Shampa Banik,Trapa Banik,S. M. Mostaq Hossain,Sohag Kumar Saha,S.M. Mostaq Hossain

DOI: https://doi.org/10.48550/arXiv.2306.00234

2023-05-31

Cryptography and Security

Abstract:The smart-grid introduces several new data-gathering, communication, and information-sharing capabilities into the electrical system, as well as additional privacy threats, vulnerabilities, and cyber-attacks. In this study, Modbus is regarded as one of the most prevalent interfaces for control systems in power plants. Modern control interfaces are vulnerable to cyber-attacks, posing a risk to the entire energy infrastructure. In order to strengthen resistance to cyber-attacks, this study introduces a test bed for cyber-physical systems that operate in real-time. To investigate the network vulnerabilities of smart power grids, Modbus protocol has been examined combining a real-time power system simulator with a communication system simulator and the effects of the system presented and analyzed. The goal is to detect the vulnerability in Modbus protocol and perform the Man-in-the-middle attack with its impact on the system. This proposed testbed can be evaluated as a research model for vulnerability assessment as well as a tool for evaluating cyber-attacks and enquire into any detection mechanism for safeguarding and defending smart grid systems from a variety of cyberattacks. We present here the preliminary findings on using the testbed to identify a particular MiTM attack and the effects on system performance. Finally, we suggest a cyber security strategy as a solution to address such network vulnerabilities and deploy appropriate countermeasures.

Yanmiao Zhang,Xiaoyu Ji,Yushi Cheng,Wenyuan Xu

DOI: https://doi.org/10.23919/ChiCC.2019.8866144

2019-01-01

Abstract:As a modern power transmission network, smart grid connects abundant terminal devices and plays an important role in our daily life. However, along with its growth are the security threats. Different from the separated environment previously, an adversary nowadays can destroy the power system by attacking its terminal devices. As a result, it's critical to ensure the security and safety of terminal devices. To achieve it, detecting the pre-existing vulnerabilities in the terminal program and enhancing its security, are of great importance and necessity. In this paper. we introduce Cker, a novel vulnerability detection tool for smart grid devices, which generates an program model based on device sources and sets rules to perform model checking. We utilize the static analysis to extract necessary information and build corresponding program models. By further checking the model with pre-defined vulnerability patterns, we achieve security detection and error reporting. The evaluation results demonstrate that our method can effectively detect vulnerabilities in smart devices with an acceptable accuracy and false positive rate. In addition, as Cker is realized by pure python. it can be easily scaled to other platforms.

Yinan Wang,Gangfeng Yan,Ronghao Zheng

DOI: https://doi.org/10.3390/app8050768

2018-01-01

Applied Sciences

Abstract:The integration of modern computing and advanced communication with power grids has led to the emergence of electrical cyber-physical systems (ECPSs). However, the massive application of communication technologies makes the power grids become more vulnerable to cyber attacks. In this paper, we study the vulnerability of ECPSs and develop defence strategies against cyber attacks. Detection and protection algorithms are proposed to deal with the emergency of cascading failures. Moreover, we propose a weight adjustment strategy to solve the unbalanced power flows problem which is caused by splitting incidents. A MATLAB-based platform with advantages of easy programming, fast calculation, and no damage to systems is built for the offline simulation and analysis of the vulnerability of ECPSs. We also propose a five-aspect method of vulnerability assessment which includes the robustness, economic costs, degree of damage, vulnerable equipment, and trip point. The study is of significance to decision makers as they can get specific advice and defence strategies about a special power system.

Peng Huang,Yinan Wang,Gangfeng Yan

DOI: https://doi.org/10.1109/iecon.2017.8216086

2017-01-01

Abstract:This paper considers a framework of electrical cyber-physical systems (ECPSs) in which each bus and branch in a power grid is equipped with a controller and a sensor. By means of measuring the damages of cyber attacks in terms of cutting off transmission lines, three solution approaches are proposed to assess and deal with the damages caused by faults or cyber attacks. Splitting incident is treated as a special situation in cascading failure propagation. A new simulation platform is built for simulating the protection procedure of ECPSs under faults. The vulnerability of ECPSs under faults is analyzed by experimental results based on IEEE 39-bus system.

