Survey on synchrophasor data quality and cybersecurity challenges, and evaluation of their interdependencies

Synchrophasor devices guarantee situation awareness for real-time monitoring and operational visibility of smart grid. With their widespread implementation, significant challenges have emerged, especially in communication, data quality and cybersecurity. The existing literature treats these challenges as separate problems, when in reality, they have a complex interplay. This paper conducts a comprehensive review of quality and cybersecurity challenges for synchrophasors, and identifies the interdependencies between them. It also summarizes different methods used to evaluate the dependency and surveys how quality checking methods can be used to detect potential cyberattacks. This paper serves as a starting point for researchers entering the fields of synchrophasor data analytics and security

Synchrophasors: Multilevel Assessment and Data Quality Improvement for Enhanced System Reliability

. This study presents a comprehensive framework for testing and evaluation of Phasor Measurement Units (PMUs) and synchrophasor systems under normal power system operating conditions, as well as during disturbances such as faults and transients. The proposed framework suggests a performance assessment to be conducted in three steps: (a) type testing: conducted in the synchrophasor calibration laboratory according to accepted industrial standards; (b) application testing: conducted to evaluate the performance of the PMUs under faults, transients, and other disturbances in power systems; (c) end-to-end system testing: conducted to assess the risk and quantify the impact of measurement errors on the applications of interest. The suggested calibration toolset (type testing) enables performance characterization of different design alternatives in a standalone PMU (e.g., length of phasor estimation windows, filtering windows, reporting rates, etc.). In conjunction with the standard performance requirements, this work defines new metrics for PMU performance evaluations under any static and dynamic conditions that may unfold in the grid. The new metrics offer a more realistic understanding of the overall PMU performance and help users choose the appropriate device/settings for the target applications. Furthermore, the proposed probabilistic techniques quantify the PMU accuracy to various test performance thresholds specified by corresponding IEEE standards, rather than having only the pass/fail test outcome, as well as the probability of specific failures to meet the standard requirements defined in terms of the phasor, frequency, and rate of change of frequency accuracy. Application testing analysis encompasses PMU performance evaluation under faults and other prevailing conditions, and offers a realistic assessment of the PMU measurement errors in real-world field scenarios and reveals additional performance characteristics that are crucial for the overall application evaluation. End-to-end system tests quantify the impact of synchrophasor estimation errors and their propagation from the PMU towards the end-use applications and evaluate the associated risk. In this work, extensive experimental results demonstrate the advantages of the proposed framework and its applicability is verified through two synchrophasor applications, namely: Fault Location and Modal Analysis. Finally, a data-driven technique (Principal Component Pursuit) is proposed for the correction and completion of the synchrophasor data blocks, and its application and effectiveness is validated in modal analyzes

Proactive defense strategies against net load redistribution attacks in cyber-physical smart grids

