Biblio

Electrical substations in power grid act as the critical interface points for the transmission and distribution networks. Over the years, digital technology has been integrated into the substations for remote control and automation. As a result, substations are more prone to cyber attacks and exposed to digital vulnerabilities. One of the notable cyber attack vectors is the malicious command injection, which can lead to shutting down of substations and subsequently power outages as demonstrated in Ukraine Power Plant Attack in 2015. Prevailing measures based on cyber rules (e.g., firewalls and intrusion detection systems) are often inadequate to detect advanced and stealthy attacks that use legitimate-looking measurements or control messages to cause physical damage. Additionally, defenses that use physics-based approaches (e.g., power flow simulation, state estimation, etc.) to detect malicious commands suffer from high latency. Machine learning serves as a potential solution in detecting command injection attacks with high accuracy and low latency. However, sufficient datasets are not readily available to train and evaluate the machine learning models. In this paper, focusing on this particular challenge, we discuss various approaches for the generation of synthetic data that can be used to train the machine learning models. Further, we evaluate the models trained with the synthetic data against attack datasets that simulates malicious commands injections with different levels of sophistication. Our findings show that synthetic data generated with some level of power grid domain knowledge helps train robust machine learning models against different types of attacks.

Event detection and classification are crucial to power system stability. The Wide Area Measurement System (WAMS) technology helps in enhancing wide area situational awareness by providing useful synchronized information to the grid control center in order to accurately identify various power system events. This paper demonstrates the viability of using EWAMS (Egyptian Wide Area Measurement System) data as one of the evolving technologies of smart grid to identify extreme events within the Egyptian power grid. The proposed scheme is based on online synchronized measurements of wide-area monitoring devices known as Frequency Disturbance Recorders (FDRs) deployed at selected substations within the grid. The FDR measures the voltage, voltage angle, and frequency at the substation and streams the processed results to the Helwan University Host Server (HUHS). Each FDR is associated with a timestamp reference to the Global Positioning System (GPS) base. An EWAMS-based frequency disturbance detection algorithm based on the rate of frequency deviation is developed to identify varies types of events such as generator trip and load shedding. Based on proper thresholding on the frequency and rate of change of frequency of the Egyptian grid, different types of events have been captured in many locations during the supervision and monitoring the operation of the grid. EWAMS historical data is used to analyze a wide range of data pre-event, during and post-event for future enhancement of situational awareness as well as decision making.

The integration of distributed energy resources (DERs) and expansion of complex network in the distribution grid requires an advanced two-level state estimator to monitor the grid health at micro-level. The distribution state estimator will improve the situational awareness and resiliency of distributed power system. This paper implements a synchrophasors-based master state awareness (MSA) estimator to enhance the cybersecurity in distribution grid by providing a real-time estimation of system operating states to control center operators. In this paper, the implemented MSA estimator utilizes only phasor measurements, bus magnitudes and angles, from phasor measurement units (PMUs), deployed in local substations, to estimate the system states and also detects data integrity attacks, such as load tripping attack that disconnects the load. To validate the proof of concept, we implement this methodology in cyber-physical testbed environment at the Idaho National Laboratory (INL) Electric Grid Security Testbed. Further, to address the "valley of death" and support technology commercialization, field demonstration is also performed at the Critical Infrastructure Test Range Complex (CITRC) at the INL. Our experimental results reveal a promising performance in detecting load tripping attack and providing an accurate situational awareness through an alert visualization dashboard in real-time.

Aiming at the prevention of information security risk in protection and control of smart substation, a multi-level security defense method of substation based on data aggregation and convolution neural network (CNN) is proposed. Firstly, the intelligent electronic device(IED) uses "digital certificate + digital signature" for the first level of identity authentication, and uses UKey identification code for the second level of physical identity authentication; Secondly, the device group of the monitoring layer judges whether the data report is tampered during transmission according to the registration stage and its own ID information, and the device group aggregates the data using the credential information; Finally, the convolution decomposition technology and depth separable technology are combined, and the time factor is introduced to control the degree of data fusion and the number of input channels of the network, so that the network model can learn the original data and fused data at the same time. Simulation results show that the proposed method can effectively save communication overhead, ensure the reliable transmission of messages under normal and abnormal operation, and effectively improve the security defense ability of smart substation.