Ömer Sen,Dennis van der Velde,Philipp Linnartz,Immanuel Hacker,Martin Henze,Michael Andres,Andreas Ulbig

DOI: https://doi.org/10.48550/arXiv.2110.09162

2021-10-18

Abstract:With the increasing use of information and communication technology in electrical power grids, the security of energy supply is increasingly threatened by cyber-attacks. Traditional cyber-security measures, such as firewalls or intrusion detection/prevention systems, can be used as mitigation and prevention measures, but their effective use requires a deep understanding of the potential threat landscape and complex attack processes in energy information systems. Given the complexity and lack of detailed knowledge of coordinated, timed attacks in smart grid applications, we need information and insight into realistic attack scenarios in an appropriate and practical setting. In this paper, we present a man-in-the-middle-based attack scenario that intercepts process communication between control systems and field devices, employs false data injection techniques, and performs data corruption such as sending false commands to field devices. We demonstrate the applicability of the presented attack scenario in a physical smart grid laboratory environment and analyze the generated data under normal and attack conditions to extract domain-specific knowledge for detection mechanisms.

Cryptography and Security,Networking and Internet Architecture,Systems and Control

Mengxiang Liu,Zexuan Jin,Jinhui Xia,Mingyang Sun,Ruilong Deng,Peng Cheng

DOI: https://doi.org/10.1109/infocomwkshps51825.2021.9484453

2021-01-01

Abstract:In DC microgrids (DCmGs), distributed control is becoming a promising framework due to prominent scalability and efficiency. To transmit essential data and information for system control, various communication network topologies and protocols have been employed in modern DCmGs. However, such communication also exposes the DCmG to unexpected cyber attacks. In this demo, a scalable cyber security testbed is established for conducting hardware-in-the-loop (HIL) exper-iments and comprehensively investigating the security impact on DCmGs. Specifically, the testbed employs a Typhoon HIL 602+ emulator, which is professional in power electronics system emulation, to demonstrate four (12 at most) distributed energy resources (DERs). The communication network is implemented through the self-loop RS-232 interface. Based on the testbed, we systematically investigate the impact of two kinds of typical cyber attacks (i.e., false data injection and replay attacks). Experimental results show that both attacks will deteriorate the point-of-common coupling (PCC) voltages of the DERs and jeopardize the stability of the whole DCmG.

Xiao Chun Yin,Zeng Guang Liu,Lewis Nkenyereye,Bruce Ndibanje

DOI: https://doi.org/10.3390/s19224952

2019-11-14

Abstract:We present an innovative approach for a Cybersecurity Solution based on the Intrusion Detection System to detect malicious activity targeting the Distributed Network Protocol (DNP3) layers in the Supervisory Control and Data Acquisition (SCADA) systems. As Information and Communication Technology is connected to the grid, it is subjected to both physical and cyber-attacks because of the interaction between industrial control systems and the outside Internet environment using IoT technology. Often, cyber-attacks lead to multiple risks that affect infrastructure and business continuity; furthermore, in some cases, human beings are also affected. Because of the traditional peculiarities of process systems, such as insecure real-time protocols, end-to-end general-purpose ICT security mechanisms are not able to fully secure communication in SCADA systems. In this paper, we present a novel method based on the DNP3 vulnerability assessment and attack model in different layers, with feature selection using Machine Learning from parsed DNP3 protocol with additional data including malware samples. Moreover, we developed a cyber-attack algorithm that included a classification and visualization process. Finally, the results of the experimental implementation show that our proposed Cybersecurity Solution based on IDS was able to detect attacks in real time in an IoT-based Smart Grid communication environment.

