Yinan Wang,Gangfeng Yan,Ronghao Zheng

DOI: https://doi.org/10.3390/app8050768

2018-01-01

Applied Sciences

Abstract:The integration of modern computing and advanced communication with power grids has led to the emergence of electrical cyber-physical systems (ECPSs). However, the massive application of communication technologies makes the power grids become more vulnerable to cyber attacks. In this paper, we study the vulnerability of ECPSs and develop defence strategies against cyber attacks. Detection and protection algorithms are proposed to deal with the emergency of cascading failures. Moreover, we propose a weight adjustment strategy to solve the unbalanced power flows problem which is caused by splitting incidents. A MATLAB-based platform with advantages of easy programming, fast calculation, and no damage to systems is built for the offline simulation and analysis of the vulnerability of ECPSs. We also propose a five-aspect method of vulnerability assessment which includes the robustness, economic costs, degree of damage, vulnerable equipment, and trip point. The study is of significance to decision makers as they can get specific advice and defence strategies about a special power system.

Kaixing Huang,Chunjie Zhou,Yu-Chu Tian,Shuanghua Yang,Yuanqing Qin

DOI: https://doi.org/10.1109/tie.2018.2798605

IF: 7.7

2018-10-01

IEEE Transactions on Industrial Electronics

Abstract:Industrial cyber-physical systems (ICPSs) are widely applied in critical infrastructures such as chemical plants, water distribution networks, and power grids. However, they face various cyberattacks, which may cause physical damage to these industrial facilities. Therefore, ensuring the security of ICPSs is of paramount importance. For this purpose, a new risk assessment method is presented in this paper to quantify the impact of cyberattacks on the physical system of ICPSs. This method helps carry out appropriate attack mitigation measures. The method uses a Bayesian network to model the attack propagation process and infers the probabilities of sensors and actuators to be compromised. These probabilities are fed into a stochastic hybrid system (SHS) model to predict the evolution of the physical process being controlled. Then, the security risk is quantified by evaluating the system availability with the SHS model. The effectiveness of the proposed method is demonstrated with a case study on a hardware-in-the-loop simulation test bed.

automation & control systems,engineering, electrical & electronic,instruments & instrumentation

Ruiwen He,Xiaoyu Ji,Wenyuan Xu

DOI: https://doi.org/10.1109/ei250167.2020.9346835

2020-01-01

Abstract:With the development of information technology and Power Internet of Things, the increasing number of networked terminals presents new network security threats. Industrial control equipment and systems have vulnerabilities in hardware, software and firmware, and advanced persistent threat against ICS has become more complex and diverse. However, most of the research are aimed at the detection of single vulnerability, and lack attack mechanism analysis and threat assessment for attack chain. We proposed a threat assessment method based on vulnerability descriptive text and described the attributes of attack samples according to the classification results in attack targets, methods and consequences. We constructed attack graphs based on attack sample attributes and cyber-physical topology to quantitatively evaluate the feasibility and benefits of each attack path from vulnerability capabilities and the impact of devices in the physical world. Finally, we took the substation device status monitoring system as an example to verify the feasibility of this method.

Song Deng,Jiantang Zhang,Di Wu,Yi He,Xiangpeng Xie,Xindong Wu

DOI: https://doi.org/10.1109/tii.2022.3169456

IF: 12.3

2022-01-01

IEEE Transactions on Industrial Informatics

Abstract:An accurate and comprehensive risk assessment in a distribution cyber-physical system (DCPS) is essential to ensure its smooth operation, effective control, and exposure of hidden dangers and security implications. Unfortunately, prior risk assessment methods are mostly limited in two aspects. First, the current studies do not respect the complex network topology and intertwined devicewise dependencies, thereby failing to delineate and model the risk propagation mechanism in DCPS accurately. Second, the prior work tends to focus on gauging the risks underlying physical systems independently, overlooking the quantification of risk impact on physical systems incurred by the cyberattack. To fill the gap, in this article, we propose a unified risk assessment model that gauges the comprehensive security implication of DCPS in a Bayesian regime, in which the three key components, namely, the prior probability, posterior probability, and minimum load-loss ratio, are calculated via the cumulative densities, epidemic model, and optimal load shedding, respectively. We benchmark our proposed model on a public testbed, IEEE 39-bus system, with extensive experiments. The results substantiate the viability and effectiveness of our model and suggest that the vulnerability of DCPS is positively correlated with the three components in our Bayesian modeling. We hope this finding can shed some light on future research by providing a plausible apparatus for measuring the security implications of physical systems in DCPS under cyberattacks.

