Biblio

Supervisory Control and Data Acquisition (SCADA) systems are utilized extensively in critical power grid infrastructures. Modern SCADA systems have been proven to be susceptible to cyber-security attacks and require improved security primitives in order to prevent unwanted influence from an adversarial party. One section of weakness in the SCADA system is the integrity of field level sensors providing essential data for control decisions at a master station. In this paper we propose a lightweight hardware scheme providing inferred authentication for SCADA sensors by combining an analog to digital converter and a permutation generator as a single integrated circuit. Through this method we encode critical sensor data at the time of sensing, so that unencoded data is never stored in memory, increasing the difficulty of software attacks. We show through experimentation how our design stops both software and hardware false data injection attacks occurring at the field level of SCADA systems.

The security and reliability of power grid dispatching system is the basis of the stable development of the whole social economy. With the development of information, computer science and technology, communication technology, and network technology, using more advanced intelligent technology to improve the performance of security and reliability of power grid dispatching system has important research value and practical significance. In order to provide valuable references for relevant researchers and for the construction of future power system related applications. This paper summarizes the latest technical status of attribute encryption and hierarchical identity encryption methods, and introduces the access control method based on attribute and hierarchical identity encryption, the construction method of attribute encryption scheme, revocable CP-ABE scheme and its application in power grid data security access control. Combined with multi authorization center encryption, third-party trusted entity and optimized encryption algorithm, the parallel access control algorithm of hierarchical identity and attribute encryption and its application in power grid data security access control are introduced.

Smart grid (SG) is considered the next generation of the traditional power grid. It is mainly divided into three main infrastructures: power system, information and communication infrastructures. Cybersecurity is imperative for information infrastructure and the secure, reliable, and efficient operation of the smart grid. Cybersecurity or a lack of proper implementation thereof poses a considerable challenge to the deployment of SG. Therefore, in this paper, A comprehensive survey of cyber security is presented in the smart grid context. Cybersecurity-related information infrastructure is clarified. The impact of adopting cybersecurity on control and management systems has been discussed. Also, the paper highlights the cybersecurity issues and challenges associated with the control decisions in the smart grid.

The analysis shows how important Power Network Measuring and Characterization (PSMC) is to the plan. Networks planning and oversight for the transmission of electrical energy is becoming increasingly frequent. In reaction to the current contest of assimilating trying to cut charging in the crate, estimation, information sharing, but rather govern into PSMC reasonable quantities, Electrical Transmit Monitoring and Management provides a thorough outline of founding principles together with smart sensors for domestic spying, security precautions, and control of developed broadening power systems.Electricity supply control must depend increasingly heavily on telecommunications infrastructure to manage and run their processes because of the fluctuation in transmission and distribution of electricity. A wider attack surface will also be available to threat hackers as a result of the more communications. Large-scale blackout have occurred in the past as a consequence of cyberattacks on electrical networks. In order to pinpoint the key issues influencing power grid computer networks, we looked at the network infrastructure supporting electricity grids in this research.

When a fault occurs in power grid, the analytic model for power grid fault diagnosis could generate multiple solutions under one or more protective relays (PRs) and/or circuit breakers (CBs) malfunctioning, and/or one or more their alarm information failing. Hence, this paper, calling the electrical quantities, presents an optimal solution discrimination method, which determines the optimal solution by constructing the electrical criteria of suspicious faulty components. Furthermore, combining the established electrical criteria with the existing analytic model, a hierarchical fault diagnosis mode is proposed. It uses the analytic model for the first level diagnosis based on the switching quantities. Thereafter, aiming at multiple solutions, it applies the electrical criteria for the second level diagnosis to determine the diagnostic result. Finally, the examples of fault diagnosis demonstrate the feasibility and effectiveness of the developed method.

Security vulnerabilities in firmware/software pose an important threat ton power grid security, and thus electric utility companies should quickly decide how to remediate vulnerabilities after they are discovered. Making remediation decisions is a challenging task in the electric industry due to the many factors to consider, the balance to maintain between patching and service reliability, and the large amount of vulnerabilities to deal with. Unfortunately, remediation decisions are current manually made which take a long time. This increases security risks and incurs high cost of vulnerability management. In this paper, we propose a machine learning-based automation framework to automate remediation decision analysis for electric utilities. We apply it to an electric utility and conduct extensive experiments over two real operation datasets obtained from the utility. Results show the high effectiveness of the solution.

