Saleh Soltan,Gil Zussman

DOI: https://doi.org/10.48550/arXiv.1709.07399

2017-09-22

Abstract:Recent attacks on power grids demonstrated the vulnerability of the grids to cyber and physical attacks. To analyze this vulnerability, we study cyber-physical attacks that affect both the power grid physical infrastructure and its underlying Supervisory Control And Data Acquisition (SCADA) system. We assume that an adversary attacks an area by: (i) disconnecting some lines within that area, and (ii) obstructing the information (e.g., status of the lines and voltage measurements) from within the area to reach the control center. We leverage the algebraic properties of the AC power flows to introduce the efficient EXPOSE Algorithm for detecting line failures and recovering voltages inside that attacked area after such an attack. The EXPOSE Algorithm outperforms the state-of-the-art algorithm for detecting line failures using partial information under the AC power flow model in terms of scalability and accuracy. The main advantages of the EXPOSE Algorithm are that its running time is independent of the size of the grid and number of line failures, and that it provides accurate information recovery under some conditions on the attacked area. Moreover, it approximately recovers the information and provides the confidence of the solution when these conditions do not hold.

Systems and Control

Haicheng Tu,Hui-Liang Shen,Yongxiang Xia

DOI: https://doi.org/10.1109/iscas45731.2020.9180816

2020-01-01

Abstract:Under the variety of information and communication technologies, the control center can securely and reliably operate power grid during the system disturbances and natural events. Specifically, when the initial failures are detected by cyber monitoring, the system will timely take emergency protecting operations to restrain the spreading of failures. Although cyber network makes the system more robust, they also increase the risk from the cyber network. In this paper, we firstly consider a control strategy into the cascading failures model. Then, we study how the cyber attack - False negatives attack confuses the control center, and makes the control center can not take emergency operation timely, causing the failure continue spreading. We propose an optimization problem to model the above assumptions and, by solving the optimization problem, study the impact of different attack scenarios on power system.

Yinan Wang,Wei Li,Gangfeng Yan,Sumian Song

DOI: https://doi.org/10.1109/icit.2017.7915433

2017-01-01

Abstract:This paper proposes an unified framework for electrical cyber physical systems (ECPSs) and studies the mechanism of cyber attacks and cyber security. Communication networks are designed by characteristics of power grids. This model is universal to both transmission and distribution grids. The fragility of ECPSs under cyber attacks (DoS attacks and false data injection attacks) is analyzed in three scenarios based on different types and attackers' acknowledgments of the ECPSs. It has been proved that attacks happen at information uploading routers or control strategy downloading routers will influence the system differently. The effectiveness of relay protection policies and cyber security policies are verified by experimental results.

Yinan Wang,Gangfeng Yan,Ronghao Zheng

DOI: https://doi.org/10.3390/app8050768

2018-01-01

Applied Sciences

Abstract:The integration of modern computing and advanced communication with power grids has led to the emergence of electrical cyber-physical systems (ECPSs). However, the massive application of communication technologies makes the power grids become more vulnerable to cyber attacks. In this paper, we study the vulnerability of ECPSs and develop defence strategies against cyber attacks. Detection and protection algorithms are proposed to deal with the emergency of cascading failures. Moreover, we propose a weight adjustment strategy to solve the unbalanced power flows problem which is caused by splitting incidents. A MATLAB-based platform with advantages of easy programming, fast calculation, and no damage to systems is built for the offline simulation and analysis of the vulnerability of ECPSs. We also propose a five-aspect method of vulnerability assessment which includes the robustness, economic costs, degree of damage, vulnerable equipment, and trip point. The study is of significance to decision makers as they can get specific advice and defence strategies about a special power system.

Yudi Huang,Ting He,Nilanjan Ray Chaudhuri,Thomas La Porta

DOI: https://doi.org/10.48550/arXiv.2009.02377

2021-02-05

Abstract:Effective defense against cyber-physical attacks in power grid requires the capability of accurate damage assessment within the attacked area. While some solutions have been proposed to recover the phase angles and the link status (i.e., breaker status) within the attacked area, existing solutions made the limiting assumption that the grid stays connected after the attack. To fill this gap, we study the problem of recovering the phase angles and the link status under a general cyber-physical attack that may partition the grid into islands. To this end, we (i) show that the existing solutions and recovery conditions still hold if the post-attack power injections in the attacked area are known, and (ii) propose a linear programming-based algorithm that can perfectly recover the link status under certain conditions even if the post-attack power injections are unknown. Our numerical evaluations based on the Polish power grid demonstrate that the proposed algorithm is highly accurate in localizing failed links once the phase angles are known.