Denys Mishchenko,Irina Oleinikova,László Erdődi,Basanta Raj Pokhrel

DOI: https://doi.org/10.1109/access.2024.3375401

IF: 3.9

2024-03-19

IEEE Access

Abstract:The rapid digitalization of power systems involves enhanced interconnectivity, intelligence, and cost-efficiency across all components. In the era of Industry 5.0, the criticality of energy supply makes power systems prime targets for attacks, highlighting the need for the creation and evaluation of solutions against cyber-physical threats. Testbeds have emerged as essential tools for these purposes by representing real-world power systems in controlled environments and simulating cyber-physical attack-defense experiments. This paper introduces a Cyber-Physical Security (CPS) testbed rooted in the Smart Grid Architecture Model (SGAM) and developed adversary setup within the National Smart Grid Laboratory at the Norwegian University of Science and Technology. By adhering to the SGAM framework, this study delves into the classification and assessment of threats within the structure of the CPS testbed, examining vulnerabilities at distinct structural levels. Significantly, the strategic placement of the adversary setup within these levels enables a comprehensive evaluation of cyber-physical vulnerabilities in simulated systems, thereby facilitating the assessment of protective measures. Furthermore, this research presents case studies using three data sources as an aggregated dynamic power system model simulated in the real-time digital simulator OPAL-RT, real power grid, and playback of previously recorded data frames using virtual phasor measurement units functionality. The focus of this work is on the analysis of the five most common cyberattacks on power systems, such as passive and active reconnaissance, interruption in communication, TCP packet injection, and men-in-the-middle attacks utilizing the C37.118.2-2011 protocol. The results of the case studies illustrate the framework for the adversary setup and provide proof-of-concept attack scenarios for evaluation purposes. As part of future work, we intend to expand upon this research with a defender setup and implement more sophisticated, stealthy attacks.

computer science, information systems,telecommunications,engineering, electrical & electronic

Ruilong Deng,Peng Zhuang,Hao Liang

DOI: https://doi.org/10.1109/TSG.2017.2702125

IF: 10.275

2017-01-01

IEEE Transactions on Smart Grid

Abstract:Smart grid, as one of the most critical infrastructures, is vulnerable to a wide variety of cyber and/or physical attacks. Recently, a new category of threats to smart grid, named coordinated cyber-physical attacks (CCPAs), are emerging. A key feature of CCPAs is to leverage cyber attacks to mask physical attacks which can cause power outages and potentially trigger cascading failures. In this pap...

Taimin Zhang,Yinan Wang,Xiao Liang,Zhou Zhuang,Wenyuan Xu

DOI: https://doi.org/10.1109/ccdc.2017.7978413

2017-01-01

Abstract:With the integration of computing, communication, and physical processes, the modern power grid is becoming a large and complex cyber physical power system (CPPS). This trend is intended to modernize and improve the efficiency of the power grid, yet it makes the CPPS vulnerable to potential cascading failures caused by cyber-attacks, e.g., the attacks that are originated by the cyber network of CPPS. To prevent these risks, it is essential to analyze how cyber-attacks can be conducted against the CPPS and how they can affect the power systems. In light of that General Packet Radio Service (GPRS) has been widely used in CPPS, this paper provides a case study by examining possible cyber-attacks against the cyber-physical power systems with GPRS-based SCADA system. We analyze the vulnerabilities of GPRS-based SCADA systems and focus on DoS attacks and message spoofing attacks. Furthermore, we show the consequence of these attacks against power systems by a simulation using the IEEE 9-node system, and the results show the validity of cascading failures propagated through the systems under our proposed attacks.

Yichi Zhang,Lingfeng Wang,Weiqing Sun,Robert C. Green,Mansoor Alam

DOI: https://doi.org/10.1109/tsg.2011.2159818

IF: 10.275

2011-01-01

IEEE Transactions on Smart Grid

Abstract:The advent of the smart grid promises to usher in an era that will bring intelligence, efficiency, and optimality to the power grid. Most of these changes will occur as an Internet-like communications network is superimposed on top of the current power grid using wireless mesh network technologies with the 802.15.4, 802.11, and WiMAX standards. Each of these will expose the power grid to cybersecurity threats. In order to address this issue, this work proposes a distributed intrusion detection system for smart grids (SGDIDS) by developing and deploying an intelligent module, the analyzing module (AM), in multiple layers of the smart grid. Multiple AMs will be embedded at each level of the smart grid-the home area networks (HANs), neighborhood area networks (NANs), and wide area networks (WANs)-where they will use the support vector machine (SVM) and artificial immune system (AIS) to detect and classify malicious data and possible cyberattacks. AMs at each level are trained using data that is relevant to their level and will also be able to communicate in order to improve detection. Simulation results demonstrate that this is a promising methodology for supporting the optimal communication routing and improving system security through the identification of malicious network traffic.