The electrical grid connects all the generating stations to supply uninterruptible power to the consumers. With the advent of technology, smart sensors and communication are integrated with the existing grid to behave like a smart system. This smart grid is a two-way communication that connects the consumers and producers. It is a connected smart network that integrates electricity generation, transmission, substation, distribution, etc. In this smart grid, clean, reliable power with a high-efficiency rate of transmission is available. In this paper, a highly efficient smart management system of a smart grid with overall protection is proposed. This management system checks and monitors the parameters periodically. This future technology also develops a smart transformer with ac and dc compatibility, for self-protection and for the healing process.

Smart grids are one of the most important applications of cyber-physical systems. They intelligently transmit energy to customers by information technology, and have replaced the traditional power grid and are widely used. However, smart grids are vulnerable to cyber-attacks. Once attacked, it will cause great losses and lose the trust of customers. Therefore, it is important to evaluate the trustworthiness of smart grids. In order to evaluate the trustworthiness of smart grids, this paper uses a generalized stochastic Petri net (GSPN) to model smart grids. Considering various security threats that smart grids may face, we propose a general GSPN model for smart grids, which evaluates trustworthiness from three metrics of reliability, availability, and integrity by analyzing steady-state and transient probabilities. Finally, we obtain the value of system trustworthiness and simulation results show that the feasibility and effectiveness of our model for smart grids trustworthiness.

The metal oxide arrester (MOA, shortly) is installed on the line side of the substation, which is the first line of defense for the overvoltage limitation of lightning intrusion wave. In order to deeply limit the switching overvoltage and cancel the closing resistance of the circuit breaker, the arrester is replaced by the controllable metal oxide arrester (CMOA, shortly) in the new technology. The controllable switch of CMOA can be mechanical switch or thyristor switch. Thyristor switches are sensitive to the current and current change rate (di/dt) under lightning intrusion wave. If the switch cannot withstand, appropriate protective measures must be taken to ensure the safe operation of the controllable switch under this working condition. The 1000kV West Beijing to Shijiazhuang UHV AC transmission and transformation expansion project is the first project of pilot application of CMOA. CMOA were installed at both ends of the outgoing branch of Dingtai line I. In order to study the influence of lightning intrusion wave on the controllable switch of CMOA, this paper selected this project to simulate the lightning stroke on the incoming section of Dingtai line I in Beijing West substation in the process of system air closing or single-phase reclosing, and obtained the current and di/dt of the controllable switch through CMOA under this working condition. Then the performances of mechanical and thyristor control switches were checked respectively. The results showed that the mechanical switch could withstand without protective measures. The tolerance of thyristor switch to i and di/dt exceeded the limit value, and measures should be taken to protect and limit it. In this paper, the protection measures of current limiting reactor were given, and the limiting effect of the protection measures was verified by simulation and test. It could fully meet the requirements and ensure the safe operation of thyristor controllable switch.

Natural disasters and cyber intrusions threaten the normal operation of the critical electric grid infrastructure. There is still no widely accepted methodology to quantify the resilience in power systems. In this work, power system resiliency refers to the ability of the system to keep provide energy to the critical load even with adverse events. A significant amount of work has been done to quantify the resilience for distribution systems. Even though critical loads are located in distribution system, transmission system play a critical role in supplying energy to distribution feeder in addition to the Distributed Energy Resources (DERs). This work focuses on developing a framework to quantify the resiliency of cyber-physical transmission systems. Quantifying the resiliency of the transmission network, is important to determine and devise suitable control mechanisms to minimize the effects of undesirable events in the power grid. The proposed metric is based on both system infrastructure and with changing operating conditions. A graphical analysis along with measure of critical parameters of the network is performed to quantify the redundancy and vulnerabilities in the physical network of the system. A similar approach is used to quantify the cyber-resiliency. The results indicate the capability of the proposed framework to quantify cyber-physical resilience of the transmission systems.

