Biblio

We use discrete-time adaptive control theory to design a novel false data injection (FDI) attack against automatic generation control (AGC), a critical system that maintains a power grid at its requisite frequency. FDI attacks can cause equipment damage or blackouts by falsifying measurements in the streaming sensor data used to monitor the grid's operation. Compared to prior work, the proposed attack (i) requires less knowledge on the part of the attacker, such as correctly forecasting the future demand for power; (ii) is stealthier in its ability to bypass standard methods for detecting bad sensor data and to keep the false sensor readings near historical norms until the attack is well underway; and (iii) can sustain the frequency excursion as long as needed to cause real-world damage, in spite of AGC countermeasures. We validate the performance of the proposed attack on realistic 37-bus and 118-bus setups in PowerWorld, an industry-strength power system simulator trusted by real-world operators. The results demonstrate the attack's improved stealthiness and effectiveness compared to prior work.

The cyber-physical systems (CPSes) rely on computing and control techniques to achieve system safety and reliability. However, recent attacks show that these techniques are vulnerable once the cyber-attackers have bypassed air gaps. The attacks may cause service disruptions or even physical damages. This paper designs the built-in attack characterization scheme for one general type of cyber-attacks in CPS, which we call time delay attack, that delays the transmission of the system control commands. We use the recurrent neural networks in deep learning to estimate the delay values from the input trace. Specifically, to deal with the long time-sequence data, we design the deep learning model using stacked bidirectional long short-term memory (LSTM) units. The proposed approach is tested by using the data generated from a power plant control system. The results show that the LSTM-based deep learning approach can work well based on data traces from three sensor measurements, i.e., temperature, pressure, and power generation, in the power plant control system. Moreover, we show that the proposed approach outperforms the base approach based on k-nearest neighbors.

We study the impact of signal jamming attacks against the communication based train control (CBTC) systems and develop the countermeasures to limit the attacks' impact. CBTC supports the train operation automation and moving-block signaling, which improves the transport efficiency. We consider an attacker jamming the wireless communication between the trains or the train to wayside access point, which can disable CBTC and the corresponding benefits. In contrast to prior work studying jamming only at the physical or link layer, we study the real impact of such attacks on end users, namely train journey time and passenger congestion. Our analysis employs a detailed model of leaky medium-based communication system (leaky waveguide or leaky feeder/coaxial cable) popularly used in CBTC systems. To counteract the jamming attacks, we develop a mitigation approach based on frequency hopping spread spectrum taking into account domain-specific structure of the leaky-medium CBTC systems. Specifically, compared with existing implementations of FHSS, we apply FHSS not only between the transmitter-receiver pair but also at the track-side repeaters. To demonstrate the feasibility of implementing this technology in CBTC systems, we develop a FHSS repeater prototype using software-defined radios on both leaky-medium and open-air (free-wave) channels. We perform extensive simulations driven by realistic running profiles of trains and real-world passenger data to provide insights into the jamming attack's impact and the effectiveness of the proposed countermeasure.

Riding on the success of SDN for enterprise and data center networks, recently researchers have shown much interest in applying SDN for critical infrastructures. A key concern, however, is the vulnerability of the SDN controller as a single point of failure. In this paper, we develop a cyber-physical simulation platform that interconnects Mininet (an SDN emulator), hardware SDN switches, and PowerWorld (a high-fidelity, industry-strength power grid simulator). We report initial experiments on how a number of representative controller faults may impact the delay of smart grid communications. We further evaluate how this delay may affect the performance of the underlying physical system, namely automatic gain control (AGC) as a fundamental closed-loop control that regulates the grid frequency to a critical nominal value. Our results show that when the fault-induced delay reaches seconds (e.g., more than four seconds in some of our experiments), degradation of the AGC becomes evident. Particularly, the AGC is most vulnerable when it is in a transient following say step changes in loading, because the significant state fluctuations will exacerbate the effects of using a stale system state in the control.