Yi Huang,Mohammad Esmalifalak,Huy Nguyen,Rong Zheng,Zhu Han,Husheng Li,Lingyang Song

DOI: https://doi.org/10.1109/mcom.2013.6400435

IF: 9.03

2013-01-01

IEEE Communications Magazine

Abstract:In modern smart grid networks, the traditional power grid is empowered by technological advances in sensing, measurement, and control devices with two-way communications between the suppliers and consumers. The smart grid integration helps the power grid networks to be smarter, but it also increases the risk of attacks because of the existing obsolete cyber-infrastructure. In this article, we focus on bad data injection attacks for smart grid. The basic problem formulation is presented, and the special type of stealth attack is discussed. Then we investigate the strategies of defenders and attackers, respectively. Specifically, from the defender's perspective, an adaptive cumulative sum test is able to determine the possible existence of adversaries at the control center as quickly as possible. From the attacker's point of view, independent component analysis is employed for the attackers to make inferences through phasor observations without prior knowledge of the power grid topology. The inferred structural information can then be used to launch stealth attacks.

Jichao Bi,Fengji Luo,Gaoqi Liang,Xiaofan Yang,Shibo He,Zhao Yang Dong

DOI: https://doi.org/10.1109/TNSE.2022.3197682

IF: 6.6

2023-01-01

IEEE Transactions on Network Science and Engineering

Abstract:Cyber-physical security has been becoming an important issue for many critical infrastructures in human society, including electrical power grids. This paper proposes an impact assessment framework for smart grids suffering false data injection attack against smart meters. Firstly, the propagation model of malicious false data codes in smart meter communication networks is established. Based on this, a security-constrained economic dispatch model is formulated to assess how false data codes would mislead the grid operator's actions. A defense strategy is proposed, which enhances the grid's vulnerability through effectively deploying defense resources in smart meter networks. Extensive numerical simulations are conducted to evaluate the impact of different attack scenarios as well as the effectiveness of the defense strategy.

Kang-Di Lu,Zheng-Guang Wu

DOI: https://doi.org/10.1109/tii.2021.3129487

IF: 12.3

2022-01-01

IEEE Transactions on Industrial Informatics

Abstract:As the next-generation power grids, smart grids are integrated with advanced information and communication technology (ICT) to make the grid more efficient and stable than conventional power systems. Given the mounting cyber-attack threats, these critical ICT systems create great security issues for smart grids. Additionally, the clever attackers have the ability to not only access and monitor the smart grid, but also hack it by launching well-established cyber-attacks. Thus, this article is devoted to understanding the potential stealthy cyber-attack and its countermeasure. First, this article proposes a stealthy sparse cyber-attack model in an ac smart grid by considering both the residual test-based detector and the interval-state-estimation-based detector, which is not considered in previous studies. The design model is formulated as a constrained optimization problem by minimizing the number of contaminated meters, where the characteristics of two types of detector are considered simultaneously as the constraints for the first time. A constrained differential evolution (CDE) is proposed as the solver because the optimization problem is NP-hard. Then, a generalized-cumulative-sum-based detector is developed to detect the proposed cyber-attacks, where a fractional-order state transition matrix is originally introduced into the estimator to describe the dynamics of the power system. Numerical studies illustrate the feasibility of CDE-based stealthy sparse cyber-attacks and the effectiveness of the proposed countermeasure.

