Biblio

Recent cyber attacks on the power grid have been of increasing complexity and sophistication. In order to understand the impact of cyber-attacks on the power system resiliency, it is important to consider an holistic cyber-physical system specially with increasing industrial automation. In this study, device-level resilience properties of the various controllers and their impact on the microgrid resiliency is studied. In addition, a cyber-physical resiliency metric considering vulnerabilities, system model, and device-level properties is proposed. Resiliency is defined as the system ability to provide energy to critical loads even in extreme contingencies and depends on system ability to withstand, predict, and recover. A use case is presented inspired by the recent Ukraine cyber-attack. A use case has been presented to demonstrate application of the developed cyber-physical resiliency metric to enhance situational awareness of the operator, and enable better proactive or remedial control actions to improve resiliency.

Recent cyber attacks on the power grid have been of increasing complexity and sophistication. In order to understand the impact of cyber-attacks on the power system resiliency, it is important to consider an holistic cyber-physical system specially with increasing industrial automation. In this work, device level resilience properties of the various controllers and their impact on the microgrid resiliency is studied. In addition, a cyber-physical resiliency metric considering vulnerabilities, system model, and device level properties is proposed. A use case is presented inspired by the recent Ukraine cyber-attack. A use case has been presented to demonstrate application of the developed cyber-physical resiliency metric to enhance situational awareness of the operator, and enable better control actions to improve resiliency.

Machine-to-Machine (M2M) networks being connected to the internet at large, inherit all the cyber-vulnerabilities of the standard Information Technology (IT) systems. Since perfect cyber-security and robustness is an idealistic construct, it is worthwhile to design intrusion detection schemes to quickly detect and mitigate the harmful consequences of cyber-attacks. Volumetric anomaly detection have been popularized due to their low-complexity, but they cannot detect low-volume sophisticated attacks and also suffer from high false-alarm rate. To overcome these limitations, feature-based detection schemes have been studied for IT networks. However these schemes cannot be easily adapted to M2M systems due to the fundamental architectural and functional differences between the M2M and IT systems. In this paper, we propose novel feature-based detection schemes for a general M2M uplink to detect Distributed Denial-of-Service (DDoS) attacks, emergency scenarios and terminal device failures. The detection for DDoS attack and emergency scenarios involves building up a database of legitimate M2M connections during a training phase and then flagging the new M2M connections as anomalies during the evaluation phase. To distinguish between DDoS attack and emergency scenarios that yield similar signatures for anomaly detection schemes, we propose a modified Canberra distance metric. It basically measures the similarity or differences in the characteristics of inter-arrival time epochs for any two anomalous streams. We detect device failures by inspecting for the decrease in active M2M connections over a reasonably large time interval. Lastly using Monte-Carlo simulations, we show that the proposed anomaly detection schemes have high detection performance and low-false alarm rate.