Biblio

Traditional security measures for large-scale critical infrastructure systems have focused on keeping adversaries out of the system. As the Internet of Things (IoT) extends into millions of homes, with tens or hundreds of devices each, the threat landscape is complicated. IoT devices have unknown access capabilities with unknown reach into other systems. This paper presents ongoing work on how techniques in sensor verification and cyber-physical modeling and analysis on bulk power systems can be applied to identify malevolent IoT devices and secure smart and connected communities against the most impactful threats.

To improve the resilience of state estimation strategy against cyber attacks, the Compressive Sensing (CS) is applied in reconstruction of incomplete measurements for cyber physical systems. First, observability analysis is used to decide the time to run the reconstruction and the damage level from attacks. In particular, the dictionary learning is proposed to form the over-completed dictionary by K-Singular Value Decomposition (K-SVD). Besides, due to the irregularity of incomplete measurements, sampling matrix is designed as the measurement matrix. Finally, the simulation experiments on 6-bus power system illustrate that the proposed method achieves the incomplete measurements reconstruction perfectly, which is better than the joint dictionary. When only 29% available measurements are left, the proposed method has generality for four kinds of recovery algorithms.

In this study, it is proposed to carry out an efficient formulation in order to figure out the stochastic security-constrained generation capacity expansion planning (SC-GCEP) problem. The main idea is related to directly compute the line outage distribution factors (LODF) which could be applied to model the N - m post-contingency analysis. In addition, the post-contingency power flows are modeled based on the LODF and the partial transmission distribution factors (PTDF). The post-contingency constraints have been reformulated using linear distribution factors (PTDF and LODF) so that both the pre- and post-contingency constraints are modeled simultaneously in the SC-GCEP problem using these factors. In the stochastic formulation, the load uncertainty is incorporated employing a two-stage multi-period framework, and a K - means clustering technique is implemented to decrease the number of load scenarios. The main advantage of this methodology is the feasibility to quickly compute the post-contingency factors especially with multiple-line outages (N - m). This concept would improve the security-constraint analysis modeling quickly the outage of m transmission lines in the stochastic SC-GCEP problem. It is carried out several experiments using two electrical power systems in order to validate the performance of the proposed formulation.

The factors that threaten electric power information network are analyzed. Aiming at the weakness of being unable to provide numerical value of risk, this paper presents the evaluation index system, the evaluation model and method of network security based on multilevel fuzzy comprehensive judgment. The steps and method of security evaluation by the synthesis evaluation model are provided. The results show that this method is effective to evaluate the risk of electric power information network.

Network motifs are often called the building blocks of networks. Analysis of motifs is found to be an indispensable tool for understanding local network structure, in contrast to measures based on node degree distribution and its functions that primarily address a global network topology. As a result, networks that are similar in terms of global topological properties may differ noticeably at a local level. In the context of power grids, this phenomenon of the impact of local structure has been recently documented in fragility analysis and power system classification. At the same time, most studies of power system networks still tend to focus on global topo-logical measures of power grids, often failing to unveil hidden mechanisms behind vulnerability of real power systems and their dynamic response to malfunctions. In this paper a pilot study of motif-based analysis of power grid robustness under various types of intentional attacks is presented, with the goal of shedding light on local dynamics and vulnerability of power systems.

This paper is concerned about the security vulnerabilities in the implementation of the Congestion Revenue Rights (CRR) markets. Such problems may be due to the weakly detectable network model parameter errors which are commonly found in power systems. CRRs are financial tools for hedging the risk of congestion charges in power markets. The reimbursements received by CRR holders are determined by the congestion patterns and Locational Marginal Prices (LMPs) in the day-ahead markets, which heavily rely on the parameters in the network model. It is recently shown that detection of errors in certain network model parameters may be very difficult. This paper's primary goal is to illustrate the lack of market security due to such vulnerabilities, i.e. CRR market calculations can be manipulated by injecting parameter errors which are not likely to be detected. A case study using the IEEE 14-bus system will illustrate the feasibility of such undetectable manipulations. Several suggestions for preventing such cyber security issues are provided at the end of the paper.

Traditional information Security Risk Assessment algorithms are mainly used for evaluating small scale of information system, not suitable for massive information systems in Energy Internet. To solve the problem, this paper proposes an Information Security Risk Algorithm based on Dynamic Risk Propagation (ISRADRP). ISRADRP firstly divides information systems in the Energy Internet into different partitions according to their logical network location. Then, ISRADRP computes each partition's risk value without considering threat propagation effect via RM algorithm. Furthermore, ISRADRP calculates inside and outside propagation risk value for each partition according to Dependency Structure Matrix. Finally, the security bottleneck of systems will be identified and the overall risk value of information system will be obtained.