Doctor of PhilosophyDepartment of Electrical and Computer EngineeringHongyu WuRecent advances in the cyber-physical smart grid (CPSG) have enabled a broad range of new devices based on information and communication technology (ICT). An open network environment in CPSG provides frequent interaction between information and physical components. However, this interaction also exposes the ICT-enabled devices to a growing threat of cyberattacks. Such threats have been alerted by recent cybersecurity incidents, and the security issues have strongly restricted the development of CPSG. Among various CPS cybersecurity incidents, cyber data attacks invade the cyber layer to destroy data integrity. Through elaborately eavesdropping on the transferred measurement data, the attacks can mislead the state estimation (SE) while keeping stealthy to conventional bad data detection (BDD). Due to the SE being the critical function of CPSG control, the cyber data attacks may cause massive economic loss, power system instability, or even cascading failures. Therefore, this dissertation focuses on the detection of stealthy data integrity attacks. This dissertation first performs a thorough review of the state-of-the-art cyber-physical security of the smart grid. By focusing on the physical layer of the CPSG, this work provides an abstracted and unified state-space model in which cyber-physical attack and defense models can be effectively generalized. The existing cyber-physical attacks are categorized in terms of their target components. In addition, this work discusses several operational and informational defense approaches that present the current state-of-the-art in the field, including moving target defense (MTD), watermarking, and data-driven strategies. The challenges and future opportunities associated with the smart grid cyber-physical security is also discussed. Further, a real-time digital simulator, namely Typhoon HIL, is utilized to visualize the random MTD against false data injection (FDI) attacks. Given the review section as a background, a hidden, coordinated net load redistribution attack (NLRA) in an AC distribution system is proposed. The attacker's goal is to create violations in nodal voltage magnitude estimation. An attacker can implement the NLRA strategy by using the local information of an attack region and power flow enhanced deep learning (PFEDL) state estimators. The NLRA is modeled as an attacker's modified AC optimal power flow problem to maximize the attack impact. Case study results indicate the PFEDL-based SE can provide the attacker with accurate system states in a low observable distribution system where conventional lease square-based SE cannot converge. The stealthiness of the hidden NLRA is validated in multiple attack cases. The influence of NLRA on the distribution system is assessed, and the impact of attack regions, attack timing, and attack area size are also revealed. Next, this dissertation highlights that current MTD strategies myopically perturb the reactance of D-FACTS lines without considering the system voltage stability. Voltage instability induced by MTDs is illustrated in a three-bus system and two more complicated systems with real-world load profiles. Further, a novel MTD framework that explicitly considers system voltage stability using continuation power flow and voltage stability indices is proposed to avoid MTD-induced voltage instability. In addition, this dissertation mathematically derives the sensitivity matrix of voltage stability index to line impedance, on which an optimization problem for maximizing voltage stability index is formulated. This framework is tested on the IEEE 14-bus and the IEEE 118-bus transmission systems, in which sophisticated attackers launch NLRAs. The simulation results show the effectiveness of the proposed framework in circumventing voltage instability while maintaining the detection effectiveness of MTD. Case studies are conducted with and without the proposed framework under different MTD planning and operational methods. The impacts of the proposed two methods on attack detection effectiveness and system economic metrics are also revealed. Finally, this dissertation proposes utilizing smart inverters to implement a novel meter encoding scheme in distribution systems. The proposed meter encoding scheme is a software-based active detection method, which neither requires additional hardware devices nor causes system instability, compared with MTD and watermarking. By elaborately constructing the encoding vector, the proposed smart-inverter-based meter encoding can mislead the attacker's SE while being hidden from alert attackers. In addition, by utilizing the topology of radial distribution systems, the proposed encoding scheme encodes fewer meters than current schemes when protecting the same number of buses, which decreases the encoding cost. Simulation results from the IEEE 69-bus distribution system demonstrate that the proposed meter encoding scheme can mislead the attacker's state estimation on all the downstream buses of an encoded bus without arousing the attacker's suspicion. FDI attacks constructed based on the misled estimated states are highly possible to trigger the defender's BDD alarm

Synchrophasors: Multilevel Assessment and Data Quality Improvement for Enhanced System Reliability