Cyber-attacks toward cyber-physical systems are one of the main concerns of smart grid's operators. However, many of these cyber-attacks, are toward unmanned substations where the cyber-attackers needs to be close enough to substation to malfunction protection and control systems in substations, using Electromagnetic signals. Therefore, in this paper, a new threat detection algorithm is proposed to prevent possible cyber-attacks toward unmanned substations. Using surveillance camera's streams and based on You Only Look Once (YOLO) V3, suspicious objects in the image are detected. Then, using Intersection over Union (IOU) and Generalized Intersection Over Union (GIOU), threat distance is estimated. Finally, the estimated threats are categorized into three categories using color codes red, orange and green. The deep network used for detection consists of 106 convolutional layers and three output prediction with different resolutions for different distances. The pre-trained network is transferred from Darknet-53 weights trained on 80 classes.

In dynamic control centers, conventional SCADA systems are enhanced with novel assistance functionalities to increase existing monitoring and control capabilities. To achieve this, different key technologies like phasor measurement units (PMU) and Digital Twins (DT) are incorporated, which give rise to new cyber-security challenges. To address these issues, a four-stage threat analysis approach is presented to identify and assess system vulnerabilities for novel dynamic control center architectures. For this, a simplified risk assessment method is proposed, which allows a detailed analysis of the different system vulnerabilities considering various active and passive cyber-attack types. Qualitative results of the threat analysis are presented and discussed for different use cases at the control center and substation level.

When the electrical grid in a region suffers a major outage, e.g., after a catastrophic cyber attack, a “black start” may be required, where the grid is slowly restarted, carefully and incrementally adding generating capacity and demand. To ensure safe and effective black start, the grid control center has to be able to communicate with field personnel and with supervisory control and data acquisition (SCADA) systems. Voice and text communication are particularly critical. As part of the Defense Advanced Research Projects Agency (DARPA) Rapid Attack Detection, Isolation, and Characterization Systems (RADICS) program, we designed, tested and evaluated a self-configuring mesh network prototype called the Phoenix Secure Emergency Network (PhoenixSEN). PhoenixSEN provides a secure drop-in replacement for grid's primary communication networks during black start recovery. The network combines existing and new technologies, can work with a variety of link-layer protocols, emphasizes manageability and auto-configuration, and provides services and applications for coordination of people and devices including voice, text, and SCADA communication. We discuss the architecture of PhoenixSEN and evaluate a prototype on realistic grid infrastructure through a series of DARPA-led exercises.

Smart substation and Vehicular Ad-Hoc Network (VANET) are two important applications of aggregate signature scheme. Due to the large number of data collection equipment in substation, it needs security authentication and integrity protection to transmit data. Similarly, in VANET, due to limited resources, it has the needs of privacy protection and improving computing efficiency. Aggregate signature scheme can satisfy the above these needs and realize one-time verification of signature for multi-terminal data collection which can improve the performance. Aggregate signature scheme is an important technology to solve network security problem. Recently, many aggregate signature schemes are proposed which can be applied in smart grid or VANET. In this paper, we present two security analyses on two aggregate signature schemes proposed recently. By analysis, it shows that the two aggregate signature schemes do not satisfy the security property of unforgeability. A malicious user can forge a signature on any message. We also present some improved methods to solve these security problems with better performance. From security analysis to improvement of aggregate signature scheme, it is very suitable to be an instance to exhibit the students on designing of security aggregate signature scheme for network security education or course.