Optimization and Control,Cryptography and Security,Networking and Internet Architecture

Chee-Wooi Ten,Koji Yamashita,Zhiyuan Yang,Athanasios V. Vasilakos,Andrew Ginter

DOI: https://doi.org/10.1109/tsg.2017.2656068

IF: 10.275

2018-09-01

IEEE Transactions on Smart Grid

Abstract:The first-ever Ukraine cyberattack on power grid has proven its devastation by hacking into their critical cyber assets. With administrative privileges accessing substation networks/local control centers, one intelligent way of coordinated cyberattacks is to execute a series of disruptive switching executions on multiple substations using compromised supervisory control and data acquisition systems. These actions can cause significant impacts to an interconnected power grid. Unlike the previous power blackouts, such high-impact initiating events can aggravate operating conditions, initiating instability that may lead to system-wide cascading failure. A systemic evaluation of “nightmare” scenarios is highly desirable for asset owners to manage and prioritize the maintenance and investment in protecting their cyberinfrastructure. This survey paper is a conceptual expansion of real-time monitoring, anomaly detection, impact analyses, and mitigation framework that emphasizes on the resulting impacts, both on steady-state and dynamic aspects of power system stability. Hypothetically, we associate the combinatorial analyses of steady state on substations/components outages and dynamics of the sequential switching orders as part of the permutation. The expanded framework includes: 1) critical/non-critical combination verification; 2) cascade confirmation; and 3) combination re-evaluation. This paper ends with a discussion of the open issues for metrics and future design pertaining the impact quantification of cyber-related contingencies.

engineering, electrical & electronic

Zhigang Chu,Andrea Pinceti,Ramin Kaviani,Roozbeh Khodadadeh,Xingpeng Li,Jiazi Zhang,Karthik Saikumar,Mostafa Sahraei-Ardakani,Christopher Mosier,Robin Podmore,Kory Hedman,Oliver Kosut,Lalitha Sankar

DOI: https://doi.org/10.48550/arXiv.2104.13908

2021-04-29

Abstract:In this paper, we investigate the feasibility and physical consequences of cyber attacks against energy management systems (EMS). Within this framework, we have designed a complete simulation platform to emulate realistic EMS operations: it includes state estimation (SE), real-time contingency analysis (RTCA), and security constrained economic dispatch (SCED). This software platform allowed us to achieve two main objectives: 1) to study the cyber vulnerabilities of an EMS and understand their consequences on the system, and 2) to formulate and implement countermeasures against cyber-attacks exploiting these vulnerabilities. Our results show that the false data injection attacks against state estimation described in the literature do not easily cause base-case overflows because of the conservatism introduced by RTCA. For a successful attack, a more sophisticated model that includes all of the EMS blocks is needed; even in this scenario, only post-contingency violations can be achieved. Nonetheless, we propose several countermeasures that can detect changes due to cyber-attacks and limit their impact on the system.

Systems and Control

Lennart Bader,Martin Serror,Olav Lamberts,Ömer Sen,Dennis van der Velde,Immanuel Hacker,Julian Filter,Elmar Padilla,Martin Henze

DOI: https://doi.org/10.1109/EuroSP57164.2023.00066

2023-05-16

Abstract:The increasing digitalization of power grids and especially the shift towards IP-based communication drastically increase the susceptibility to cyberattacks, potentially leading to blackouts and physical damage. Understanding the involved risks, the interplay of communication and physical assets, and the effects of cyberattacks are paramount for the uninterrupted operation of this critical infrastructure. However, as the impact of cyberattacks cannot be researched in real-world power grids, current efforts tend to focus on analyzing isolated aspects at small scales, often covering only either physical or communication assets. To fill this gap, we present WATTSON, a comprehensive research environment that facilitates reproducing, implementing, and analyzing cyberattacks against power grids and, in particular, their impact on both communication and physical processes. We validate WATTSON's accuracy against a physical testbed and show its scalability to realistic power grid sizes. We then perform authentic cyberattacks, such as Industroyer, within the environment and study their impact on the power grid's energy and communication side. Besides known vulnerabilities, our results reveal the ripple effects of susceptible communication on complex cyber-physical processes and thus lay the foundation for effective countermeasures.

