Biblio

This paper proposes new concepts for detecting and mitigating cyber attacks on substation automation systems by domain-based cyber-physical security solutions. The proposed methods form the basis of a distributed security domain layer that enables protection devices to collaboratively defend against cyber attacks at substations. The methods utilize protection coordination principles to cross check protection setting changes and can run real-time power system analysis to evaluate the impact of the control commands. The transient fault signature (TFS)-based cross-correlation coefficient algorithm has been proposed to detect the false sampled values data injection attack. The proposed functions were verified in a hardware-in-the-loop (HIL) simulation using commercial relays and a real-time digital simulator (RTDS). Various types of cyber intrusions are tested using this test bed to evaluate the consequences and impacts of cyber attacks to power grid as well as to validate the performance of the proposed research-grade cyber attack mitigation functions.

The dependability of Cyber Physical Systems (CPS) solely lies in the secure and reliable functionality of their backbone, the computing platform. Security of this platform is not only threatened by the vulnerabilities in the software peripherals, but also by the vulnerabilities in the hardware internals. Such threats can arise from malicious modifications to the integrated circuits (IC) based computing hardware, which can disable the system, leak information or produce malfunctions. Such modifications to computing hardware are made possible by the globalization of the IC industry, where a computing chip can be manufactured anywhere in the world. In the complex computing environment of CPS such modifications can be stealthier and undetectable. Under such circumstances, design of these malicious modifications, and eventually their detection, will be tied to the functionality and operation of the CPS. So it is imperative to address such threats by incorporating security awareness in the computing hardware design in a comprehensive manner taking the entire system into consideration. In this paper, we present a study in the influence of hardware Trojans on closed-loop systems, which form the basis of CPS, and establish threat models. Using these models, we perform a case study on a critical CPS application, gas pipeline based SCADA system. Through this process, we establish a completely virtual simulation platform along with a hardware-in-the-loop based simulation platform for implementation and testing.

With the tighter integration of power system and Information and Communication Technology (ICT), power grid is becoming a typical cyber physical system (CPS). It is important to analyze the impact of the cyber event on power system, so that it is necessary to build a co-simulation system for studying the interaction between power system and ICT. In this paper, a cyber physical power system (CPPS) co-simulation platform is proposed, which includes the hardware-in-the-loop (HIL) simulation function. By using flexible interface, various simulation software for power system and ICT can be interconnected into the platform to build co-simulation tools for various simulation purposes. To demonstrate it as a proof, one simulation framework for real life cyber-attack on power system control is introduced. In this case, the real life denial-of-service attack on a router in automatic voltage control (AVC) is simulated to demonstrate impact of cyber-attack on power system.

The rapid evolution of the power grid into a smart one calls for innovative and compelling means to experiment with the upcoming expansions, and analyze their behavioral response under normal circumstances and when targeted by attacks. Such analysis is fundamental to setting up solid foundations for the smart grid. Smart grid Hardware-In-the-Loop (HIL) co-simulation environments serve as a key approach to answer questions on the systems components, functionality, security concerns along with analysis of the system outcome and expected behavior. In this paper, we introduce a HIL co-simulation framework capable of simulating the smart grid actions and responses to attacks targeting its power and communication components. Our testbed is equipped with a real-time power grid simulator, and an associated OpenStack-based communication network. Through the utilized communication network, we can emulate a multitude of attacks targeting the power system, and evaluating the grid response to those attacks. Moreover, we present different illustrative cyber attacks use cases, and analyze the smart grid behavior in the presence of those attacks.

Power systems domain has generally been very conservative in terms of conducting digital forensic investigations, especially so since the advent of smart grids. This lack of research due to a multitude of challenges has resulted in absence of knowledge base and resources to facilitate such an investigation. Digitalization in the form of smart grids is upon us but in case of cyber-attacks, attribution to such attacks is challenging and difficult if not impossible. In this research, we have identified digital forensic artifacts resulting from a cyber-attack on Wide Area Monitoring, Protection and Control (WAMPAC) systems, which will help an investigator attribute an attack using the identified evidences. The research also shows the usage of sandboxing for digital forensics along with hardware-in-the-loop (HIL) setup. This is first of its kind effort to identify and acquire all the digital forensic evidences for WAMPAC systems which will ultimately help in building a body of knowledge and taxonomy for power system forensics.

This paper presents netsim, a combined software/hardware system for performing realtime realistic operation of autonomous underwater vehicles (AUVs) with acoustic modem telemetry in a virtual ocean environment. The design of the system is flexible to the choice of physical link hardware, allowing for the system to be tested against existing and new modems. Additionally, the virtual ocean channel simulator is designed to perform in real time by coupling less frequent asynchronous queries to high-fidelity models of the ocean environment and acoustic propagation with frequent pertubation-based updates for the exact position of the simulated AUVs. The results demonstrate the performance of this system using the WHOI Micro-Modem 2 hardware in the virtual ocean environment of the Arctic Beaufort Sea around 73 degrees latitude. The acoustic environment in this area has changed dramatically in recent years due to the changing climate.