Biblio

Similar to any spoof detection systems, power grid monitoring systems and devices are subject to various cyberattacks by determined and well-funded adversaries. Many well-publicized real-world cyberattacks on power grid systems have been publicly reported. Phasor Measurement Units (PMUs) networks with Phasor Data Concentrators (PDCs) are the main building blocks of the overall wide area monitoring and situational awareness systems in the power grid. The data between PMUs and PDC(s) are sent through the legacy networks, which are subject to many attack scenarios under with no, or inadequate, countermeasures in protocols, such as IEEE 37.118-2. In this paper, we consider a stealthier data spoofing attack against PMU networks, called a mirroring attack, where an adversary basically injects a copy of a set of packets in reverse order immediately following their original positions, wiping out the correct values. To the best of our knowledge, for the first time in the literature, we consider a more challenging attack both in terms of the strategy and the lower percentage of spoofed attacks. As part of our countermeasure detection scheme, we make use of novel framing approach to make application of a 2D Convolutional Neural Network (CNN)-based approach which avoids the computational overhead of the classical sample-based classification algorithms. Our experimental evaluation results show promising results in terms of both high accuracy and true positive rates even under the aforementioned stealthy adversarial attack scenarios.

Phasor measurement units (PMUs) are used in power grids across North America to measure the amplitude, phase, and frequency of an alternating voltage or current. PMU's use the IEEE C37.118 protocol to send telemetry to phasor data collectors (PDC) and human machine interface (HMI) workstations in a control center. However, the C37.118 protocol utilizes the internet protocol stack without any authentication mechanism. This means that the protocol is vulnerable to false data injection (FDI) and false command injection (FCI). In order to study different scenarios in which C37.118 protocol's integrity and confidentiality can be compromised, we created a testbed that emulates a C37.118 communication network. In this testbed we conduct FCI and FDI attacks on real-time C37.118 data packets using a packet manipulation tool called Scapy. Using this platform, we generated C37.118 FCI and FDI datasets which are processed by multi-label machine learning classifier algorithms, such as Decision Tree (DT), k-Nearest Neighbor (kNN), and Naive Bayes (NB), to find out how effective machine learning can be at detecting such attacks. Our results show that the DT classifier had the best precision and recall rate.

State estimation is the core operation performed within the energy management system (EMS) of smart grid. Hence, the reliability and integrity of a smart grid relies heavily on the performance of sensor measurement dependent state estimation process. The increasing penetration of cyber control into the smart grid operations has raised severe concern for executing a secured state estimation process. The limitation with regard to monitoring large number of sensors allows an intruder to manipulate sensor information, as one of the soft targets for disrupting power system operations. Phasor measurement unit (PMU) can be adopted as an alternative to immunize the state estimation from corrupted conventional sensor measurements. However, the high installation cost of PMUs restricts its installation throughout the network. In this paper a graphical approach is proposed to identify minimum PMU placement locations, so as to detect any intrusion of malicious activity within the smart grid. The high speed synchronized PMU information ensures processing of secured set of sensor measurements to the control center. The results of PMU information based linear state estimation is compared with the conventional non-linear state estimation to detect any attack within the system. The effectiveness of the proposed scheme has been validated on IEEE 14 bus test system.

Hardware counters are included in processors to count microarchitecture level events affecting performance. When control flow anomalies caused by attacks such as buffer overflow or return oriented programming (ROP) occur, they leave a microarchitectural footprint. Hardware counters reflect such footprints to flag control flow anomalies. This paper is geared towards buffer overflow and ROP control flow anomaly detection in embedded programs. The targeted program entities are main event loops and task/event handlers. Embedded systems also have enhanced need for variable anomaly detection time in order to meet the system response time requirements. We propose a novel repurposing of Patt-Yeh two level branch predictor data structure for abstracting/hashing HW counter signatures to support such variable anomaly detection times. The proposed anomaly detection mechanism is evaluated on some generic benchmark programs and ArduPilot - a popular autopilot software. Experimental evaluation encompasses both Intel X86 and ARM Cortex M processors. DWT within Cortex M provides sufficiently interesting program level event counts to capture these control flow anomalies. We are able to achieve 97-99%+ accuracy with 1-10 micro-second time overhead per anomaly check.