Cryptography and Security,Systems and Control

Irina Lukicheva,David Pozo,Alexander Kulikov

DOI: https://doi.org/10.48550/arXiv.1806.10812

2018-07-16

Abstract:Electric power grids are evolving towards intellectualization such as Smart Grids or active-adaptive networks. Intelligent power network implies usage of sensors, smart meters, electronic devices and sophisticated communication network. This leads to a strong dependence on information and communication networking that are prone to threats of cyberattacks, which challenges power system reliability and efficiency. Thus, significant attention should be paid to the Smart Grids security. Recently, it has been proven that False Data Injection Attacks (FDIA) could corrupt results of State Estimation (SE) without noticing, therefore, leading to a possible mis-operation of the whole power system. In this paper, we introduce an algorithm for detecting cyberattacks based on non-linear filtering by using cyber-physical information from Kirchhoff laws. The proposed algorithm only needs data from adjacent nodes, therefore can be locally and distributed implemented. Also, it requires very low computational effort so that it can be run online, and it is suitable for implementation in existing or new ad-hoc low-cost devices. The proposed algorithm could be helpful to increase power system awareness against FDIA complementing the current SE implementations. The efficiency of the proposed algorithm has been proved by mathematical simulations and computer modeling in PSCAD software. Our results show that the proposed methodology can detect cyberattacks to the SE in 99.9% of the cases with very little false alarms on the identification of spoiled measurements (4.6%).

Cryptography and Security,Optimization and Control,Applications

Aniruddha Agrawal,Donnagratia Syndor,Dallang M. Momin,Shaik Affijulla

DOI: https://doi.org/10.1515/ijeeps-2021-0176

2021-09-10

International Journal of Emerging Electric Power Systems

Abstract:Abstract Smart electric grids are practising flexible, reliable and robust operations during delivery and consumption of power. However, these grids are highly vulnerable to a wide range of cyber attacks due to the deployment of an extensive communication network. In this paper, the nature of cyber attack on given power system based on proposed cyber attack models and theorems is analysed by utilizing steady state voltage stability (L index). Further, a cyber attack factor is introduced which may mislead the bus voltage stability virtually. The proposed cyber attack models and theorems are validated by executing cyber attacks on WSCC 9 bus and IEEE 14 bus test systems by using Siemens PSS/E and MATLAB softwares. Through the proposed theorems, the paper exposes and quantifies the threat of cyber attacks in the electric power grid. The simulation results reveal that the proposed cyber attack models may misrepresent the bus voltage stability, thereby misleading the energy management centre (EMC) operator into taking incorrect countermeasures. The above incorrect actions may force voltage instability which further leads to major interruptions in the electric power supply and possible cascading failure of the electric power grid. Moreover, the proposed theorems and rigorous simulations presented in the paper support the EMC operator in intelligently identifying a cyber attack, thereby enabling development of appropriate corrective actions during such cyber attacks on the smart electric grid. Thus, the concept of proposed methodology could best assist the power system operator to build detection algorithms for discrimination of cyber attacks from electrical faults towards strong electric grid resilience character.

Andrey Bernstein,Daniel Bienstock,David Hay,Meric Uzunoglu,Gil Zussman

DOI: https://doi.org/10.48550/arXiv.1206.1099

2012-06-06

Systems and Control

Abstract:We consider power line outages in the transmission system of the power grid, and specifically those caused by a natural disaster or a large scale physical attack. In the transmission system, an outage of a line may lead to overload on other lines, thereby eventually leading to their outage. While such cascading failures have been studied before, our focus is on cascading failures that follow an outage of several lines in the same geographical area. We provide an analytical model of such failures, investigate the model's properties, and show that it differs from other models used to analyze cascades in the power grid (e.g., epidemic/percolation-based models). We then show how to identify the most vulnerable locations in the grid and perform extensive numerical experiments with real grid data to investigate the various effects of geographically correlated outages and the resulting cascades. These results allow us to gain insights into the relationships between various parameters and performance metrics, such as the size of the original event, the final number of connected components, and the fraction of demand (load) satisfied after the cascade. In particular, we focus on the timing and nature of optimal control actions used to reduce the impact of a cascade, in real time. We also compare results obtained by our model to the results of a real cascade that occurred during a major blackout in the San Diego area on Sept. 2011. The analysis and results presented in this paper will have implications both on the design of new power grids and on identifying the locations for shielding, strengthening, and monitoring efforts in grid upgrades.