Traditional information Security Risk Assessment algorithms are mainly used for evaluating small scale of information system, not suitable for massive information systems in Energy Internet. To solve the problem, this paper proposes an Information Security Risk Algorithm based on Dynamic Risk Propagation (ISRADRP). ISRADRP firstly divides information systems in the Energy Internet into different partitions according to their logical network location. Then, ISRADRP computes each partition's risk value without considering threat propagation effect via RM algorithm. Furthermore, ISRADRP calculates inside and outside propagation risk value for each partition according to Dependency Structure Matrix. Finally, the security bottleneck of systems will be identified and the overall risk value of information system will be obtained.

Graphics processing unit (GPU) has been applied successfully in many scientific computing realms due to its superior performances on float-pointing calculation and memory bandwidth, and has great potential in power system applications. The N-1 static security analysis (SSA) appears to be a candidate application in which massive alternating current power flow (ACPF) problems need to be solved. However, when applying existing GPU-accelerated algorithms to solve N-1 SSA problem, the degree of parallelism is limited because existing researches have been devoted to accelerating the solution of a single ACPF. This paper therefore proposes a GPU-accelerated solution that creates an additional layer of parallelism among batch ACPFs and consequently achieves a much higher level of overall parallelism. First, this paper establishes two basic principles for determining well-designed GPU algorithms, through which the limitation of GPU-accelerated sequential-ACPF solution is demonstrated. Next, being the first of its kind, this paper proposes a novel GPU-accelerated batch-QR solver, which packages massive number of QR tasks to formulate a new larger-scale problem and then achieves higher level of parallelism and better coalesced memory accesses. To further improve the efficiency of solving SSA, a GPU-accelerated batch-Jacobian-Matrix generating and contingency screening is developed and carefully optimized. Lastly, the complete process of the proposed GPU-accelerated batch-ACPF solution for SSA is presented. Case studies on an 8503-bus system show dramatic computation time reduction is achieved compared with all reported existing GPU-accelerated methods. In comparison to UMFPACK-library-based single-CPU counterpart using Intel Xeon E5-2620, the proposed GPU-accelerated SSA framework using NVIDIA K20C achieves up to 57.6 times speedup. It can even achieve four times speedup when compared to one of the fastest multi-core CPU parallel computing solution using KLU library. The prop- sed batch-solving method is practically very promising and lays a critical foundation for many other power system applications that need to deal with massive subtasks, such as Monte-Carlo simulation and probabilistic power flow.

The modern electric power grid is a complex cyber-physical system whose reliable operation is enabled by a wide-area monitoring and control infrastructure. Recent events have shown that vulnerabilities in this infrastructure may be exploited to manipulate the data being exchanged. Such a scenario could cause the associated control applications to mis-operate, potentially causing system-wide instabilities. There is a growing emphasis on looking beyond traditional cybersecurity solutions to mitigate such threats. In this paper we perform a testbed-based validation of one such solution - Attack Resilient Control (ARC) - on Iowa State University's PowerCyber testbed. ARC is a cyber-physical security solution that combines domain-specific anomaly detection and model-based mitigation to detect stealthy attacks on Automatic Generation Control (AGC). In this paper, we first describe the implementation architecture of the experiment on the testbed. Next, we demonstrate the capability of stealthy attack templates to cause forced under-frequency load shedding in a 3-area test system. We then validate the performance of ARC by measuring its ability to detect and mitigate these attacks. Our results reveal that ARC is efficient in detecting stealthy attacks and enables AGC to maintain system operating frequency close to its nominal value during an attack. Our studies also highlight the importance of testbed-based experimentation for evaluating the performance of cyber-physical security and control applications.

In order to ensure the security of electric power supervisory control and data acquisition (SCADA) system, this paper proposes a dynamic awareness security protection model based on security policy, the design idea of which regards safety construction protection as a dynamic analysis process and the security policy should adapt to the network dynamics. According to the current situation of the power SCADA system, the related security technology and the investigation results of system security threat, the paper analyzes the security requirements and puts forward the construction ideas of security protection based on policy protection detection response (P2DR) policy model. The dynamic awareness security protection model proposed in this paper is an effective and useful tool for protecting the security of power-SCADA system.

Cyber Physical Systems (CPS) security testbeds serve as a platform for evaluating and validating novel CPS security tools and technologies, accelerating the transition of state-of-the-art research to industrial practice. The engineering of CPS security testbeds requires significant investments in money, time and modeling efforts to provide a scalable, high-fidelity, real-time attack-defense platform. Therefore, there is a strong need in academia and industry to create remotely accessible testbeds that support a range of use-cases pertaining to CPS security of the grid, including vulnerability assessments, impact analysis, product testing, attack-defense exercises, and operator training. This paper describes the implementation architecture, and capabilities of a remote access and experimental orchestration framework developed for the PowerCyber CPS security testbed at Iowa State University (ISU). The paper then describes several engineering challenges in the development of such remotely accessible testbeds for Smart Grid CPS security experimentation. Finally, the paper provides a brief case study with some screenshots showing a particular use case scenario on the remote access framework.