Cyber-physical systems (CPSs) are implemented in many industrial and embedded control applications. Where these systems are safety-critical, correct and safe behavior is of paramount importance. Malicious attacks on such CPSs can have far-reaching repercussions. For instance, if elements of a power grid behave erratically, physical damage and loss of life could occur. Currently, there is a trend toward increased complexity and connectivity of CPS. However, as this occurs, the potential attack vectors for these systems grow in number, increasing the risk that a given controller might become compromised. In this article, we examine how the dangers of compromised controllers can be mitigated. We propose a novel application of runtime enforcement that can secure the safety of real-world physical systems. Here, we synthesize enforcers to a new hardware architecture within programmable logic controller I/O modules to act as an effective line of defence between the cyber and the physical domains. Our enforcers prevent the physical damage that a compromised control system might be able to perform. To demonstrate the efficacy of our approach, we present several benchmarks, and show that the overhead for each system is extremely minimal.

This paper presents a data-driven and physics-based method for detection of false data injection (FDI) in Smart Grids (SG). As the power grid transitions to the use of SG technology, it becomes more vulnerable to cyber-attacks like FDI. Current strategies for the detection of bad data in the grid rely on the physics based State Estimation (SE) process and statistical tests. This strategy is naturally vulnerable to undetected bad data as well as false positive scenarios, which means it can be exploited by an intelligent FDI attack. In order to enhance the robustness of bad data detection, the paper proposes the use of data-driven Machine Intelligence (MI) working together with current bad data detection via a combined Chi-squared test. Since MI learns over time and uses past data, it provides a different perspective on the data than the SE, which analyzes only the current data and relies on the physics based model of the system. This combined bad data detection strategy is tested on the IEEE 118 bus system.

A detailed model of an attack on the power grid involves both a preparation stage as well as an execution stage of the attack. This paper introduces a novel Hybrid Attack Model (HAM) that combines Probabilistic Learning Attacker, Dynamic Defender (PLADD) model and a Markov Chain model to simulate the planning and execution stages of a bad data injection attack in power grid. We discuss the advantages and limitations of the prior work models and of our proposed Hybrid Attack Model and show that HAM is more effective compared to individual PLADD or Markov Chain models.

The ongoing digitalization of the power distribution grid will improve the operational support and automation which is believed to increase the system reliability. However, in an integrated and interdependent cyber-physical system, new threats appear which must be understood and dealt with. Of particular concern, in this paper, is the causes of an inconsistent view between the physical system (here power grid) and the Information and Communication Technology (ICT) system (here Distribution Management System). In this paper we align the taxonomy used in International Electrotechnical Commission (power eng.) and International Federation for Information Processing (ICT community), define a metric for inconsistencies, and present a modelling approach using Stochastic Activity Networks to assess the consequences of inconsistencies. The feasibility of the approach is demonstrated in a simple use case.

The lack of strong cyber-physical modeling capabilities presents many challenges across the design, development, verification, and maintenance phases of a system [7]. Novel techniques for modeling the cyber-grid components, along with analysis and verification techniques, are imperative to the deployment of a resilient and robust power grid. Several works address False Data Injection (FDI) attacks to the power grid. However, most of them suffer from the lack of a model to investigate the effects of attacks. This paper proposed a cyber-physical model using Architecture Analysis & Design Language (AADL) [15] and power system information models to address different attacks in power systems.

Power system intelligent terminal equipment is widely used in real-time monitoring, data acquisition, power management, power distribution and other tasks of smart grid. The power system intelligent terminal can obtain various information of users and power companies in the power grid, but there is still a lack of protection means for the connection and communication process of the terminal components. In this paper, a novel method based on improved deep belief network(IDBN) is proposed to accomplish the business-level security monitoring and attack detection of power system terminal. A non-intrusive business-level monitoring platform for power system terminals is established, which uses energy metering intelligent terminals as an example for non-intrusive data collection. Based on this platform, the I-DBN extracts the spatial and temporal attack characteristics of the external monitoring data of the system. Some fault conditions and cyber attacks of the model have been simulated to demonstrate the effectiveness of the proposed detection method and the results show excellent performance. The method and platform proposed in this paper can be extended to other services in the power industry, providing a theoretical basis and implementation method for realizing the security monitoring of power system intelligent terminals from the business level.

In order to excavate security threats in power grid by making full use of heterogeneous data sources in power information system, this paper proposes APT (Advanced Persistent Threat) attack detection sandbox technology and active defense system based on big data analysis technology. First, the file is restored from the mirror traffic and executed statically. Then, sandbox execution was carried out to introduce analysis samples into controllable virtual environment, and dynamic analysis and operation samples were conducted. Through analyzing the dynamic processing process of samples, various known and unknown malicious code, APT attacks, high-risk Trojan horses and other network security risks were comprehensively detected. Finally, the threat assessment of malicious samples is carried out and visualized through the big data platform. The results show that the method proposed in this paper can effectively warn of unknown threats, improve the security level of system data, have a certain active defense ability. And it can effectively improve the speed and accuracy of power information system security situation prediction.