Liang Che,Xuan Liu,Tao Ding,Zuyi Li

DOI: https://doi.org/10.1109/tcsii.2018.2869941

2019-01-01

Abstract:Cascading failures in power grids are typically triggered by initiating contingencies (ICs). Traditional assumption is that those multiple-component ICs have low chances of occurring. However, considering the increasing cyber events in power grids, this brief reveals that smart attackers can target at critical ICs and implement well-designed cyber attacks to highly increase the ICs' occurrence probabilities by overloading key branches in the grid. This will greatly increase the grid vulnerability to cascading failures. In this brief, such issue is revealed and analyzed using a two-step approach, which consists of a high-probability IC screening and a deterministic cascading testing. The simulation results on the IEEE 118-bus systems verify the effectiveness of the proposed approach and highlight the increased risk imposed by cyber-attacks.

Kang-Di Lu,Zheng-Guang Wu

DOI: https://doi.org/10.1109/tii.2021.3129487

IF: 12.3

2022-01-01

IEEE Transactions on Industrial Informatics

Abstract:As the next-generation power grids, smart grids are integrated with advanced information and communication technology (ICT) to make the grid more efficient and stable than conventional power systems. Given the mounting cyber-attack threats, these critical ICT systems create great security issues for smart grids. Additionally, the clever attackers have the ability to not only access and monitor the smart grid, but also hack it by launching well-established cyber-attacks. Thus, this article is devoted to understanding the potential stealthy cyber-attack and its countermeasure. First, this article proposes a stealthy sparse cyber-attack model in an ac smart grid by considering both the residual test-based detector and the interval-state-estimation-based detector, which is not considered in previous studies. The design model is formulated as a constrained optimization problem by minimizing the number of contaminated meters, where the characteristics of two types of detector are considered simultaneously as the constraints for the first time. A constrained differential evolution (CDE) is proposed as the solver because the optimization problem is NP-hard. Then, a generalized-cumulative-sum-based detector is developed to detect the proposed cyber-attacks, where a fractional-order state transition matrix is originally introduced into the estimator to describe the dynamics of the power system. Numerical studies illustrate the feasibility of CDE-based stealthy sparse cyber-attacks and the effectiveness of the proposed countermeasure.

Ruilong Deng,Peng Zhuang,Hao Liang

DOI: https://doi.org/10.1109/TSG.2017.2702125

IF: 10.275

2017-01-01

IEEE Transactions on Smart Grid

Abstract:Smart grid, as one of the most critical infrastructures, is vulnerable to a wide variety of cyber and/or physical attacks. Recently, a new category of threats to smart grid, named coordinated cyber-physical attacks (CCPAs), are emerging. A key feature of CCPAs is to leverage cyber attacks to mask physical attacks which can cause power outages and potentially trigger cascading failures. In this pap...

Subham Sahoo,Tomislav Dragicevic,Yongheng Yang,Frede Blaabjerg

DOI: https://doi.org/10.1109/cyberpels49534.2020.9311543

2020-01-01

Abstract:This paper proposes an attack-resilient adaptive controller to ensure synchronization of multiple cooperative grid-forming converters (GfCs) under cyber attacks. As the existing cooperative control philosophies do not consider the impact of intrusion into the sensors, communication links with an open-end vulnerability in the control layer, this scenario may lead to asynchrony or even cause shutdown of multiple GfCs in a cascaded manner by unnecessarily triggering the protection schemes. Hence, these vulnerabilities in the control layer have firstly been assessed in this paper. Further, an adaptive resilient control update is designed to ensure synchronization despite the presence of these attacks. Finally, the efficacy of the proposed control strategy for multiple GfCs is evaluated under simulated conditions.

Xiaoyuan Luo,Qian Yao,Xinyu Wang,Xinping Guan

DOI: https://doi.org/10.1016/j.ijepes.2018.02.039

IF: 5.659

2018-01-01

International Journal of Electrical Power & Energy Systems

Abstract:In this paper, we investigate the cyber security problem for large scale smart grid systems under false data injection attack. An observer-based algorithm is proposed to detect and isolate the cyber attack by using realtime synchrophasor measurements. Combining the smart grid system with graph theory, the system is divided into several different coupled areas via sparsity of the connection topology. According to the partition, the system is decomposed equivalently into several areas. Then, the output of the smart grid system can be gotten through wide area measurement system based on PMUs, and the asymmetric weighted Laplacian can be obtained by running a nonlinear least-square estimation algorithm. By designing a modified observer, the residual is computed, and the adaptive residual threshold, used to detect and isolate the attack in the areas of the system, is also shown with considering the system model uncertainties. Then, an iterative algorithm detecting and isolating the cyber attack is proposed based on the calculated residual threshold. Finally, some simulations are provided to illustrate the effectiveness of the proposed algorithm.

