Biblio

With the development of the interconnection of all things(IoT), a large number of mobile terminal devices with multiple users access the distribution network, and gradually form an open and interconnected network environment, which brings new challenges to the security and protection of the distribution network. In this paper, a method of analyzing the sensing data of the digital substation is proposed, which can prevent the abnormal data from causing the malfunction of the protective relays by calculating the creditability of the sensing data. Creditability calculation algorithm as well as the implementation of the intrusion tolerance strategy are studied throughout the paper. The simulation results show that the proposed creditability-based intrusion-tolerant(CIT) algorithm can ensure that the protective equipment have no protective malfunction from the false instructions or false data attacks, and the proposed intrusion tolerant algorithm has little affect on the real-time performance of the original protection algorithm, hence it has some practical value.

In recent years the use of security gateways (SG) located within the electrical grid distribution network has become pervasive. SGs in substations and renewable distributed energy resource aggregators (DERAs) protect power distribution control devices from cyber and cyber-physical attacks. When encrypted communications within a DER network is used, TCP/IP packet inspection is restricted to packet header behavioral analysis which in most cases only allows the SG to perform anomaly detection of blocks of time-series data (event windows). Packet header anomaly detection calculates the probability of the presence of a threat within an event window, but fails in such cases where the unreadable encrypted payload contains the attack content. The SG system log (syslog) is a time-series record of behavioral patterns of network users and processes accessing and transferring data through the SG network interfaces. Threatening behavioral pattern in the syslog are measurable using both anomaly detection and graph theory. In this paper it will be shown that it is possible to efficiently detect the presence of and classify a potential threat within an SG syslog using light-weight anomaly detection and graph theory.

In order to be more environmentally friendly, a lot of parts and aspects of life become electrified to reduce the usage of fossil fuels. This can be seen in the increased number of electrical vehicles in everyday life. This of course only makes a positive impact on the environment, if the electricity is produced environmentally friendly and comes from renewable sources. But when the green electrical power is produced, it still needs to be transported to where it's needed, which is not necessarily near the production site. In China, one of the ways to do this transport is to use High Voltage Direct Current (HVDC) technology. This of course means, that the current has to be converted to DC before being transported to the end user. That implies that the converter stations are of great importance for the grid security. Therefore, a precise monitoring of the stations is necessary. Ideally, this could be accomplished with wireless sensor nodes with an autarkic energy supply. A role in this energy supply could be played by a thermoelectrical generator (TEG). But to assess the power generated in the specific environment, a simulation would be highly desirable, to evaluate the power gained from the temperature difference in the converter station. This paper proposes a method to simulate the generated power by combining a model for the generator with a Computational Fluid Dynamics (CFD) model converter.

In this paper we report preliminary results from the novel coupling of cyber-physical emulation and interdiction optimization to better understand the impact of a CrashOverride malware attack on a notional electric system. We conduct cyber experiments where CrashOverride issues commands to remote terminal units (RTUs) that are controlling substations within a power control area. We identify worst-case loss of load outcomes with cyber interdiction optimization; the proposed approach is a bilevel formulation that incorporates RTU mappings to controllable loads, transmission lines, and generators in the upper-level (attacker model), and a DC optimal power flow (DCOPF) in the lower-level (defender model). Overall, our preliminary results indicate that the interdiction optimization can guide the design of experiments instead of performing a “full factorial” approach. Likewise, for systems where there are important dependencies between SCADA/ICS controls and power grid operations, the cyber-physical emulations should drive improved parameterization and surrogate models that are applied in scalable optimization techniques.

IEC 61850 is an international standard that is widely used in substation automation systems (SAS) in smart grids. During its development, security was not considered thus leaving SAS vulnerable to attacks from adversaries. IEC 62351 was developed to provide security recommendations for SAS against (distributed) denial-of-service, replay, alteration, spoofing and detection of devices attacks. However, real-time communications, which require protocols such as Generic Object-Oriented Substation Event (GOOSE) to function efficiently, cannot implement these recommendations due to latency constraints. There has been researching that sought to improve the security of GOOSE messages, however, some cannot be practically implemented due to hardware requirements while others are theoretical, even though latency requirements were met. This research investigates the possibility of encrypting GOOSE messages with One- Time Pads (OTP), leveraging the fact that encryption/decryption processes require the random generation of OTPs and modulo addition (XOR), which could be a realistic approach to secure GOOSE while maintaining latency requirements. Results show that GOOSE messages can be encrypted with some future work required.