This paper formulates a power system related optimal control problem, motivated by potential cyber-attacks on grid control systems, and ensuing defensive response to such attacks. The problem is formulated as a standard nonlinear program in the GAMS optimization environment, with system dynamics discretized over a short time horizon providing constraint equations, which are then treated via waveform relaxation. Selection of objective function and additional decision variables is explored first for identifying grid vulnerability to cyber-attacks that act by modifying feedback control system parameters. The resulting decisions for the attacker are then fixed, and the optimization problem is modified with a new objective function and decision variables, to explore a defender's possible response to such attacks.

Honeypot is a common method of attack capture, can maximize the reduction of cyber-attacks. However, its limited application layer simulation makes it impossible to use effectively in power system. Through research on sandboxing technology, this article implements the simulated power manager applications by packaging real power manager applications, in order to expand the honeypot applied range.

The power system forms the backbone of a modern society, and its security is of paramount importance to nation's economy. However, the power system is vulnerable to intelligent attacks by attackers who have enough knowledge of how the power system is operated, monitored and controlled. This paper proposes a game theoretic approach to explore and evaluate strategies for the defender to protect the power systems against such intelligent attacks. First, a risk assessment is presented to quantify the physical impacts inflicted by attacks. Based upon the results of the risk assessment, this paper represents the interactions between the attacker and the defender by extending the current zero-sum game model to more generalized game models for diverse assumptions concerning the attacker's motivation. The attacker and defender's equilibrium strategies are attained by solving these game models. In addition, a numerical illustration is demonstrated to warrant the theoretical outcomes.

Risk-control optimization has great significance for security of power system. Usually the probabilistic uncertainties of parameters are considered in the research of risk optimization of power system. However, the method of probabilistic uncertainty description will be insufficient in the case of lack of sample data. Thus non-probabilistic uncertainties of parameters should be considered, and will impose a significant influence on the results of optimization. To solve this problem, a robust optimization operation method of power system risk-control is presented in this paper, considering the non-probabilistic uncertainty of parameters based on information gap decision theory (IGDT). In the method, loads are modeled as the non-probabilistic uncertainty parameters, and the model of robust optimization operation of risk-control is presented. By solving the model, the maximum fluctuation of the pre-specified target can be obtained, and the strategy of this situation can be obtained at the same time. The proposed model is applied to the IEEE-30 system of risk-control by simulation. The results can provide the valuable information for operating department to risk management.

We study the problem of aggregator’s mechanism design for controlling the amount of active, or reactive, power provided, or consumed, by a group of distributed energy resources (DERs). The aggregator interacts with the wholesale electricity market and through some market-clearing mechanism is incentivized to provide (or consume) a certain amount of active (or reactive) power over some period of time, for which it will be compensated. The objective is for the aggregator to design a pricing strategy for incentivizing DERs to modify their active (or reactive) power consumptions (or productions) so that they collectively provide the amount that the aggregator has agreed to provide. The aggregator and DERs’ strategic decision-making process can be cast as a Stackelberg game, in which aggregator acts as the leader and the DERs are the followers. In previous work [Gharesifard et al., 2013b,a], we have introduced a framework in which each DER uses the pricing information provided by the aggregator and some estimate of the average energy that neighboring DERs can provide to compute a Nash equilibrium solution in a distributed manner. Here, we focus on the interplay between the aggregator’s decision-making process and the DERs’ decision-making process. In particular, we propose a simple feedback-based privacy-preserving pricing control strategy that allows the aggregator to coordinate the DERs so that they collectively provide the amount of active (or reactive) power agreed upon, provided that there is enough capacity available among the DERs. We provide a formal analysis of the stability of the resulting closed-loop system. We also discuss the shortcomings of the proposed pricing strategy, and propose some avenues of future work. We illustrate the proposed strategy via numerical simulations.

We present an analysis of a heuristic for abrupt change detection of systems with bounded state variations. The proposed analysis is based on the Singular Value Decomposition (SVD) of a history matrix built from system observations. We show that monitoring the largest singular value of the history matrix can be used as a heuristic for detecting abrupt changes in the system outputs. We provide sufficient detectability conditions for the proposed heuristic. As an application, we consider detecting malicious cyber data attacks on power systems and test our proposed heuristic on the IEEE 39-bus testbed.
 