Kecheng Li,Genyuan Yang,Shanling Dong,Meiqin Liu

DOI: https://doi.org/10.23919/ccc63176.2024.10661728

2024-01-01

Abstract:The increasing integration of smart grid technologies in multiregional power systems improves efficiency but also exposes them to cyber security threats, especially false data injection attacks. In this paper, we address this challenge by proposing a distributed detection framework tailored for multi-regional power systems. Traditional centralized approaches are insufficient to cope with the dynamic and decentralized nature of these systems. The framework aims to simultaneously monitor and analyze multiple regions in real-time, enhancing the system’s ability to withstand false data injection attacks. This study outlines the proposed framework and provides simulation results for validation, emphasizing the need for proactive defense mechanisms in safeguarding the data integrity of power systems.

Zhenyong Zhang,Ruilong Deng,David K. Y. Yau,Peng Cheng

DOI: https://doi.org/10.1109/jiot.2021.3049818

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:Data integrity attack (DIA) is one class of threatening cyber attacks against the Internet-of-Things (IoT)-based smart grid. With the assumption that the attacker is capable of obtaining complete or incomplete information of the system topology and branch parameters, it has been widely recognized that the highly synthesized DIA can evade being detected and undermine the smart grid state estimation. However, the branch parameters cannot be easily obtained or inferred by the attacker in practice. They can be changed or disturbed with time. In this article, we complete the class of DIA by designing the zero-parameter-information DIA (ZDIA), which makes it possible for the attacker to execute stealthy data tampering attacks without any information of the branch parameters. Only the topology information about the cut line is required to construct such attack. We prove that, the attacker can arbitrarily modify the state estimate of a one-degree bus , which is connected to the outside only by a single cut line; and modify the state estimates of all buses, with the same arbitrary bias, in a one-degree super-bus , which is a group of buses that is connected to the outside only by a single cut line. Besides, we extend ZDIA to the cases where a bus and super-bus are connected to the outside only by several cut lines. Moreover, we propose two countermeasures to address the topology vulnerability exploited by ZDIA, and present a branch perturbation strategy to defend against general DIAs. Finally, we conduct extensive simulations with the IEEE standard power systems to validate the theoretical results.

Mansi Girdhar,Junho Hong,Wencong Su,Akila Herath,Chen-Ching Liu

2024-03-08

Abstract:In recent years, critical infrastructure and power grids have experienced a series of cyber-attacks, leading to temporary, widespread blackouts of considerable magnitude. Since most substations are unmanned and have limited physical security protection, cyber breaches into power grid substations present a risk. Nowadays, software-defined network (SDN), a popular virtual network technology based on the OpenFlow protocol is being widely used in the substation automation system. However, the susceptibility of SDN architecture to cyber-attacks has exhibited a notable increase in recent years, as indicated by research findings. This suggests a growing concern regarding the potential for cybersecurity breaches within the SDN framework. In this paper, we propose a hybrid intrusion detection system (IDS)-integrated SDN architecture for detecting and preventing the injection of malicious IEC 61850-based generic object-oriented substation event (GOOSE) messages in a digital substation. Additionally, this program locates the fault's location and, as a form of mitigation, disables a certain port. Furthermore, implementation examples are demonstrated and verified using a hardware-in-the-loop (HIL) testbed that mimics the functioning of a digital substation.