In order to enhance the network security protection level of intelligent substation, this paper puts forward a model of intelligent substation network security defense system through the analysis of intelligent substation network security risk and protection demand, and using example proved the feasibility and effectiveness of the defense system. It is intelligent substation network security protection provides a new solution.

A successful Smart Grid system requires purpose-built security architecture which is explicitly designed to protect customer data confidentiality. In addition to the investment on electric power infrastructure for protecting the privacy of Smart Grid-related data, entities need to actively participate in the NIST interoperability framework process; establish policies and oversight structure for the enforcement of cyber security controls of the data through adoption of security best practices, personnel training, cyber vulnerability assessments, and consumer privacy audits.

Automatic optimal response systems are essential for preserving power system resilience and ensuring faster recovery from emergency under cyber compromise. Numerous research works have developed such response engine for cyber and physical system recovery separately. In this paper, we propose a novel cyber-physical decision support system, SCORE, that computes optimal actions considering pure and hybrid cyber-physical states, using Markov Decision Process (MDP). Such an automatic decision making engine can assist power system operators and network administrators to make a faster response to prevent cascading failures and attack escalation respectively. The hybrid nature of the engine makes the reward and state transition model of the MDP unique. Value iteration and policy iteration techniques are used to compute the optimal actions. Tests are performed on three and five substation power systems to recover from attacks that compromise relays to cause transmission line overflow. The paper also analyses the impact of reward and state transition model on computation. Corresponding results verify the efficacy of the proposed engine.

In order to improve the information security level of intelligent substation, this paper proposes an intelligent substation information security assessment tool through the research and analysis of intelligent substation information security risk and information security assessment method, and proves that the tool can effectively detect it. It is of great significance to carry out research on industrial control systems, especially intelligent substation information security.

Controllers of security-critical cyber-physical systems, like the power grid, are a very important class of computer systems. Attacks against the control code of a power-grid system, especially zero-day attacks, can be catastrophic. Earlier detection of the anomalies can prevent further damage. However, detecting zero-day attacks is extremely challenging because they have no known code and have unknown behavior. Furthermore, if data collected from the controller is transferred to a server through networks for analysis and detection of anomalous behavior, this creates a very large attack surface and also delays detection. In order to address this problem, we propose Reconstruction Error Distribution (RED) of Hardware Performance Counters (HPCs), and a data-driven defense system based on it. Specifically, we first train a temporal deep learning model, using only normal HPC readings from legitimate processes that run daily in these power-grid systems, to model the normal behavior of the power-grid controller. Then, we run this model using real-time data from commonly available HPCs. We use the proposed RED to enhance the temporal deep learning detection of anomalous behavior, by estimating distribution deviations from the normal behavior with an effective statistical test. Experimental results on a real power-grid controller show that we can detect anomalous behavior with high accuracy (\textbackslashtextgreater99.9%), nearly zero false positives and short (\textbackslashtextless; 360ms) latency.

IEC61850 and IEC62351 combined provide a set of security promises for the communications channels that are used to run a substation automation system (SAS), that use IEC61850 based technologies. However, one area that is largely untouched by these security promises is the generic object oriented substation events (GOOSE) messaging service. GOOSE is designed to multicast commands and data across a substation within hard real time quality of service (QoS) requirements. This means that GOOSE is unable to implement the required security technologies as the added latency to any message would violate the QoS.

To ensure reliable and predictable service in the electrical grid it is important to gauge the level of trust present within critical components and substations. Although trust throughout a smart grid is temporal and dynamically varies according to measured states, it is possible to accurately formulate communications and service level strategies based on such trust measurements. Utilizing an effective set of machine learning and statistical methods, it is shown that establishment of trust levels between substations using behavioral pattern analysis is possible. It is also shown that the establishment of such trust can facilitate simple secure communications routing between substations.

Power systems domain has generally been very conservative in terms of conducting digital forensic investigations, especially so since the advent of smart grids. This lack of research due to a multitude of challenges has resulted in absence of knowledge base and resources to facilitate such an investigation. Digitalization in the form of smart grids is upon us but in case of cyber-attacks, attribution to such attacks is challenging and difficult if not impossible. In this research, we have identified digital forensic artifacts resulting from a cyber-attack on Wide Area Monitoring, Protection and Control (WAMPAC) systems, which will help an investigator attribute an attack using the identified evidences. The research also shows the usage of sandboxing for digital forensics along with hardware-in-the-loop (HIL) setup. This is first of its kind effort to identify and acquire all the digital forensic evidences for WAMPAC systems which will ultimately help in building a body of knowledge and taxonomy for power system forensics.