In this century, the demand for energy is increasing daily, and the need for energy resources has become urgent and inevitable. New ways of generating energy, such as renewable resources that depend on many sources, including the sun and wind energy will contribute to the future of humankind largely and effectively. These renewable sources are facing major challenges that cannot be ignored which also require more researches on appropriate solutions . This has led to the emergence of a new type of network user called prosumer, which causes new challenges such as the intermittent nature of renewable. Smart grids have emerged as a solution to integrate these distributed energy sources. It also provides a mechanism to maintain safety and security for power supply networks. The main idea of smart grids is to facilitate local production and consumption By customers and consumers.Distributed ledger technology (DLT) or Block-chain technology has evolved dramatically since 2008 that coincided with the birth of its first application Bitcoin, which is the first cryptocurrency. This innovation led to sparked in the digital revolution, which provides decentralization, security, and democratization of information storage and transfer systems across numerous sectors/industries. Block-chain can be applied for the sake of the durability and safety of energy systems. In this paper, we will propose a new distributed framework that provides protection based on block-chain technology for energy systems to enhance self-defense capability against those cyber-attacks.

Energy security program which becomes the part of energy management must ensure the high reliability of the electric power transmission system so that the customer can be served very well. However, there are several problems that can hinder reliability achievement such as the long duration of fault recovery. On the other side, the prediction of fault recovery duration becomes a very challenging task. Because there are still few machine learning-based solution offer this paper proposes a machine learning-based strategy by using Naive-Bayes Classifier (NBC) and Support Vector Machine (SVM) in predicting the fault recovery duration class. The dataset contains 3398 rows of non-temporary-fault type records, six input features (Substation, Asset Type, Fault Category, Outage Start Time, Outage Day, and Outage Month) and single target feature (Fault Recovery Duration). According to the performance test result, those two methods reach around 97-99% of accuracy, average sensitivity, and average specificity. In addition, one of the advantages obtained in field of fault recovery prediction is increasing the accuracy of likelihood level calculation of the long fault recovery time risk.

This paper shows the benefits of synchrophasor technology for islanding detection and resynchronization in the control room at Empresa de Transmisión Eléctrica Dominicana (ETED) in the Dominican Republic. EPG's Real Time Dynamics Monitoring System (RTDMS®) deployed at ETED was tested during operator training with the event data after an islanding event occurred on October 26, 2019, which caused the ETED System to split into two islands. RTDMS's islanding detection algorithm quickly detected and identified the event. The islanding situation was not clear for operators during the time of the event with the use of traditional SCADA tools. The use of synchophasor technology also provides valuable information for a quick and safe resynchronization. By monitoring the system frequency in each island and voltage angle differences between islands, operators can know the exact time of circuit breaker closure for a successful resynchronization. Synchrophasors allow the resynchronization in a relatively short time, avoiding the risk of additional load loss, generator outages or even a wider system blackout.

The Internet of Things (IoT) has enabled the rapid pace of the use of communication technology and infiltration of technical systems in a digital world. In terms of power systems generation and operation, a reliable solution for substation automation and smart grid communication is the IEC 61850 standard. It has a robust modelling structure for monitoring, protection, and control and management systems in substations and across the grid. Modern communication technologies are destined for internet use for remote monitoring, settings, and data recovery. However, the communication network is exposed to cyber threats and evident risks in security defense of automated power systems. To tackle these vulnerabilities, the IEC 62351 standard aims to improve security in handling the communication and data transfers in power system automation. This paper discusses the different security measures in communication, information and cyber security solutions in power systems. To further illustrate the novel communication and security schemes of digital substations, a case study using the Victoria University Zone Substation (VUZS) simulator for cybersecurity assessment has been instigated.

Inter-substation Generic Object Oriented Substation Events (GOOSE) communications that are used for critical protection functions have several cyber-security vulnerabilities. GOOSE messages are directly mapped to the Layer 2 Ethernet without network and transport layer headers that provide data encapsulation. The high-status-number attack is a malicious attack on GOOSE messages that allows hackers to completely take over intelligent electronic devices (IEDs) subscribing to GOOSE communications. The status-number parameter of GOOSE messages, stNum is tampered with in these attacks. Given the strict delivery time requirement of 3 ms for GOOSE messaging, it is infeasible to encrypt the GOOSE payload. This work proposes to secure the sensitive stNum parameter of the GOOSE payload using systematically encoded polynomial codes. Exploiting linear codes allows for the security features to be encoded in linear time, in contrast to complex hashing algorithms. At the subscribing IED, the security feature is used to verify that the stNum parameter has not been tampered with during transmission in the insecure medium. The decoding and verification using syndrome computation at the subscriber IED is also accomplished in linear time.