automation & control systems,computer science, interdisciplinary applications,engineering, industrial

Yuhang Zhang,Ming Ni

DOI: https://doi.org/10.3390/app132011569

2023-10-23

Applied Sciences

Abstract:With the increasing deployment of advanced sensing and measurement devices, the modern distribution system is evolved into a cyber-physical power distribution system (CPPDS). Due to the extensive application of information and communication technology, CPPDS is prevalently exposed to a wide range of cybersecurity threats. In this paper, a novel security-oriented cyber-physical risk assessment method for CPPDS is proposed. Based on the information model composed of logical nodes, an attack graph of privilege promotion by exploiting the cyber vulnerabilities is constructed. The physical consequence caused by cyberattack is analyzed in detail. By using the Markov decision process (MDP) theory, the cyber-physical risk index (CPRI) is calculated. Furthermore, considering the allocation of the finite defense resource, the modified MDP approach with an attack–defense game is presented. The effectiveness of the proposed method is demonstrated with case studies on a four-feeder IEEE-RTBS test system.

materials science, multidisciplinary,engineering,chemistry,physics, applied

Asila AlHarmali,Saqib Ali,Waqas Aman,Omar Hussain

DOI: https://doi.org/10.5121/csit.2024.141608

2024-09-15

Abstract:Cyber-Physical Systems (CPS) integrate physical and embedded systems with information and communication technology systems, monitoring and controlling physical processes with minimal human intervention. The connection to information and communication technology exposes CPS to cyber risks. It is crucial to assess these risks to manage them effectively. This paper reviews scholarly contributions to cyber risk assessment for CPS, analyzing how the assessment approaches were evaluated and investigating to what extent they meet the requirements of effective risk assessment. We identify gaps limiting the effectiveness of the assessment and recommend real-time learning from cybersecurity incidents. Our review covers twenty-eight papers published between 2014 and 2023, selected based on a three-step search. Our findings show that the reviewed cyber risk assessment methodologies revealed limited effectiveness due to multiple factors. These findings provide a foundation for further research to explore and address other factors impacting the quality of cyber risk assessment in CPS.

Cryptography and Security

Han Qin,Jiaming Weng,Dong Liu,Donglian Qi,Yufei Wang

DOI: https://doi.org/10.17775/cseejpes.2020.04550

IF: 6.014

2024-01-01

CSEE Journal of Power and Energy Systems

Abstract:With the help of advanced information technology, real-time monitoring and control levels of cyber-physical distribution systems (CPDS) have been significantly improved. However due to the deep integration of cyber and physical systems, attackers could still threaten the stable operation of CPDS by launching cyber-attacks, such as denial-of-service (DoS) attacks. Thus, it is necessary to study the CPDS risk assessment and defense resource allocation methods under DoS attacks. This paper analyzes the impact of DoS attacks on the physical system based on the CPDS fault self-healing control. Then, considering attacker and defender strategies and attack damage, a CPDS risk assessment framework is established. Furthermore, risk assessment and defense resource allocation methods, based on the Stackelberg dynamic game model, are proposed under conditions in which the cyber and physical systems are launched simultaneously. Finally, a simulation based on an actual CPDS is performed, and the calculation results verify the effectiveness of the algorithm.

