Impact Assessment of Hypothesized Cyberattacks on Interconnected Bulk Power Systems

The first-ever Ukraine cyberattack on power grid has proven its devastation by hacking into their critical cyber assets. With administrative privileges accessing substation networks/local control centers, one intelligent way of coordinated cyberattacks is to execute a series of disruptive switching executions on multiple substations using compromised supervisory control and data acquisition (SCADA) systems. These actions can cause significant impacts to an interconnected power grid. Unlike the previous power blackouts, such high-impact initiating events can aggravate operating conditions, initiating instability that may lead to system-wide cascading failure. A systemic evaluation of "nightmare" scenarios is highly desirable for asset owners to manage and prioritize the maintenance and investment in protecting their cyberinfrastructure. This survey paper is a conceptual expansion of real-time monitoring, anomaly detection, impact analyses, and mitigation (RAIM) framework that emphasizes on the resulting impacts, both on steady-state and dynamic aspects of power system stability. Hypothetically, we associate the combinatorial analyses of steady state on substations/components outages and dynamics of the sequential switching orders as part of the permutation. The expanded framework includes (1) critical/noncritical combination verification, (2) cascade confirmation, and (3) combination re-evaluation. This paper ends with a discussion of the open issues for metrics and future design pertaining the impact quantification of cyber-related contingencies

Cascading verification initiated by switching attacks through compromised digital relays

Attackers are able to enumerate all devices and computers within a compromised substation network. Digital relays deployed in the substation are the devices with IP addresses that can be discovered in the process of trial-and-error search. This paper is concerned with studies of cyberattacks manipulating digital relays to disruptively disconnect the associated breakers. The plausible enumeration of such disruptive attack for each relay in a substation is verified with the dynamic simulation studies with the special protection system for frequency, voltage, and rotor angle stability. A pertinent approach with smaller scale contingency analysis results is proposed to reduce the enormous computation burden. The devised enumeration reduction method is evaluated using IEEE test cases. The proposed method provides an extensive enumeration strategy that can be used by utility engineers to identify the pivotal relays in the system and can be further strengthened with security protection

Distribution Emergency Operation

Reducing power outage time to each customer is essential to the overall distribution reliability. This book provides the fundamentals of emergency operation using a graph-theoretic approach and exploration of the subsystem(s) that address the operational aspects of electrical fault occurrence to determine possible feeder reconfiguration. The localization of a faulted segment within a feeder involves remote-controlled normally open (NO) and normally closed (NC) switches through supervisory control and data acquisition (SCADA) between radially energized, interconnected feeders. Topics cover: (1) Data extraction from geographic information systems (GIS), (2) Graph modeling of distribution feeders, (3) Programming for backward/forward sweeping unbalanced power flow, (4) Short circuit analysis and fault localization, (5) Fault isolation, temporary and full service restoration, (6) Outage management and crew coordination, (7) Trouble call tickets and escalation to search for fault, and (8) Emerging subject of distribution management systems (DMS)

Preventative maintenance for advanced metering infrastructure against malware propagation

Advanced metering infrastructure (AMI) deployment has been widely promoted in recent years to improve the accuracy of billing information as well as to facilitate implementation of demand response. Information integrity and availability of the devices is crucial to the billing information that should reflect accurately on how much the household energy is consumed. The IP-based smart metering devices may exist with unknown vulnerabilities that can introduce backdoors to enable worm propagation across AMI network. The infected devices can be attack agents that would largely disable the metering functionalities or manipulate control variables of each meter. This paper proposes an optimal frequency of on-site investigation and the number of monitoring verification to investigate potential anomalies of malware footprinting by applying the decision process framework of Markovian. The proposed method determines the best inspection strategies based on the observation from the existing anomaly detectors deployed in the network. The considerations include malware propagation characteristics, accuracy of anomaly detectors, and investigation and diagnosis costs. Four scenarios are simulated using the proposed method, demonstrating the effectiveness of investigation on potentially infected electronic meters within an AMI network

Strategic FRTU deployment considering cybersecurity in secondary distribution network