With the increasing application of Information and Communication Technologies (ICTs), cyberattacks have become more prevalent against Cyber-Physical Systems (CPSs) such as the modern power grids. Various methods have been proposed to model the cybersecurity threats, but so far limited studies have been focused on the defensive strategies subject to the limited security budget. In this paper, the power supply reliability is evaluated considering the strategic allocation of defense resources. Specifically, the optimal mixed strategies are formulated by the Stackelberg Security Game (SSG) to allocate the defense resources on multiple targets subject to cyberattacks. The cyberattacks against the intrusion-tolerant Supervisory Control and Data Acquisition (SCADA) system are mathematically modeled by Semi-Markov Process (SMP) kernel. The intrusion tolerance capability of the SCADA system provides buffered residence time before the substation failure to enhance the network robustness against cyberattacks. Case studies of the cyberattack scenarios are carried out to demonstrate the intrusion tolerance capability. Depending on the defense resource allocation scheme, the intrusion-tolerant SCADA system possesses varying degrees of self-healing capability to restore to the good state and prevent the substations from failure. If more defense resources are invested on the substations, the intrusion tolerant capability can be further enhanced for protecting the substations. Finally, the actuarial insurance principle is designed to estimate transmission companies' individual premiums considering correlated cybersecurity risks. The proposed insurance premium principle is designed to provide incentive for investments on enhancing the intrusion tolerance capability, which is verified by the results of case studies.

Though the deep penetration of cyber systems across the smart grid sub-domains enrich the operation of the wide-area protection, control, and smart grid applications, the stochastic nature of cyber-attacks by adversaries inflict their performance and the system operation. Various hardware-in-the-loop (HIL) cyber-physical system (CPS) testbeds have attempted to evaluate the cyberattack dynamics and power system perturbations for robust wide-area protection algorithms. However, physical resource constraints and modular integration designs have been significant barriers while modeling large-scale grid models (scalability) and have limited many of the CPS testbeds to either small-scale HIL environment or complete simulation environments. This paper proposes a meticulous design and efficient modeling of IEC-61850 logical nodes in physical relays to simulate large-scale grid models in a HIL real-time digital simulator environment integrated with industry-grade hardware and software systems for wide-area power system applications. The proposed meticulous design includes multi-breaker emulation in the physical relays, which extends the capacity of a physical relay to accommodate more number of CPS interfaces in the HIL CPS security testbed environment. We have used our existing HIL CPS security testbed to demonstrate scalability by the real-time performance of ten simultaneous IEEE-39 CPS grid models. The experiments demonstrated significant results by 100% real-time performance with zero overruns, and low latency while receiving and executing control signals from physical SEL relays via IEC-61850 and DNP-3 protocols to real-time digital simulator, substation remote terminal unit (RTU) software and supervisory control and data acquisition (SCADA) software at control center.

A Supervisory Control and Data Acquisition (SCADA) system used in controlling or monitoring purpose in industrial process automation system is the process of collecting data from instruments and sensors located at remote sites and transmitting data at a central site. Most of the existing works on SCADA system focused on simulation-based study which cannot always mimic the real world situations. We propose a novel methodology that analyzes SCADA logs on offline basis and helps to detect process-related threats. This threat takes place when an attacker performs malicious actions after gaining user access. We conduct our experiments on a real-life SCADA system of a Power transmission utility. Our proposed methodology will automate the analysis of SCADA logs and systemically identify undesired events. Moreover, it will help to analyse process-related threats caused by user activity. Several test study suggest that our approach is powerful in detecting undesired events that might caused by possible malicious occurrence.