Reliable operation of power systems is a primary challenge for the system operators. With the advancement in technology and grid automation, power systems are becoming more vulnerable to cyber-attacks. The main goal of adversaries is to take advantage of these vulnerabilities and destabilize the system. This paper describes a game-theoretic approach to attacker / defender modeling in power systems. In our models, the attacker can strategically identify the subset of substations that maximize damage when compromised. However, the defender can identify the critical subset of substations to protect in order to minimize the damage when an attacker launches a cyber-attack. The algorithms for these models are applied to the standard IEEE-14, 39, and 57 bus examples to identify the critical set of substations given an attacker and a defender budget.

Smart Grid cybersecurity is one of the key ingredients for successful and wide scale adaptation of the Smart Grid by utilities and governments around the world. The implementation of the Smart Grid relies mainly on the highly distributed sensing and communication functionalities of its components such as Wireless Sensor Networks (WSNs), Phasor Measurement Units (PMUs) and other protection devices. This distributed nature and the high number of connected devices are the main challenges for implementing cybersecurity in the smart grid. As an example, the North American Electric Reliability Corporation (NERC) issued the Critical Infrastructure Protection (CIP) standards (CIP-002 through CIP-009) to define cybersecurity requirements for critical power grid infrastructure. However, NERC CIP standards do not specify cybersecurity for different communication technologies such as WSNs, fiber networks and other network types. Implementing security mechanisms in WSNs is a challenging task due to the limited resources of the sensor devices. WSN security mechanisms should not only focus on reducing the power consumption of the sensor devices, but they should also maintain high reliability and throughput needed by Smart Grid applications. In this paper, we present a WSN cybersecurity mechanism suitable for smart grid monitoring application. Our mechanism can detect and isolate various attacks in a smart grid environment, such as denial of sleep, forge and replay attacks in an energy efficient way. Simulation results show that our mechanism can outperform existing techniques while meeting the NERC CIP requirements.

Trustworthy and safe operation of the power grid critical infrastructures relies on secure execution of low-level substation controller devices such as programmable logic controllers (PLCs). Currently, there are very few security protection solutions deployed on these devices to ensure provenance control: to execute controller code on the device that is developed by trusted parties and complies with safety/security policies that are defined by the code developer as well as the power grid operators. Resource-limited PLC controllers have been becoming increasingly popular among not only legitimate system operators, but also malicious adversaries such as the most recent Stuxnet and BlackEnergy malware that caused various damages such as unauthorized infrastructural safety and integrity violations. We present PLCtrust, a domain-specific solution that deploys virtual micro security-perimeters, so-called capsules, and the corresponding device-level runtime power system-safety policy enforcement dynamically. PLCtrust makes use of data taint analysis to monitor and control data flow among the capsules based on data owner-defined policies. PLCtrust provides the operators with a transparent and lightweight solution to address various safety-critical data protection requirements. PLCtrust also provides the legitimate third-party controller code developers with a taint-aware programming interface to develop applications in compliance with the dynamic power system safety/security policies. Our experimental results on real-world settings show that PLCtrust is transparent to the end-users while ensuring the power grid safety maintenance with minimal performance overhead.

Cyber security is a crucial factor for modern power system as many applications are heavily relied on the result of state estimation. Therefore, it is necessary to assess and enhance cyber security for new applications in power system. As an emerging technology, smart grid topology control has been investigated in stability and reliability perspectives while the associated cyber security issue is not studied before. In successful false data injection attack (FDIA) against AC state estimation, attacker could alter online stability check result by decreasing real power flow measurement on the switching target line to undermine physical system stability in topology control. The physical impact of FDIA on system control operation and stability are illustrated. The vulnerability is discussed on perfect FDIA and imperfect FDIA against residue based bad data detection and corresponding countermeasure is proposed to secure critical substations in the system. The vulnerability and countermeasure are demonstrated on IEEE 24 bus reliability test system (RTS).

This paper presents a new approach for a dynamic curtailment method for renewable energy sources that guarantees fulfilling of (n-1)-security criteria of the system. Therefore, it is applicable to high voltage distribution grids and has compliance to their planning guidelines. The proposed dynamic curtailment method specifically reduces the power feed-in of renewable energy sources up to a level, where no thermal constraint is exceeded in the (n-1)-state of the system. Based on AC distribution factors, a new formulation of line outage distribution factors is presented that is applicable for outages consisting of a single line or multiple segment lines. The proposed method is tested using a planning study of a real German high voltage distribution grid. The results show that any thermal loading limits are exceeded by using the dynamic curtailment approach. Therefore, a significant reduction of the grid reinforcement can be achieved by using a small amount of curtailed annual energy from renewable energy sources.