Ioannis Zografopoulos,Juan Ospina,XiaoRui Liu,Charalambos Konstantinou

DOI: https://doi.org/10.48550/arXiv.2101.10198

2021-01-25

Cryptography and Security

Abstract:Cyber-physical systems (CPS) are interconnected architectures that employ analog, digital, and communication resources for their interaction with the physical environment. CPS are the backbone of enterprise, industrial, and critical infrastructure. Thus, their vital importance makes them prominent targets for malicious attacks aiming to disrupt their operations. Attacks targeting cyber-physical energy systems (CPES), given their mission-critical nature, can have disastrous consequences. The security of CPES can be enhanced leveraging testbed capabilities to replicate power system operations, discover vulnerabilities, develop security countermeasures, and evaluate grid operation under fault-induced or maliciously constructed scenarios. In this paper, we provide a comprehensive overview of the CPS security landscape with emphasis on CPES. Specifically, we demonstrate a threat modeling methodology to accurately represent the CPS elements, their interdependencies, as well as the possible attack entry points and system vulnerabilities. Leveraging the threat model formulation, we present a CPS framework designed to delineate the hardware, software, and modeling resources required to simulate the CPS and construct high-fidelity models which can be used to evaluate the system's performance under adverse scenarios. The system performance is assessed using scenario-specific metrics, while risk assessment enables system vulnerability prioritization factoring the impact on the system operation. The overarching framework for modeling, simulating, assessing, and mitigating attacks in a CPS is illustrated using four representative attack scenarios targeting CPES. The key objective of this paper is to demonstrate a step-by-step process that can be used to enact in-depth cybersecurity analyses, thus leading to more resilient and secure CPS.

Buxiang Zhou,Binjie Sun,Tianlei Zang,Yating Cai,Jiale Wu,Huan Luo

DOI: https://doi.org/10.3390/e25010047

IF: 2.738

2022-12-28

Entropy

Abstract:With the increasing digitalization and informatization of distribution network systems, distribution networks have gradually developed into distribution network cyber physical systems (CPS) which are deeply integrated with traditional power systems and cyber systems. However, at the same time, the network risk problems that the cyber systems face have also increased. Considering the possible cyber attack vulnerabilities in the distribution network CPS, a dynamic Bayesian network approach is proposed in this paper to quantitatively assess the security risk of the distribution network CPS. First, the Bayesian network model is constructed based on the structure of the distribution network and common vulnerability scoring system (CVSS). Second, a combination of the fuzzy analytic hierarchy process (FAHP) and entropy weight method is used to correct the selectivity of the attacker to strike the target when cyber attack vulnerabilities occur, and then after considering the defense resources of the system, the risk probability of the target nodes is obtained. Finally, the node loads and node risk rates are used to quantitatively assess the risk values that are applied to determine the risk level of the distribution network CPS, so that defense strategies can be given in advance to counter the adverse effects of cyber attack vulnerabilities.

physics, multidisciplinary

Beatrice Cassottana,Muhammad M Roomi,Daisuke Mashima,Giovanni Sansavini

DOI: https://doi.org/10.1111/risa.14089

Abstract:Cyber-physical systems (CPSs) are monitored and controlled by a computing and communicating core. This cyber layer enables better management of the controlled subsystem, but it also introduces threats to the security and protection of CPSs, as demonstrated by recent cyberattacks. The resulting governance and policy emphasis on cybersecurity is reflected in the academia by a vast body of literature. In this article, we systematize existing knowledge on CPS analysis. Specifically, we focus on the quantitative assessment of CPSs before and after the occurrence of a disruption. Through the systematic analysis of the models and methods adopted in the literature, we develop a CPS resilience assessment framework consisting of three steps, namely, (1) CPS description, (2) disruption scenario identification, and (3) resilience strategy selection. For each step of the framework, we suggest established methods for CPS analysis and suggest four criteria for method selection. The framework proposes a standardized workflow to assess the resilience of CPSs before and after the occurrence of a disruption. The application of the proposed framework is exemplified with reference to a power substation and associated communication network.The case study shows that the proposed framework supports resilience decision making by quantifying the effects of the implementation of resilience strategies.

Yan Wang,Yan Li,Tianqi Xu,Mengmeng Zhu

DOI: https://doi.org/10.1109/icpst56889.2023.10164915

2023-01-01

Abstract:The integration of communication technology into power systems enhances their observability and controllability but also introduces additional risks caused by the interaction between cyber and physical systems, leading to the expansion of cascading failures in cyber-physical power systems (CPPSs). To address this problem, this article proposes a cascading failure risk assessment method for CPPS based on an event-driven model, which provides technical support for risk warning and security analysis of CPPSs. The proposed method involves the establishment of a state transition matrix of CPPS based on a dynamic Bayesian network and analysis of the triggering law of cascading faults. A dynamic HMM model and a set of expected risk scenarios of CPPS are established based on the observable results of physical system faults by the information system. Furthermore, the corresponding multi-index risk assessment model of CPPS is established to describe the risk propagation ability of the system in its operation state, followed by the migration of the operation mode according to the adjustment of the high-risk event-driven control strategy. Finally, the effectiveness of the method is verified using the IEEE-39 system.

