic analysing process that will help identify what hardware, configurations, and functions that require testing and commissioning prior to placing a substation using IEC 61850 Station bus GOOSE messaging into service. This process enables power utilities to understand new challenges and develop testing and commissioning philosophies and quality assurance processes, while providing confidence that the IEC 61850 system will operate in a reliable, effective and secure manner