Situational awareness during sophisticated cyber attacks on the power grid is critical for the system operator to perform suitable attack response and recovery functions to ensure grid reliability. The overall theme of this paper is to identify existing practical issues and challenges that utilities face while monitoring substations, and to suggest potential approaches to enhance the situational awareness for the grid operators. In this paper, we provide a broad discussion about the various gaps that exist in the utility industry today in monitoring substations, and how those gaps could be addressed by identifying the various data sources and monitoring tools to improve situational awareness. The paper also briefly describes the advantages of contextualizing and correlating substation monitoring alerts using expert systems at the control center to obtain a holistic systems-level view of potentially malicious cyber activity at the substations before they cause impacts to grid operation.

This paper will suggest a robust method for a network layer Moving Target Defense (MTD) using symmetric packet scheduling rules. The MTD is implemented and tested on a Supervisory Control and Data Acquisition (SCADA) network testbed. This method is shown to be efficient while providing security benefits to the issues faced by the static nature of SCADA networks. The proposed method is an automated tool that may provide defense in depth when be used in conjunction with other MTDs and traditional security devices.

This paper introduces combined data integrity and availability attacks to expand the attack scenarios against power system state estimation. The goal of the adversary, who uses the combined attack, is to perturb the state estimates while remaining hidden from the observer. We propose security metrics that quantify vulnerability of power grids to combined data attacks under single and multi-path routing communication models. In order to evaluate the proposed security metrics, we formulate them as mixed integer linear programming (MILP) problems. The relation between the security metrics of combined data attacks and pure data integrity attacks is analyzed, based on which we show that, when data availability and data integrity attacks have the same cost, the two metrics coincide. When data availability attacks have a lower cost than data integrity attacks, we show that a combined data attack could be executed with less attack resources compared to pure data integrity attacks. Furthermore, it is shown that combined data attacks would bypass integrity-focused mitigation schemes. These conclusions are supported by the results obtained on a power system model with and without a communication model with single or multi-path routing.

Exhaustive enumeration of a S-select-k problem for hypothesized substations outages can be practically infeasible due to exponential growth of combinations as both S and k numbers increase. This enumeration of worst-case substations scenarios from the large set, however, can be improved based on the initial selection sets with the root nodes and segments. In this paper, the previous work of the reverse pyramid model (RPM) is enhanced with prioritization of root nodes and defined segmentations of substation list based on mean-time-to-compromise (MTTC) value that is associated with each substation. Root nodes are selected based on the threshold values of the substation ranking on MTTC values and are segmented accordingly from the root node set. Each segmentation is then being enumerated with S-select-k module to identify worst-case scenarios. The lowest threshold value on the list, e.g., a substation with no assignment of MTTC or extremely low number, is completely eliminated. Simulation shows that this approach demonstrates similar outcome of the risk indices among all randomly generated MTTC of the IEEE 30-bus system.

The communication infrastructure is a key element for management and control of the power system in the smart grid. The communication infrastructure, which can include equipment using off-the-shelf vulnerable operating systems, has the potential to increase the attack surface of the power system. The interdependency between the communication and the power system renders the management of the overall security risk a challenging task. In this paper, we address this issue by presenting a mathematical model for identifying and hardening the most critical communication equipment used in the power system. Using non-cooperative game theory, we model interactions between an attacker and a defender. We derive the minimum defense resources required and the optimal strategy of the defender that minimizes the risk on the power system. Finally, we evaluate the correctness and the efficiency of our model via a case study.

The Polish Power System is becoming increasingly more dependent on Information and Communication Technologies which results in its exposure to cyberattacks, including the evolved and highly sophisticated threats such as Advanced Persistent Threats or Distributed Denial of Service attacks. The most exposed components are SCADA systems in substations and Distributed Control Systems in power plants. When addressing this situation the usual cyber security technologies are prerequisite, but not sufficient. With the rapidly evolving cyber threat landscape the use of partnerships and information sharing has become critical. However due to several anonymity concerns the relevant stakeholders may become reluctant to exchange sensitive information about security incidents. In the paper a multi-agent architecture is presented for the Polish Power System which addresses the anonymity concerns.

Nowadays is increasingly used process bus for communication of equipments in substations. In addition to signaling various statuses of device using GOOSE messages it is possible to transmit measured values, which can be used for diagnostic of system or other advanced functions. Transmission of such values via Ethernet is well defined in protocol IEC 61850-9-2. Paper introduces a tool designed for verification of sampled values generated by various devices using this protocol.