Wide-area monitoring and control (WAMC) systems are the next-generation operational-management systems for electric power systems. The main purpose of such systems is to provide high resolution real-time situational awareness in order to improve the operation of the power system by detecting and responding to fast evolving phenomenon in power systems. From an information and communication technology (ICT) perspective, the nonfunctional qualities of these systems are increasingly becoming important and there is a need to evaluate and analyze the factors that impact these nonfunctional qualities. Enterprise architecture methods, which capture properties of ICT systems in architecture models and use these models as a basis for analysis and decision making, are a promising approach to meet these challenges. This paper presents a quantitative architecture analysis method for the study of WAMC ICT architectures focusing primarily on the interoperability and cybersecurity aspects.
 

The University of Illinois at Urbana Champaign (Illinois), Pacific Northwest National Labs (PNNL), and the University of Southern California Information Sciences Institute (USC-ISI) consortium is working toward providing tools and expertise to enable collaborative research to improve security and resiliency of cyber physical systems. In this extended abstract we discuss the challenges and the solution space. We demonstrate the feasibility of some of the proposed components through a wide-area situational awareness experiment for the power grid across the three sites.
 

Being the most important critical infrastructure in Cyber-Physical Systems (CPSs), a smart grid exhibits the complicated nature of large scale, distributed, and dynamic environment. Taxonomy of attacks is an effective tool in systematically classifying attacks and it has been placed as a top research topic in CPS by a National Science Foundation (NSG) Workshop. Most existing taxonomy of attacks in CPS are inadequate in addressing the tight coupling of cyber-physical process or/and lack systematical construction. This paper attempts to introduce taxonomy of attacks of agent-based smart grids as an effective tool to provide a structured framework. The proposed idea of introducing the structure of space-time and information flow direction, security feature, and cyber-physical causality is innovative, and it can establish a taxonomy design mechanism that can systematically construct the taxonomy of cyber attacks, which could have a potential impact on the normal operation of the agent-based smart grids. Based on the cyber-physical relationship revealed in the taxonomy, a concrete physical process based cyber attack detection scheme has been proposed. A numerical illustrative example has been provided to validate the proposed physical process based cyber detection scheme.
 

In interconnected power systems, dynamic model reduction can be applied to generators outside the area of interest (i.e., study area) to reduce the computational cost associated with transient stability studies. This paper presents a method of deriving the reduced dynamic model of the external area based on dynamic response measurements. The method consists of three steps, namely dynamic-feature extraction, attribution, and reconstruction (DEAR). In this method, a feature extraction technique, such as singular value decomposition (SVD), is applied to the measured generator dynamics after a disturbance. Characteristic generators are then identified in the feature attribution step for matching the extracted dynamic features with the highest similarity, forming a suboptimal “basis” of system dynamics. In the reconstruction step, generator state variables such as rotor angles and voltage magnitudes are approximated with a linear combination of the characteristic generators, resulting in a quasi-nonlinear reduced model of the original system. The network model is unchanged in the DEAR method. Tests on several IEEE standard systems show that the proposed method yields better reduction ratio and response errors than the traditional coherency based reduction methods.
 

We consider the problem of designing (or augmenting) an electric power system at a minimum cost such that it satisfies the N-k-ε survivability criterion. This survivability criterion is a generalization of the well-known N-k criterion, and it requires that at least (1-εj) fraction of the steady-state demand be met after failures of j components, for j=0,1,...,k. The network design problem adds another level of complexity to the notoriously hard contingency analysis problem, since the contingency analysis is only one of the requirements for the design optimization problem. We present a mixed-integer programming formulation of this problem that takes into account both transmission and generation expansion. We propose an algorithm that can avoid combinatorial explosion in the number of contingencies, by seeking vulnerabilities in intermediary solutions and constraining the design space accordingly. Our approach is built on our ability to identify such system vulnerabilities quickly. Our empirical studies on modified instances of the IEEE 30-bus and IEEE 57-bus systems show the effectiveness of our methods. We were able to solve the transmission and generation expansion problems for k=4 in approximately 30 min, while other approaches failed to provide a solution at the end of 2 h.

Today's more reliable communication technology, together with the availability of higher computational power, have paved the way for introduction of more advanced automation systems based on distributed intelligence and multi-agent technology. However, abundance of data, while making these systems more powerful, can at the same time act as their biggest vulnerability. In a web of interconnected devices and components functioning within an automation framework, potential impact of malfunction in a single device, either through internal failure or external damage/intrusion, may lead to detrimental side-effects spread across the whole underlying system. The potentially large number of devices, along with their inherent interrelations and interdependencies, may hinder the ability of human operators to interpret events, identify their scope of impact and take remedial actions if necessary. Through utilization of the concepts of graph-theoretic fuzzy cognitive maps (FCM) and expert systems, this paper puts forth a solution that is able to reveal weak links and vulnerabilities of an automation system, should it become exposed to partial internal failure or external damage. A case study has been performed on the IEEE 34-bus test distribution system to show the efficiency of the proposed scheme.