The smart grid consists of two parts, one is the physical power grid, the other is the information network. In order to study the cascading failure, the vulnerability analysis of the smart grid is done under a kind of community attack style in this paper. Two types of information networks are considered, i.e. topology consistency and scale-free cyber networks, respectively. The concept of control center is presented and the controllable power nodes and observable power lines are defined. Minimum load reduction model(MLRM) is given and described as a linear programming problem. A index is introduced to assess the vulnerability. New England 39 nodes system is applied to simulate the cascading failure process to demonstrate the effectiveness of the proposed MLRM where community the attack methods include attack the power lines among and in power communities.

As the power grid becomes more interconnected the attack surface increases and determining the causes of anomalies becomes more complex. Automated responses are a mechanism which can provide resilience in a power system by responding to anomalies. An automated response system can make intelligent decisions when paired with an automated health assessment system which includes a human in the loop for making critical decisions. Effective responses can be determined by developing a matrix which considers the likely impacts on resilience if a response is taken. A testbed assists to analyze these responses and determine their effects on system resilience.

Large-scale failures in communication networks due to natural disasters or malicious attacks can severely affect critical communications and threaten lives of people in the affected area. In the absence of a proper communication infrastructure, rescue operation becomes extremely difficult. Progressive and timely network recovery is, therefore, a key to minimizing losses and facilitating rescue missions. To this end, we focus on network recovery assuming partial and uncertain knowledge of the failure locations. We proposed a progressive multi-stage recovery approach that uses the incomplete knowledge of failure to find a feasible recovery schedule. Next, we focused on failure recovery of multiple interconnected networks. In particular, we focused on the interaction between a power grid and a communication network. Then, we focused on network monitoring techniques that can be used for diagnosing the performance of individual links for localizing soft failures (e.g. highly congested links) in a communication network. We studied the optimal selection of the monitoring paths to balance identifiability and probing cost. Finally, we addressed, a minimum disruptive routing framework in software defined networks. Extensive experimental and simulation results show that our proposed recovery approaches have a lower disruption cost compared to the state-of-the-art while we can configure our choice of trade-off between the identifiability, execution time, the repair/probing cost, congestion and the demand loss.

Power communication network is an important infrastructure of power system. For a large number of widely distributed business terminals and communication terminals. The data protection is related to the safe and stable operation of the whole power grid. How to solve the problem that lots of nodes need a large number of keys and avoid the situation that these nodes cannot exchange information safely because of the lack of keys. In order to solve the problem, this paper proposed a segmentation and combination technology based on quantum key to extend the limited key. The basic idea was to obtain a division scheme according to different conditions, and divide a key into several different sub-keys, and then combine these key segments to generate new keys and distribute them to different terminals in the system. Sufficient keys were beneficial to key updating, and could effectively enhance the ability of communication system to resist damage and intrusion. Through the analysis and calculation, the validity of this method in the use of limited quantum keys to achieve the business data secure transmission of a large number of terminal was further verified.

Smart cities comprise multiple critical infrastructures, two of which are the power grid and communication networks, backed by centralized data analytics and storage. To effectively model the interdependencies between these infrastructures and enable a greater understanding of how communities respond to and impact them, large amounts of varied, real-world data on residential and commercial consumer energy consumption, load patterns, and associated human behavioral impacts are required. The dissemination of such data to the research communities is, however, largely restricted because of security and privacy concerns. This paper creates an opportunity for the development and dissemination of synthetic energy consumption data which is inherently anonymous but holds similarities to the properties of real data. This paper explores a framework using mixture density network (MDN) model integrated with a multi-layered Long Short-Term Memory (LSTM) network which shows promise in this area of research. The model is trained using an initial sample recorded from residential smart meters in the state of Florida, and is used to generate fully synthetic energy consumption data. The synthesized data will be made publicly available for interested users.

In the process of informationization and networking of smart grids, the original physical isolation was broken, potential risks increased, and the increasingly serious cyber security situation was faced. Therefore, it is critical to develop accuracy and efficient anomaly detection methods to disclose various threats. However, in the industry, mainstream security devices such as firewalls are not able to detect and resist some advanced behavior attacks. In this paper, we propose a time series anomaly detection model, which is based on the periodic extraction method of discrete Fourier transform, and determines the sequence position of each element in the period by periodic overlapping mapping, thereby accurately describe the timing relationship between each network message. The experiments demonstrate that our model can detect cyber attacks such as man-in-the-middle, malicious injection, and Dos in a highly periodic network.