Carefully constructed cyber-attacks directly influence the data integrity and the operational functionality of the smart energy grid. In this paper, we have explored the data integrity attack behaviour in a wide-area sensor-enabled IIoT-SCADA system. We have demonstrated that an intelligent cyber-attacker can inject false information through the sensor devices that may remain stealthy in the traditional detection module and corrupt estimated system states at the utility control centres. Next, to protect the operation, we defined a set of critical measurements that need to be protected for the resilient operation of the grid. Finally, we placed the measurement units using an optimal allocation strategy by ensuring that a limited number of nodes are protected against the attack while the system observability is satisfied. Under such scenarios, a wide range of experiments has been conducted to evaluate the performance considering IEEE 14-bus, 24 bus-reliability test system, 85-bus, 141-bus and 145-bus test systems. Results show that by ensuring the protection of around 25% of the total nodes, the IIoT-SCADA enabled energy grid can be protected against injection attacks while observability of the network is well-maintained.

In the United States, the number of Phasor Measurement Units (PMU) will increase from 166 networked devices in 2010 to 1043 in 2014. According to the Department of Energy, they are being installed in order to “evaluate and visualize reliability margin (which describes how close the system is to the edge of its stability boundary).” However, there is still a lot of debate in academia and industry around the usefulness of phase angles as unambiguous predictors of dynamic stability. In this paper, using 4-year of actual data from Hydro-Québec EMS, it is shown that phase angles enable satisfactory predictions of power transfer and dynamic security margins across critical interface using random forest models, with both explanation level and R-squares accuracy exceeding 99%. A generalized linear model (GLM) is next implemented to predict phase angles from day-ahead to hour-ahead time frames, using historical phase angles values and load forecast. Combining GLM based angles forecast with random forest mapping of phase angles to power transfers result in a new data-driven approach for dynamic security monitoring.
 

Optimizing memory access is critical for performance and power efficiency. CPU manufacturers have developed sampling-based performance measurement units (PMUs) that report precise costs of memory accesses at specific addresses. However, this data is too low-level to be meaningfully interpreted and contains an excessive amount of irrelevant or uninteresting information. We have developed a method to gather fine-grained memory access performance data for specific data objects and regions of code with low overhead and attribute semantic information to the sampled memory accesses. This information provides the context necessary to more effectively interpret the data. We have developed a tool that performs this sampling and attribution and used the tool to discover and diagnose performance problems in real-world applications. Our techniques provide useful insight into the memory behaviour of applications and allow programmers to understand the performance ramifications of key design decisions: domain decomposition, multi-threading, and data motion within distributed memory systems.
 

The Department of Energy seeks to modernize the U.S. electric grid through the SmartGrid initiative, which includes the use of Global Positioning System (GPS)-timing dependent electric phasor measurement units (PMUs) for continual monitoring and automated controls. The U.S. Department of Homeland Security is concerned with the associated risks of increased utilization of GPS timing in the electricity subsector, which could in turn affect a large number of electricity-dependent Critical Infrastructure (CI) sectors. Exploiting the vulnerabilities of GPS systems in the electricity subsector can result to large-scale and costly blackouts. This paper seeks to analyze the risks of increased dependence of GPS into the electric grid through the introduction of PMUs and provides a systems engineering perspective to the GPS-dependent System of Systems (S-o-S) created by the SmartGrid initiative. The team started by defining and modeling the S-o-S followed by usage of a risk analysis methodology to identify and measure risks and evaluate solutions to mitigating the effects of the risks. The team expects that the designs and models resulting from the study will prove useful in terms of determining both current and future risks to GPS-dependent CIs sectors along with the appropriate countermeasures as the United States moves towards a SmartGrid system.

The addition of synchrophasors such as phasor measurement units (PMUs) to the existing power grid will enhance real-time monitoring and analysis of the grid. The PMU collects bus voltage, line current, and frequency measurements and uses the communication network to send the measurements to the respective substation(s)/control center(s). Since this approach relies on network infrastructure, possible cyber security vulnerabilities have to be addressed to ensure that is stable, secure, and reliable. In this paper, security vulnerabilities associated with a synchrophasor network in a benchmark IEEE 68 bus (New England/New York) power system model are examined. Currently known feasible attacks are demonstrated. Recommended testing and verification methods are also presented.