Xindong Liu,Mohammad Shahidehpour,Zuyi Li,Xuan Liu,Yijia Cao,Zhiyi Li

DOI: https://doi.org/10.1109/tsg.2016.2545683

IF: 10.275

2017-01-01

IEEE Transactions on Smart Grid

Abstract:This paper presents a risk assessment method for evaluating the cyber security of power systems considering the role of protection systems. This paper considers the impact of bus and transmission line protection systems located in substations on the cyber-physical performance of power systems. The proposed method simulates the physical response of power systems to malicious attacks on protection system settings and parameters. The relationship among settings of protection devices, protection logics, and circuit breaker logics is analyzed. The expected load curtailment (ELC) index is used in this paper to quantify potential system losses due to cyber attacks. The Monte Carlo simulation is applied to calculate ELC for assessing attackers’ capabilities as bus arrangements are altered. The effectiveness of the proposed risk assessment method is demonstrated using a 9-bus system and the IEEE 68-bus system.

Feng Li,Mozhong Zhu,Ling Lin

DOI: https://doi.org/10.3233/jifs-234686

2024-01-24

Journal of Intelligent & Fuzzy Systems

Abstract:Once industrial control systems are targeted by cyber-attacks, the consequences can be severe, including asset loss, environmental pollution, and public security risks. Risk assessment is an important way to ensure that industrial control systems operate efficiently, steadily and safely. The purpose of this paper is to develop a risk assessment model for industrial control systems based on asymmetric connection cloud and Choquet integral, which fully takes into account the fact that values of risk indicators are often fuzzy, random, asymmetrically distributed in finite intervals, and there are interactions among different indicators. To do so, we first establish a risk assessment index system to ensure the full reflection of availability, integrity, and confidentiality in the results of risk assessment for industrial control systems. Then we establish classification standards for each evaluation indicator based on the importance of assets, vulnerabilities, and threats in evaluating the risk of industrial control systems. Next we develop a risk assessment model based on asymmetric connection cloud and Choquet integral to determine the risk level of industrial control systems. In the following, an example is provided to demonstrate the feasibility and reliability of this proposed model. The experimental results have demonstrated a high level of credibility in assessing cyber-attacks by the proposed model, indicating its potential for analyzing the current security and risk posture of industrial control systems.

GUO Qinglai,XIN Shujun,SUN Hongbin,WANG Jianhui

DOI: https://doi.org/10.13334/j.0258-8013.pcsee.2016.06.003

2016-01-01

Abstract:Smart grid is a typical cyber-physical system (CPS), in which the disturbance on cyber part may result in the operation risks on physical systems. In order to perform system assessment and contingency analysis for the cyber-physical power grid, we first reviewed the significance and necessity of the CPS assessment for the power system, and proposed an analytic cyber-physical modeling architecture to describe the couple relationship of cyber and physical systems adopting graph theory, set theory and matrix theory afterwards.In this model, the HCS cyber network can be abstracted to a directed graph consisting of data nodes and directed branches. This model supports hybrid computing of the system information-energy flow with matrix transformation and operations, which has a higher computational efficacy while ensure some accuracy compared with simulation-based approaches. At last, we also explored the outlook of the future cyber-physical security assessment for the power system.

Yu-Chu Tian,Chunjie Zhou,Xiaoya Hu,Bowen Hu,Xin Du

DOI: https://doi.org/10.1109/TII.2022.3168774

IF: 12.3

2023-03-01

IEEE Transactions on Industrial Informatics

Abstract:Advanced cyber-physical power systems (CPPS) has been put forward by the strong integration of energy networks and communication networks. While CPPS brings a promising solution with high efficiency, strong flexibility, great scalability, and improved reliability, it inevitably poses some security challenges. In order to address these challenges, it is essential to accurately describe the attack behavior and system security situation. In this article, a dynamic risk propagation evaluation approach is proposed for accurately predicting attacks and quantitatively analyzing system risk. It is equipped with a partitioned cellular automata model to deal with spatial heterogeneity in the partitioned system. The intentions of targeted attack are also considered for predicting attacks. Then, the cyber-to-physical risk is quantitatively identified from multiple dimensions. Finally, the verification of attack intention is designed to dynamically update and adjust the predicted result. The presented approach is demonstrated through a case study on a CPPS.