Internet of Things (IoT) has an immense potential for a plethora of applications ranging from healthcare automation to defence networks and the power grid. The security of an IoT network is essentially paramount to the security of the underlying computing and communication infrastructure. However, due to constrained resources and limited computational capabilities, IoT networks are prone to various attacks. Thus, safeguarding the IoT network from adversarial attacks is of vital importance and can be realised through planning and deployment of effective security controls; one such control being an intrusion detection system. In this paper, we present a novel intrusion detection scheme for IoT networks that classifies traffic flow through the application of deep learning concepts. We adopt a newly published IoT dataset and generate generic features from the field information in packet level. We develop a feed-forward neural networks model for binary and multi-class classification including denial of service, distributed denial of service, reconnaissance and information theft attacks against IoT devices. Results obtained through the evaluation of the proposed scheme via the processed dataset illustrate a high classification accuracy.

This paper proposes new concepts for detecting and mitigating cyber attacks on substation automation systems by domain-based cyber-physical security solutions. The proposed methods form the basis of a distributed security domain layer that enables protection devices to collaboratively defend against cyber attacks at substations. The methods utilize protection coordination principles to cross check protection setting changes and can run real-time power system analysis to evaluate the impact of the control commands. The transient fault signature (TFS)-based cross-correlation coefficient algorithm has been proposed to detect the false sampled values data injection attack. The proposed functions were verified in a hardware-in-the-loop (HIL) simulation using commercial relays and a real-time digital simulator (RTDS). Various types of cyber intrusions are tested using this test bed to evaluate the consequences and impacts of cyber attacks to power grid as well as to validate the performance of the proposed research-grade cyber attack mitigation functions.

As opposed to a traditional power grid, a smart grid can help utilities to save energy and therefore reduce the cost of operation. It also increases reliability of the system In smart grids the quality of monitoring and control can be adequately improved by incorporating computing and intelligent communication knowledge. However, this exposes the system to false data injection (FDI) attacks and the system becomes vulnerable to intrusions. Therefore, it is important to detect such false data injection attacks and provide an algorithm for the protection of system against such attacks. In this paper a comparison between three FDI detection methods has been made. An H2 control method has then been proposed to detect and control the false data injection on a 12th order model of a smart grid. Disturbances and uncertainties were added to the system and the results show the system to be fully controllable. This paper shows the implementation of a feedback controller to fully detect and mitigate the false data injection attacks. The controller can be incorporated in real life smart grid operations.

While there has been considerable research on making power grid Supervisory Control and Data Acquisition (SCADA) systems resilient to attacks, the problem of transitioning these technologies into deployed SCADA systems remains largely unaddressed. We describe our experience and lessons learned in deploying an intrusion-tolerant SCADA system in two realistic environments: a red team experiment in 2017 and a power plant test deployment in 2018. These experiences resulted in technical lessons related to developing an intrusion-tolerant system with a real deployable application, preparing a system for deployment in a hostile environment, and supporting protocol assumptions in that hostile environment. We also discuss some meta-lessons regarding the cultural aspects of transitioning academic research into practice in the power industry.

The normal operation of key measurement and control equipment in power grid (KMCEPG) is of great significance for safe and stable operation of power grid. Firstly, this paper gives a systematic overview of KMCEPG. Secondly, the cyber security risks of KMCEPG on the main station / sub-station side, channel side and terminal side are analyzed and the related vulnerabilities are discovered. Thirdly, according to the risk analysis results, the attack process construction technology of KMCEPG is proposed, which provides the test process and attack ideas for the subsequent KMCEPG-related attack penetration. Fourthly, the simulation penetration test environment is built, and a series of attack tests are carried out on the terminal key control equipment by using the attack flow construction technology proposed in this paper. The correctness of the risk analysis and the effectiveness of the attack process construction technology are verified. Finally, the attack test results are analyzed, and the attack test cases of terminal critical control devices are constructed, which provide the basis for the subsequent attack test. The attack flow construction technology and attack test cases proposed in this paper improve the network security defense capability of key equipment of power grid, ensure the safe and stable operation of power grid, and have strong engineering application value.

Cascading failure, which can be triggered by both physical and cyber attacks, is among the most critical threats to the security and resilience of power grids. In current literature, researchers investigate the issue of cascading failure on smart grids mainly from the attacker's perspective. From the perspective of a grid defender or operator, however, it is also an important issue to restore the smart grid suffering from cascading failure back to normal operation as soon as possible. In this paper, we consider cascading failure in conjunction with the restoration process involving repairing of the failed nodes/links in a sequential fashion. Based on a realistic power flow cascading failure model, we exploit a Q-learning approach to develop a practical and effective policy to identify the optimal way of sequential restorations for large-scale smart grids. Simulation results on three power grid test benchmarks demonstrate the learning ability and the effectiveness of the proposed strategy.