. This study presents a comprehensive framework for testing and evaluation of Phasor Measurement Units (PMUs) and synchrophasor systems under normal power system operating conditions, as well as during disturbances such as faults and transients. The proposed framework suggests a performance assessment to be conducted in three steps: (a) type testing: conducted in the synchrophasor calibration laboratory according to accepted industrial standards; (b) application testing: conducted to evaluate the performance of the PMUs under faults, transients, and other disturbances in power systems; (c) end-to-end system testing: conducted to assess the risk and quantify the impact of measurement errors on the applications of interest. The suggested calibration toolset (type testing) enables performance characterization of different design alternatives in a standalone PMU (e.g., length of phasor estimation windows, filtering windows, reporting rates, etc.). In conjunction with the standard performance requirements, this work defines new metrics for PMU performance evaluations under any static and dynamic conditions that may unfold in the grid. The new metrics offer a more realistic understanding of the overall PMU performance and help users choose the appropriate device/settings for the target applications. Furthermore, the proposed probabilistic techniques quantify the PMU accuracy to various test performance thresholds specified by corresponding IEEE standards, rather than having only the pass/fail test outcome, as well as the probability of specific failures to meet the standard requirements defined in terms of the phasor, frequency, and rate of change of frequency accuracy. Application testing analysis encompasses PMU performance evaluation under faults and other prevailing conditions, and offers a realistic assessment of the PMU measurement errors in real-world field scenarios and reveals additional performance characteristics that are crucial for the overall application evaluation. End-to-end system tests quantify the impact of synchrophasor estimation errors and their propagation from the PMU towards the end-use applications and evaluate the associated risk. In this work, extensive experimental results demonstrate the advantages of the proposed framework and its applicability is verified through two synchrophasor applications, namely: Fault Location and Modal Analysis. Finally, a data-driven technique (Principal Component Pursuit) is proposed for the correction and completion of the synchrophasor data blocks, and its application and effectiveness is validated in modal analyzes

Threat Assessment for Multistage Cyber Attacks in Smart Grid Communication Networks

In smart grids, managing and controlling power operations are supported by information and communication technology (ICT) and supervisory control and data acquisition (SCADA) systems. The increasing adoption of new ICT assets in smart grids is making smart grids vulnerable to cyber threats, as well as raising numerous concerns about the adequacy of current security approaches. As a single act of penetration is often not sufficient for an attacker to achieve his/her goal, multistage cyber attacks may occur. Due to the interdependence between the power grid and the communication network, a multistage cyber attack not only affects the cyber system but impacts the physical system. This thesis investigates an application-oriented stochastic game-theoretic cyber threat assessment framework, which is strongly related to the information security risk management process as standardized in ISO/IEC 27005. The proposed cyber threat assessment framework seeks to address the specific challenges (e.g., dynamic changing attack scenarios and understanding cascading effects) when performing threat assessments for multistage cyber attacks in smart grid communication networks. The thesis looks at the stochastic and dynamic nature of multistage cyber attacks in smart grid use cases and develops a stochastic game-theoretic model to capture the interactions of the attacker and the defender in multistage attack scenarios. To provide a flexible and practical payoff formulation for the designed stochastic game-theoretic model, this thesis presents a mathematical analysis of cascading failure propagation (including both interdependency cascading failure propagation and node overloading cascading failure propagation) in smart grids. In addition, the thesis quantifies the characterizations of disruptive effects of cyber attacks on physical power grids. Furthermore, this thesis discusses, in detail, the ingredients of the developed stochastic game-theoretic model and presents the implementation steps of the investigated stochastic game-theoretic cyber threat assessment framework. An application of the proposed cyber threat assessment framework for evaluating a demonstrated multistage cyber attack scenario in smart grids is shown. The cyber threat assessment framework can be integrated into an existing risk management process, such as ISO 27000, or applied as a standalone threat assessment process in smart grid use cases

Spatio-Temporal Characterization of Synchrophasor Data Against Spoofing Attacks in Smart Grids

"Source ID Mix" has emerged as a new type of highly deceiving attack which can alter the source information of synchrophasor data measured by multiple phasor measurement units, thereby paralyzing many wide-area measurement systems applications. To address such sophisticated cyber attacks, we have exploited the spatio-temporal characteristics of synchrophasor data for authenticating measurements' source information. Specifically, the source authentication is performed when the measurements are subjected to three types of spoofing attacks. Some practical difficulties in applying the proposed method on real-time authentication caused by insufficient measurement data have also been solved. Experimental results with real synchrophasor measurements have validated the effectiveness of the proposed method in detecting such complicated data spoofing and improving power systems' cyber security