Biblio

Short-term load forecasting systems for power grids have demonstrated high accuracy and have been widely employed for commercial use. However, classic load forecasting systems, which are based on statistical methods, are subject to vulnerability from training data poisoning. In this paper, we demonstrate a data poisoning strategy that effectively corrupts the forecasting model even in the presence of outlier detection. To the best of our knowledge, poisoning attack on short-term load forecasting with outlier detection has not been studied in previous works. Our method applies to several forecasting models, including the most widely-adapted and best-performing ones, such as multiple linear regression (MLR) and neural network (NN) models. Starting with the MLR model, we develop a novel closed-form solution to quickly estimate the new MLR model after a round of data poisoning without retraining. We then employ line search and simulated annealing to find the poisoning attack solution. Furthermore, we use the MLR attacking solution to generate a numerical solution for other models, such as NN. The effectiveness of our algorithm has been tested on the Global Energy Forecasting Competition (GEFCom2012) data set with the presence of outlier detection.

Recent changes to greenhouse gas emission policies are catalyzing the electric vehicle (EV) market making it readily accessible to consumers. While there are challenges that arise with dense deployment of EVs, one of the major future concerns is cyber security threat. In this paper, cyber security threats in the form of tampering with EV battery's State of Charge (SOC) was explored. A Back Propagation (BP) Neural Network (NN) was trained and tested based on experimental data to estimate SOC of battery under normal operation and cyber-attack scenarios. NeuralWare software was used to run scenarios. Different statistic metrics of the predicted values were compared against the actual values of the specific battery tested to measure the stability and accuracy of the proposed BP network under different operating conditions. The results showed that BP NN was able to capture and detect the false entries due to a cyber-attack on its network.

The rapid developments of smart grids provide multiple benefits to the delivery of electric power, but at the same time makes the power grids under the threat of cyber attackers. The transmitted data could be deliberately modified without triggering the alarm of bad data detection procedure. In order to ensure the stable operation of the power systems, it is extremely significant to develop effective abnormal detection algorithms against injected false data. In this paper, we introduce the density-based LOF algorithm to detect the false data and dummy data. The simulation results show that the traditional density-clustering based LOF algorithm can effectively identify FDA, but the detection performance on DDA is not satisfactory. Therefore, we propose the improved LOF algorithm to detect DDA by setting reasonable density threshold.

This paper presents a data-driven and physics-based method for detection of false data injection (FDI) in Smart Grids (SG). As the power grid transitions to the use of SG technology, it becomes more vulnerable to cyber-attacks like FDI. Current strategies for the detection of bad data in the grid rely on the physics based State Estimation (SE) process and statistical tests. This strategy is naturally vulnerable to undetected bad data as well as false positive scenarios, which means it can be exploited by an intelligent FDI attack. In order to enhance the robustness of bad data detection, the paper proposes the use of data-driven Machine Intelligence (MI) working together with current bad data detection via a combined Chi-squared test. Since MI learns over time and uses past data, it provides a different perspective on the data than the SE, which analyzes only the current data and relies on the physics based model of the system. This combined bad data detection strategy is tested on the IEEE 118 bus system.

Smart grids are vulnerable to cyber-attacks, which can cause significant damage and huge economic losses. Generally, state estimation (SE) is used to observe the operation of the grid. State estimation of the grid is vulnerable to false data injection attack (FDIA), so diagnosing this type of malicious attack has a major impact on ensuring reliable operation of the power system. In this paper, we present an effective FDIA detection method based on residual recurrent neural network (R2N2) prediction model and adaptive judgment threshold. Specifically, considering the data contains both linear and nonlinear components, the R2N2 model divides the prediction process into two parts: the first part uses the linear model to fit the state data; the second part predicts the nonlinearity of the residuals of the linear prediction model. The adaptive judgment threshold is inferred through fitting the Weibull distribution with the sum of squared errors between the predicted values and observed values. The thorough simulation results demonstrate that our scheme performs better than other prediction based FDIA detection schemes.