Due to malicious eavesdropping, forgery as well as other risks, it is challenging to dispose and store collected power data from smart grid in secure manners. Blockchain technology has become a novel method to solve the above problems because of its de-centralization and tamper-proof characteristics. It is especially well known that data stored in blockchain cannot be changed, so it is vital to seek out perfect mechanisms to ensure that data are compliant with high quality (namely, accuracy of the power data) before being stored in blockchain. This will help avoid losses due to low-quality data modification or deletion as needed in smart grid. Thus, we apply the parallel vision theory on the identification of meter readings to realize accurate power data. A cloud-blockchain fusion model (CBFM) is proposed for the storage of accurate power data, allowing for secure conducting of flexible transactions. Only power data calculated by parallel visual system instead of image data collected originally via robot would be stored in blockchain. Hence, we define the quality assurance before data uploaded to blockchain and security guarantee after data stored in blockchain as a successive framework, which is a brand new solution to manage efficiency and security as a whole for power data and data alike in other scenes. Security analysis and performance evaluations are performed, which prove that CBFM is highly secure and efficient impressively.

Modern power systems today are protected and controlled increasingly by embedded systems of computing technologies with a great degree of collaboration enabled by communication. Energy cyber-physical systems such as power systems infrastructures are increasingly vulnerable to cyber-attacks on the protection and control layer. We present a method of securing protective relays from malicious change in protective relay settings via collaboration of devices. Each device checks the proposed setting changes of its neighboring devices for consistency and coordination with its own settings using setting rules based on relay coordination principles. The method is enabled via peer-to-peer communication between IEDs. It is validated in a cyber-physical test bed containing a real time digital simulator and actual relays that communicate via IEC 61850 GOOSE messages. Test results showed improvement in cyber physical security by using domain based rules to block malicious changes in protection settings caused by simulated cyber-attacks. The method promotes the use of defense systems that are aware of the physical systems which they are designed to secure.

This paper proposes new concepts for detecting and mitigating cyber attacks on substation automation systems by domain-based cyber-physical security solutions. The proposed methods form the basis of a distributed security domain layer that enables protection devices to collaboratively defend against cyber attacks at substations. The methods utilize protection coordination principles to cross check protection setting changes and can run real-time power system analysis to evaluate the impact of the control commands. The transient fault signature (TFS)-based cross-correlation coefficient algorithm has been proposed to detect the false sampled values data injection attack. The proposed functions were verified in a hardware-in-the-loop (HIL) simulation using commercial relays and a real-time digital simulator (RTDS). Various types of cyber intrusions are tested using this test bed to evaluate the consequences and impacts of cyber attacks to power grid as well as to validate the performance of the proposed research-grade cyber attack mitigation functions.

A detailed model of an attack on the power grid involves both a preparation stage as well as an execution stage of the attack. This paper introduces a novel Hybrid Attack Model (HAM) that combines Probabilistic Learning Attacker, Dynamic Defender (PLADD) model and a Markov Chain model to simulate the planning and execution stages of a bad data injection attack in power grid. We discuss the advantages and limitations of the prior work models and of our proposed Hybrid Attack Model and show that HAM is more effective compared to individual PLADD or Markov Chain models.

As key components of the power grid infrastructure, Supervisory Control and Data Acquisition (SCADA) systems are likely to be targeted by nation-state-level attackers willing to invest considerable resources to disrupt the power grid. We present Spire, the first intrusion-tolerant SCADA system that is resilient to both system-level compromises and sophisticated network-level attacks and compromises. We develop a novel architecture that distributes the SCADA system management across three or more active sites to ensure continuous availability in the presence of simultaneous intrusions and network attacks. A wide-area deployment of Spire, using two control centers and two data centers spanning 250 miles, delivered nearly 99.999% of all SCADA updates initiated over a 30-hour period within 100ms. This demonstrates that Spire can meet the latency requirements of SCADA for the power grid.