Ming Jin,Javad Lavaei,Somayeh Sojoudi,Ross Baldick

DOI: https://doi.org/10.48550/arXiv.1908.10315

2019-08-05

Abstract:The operation of power grids is becoming increasingly data-centric. While the abundance of data could improve the efficiency of the system, it poses major reliability challenges. In particular, state estimation aims to learn the behavior of the network from data but an undetected attack on this problem could lead to a large-scale blackout. Nevertheless, understanding vulnerability of state estimation against cyber attacks has been hindered by the lack of tools studying the topological and data-analytic aspects of the network. Algorithmic robustness is of critical need to extract reliable information from abundant but untrusted grid data. We propose a robust state estimation framework that leverages network sparsity and data abundance. For a large-scale power grid, we quantify, analyze, and visualize the regions of the network prone to cyber attacks. We also propose an optimization-based graphical boundary defense mechanism to identify the border of the geographical area whose data has been manipulated. The proposed method does not allow a local attack to have a global effect on the data analysis of the entire network, which enhances the situational awareness of the grid especially in the face of adversity. The developed mathematical framework reveals key geometric and algebraic factors that can affect algorithmic robustness and is used to study the vulnerability of the U.S. power grid in this paper.

Signal Processing,Applications

Deepjyoti Deka,Ross Baldick,Sriram Vishwanath

DOI: https://doi.org/10.1109/PESGM.2015.7286568

2015-06-14

Abstract:A coordinated cyber-attack on grid meter readings and breaker statuses can lead to incorrect state estimation that can subsequently destabilize the grid. This paper studies cyber-attacks by an adversary that changes breaker statuses on transmission lines to affect the estimation of the grid topology. The adversary, however, is incapable of changing the value of any meter data and can only block recorded measurements on certain lines from being transmitted to the control center. The proposed framework, with limited resource requirements as compared to standard data attacks, thus extends the scope of cyber-attacks to grids secure from meter corruption. We discuss necessary and sufficient conditions for feasible attacks using a novel graph-coloring based analysis and show that an optimal attack requires breaker status change at only ONE transmission line. The potency of our attack regime is demonstrated through simulations on IEEE test cases.

Cryptography and Security,Optimization and Control

Zhiyi Li,Mohammad Shahidehpour,Ahmed Alabdulwahab,Abdullah Abusorrah

DOI: https://doi.org/10.1109/tsg.2016.2542925

IF: 10.275

2016-01-01

IEEE Transactions on Smart Grid

Abstract:This paper offers the pertinent studies on the locally coordinated cyber-physical attacks that would use the incomplete network information and could cause undetectable transmission line outages. First, power line reactances in the targeted local areas are estimated and the remaining power system is modeled equivalently. Next, a mathematical model in the mixed-integer linear programming form is presented for analyzing the attacks, which would cause undetectable line outages while maximizing the system risk resulting from the power flow redistribution. An efficient greedy search-based heuristic method is developed in order to offer satisfactory solutions for real-time applications. Last, the proposed model for the locally coordinated cyber-physical attacks and the corresponding solution strategies are verified by the case studies based on a six-bus system and the two-area IEEE RTS-96 system.

Hwei-Ming Chung,Wen-Tai Li,Chau Yuen,Wei-Ho Chung,Chao-Kai Wen

DOI: https://doi.org/10.1109/SmartGridComm.2017.8340712

2017-08-10

Abstract:A well-designed attack in the power system can cause an initial failure and then results in large-scale cascade failure. Several works have discussed power system attack through false data injection, line-maintaining attack, and line-removing attack. However, the existing methods need to continuously attack the system for a long time, and, unfortunately, the performance cannot be guaranteed if the system states vary. To overcome this issue, we consider a new type of attack strategy called combinational attack which masks a line-outage at one position but misleads the control center on line outage at another position. Therefore, the topology information in the control center is interfered by our attack. We also offer a procedure of selecting the vulnerable lines of its kind. The proposed method can effectively and continuously deceive the control center in identifying the actual position of line-outage. The system under attack will be exposed to increasing risks as the attack continuously. Simulation results validate the efficiency of the proposed attack strategy.

Systems and Control