Biblio

We propose a localized oscillation amplitude monitoring (OAM) method for the mitigation of cyber threats directed at the wide area control (WAC) system used to coordinate control of Flexible AC Transmission Systems (FACTS) for power oscillation damping (POD) of active power flow on inter-area tie lines. The method involves monitoring the inter-area tie line active power oscillation amplitude over a sliding window. We use system instability - inferred from oscillation amplitudes growing instead of damping - as evidence of an indication of a malfunction in the WAC of FACTS, possibly indicative of a cyber attack. Monitoring the presence of such a growth allows us to determine whether any destabilizing behaviors appear after the WAC system engages to control the POD. If the WAC signal increases the oscillation amplitude over time, thereby diminishing the POD performance, the FACTS falls back to POD using local measurements. The proposed method does not require an expansive system-wide view of the network. We simulate replay, control integrity, and timing attacks for a test system and present results that demonstrate the performance of the OAM method for mitigation.

We propose a stability monitoring approach for the mitigation of cyber threats directed at the wide area control (WAC) system used for coordinated control of Flexible AC Transmission Systems (FACTS) used for power oscillation damping (POD) of active power flow on inter-area tie lines. The approach involves monitoring the modes of the active power oscillation on an inter-area tie line using the Matrix Pencil (MP) method. We use the stability characteristics of the observed modes as a proxy for the presence of destabilizing cyber threats. We monitor the system modes to determine whether any destabilizing modes appear after the WAC system engages to control the POD. If the WAC signal exacerbates the POD performance, the FACTS falls back to POD using local measurements. The proposed approach does not require an expansive system-wide view of the network. We simulate replay, control integrity, and timing attacks for a test system and present results that demonstrate the performance of the SM approach for mitigation.

Modern power systems today are protected and controlled increasingly by embedded systems of computing technologies with a great degree of collaboration enabled by communication. Energy cyber-physical systems such as power systems infrastructures are increasingly vulnerable to cyber-attacks on the protection and control layer. We present a method of securing protective relays from malicious change in protective relay settings via collaboration of devices. Each device checks the proposed setting changes of its neighboring devices for consistency and coordination with its own settings using setting rules based on relay coordination principles. The method is enabled via peer-to-peer communication between IEDs. It is validated in a cyber-physical test bed containing a real time digital simulator and actual relays that communicate via IEC 61850 GOOSE messages. Test results showed improvement in cyber physical security by using domain based rules to block malicious changes in protection settings caused by simulated cyber-attacks. The method promotes the use of defense systems that are aware of the physical systems which they are designed to secure.