The need to enhance the performance of existing transmission network in line with economic and technical constraints is crucial in a competitive market environment. This paper models the total transfer capacity (TTC) improvement using optimally placed thyristor-controlled series capacitors (TCSC). The system states were evaluated using distributed slack bus (DSB) and continuous power flow (CPF) techniques. Adaptable logic relations was modelled based on security margin (SM), steady state and transient condition collapse voltages (Uss, Uts) and the steady state line power loss (Plss), through which line suitability index (LSI) were obtained. The fuzzy expert system (FES) membership functions (MF) with respective degrees of memberships are defined to obtain the best states. The LSI MF is defined high between 0.2-0.8 to provide enough protection under transient disturbances. The test results on IEEE 30 bus system show that the model is feasible for TTC enhancement under steady state and N-1 conditions.

The new instrumentation and control (I&C) systems of the nuclear power plants (NPPs) improve the ability to operate the plant enhance the safety and performance of the NPP. However, they bring a new type of threat to the NPP's industry-cyber threat. The early fault diagnostic system (EDS) is one of the decision support systems that might be used online during the operation stage. The EDS aim is to prevent the incident/accident evolution by a timely troubleshooting process during any plant operational modes. It means that any significative deviation of plant parameters from normal values is pointed-out to plant operators well before reaching any undesired threshold potentially leading to a prohibited plant state, together with the cause that has generated the deviation. The paper lists the key benefits using the EDS to counter the cyber threat and proposes the framework for cybersecurity assessment using EDS during the operational stage.

Smart Grid cyber-security sounds to be a critical issue, because of widespread development of information technology. To achieve secure and reliable operation, the complexity of human automation interaction (HAI) necessitates more sophisticated and intelligent methodologies. In this paper, an adaptive autonomy fuzzy expert system is developed using gradient descent algorithm to determine the Level of Automation (LOA), based on the changing of Performance Shaping Factors (PSF). These PSFs indicate the effects of environmental conditions on the performance of HAI. The major advantage of this method is that the fuzzy rule or membership function can be learnt without changing the form of the fuzzy rule in conventional fuzzy control. Because of data shortage, Leave-One-Out Cross-Validation (LOOCV) technique is applied for assessing how the results of proposed system generalizes to the new contingency situations. The expert system database is extracted from superior experts' judgments. In order to regard the importance of each PSF, weighted rules are also considered. In addition, some new environmental conditions are introduced that has not been seen before. Nine scenarios are discussed to reveal the performance of the proposed system. Results confirm that the presented fuzzy expert system can effectively calculates the proper LOA even in the new contingency situations.

Modern infrastructure is heavily reliant on systems with interconnected computational and physical resources, named Cyber-Physical Systems (CPSs). Hence, building resilient CPSs is a prime need and continuous monitoring of the CPS operational health is essential for improving resilience. This paper presents a framework for calculating and monitoring of health in CPSs using data driven techniques. The main advantages of this data driven methodology is that the ability of leveraging heterogeneous data streams that are available from the CPSs and the ability of performing the monitoring with minimal a priori domain knowledge. The main objective of the framework is to warn the operators of any degradation in cyber, physical or overall health of the CPS. The framework consists of four components: 1) Data acquisition and feature extraction, 2) state identification and real time state estimation, 3) cyber-physical health calculation and 4) operator warning generation. Further, this paper presents an initial implementation of the first three phases of the framework on a CPS testbed involving a Microgrid simulation and a cyber-network which connects the grid with its controller. The feature extraction method and the use of unsupervised learning algorithms are discussed. Experimental results are presented for the first two phases and the results showed that the data reflected different operating states and visualization techniques can be used to extract the relationships in data features.

Modern power systems today are protected and controlled increasingly by embedded systems of computing technologies with a great degree of collaboration enabled by communication. Energy cyber-physical systems such as power systems infrastructures are increasingly vulnerable to cyber-attacks on the protection and control layer. We present a method of securing protective relays from malicious change in protective relay settings via collaboration of devices. Each device checks the proposed setting changes of its neighboring devices for consistency and coordination with its own settings using setting rules based on relay coordination principles. The method is enabled via peer-to-peer communication between IEDs. It is validated in a cyber-physical test bed containing a real time digital simulator and actual relays that communicate via IEC 61850 GOOSE messages. Test results showed improvement in cyber physical security by using domain based rules to block malicious changes in protection settings caused by simulated cyber-attacks. The method promotes the use of defense systems that are aware of the physical systems which they are designed to secure.