This paper is concerned about strategic deployment of feeder remote terminal unit (FRTU) in primary network by considering cybersecurity of distribution secondary network. First, detection of historical anomaly load profile in secondary network is assumed to be observable. These irregularities of historical energy usages can be determined from consumer billing centers using proposed cybersecurity metrics. While it is constrained by budget on the number of FRTUs that can be deployed, the proposed algorithm identifies pivotal locations of a distribution feeder to install the FRTUs in different time horizons. The simulation results show that the infrastructure enhancement using proposed multistage method improves investment planning for distribution systems. © 2010-2012 IEEE

Risk evaluation for hypothesized multiple busbar outages

© 2014 IEEE. Online N - 1 or higher order contingencies presented at the control center console are enforced to ensure that the system can withstand a sudden disturbance under abnormal operating conditions. As the communication has evolved toward IP-based platform that further integrates with the physical facilities of substation protection, a potential cyberattack upon certain protection schemes can weaken the system operating conditions. Bus differential relays are one of the protection schemes that can de-energize and isolate partial/entire substation from the system due to the large number of components connected to it. The reverse pyramid model (RPM) is proposed in this work to systematically enumerate the combinations of hypothesized electrical disconnection protected by busbar differential relays in a substation. Two metrics are introduced: (1) bottleneck combination list and (2) risk index for individual busbars. These indices are provided to help dispatchers in the control centers with systems security readiness and decision making

Cyber-contingency evaluation for multiple hypothesized substation outages

The transformation of substation operations from mechanical relays to microprocessor-based intelligent devices has enhanced the communication framework for power system protection. In recent years, the implementation of Internet protocol (IP)-based communication between a substation network and control center has raised its criticality with regard to potential cyber-threats. This paper is concerned with cyber-contingency evaluation based on the computer network environment of a power system. The proposed algorithm demonstrates online impact evaluation capabilities and mitigation approach of substation combinations and computing time, utilizing the real-time measurements from remote terminal units (RTU). The combinations of hypothesized substation outage, the reduction of the scenario combinations and time for simulation, are discussed by enumerating credible impact factors. Simulation results using IEEE-118 and IEEE-30 bus systems have proven the feasibility of the studies within a limited timeframe. © 2014 IEEE

Bisection Search of Faulted Segment Based on Radially Energized Distribution Feeder

The advancement of fault indicators in SCADA communication has evolved with sophisticated mechanism and instrumentation inputs from the pole-mounted feeder terminal units (FRTUs). While this binary inputs would be helpful to narrow down the faulted segment of a distribution feeder, the timing of fault indicators could affect the conclusion of centralized distribution management system (DMS). This paper proposes the methodological approach to systematically pinpoint the faulted segment based on the established logics and uncertainty of realtime measurements. First, the short circuit analysis is reviewed and unbalanced fault current may affect the input variables of the fault indicators. Second, a time interval is imposed based on the timing of the incoming expected inputs. Such inputs are crucial and may vary due to the communication bottleneck of the system. Hence, the reclosing features of protective relays within a feeder would confirm the bisection search. Numerous cases are studied to support the effectiveness of the proposed approach in capturing the overall faulted segment

Extended enumeration of hypothesized substations outages incorporating overload implication

© 2010-2012 IEEE. The risk of cascading outages is often associated with overloading. As a result of electrical short circuits, protective relaying picks up the faults and electrically disconnects overloaded transmission lines through circuit breakers. With similar disturbance and implication, disruptive switching cyberattacks in one or more compromised substations can initiate such events that will aggravate system\u27s operating conditions, leading to a widespread blackout. This paper proposes an extended enumeration of substation outages that excludes the overloaded lines from a power flow model. First, the exhaustive combination which starts from the initial combination size k=1 is enumerated searching for nonconvergent solutions of the hypothesized contingencies associated with the outages of single or more substations. The depth k=S\u27 is the level of contingencies which determines when the evaluation will halt. Each combination is then integrated with the overloaded effect that de-energizes transmission lines under the hypothesized scenarios. Nonconvergent solutions on both attack and overloading are carried to the next level of enumerations. This may include islanding that splits a system into multiple areas. The proposed power flow verification is validated using IEEE test cases as well as evaluation of parallel computing to determine its effectiveness of nonconvergent enumeration within a reasonable timeframe