Computer Science,Engineering

DING Li-jie,CHEN Wei-hua,BAO Zhe-jing

2009-01-01

Abstract:To ensure the static security of the power system,which is one of the key factors in power system operation,a method of risk assessment and preventive control was proposed based on the risk of line overload and voltage exceeding.In this method,the probabilistic power flow(PPT) and cumulant method were used to analyze the randomness of system statuses,and the severity function was applied to describing the impact and outcome of line overhead and voltage exceeding.Moreover,the product of probability and severity of line overload and voltage exceeding was defined as the risk index of the system.Finally,a preventive control model for static security,based on optimal power flow and particle swarm optimization method,was developed and used to optimize the outputs of the system active and reactive resources,which reduced the risks of overload and voltage exceeding and increased system security.The method was proved effective through testing.

LIU Sen-sen,CHEN Wei-hua,JIANG Quan-yuan

DOI: https://doi.org/10.3785/j.issn.1008-973x.2009.03.036

2009-01-01

Abstract:The risk theory was applied to static security analysis of power system,and a power system risk model with obvious parallel processing was built.A novel parallel processing approach of risk assessment of power system was presented based on the parallel model.The approach was implemented by PC cluster.In the implementation of specific parallel computing,the PC cluster technology was used.The New England 10-machine 39-node system was used to verify power system static security risk assessment methodology based on parallel computing.System's N-1 breaking accidents were used as the system's expected accident set.The risk of line power overload and that of bus low voltage were used as the two risk indicators to describe static security.The performance of parallel computing algorithm based on indicators and that of parallel computing algorithm based on static incidents allocation were compared.

Halima Ibrahim Kure,Shareeful Islam,Mustansar Ghazanfar,Asad Raza,Maruf Pasha

DOI: https://doi.org/10.1007/s00521-021-06400-0

2021-08-11

Neural Computing and Applications

Abstract:Risk management plays a vital role in tackling cyber threats within the cyber-physical system (CPS). It enables identifying critical assets, vulnerabilities and threats and determining suitable proactive control measures for the risk mitigation. However, due to the increased complexity of the CPS, cyber-attacks nowadays are more sophisticated and less predictable, which makes risk management task more challenging. This paper aims for an effective cybersecurity risk management (CSRM) practice using assets criticality, predication of risk types and evaluating the effectiveness of existing controls. We follow a number of techniques for the proposed unified approach including fuzzy set theory for the asset criticality, machine learning classifiers for the risk predication and comprehensive assessment model (CAM) for evaluating the effectiveness of the existing controls. The proposed approach considers relevant CSRM concepts such as asset, threat actor, attack pattern, tactic, technique and procedure (TTP), and controls and maps these concepts with the VERIS community dataset (VCDB) features for the risk predication. The experimental results reveal that using the fuzzy set theory in assessing assets criticality supports stakeholder for an effective risk management practice. Furthermore, the results have demonstrated the machine learning classifiers exemplary performance to predict different risk types including denial of service, cyber espionage and crimeware. An accurate prediction of risk can help organisations to determine the suitable controls in proactive manner to manage the risk.

computer science, artificial intelligence

Alexey Poletykin

DOI: https://doi.org/10.1109/rusautocon.2018.8501811

2018-09-01

Abstract:The cyber security formula-based risk evaluation method is outlined for using SCADA in Industrial Control System (ICS) of Critical National Infrastructure (CNI) plants. The main feature of the method is taking into account not only information security methods but all safety and security and reliability measures available. Another feature concerns assets definition by means of explicit and hidden functions for which damage values from feasible cyber-attacks are estimated. The method deals with the scales of order. An example of the scale is proposed for damage and risk values. The essence of the method, its application domain restrictions, the stages of risk management addressed, key risk management concepts covered are described in the paper.

Ting Zhao,Dong Wang,Dongxu Lu,Yuan Zeng,Yanli Liu

DOI: https://doi.org/10.1109/DRPT.2015.7432333

2015-01-01

Abstract:This paper presents a new risk assessment method for cascading failure caused by electric cyber-physical system (ECPS). The development of a trustworthy smart grid requires a deeper and more specific analysis of potential impacts resulting from failures of ECPS. A probability model is presented to calculate the reliability of ECPS which controls the security and stability control system. Cascading failure due to failures of ECPS is being investigated by risk assessment method in this paper. Two scenes including signal lost and signal transmission error which may lead to cascading failure in power system is considered. IEEE I18-bus system is used as a test system and the simulation results verifies the effectiveness of proposed failure model and risk assessment method.