Cyber-event-triggered power grid blackout compels utility operators to intensify cyber-aware and physics-constrained recovery and restoration process. Recently, coordinated cyber attacks on the Ukrainian grid witnessed such a cyber-event-triggered power system blackout. Various cyber-physical system (CPS) testbeds have attempted with multitude designs to analyze such interdependent events and evaluate remedy measures. However, resource constraints and modular integration designs have been significant barriers while modeling large-scale grid models (scalability) and multi-grid isolated models (concurrency) under a single real-time execution environment for the hardware-in-the-loop (HIL) CPS security testbeds. This paper proposes a meticulous design and effective modeling for simulating large-scale grid models and multi-grid isolated models in a HIL realtime digital simulator environment integrated with industry-grade hardware and software systems. We have used our existing HIL CPS security testbed to demonstrate scalability by the realtime performance of a Texas-2000 bus US synthetic grid model and concurrency by the real-time performance of simultaneous ten IEEE-39 bus grid models and an IEEE-118 bus grid model. The experiments demonstrated significant results by 100% realtime performance with zero overruns, low latency while receiving and executing control signals from SEL Relays via IEC-61850 protocol and low latency while computing and transmitting grid data streams including stability measures via IEEE C37.118 synchrophasor data protocol to SEL Phasor Data Concentrators.

Realizing the importance of the concept of “smart city” and its impact on the quality of life, many infrastructures, such as power plants, began their digital transformation process by leveraging modern computing and advanced communication technologies. Unfortunately, by increasing the number of connections, power plants become more and more vulnerable and also an attractive target for cyber-physical attacks. The analysis of interdependencies among system components reveals interdependent connections, and facilitates the identification of those among them that are in need of special protection. In this paper, we review the recent literature which utilizes graph-based models and network-based models to study these interdependencies. A comprehensive overview, based on the main features of the systems including communication direction, control parameters, research target, scalability, security and safety, is presented. We also assess the computational complexity associated with the approaches presented in the reviewed papers, and we use this metric to assess the scalability of the approaches.

Recent advances in machine learning enable wider applications of prediction models in cyber-physical systems. Smart grids are increasingly using distributed sensor settings for distributed sensor fusion and information processing. Load forecasting systems use these sensors to predict future loads to incorporate into dynamic pricing of power and grid maintenance. However, these inference predictors are highly complex and thus vulnerable to adversarial attacks. Moreover, the adversarial attacks are synthetic norm-bounded modifications to a limited number of sensors that can greatly affect the accuracy of the overall predictor. It can be much cheaper and effective to incorporate elements of security and resilience at the earliest stages of design. In this paper, we demonstrate how to analyze the security and resilience of learning-based prediction models in power distribution networks by utilizing a domain-specific deep-learning and testing framework. This framework is developed using DeepForge and enables rapid design and analysis of attack scenarios against distributed smart meters in a power distribution network. It runs the attack simulations in the cloud backend. In addition to the predictor model, we have integrated an anomaly detector to detect adversarial attacks targeting the predictor. We formulate the stealthy adversarial attacks as an optimization problem to maximize prediction loss while minimizing the required perturbations. Under the worst-case setting, where the attacker has full knowledge of both the predictor and the detector, an iterative attack method has been developed to solve for the adversarial perturbation. We demonstrate the framework capabilities using a GridLAB-D based power distribution network model and show how stealthy adversarial attacks can affect smart grid prediction systems even with a partial control of network.

