Biblio

Real-time supervisory control and data acquisition (SCADA) systems use remote terminal units (RTUs) to monitor and manage the flow of power at electrical substations. As their connectivity to different utility and private networks increases, RTUs are becoming more vulnerable to cyber-attacks. Some attacks seek to access RTUs to directly control power system devices with the intent to shed load or cause equipment damage. Other attacks (such as denial-of-service) target network availability and seek to block, delay, or corrupt communications between the RTU and the control center. In the most severe case, when communications are entirely blocked, the loss of an RTU can cause the power system to become unobservable. It is important to understand how losing an RTU impacts the system state (bus voltage magnitudes and angles). The system state is determined by the state estimator and serves as the input to other critical EMS applications. There is currently no systematic approach for assessing the cyber-physical impact of losing RTUs. This paper proposes a methodology for N-1 RTU cyber-physical security assessment that could benefit power system control and operation. We demonstrate our approach on the IEEE 14-bus system as well as on a synthetic 200-bus system.

The Supervisory Control and Data Acquisition (SCADA) system is the most commonly used industrial control system but is subject to a wide range of serious threats. Intrusion detection systems are deployed to promote the security of SCADA systems, but they continuously generate tremendous number of alerts without further comprehending them. There is a need for an efficient system to correlate alerts and discover attack strategies to provide explainable situational awareness to SCADA operators. In this paper, we present a causal-polytree-based anomaly reasoning framework for SCADA networks, named CAPTAR. CAPTAR takes the meta-alerts from our previous anomaly detection framework EDMAND, correlates the them using a naive Bayes classifier, and matches them to predefined causal polytrees. Utilizing Bayesian inference on the causal polytrees, CAPTAR can produces a high-level view of the security state of the protected SCADA network. Experiments on a prototype of CAPTAR proves its anomaly reasoning ability and its capabilities of satisfying the real-time reasoning requirement.

Supervisory control and data acquisition system is an important part of the country's critical infrastructure, but its inherent network characteristics are vulnerable to attack by intruders. The vulnerability of supervisory control and data acquisition system was analyzed, combining common attacks such as information scanning, response injection, command injection and denial of service in industrial control systems, and proposed an intrusion detection model based on graphical features. The time series of message transmission were visualized, extracting the vertex coordinates and various graphic area features to constitute a new data set, and obtained classification model of intrusion detection through training. An intrusion detection experiment environment was built using tools such as MATLAB and power protocol testers. IEC 60870-5-104 protocol which is widely used in power systems had been taken as an example. The results of tests have good effectiveness.

Traditionally, utility crews have used faulted circuit indicators (FCIs) to locate faulted line sections. FCIs monitor current and provide a local visual indication of recent fault activity. When a fault occurs, the FCIs operate, triggering a visual indication that is either a mechanical target (flag) or LED. There are also enhanced FCIs with communications capability, providing fault status to the outage management system (OMS) or supervisory control and data acquisition (SCADA) system. Such quickly communicated information results in faster service restoration and reduced outage times. For distribution system protection, protection devices (such as recloser controls) must coordinate with downstream devices (such as fuses or other recloser controls) to clear faults. Furthermore, if there are laterals on a feeder that are protected by a recloser control, it is desirable to communicate to the recloser control which lateral had the fault in order to enhance tripping schemes. Because line sensors are typically placed along distribution feeders, they are capable of sensing fault status and characteristics closer to the fault. If such information can be communicated quickly to upstream protection devices, at protection speeds, the protection devices can use this information to securely speed up distribution protection scheme operation. With recent advances in low-power electronics, wireless communications, and small-footprint sensor transducers, wireless line sensors can now provide fault information to the protection devices with low latencies that support protection speeds. This paper describes the components of a wireless protection sensor (WPS) system, its integration with protection devices, and how the fault information can be transmitted to such devices. Additionally, this paper discusses how the protection devices use this received fault information to securely speed up the operation speed of and improve the selectivity of distribution protection schemes, in add- tion to locating faulted line sections.

Critical Infrastructure represents the basic facilities, services and installations necessary for functioning of a community, such as water, power lines, transportation, or communication systems. Any act or practice that causes a real-time Critical Infrastructure System to impair its normal function and performance will have debilitating impact on security and economy, with direct implication on the society. SCADA (Supervisory Control and Data Acquisition) system is a control system which is widely used in Critical Infrastructure System to monitor and control industrial processes autonomously. As SCADA architecture relies on computers, networks, applications and programmable controllers, it is more vulnerable to security threats/attacks. Traditional SCADA communication protocols such as IEC 60870, DNP3, IEC 61850, or Modbus did not provide any security services. Newer standards such as IEC 62351 and AGA-12 offer security features to handle the attacks on SCADA system. However there are performance issues with the cryptographic solutions of these specifications when applied to SCADA systems. This research is aimed at improving the performance of SCADA security standards by employing NTRU, a faster and light-weight NTRU public key algorithm for providing end-to-end security.

As information and communication networks are highly interconnected with the power grid, cyber security of the supervisory control and data acquisition (SCADA) system has become a critical issue in the power system. By intruding into the SCADA system via the remote access points, the attackers are able to eavesdrop critical data and reconfigure devices to trip the system breakers. The cyber attacks are able to impact the reliability of the power system through the SCADA system. In this paper, six cyber attack scenarios in the SCADA system are considered. A Bayesian attack graph model is used to evaluate the probabilities of successful cyber attacks on the SCADA system, which will result in breaker trips. A forced outage rate (FOR) model is proposed considering the frequencies of successful attacks on the generators and transmission lines. With increased FOR values resulted from the cyber attacks, the loss of load probabilities (LOLP) in reliability test system 79 (RTS79) are estimated. The results of the simulations demonstrate that the power system becomes less reliable as the frequency of successful attacks increases.