Cryptography and Security,Computers and Society

Junho Hong,Ying Chen,Chen-Ching Liu,Manimaran Govindarasu

DOI: https://doi.org/10.1007/978-3-662-45928-7_10

2015-01-01

Abstract:The physical system of the power grids relies on the cyber system for monitoring, control, and operation. As a result, the reliable operation of power grids is highly dependent on the associated cyber infrastructures. The integrated cyber and physical system of power grids creates a large and complex infrastructure. Due to the high penetration of Information and Communications Technology (ICT), Supervisory Control And Data Acquisition (SCADA) systems are highly interconnected with one another, resulting in higher vulnerability with respect to cyber intrusions. Recent reports indicate that cyber-attacks are increasingly likely for the critical infrastructures, e.g., control centers, nuclear power plants, and substations. These attacks may cause significant damages on the power grid. Cyber security research for the power grid is a high priority subject for the emerging smart grid environment.Substations in the power grid are critical as they are installed with power system components such as transformers, busbars, circuit breakers, and Intelligent Electronic Devices (IEDs). Measurements from substations are used as input to Energy Management System (EMS) software applications, including state estimation and optimal power flow. These cyber and physical devices can be physically or electrically connected. For example, a protection and control unit of a transformer is connected to the user-interface via the substation local area network.Remote access to substation networks is a common way for maintenance of substation facilities. However, there are many potential cyber security issues including remote access connection. Simultaneous cyber intrusions to important substations may trigger multiple, cascaded sequences of events, leading to a blackout. As a result, it is crucial to enhance the cyber security of substations and analyze cyber and physical security as one integrated structure in order to enhance the resilience of power grids. The mitigation strategy is vital to cyber-physical security of substations in order to stop the attack, disconnect the intruder, and restore the power system to a normal state. Mitigation methods can be taken on the cyber (ICT) side and physical (power system) side. The key to cyber mitigation is to find anomaly activities or malicious behaviors, and disconnect or stop the intrusion.A cyber-physical testbed is critical for the study of cyber-physical security of power systems. For reason of security by power companies, real measurements (e.g., voltages, currents and binary status) and ICT data (e.g., communication protocols, system logs, and security logs) are not available. A testbed is a good alternative to acquire realistic cyber (i.e., ICT data) and physical (i.e., power system measurements) system data for research and demonstration purposes. The cyber-physical testbed provides a realistic environment to study the interactions between a complex power system and the ICT system. It is important to study the cause-effect relationships of cyber intrusions, vulnerability and resilience of power systems, as well as the performance and reliability of applications in a realistic environment provided by a testbed.

Zhigang Chu,Andrea Pinceti,Ramin Kaviani,Roozbeh Khodadadeh,Xingpeng Li,Jiazi Zhang,Karthik Saikumar,Mostafa Sahraei-Ardakani,Christopher Mosier,Robin Podmore,Kory Hedman,Oliver Kosut,Lalitha Sankar

DOI: https://doi.org/10.48550/arXiv.2104.13908

2021-04-29

Abstract:In this paper, we investigate the feasibility and physical consequences of cyber attacks against energy management systems (EMS). Within this framework, we have designed a complete simulation platform to emulate realistic EMS operations: it includes state estimation (SE), real-time contingency analysis (RTCA), and security constrained economic dispatch (SCED). This software platform allowed us to achieve two main objectives: 1) to study the cyber vulnerabilities of an EMS and understand their consequences on the system, and 2) to formulate and implement countermeasures against cyber-attacks exploiting these vulnerabilities. Our results show that the false data injection attacks against state estimation described in the literature do not easily cause base-case overflows because of the conservatism introduced by RTCA. For a successful attack, a more sophisticated model that includes all of the EMS blocks is needed; even in this scenario, only post-contingency violations can be achieved. Nonetheless, we propose several countermeasures that can detect changes due to cyber-attacks and limit their impact on the system.

Systems and Control

Yongge Wang

DOI: https://doi.org/10.48550/arXiv.1207.5434

2012-07-23

Information Theory

Abstract:Distributed control systems (DCS) and supervisory control and data acquisition (SCADA) systems were developed to reduce labour costs, and to allow system-wide monitoring and remote control from a central location. Control systems are widely used in critical infrastructures such as electric grid, natural gas, water and wastewater industries. While control systems can be vulnerable to a variety of types of cyber attacks that could have devastating consequences, little research has been done to secure the control systems. American Gas Association (AGA), IEC TC57 WG15, IEEE, NIST and National SCADA Test Bed Program have been actively designing cryptographic standard to protect SCADA systems. American Gas Association (AGA) had originally been designing cryptographic standard to protect SCADA communication links and finished the report AGA 12 part 1. The AGA 12 part 2 has been transferred to IEEE P1711. This paper presents an attack on the protocols in the first draft of AGA standard (Wright et al., 2004). This attack shows that the security mechanisms in the first version of the AGA standard protocol could be easily defeated. We then propose a suite of security protocols optimised for SCADA/DCS systems which include: point-to-point secure channels, authenticated broadcast channels, authenticated emergency channels, and revised authenticated emergency channels. These protocols are designed to address the specific challenges that SCADA systems have.