The advancement and penetration of distributed energy resources (DERs) and renewable energy sources (RES) are transforming legacy energy systems in an attempt to reduce carbon emissions and energy waste. Demand Response (DR) has been identified as a key enabler of integrating these, and other, Smart Grid technologies, while, simultaneously, ensuring grid stability and secure energy supply. The massive deployment of smart meters, IoT devices and DERs dictate the need to move to decentralized, or even localized, DR schemes in the face of the increased scale and complexity of monitoring and coordinating the actors and devices in modern smart grids. Furthermore, there is an inherent need to guarantee interoperability, due to the vast number of, e.g., hardware and software stakeholders, and, more importantly, promote trust and incentivize the participation of customers in DR schemes, if they are to be successfully deployed.In this work, we illustrate the design of an energy system that addresses all of the roadblocks that hinder the large scale deployment of DR services. Our DR framework incorporates modern Smart Grid technologies, such as fog-enabled and IoT devices, DERs and RES to, among others, automate asset handling and various time-consuming workflows. To guarantee interoperability, our system employs OpenADR, which standardizes the communication of DR signals among energy stakeholders. Our approach acknowledges the need for decentralization and employs blockchains and smart contracts to deliver a secure, privacy-preserving, tamper-resistant, auditable and reliable DR framework. Blockchains provide the infrastructure to design innovative DR schemes and incentivize active consumer participation as their aforementioned properties promote transparency and trust. In addition, we harness the power of smart contracts which allows us to design and implement fully automated contractual agreements both among involved stakeholders, as well as on a machine-to-machine basis. Smart contracts are digital agents that "live" in the blockchain and can encode, execute and enforce arbitrary agreements. To illustrate the potential and effectiveness of our smart contract-based DR framework, we present a case study that describes the exchange of DR signals and the autonomous instantiation of smart contracts among involved participants to mediate and monitor transactions, enforce contractual clauses, regulate energy supply and handle payments/penalties.

With the advancement in technology, inclusion of Information and Communication Technology (ICT) in the conventional Electrical Power Grid has become evident. The combination of communication system with physical system makes it cyber-physical system (CPS). Though the advantages of this improvement in technology are numerous, there exist certain issues with the system. Security and privacy concerns of a CPS are a major field and research and the insight of which is content of this paper.

Energy is the material basis for human society to survive and has a very important strategic position in the national economy. With the advancement of Internet technology and the extensive use of clean energy, the energy industry has demonstrated a new development trend. Based on blockchain technology, this paper analyzes energy data security and multi-source synergy mechanism, processes and classifies a large amount of energy data in energy system, and builds a blockchain-based energy data supervision and transaction model. A summary tree of energy data is proposed; a consensus mechanism based on multi-source collaboration is proposed to ensure efficient negotiation; and finally, blockchain is verified in the energy scenario. This provides reference for the application of blockchain technology in the energy industry.

The Smart Grid is the leading example when talking about complex and critical System-of-Systems (SoS). Specifically regarding the Smart Grids criticality, dependability is a central quality attribute to strive for. Combined with the desire of agility in modern development, conventional systems engineering methods reach their limits in coping with these requirements. However, approaches from model-based or model-driven engineering can reduce complexity and encourage development with rapidly changing requirements. Model-Driven Engineering (MDE) is known to be more successful in a domain specific manner. For that reason, an approach for Domain Specific Systems Engineering (DSSE) in the Smart Grid has already been specially investigated. This Model-Driven Architecture (MDA) approach especially aims the comprehensibility of complex systems. In this context, the traceability of requirements is a centrally pursued attribute. However, achieving continuing traceability between the model of a system and the concrete implementation is still an open issue. To close this gap, the present research paper introduces a Model-Centric Software Development (MCSD) solution for Smart Grid applications. Based on two exploratory case studies, the focus finally lies on the automated generation of partial implementation artifacts and the evaluation of traceability, based on dedicated functional aspects.

Smart meters enable improvements in electricity distribution system efficiency at some cost in customer privacy. Users with home batteries can mitigate this privacy loss by applying charging policies that mask their underlying energy use. A battery charging policy is proposed and shown to provide universal privacy guarantees subject to a constraint on energy cost. The guarantee bounds our strategy's maximal information leakage from the user to the utility provider under general stochastic models of user energy consumption. The policy construction adapts coding strategies for non-probabilistic permuting channels to this privacy problem.

The application of line current differential relays (LCDRs) to protect transmission lines has recently proliferated. However, the reliance of LCDRs on digital communication channels has raised growing cyber-security concerns. This paper investigates the impacts of false data injection attacks (FDIAs) on the performance of LCDRs. It also develops coordinated attacks that involve multiple components, including LCDRs, and can cause false line tripping. Additionally, this paper proposes a technique for detecting FDIAs against LCDRs and differentiating them from actual faults in two-terminal lines. In this method, when an LCDR detects a fault, instead of immediately tripping the line, it calculates and measures the superimposed voltage at its local terminal, using the proposed positive-sequence (PS) and negative-sequence (NS) submodules. To calculate this voltage, the LCDR models the protected line in detail and replaces the rest of the system with a Thevenin equivalent that produces accurate responses at the line terminals. Afterwards, remote current measurement is utilized by the PS and NS submodules to compute each sequence's superimposed voltage. A difference between the calculated and the measured superimposed voltages in any sequence reveals that the remote current measurements are not authentic. Thus, the LCDR's trip command is blocked. The effectiveness of the proposed method is corroborated using simulation results for the IEEE 39-bus test system. The performance of the proposed method is also tested using an OPAL real-time simulator.

This paper proposes new concepts for detecting and mitigating cyber attacks on substation automation systems by domain-based cyber-physical security solutions. The proposed methods form the basis of a distributed security domain layer that enables protection devices to collaboratively defend against cyber attacks at substations. The methods utilize protection coordination principles to cross check protection setting changes and can run real-time power system analysis to evaluate the impact of the control commands. The transient fault signature (TFS)-based cross-correlation coefficient algorithm has been proposed to detect the false sampled values data injection attack. The proposed functions were verified in a hardware-in-the-loop (HIL) simulation using commercial relays and a real-time digital simulator (RTDS). Various types of cyber intrusions are tested using this test bed to evaluate the consequences and impacts of cyber attacks to power grid as well as to validate the performance of the proposed research-grade cyber attack mitigation functions.

IoT based technology are drastically accelerating the informationization development of the power grid system of China that consists of a huge number of power terminal devices interconnected by the network of electric power IoT. However, the networked power terminal equipment oriented cyberspace security has continually become a challenging problem as network attack is continually varying and evolving. In this paper, we concentrate on the security risk of power terminal equipment and their vulnerability based on ATP attack detection and defense. We first analyze the attack mechanism of APT security attack based on power terminal equipment. Based on the analysis of the security and attack of power IoT terminal device, an ontology-based knowledge representation method of power terminal device and its vulnerability is proposed.

The inforrmation age continues to transform the mechanics of integrating electric power devices and systems, from coordinated operations based purely on the physics of electric power engineering to an increasing blend of power with information and communication technology. Integrating electric system components is not just about attaching wires. It requires the connection of computer-based automation systems to associated sensing and communication equipment. The architectural impacts are significant. Well-considered and commonly held concepts, principles, and organizational structures continue to emerge to address the complexity of the integrated operational challenges that drive our society to expect more flexibility in configuring the electric power system, while simultaneously achieving greater efficiency, reliability, and resilience. Architectural concepts, such as modularity and composability, contribute to the creation of structures that enable the connection of power system equipment characterized by clearly defined interfaces consisting of physical and cyberlinks. The result of successful electric power system component connection is interoperation: the discipline that drives integration to be simple and reliable.

The Energy Internet is an advanced smart grid solution to increase energy efficiency by jointly operating multiple energy resources via the Internet. However, such an increasing integration of energy resources requires secure and efficient communication in the Energy Internet. To address such a requirement, we propose a new secure key bootstrapping protocol to support the integration and operation of energy resources. By using a universal composability model that provides a strong security notion for designing and analyzing cryptographic protocols, we define an ideal functionality that supports several cryptographic primitives used in this paper. Furthermore, we provide an ideal functionality for key bootstrapping and secure communication, which allows exchanged session keys to be used for secure communication in an ideal manner. We propose the first secure key bootstrapping protocol that enables a user to verify the identities of other users before key bootstrapping. We also present a secure communication protocol for unicast and multicast communications. The ideal functionalities help in the design and analysis of the proposed protocols. We perform some experiments to validate the performance of our protocols, and the results show that our protocols are superior to the existing related protocols and are suitable for the Energy Internet. As a proof of concept, we apply our functionalities to a practical key bootstrapping protocol, namely generic bootstrapping architecture.

This paper surveys some prior work regarding attack models in a cyber-physical system and discusses the potential benefits. For comparison, the full paper will model a bad data injection attack scenario in power grid using the surveyed prior work.

A detailed model of an attack on the power grid involves both a preparation stage as well as an execution stage of the attack. This paper introduces a novel Hybrid Attack Model (HAM) that combines Probabilistic Learning Attacker, Dynamic Defender (PLADD) model and a Markov Chain model to simulate the planning and execution stages of a bad data injection attack in power grid. We discuss the advantages and limitations of the prior work models and of our proposed Hybrid Attack Model and show that HAM is more effective compared to individual PLADD or Markov Chain models.