Jianmin Zhang,Yi Chen,Naizheng Jin,Lianquan Hou,Qianzhi Zhang

DOI: https://doi.org/10.1109/pesgm.2017.8274254

2017-01-01

Abstract:Due to DoS (Denial of Service) as the most serious cyber attack for digital substation, a modeling of data flow with different properties as periodic, random, sudden response is firstly introduced, followed by a simulation modeling of DoS attack based on the SYN-Flood principle; the module design and simulation implementation scheme based on OPNET platform has been proposed in detail. The simulation scenario is selected as the star network where the station layer server is under the SYN_flood attack, and the case studies are made for wide-band of 10BaseT and 100BaseT data link. The simulation results give the performances of the station layer server before and after SYN_flood attack, and the attack consequences are long stay at a high CPU utilization, time delay increasing of TCP connection, and the increasing of link throughput to exhaust the link band, etc., in which the attempts of DoS are exposed to make the station layer server disable to response the normal business request, i.e., to deny the service.

Peng Huang,Yinan Wang,Gangfeng Yan

DOI: https://doi.org/10.1109/iecon.2017.8216086

2017-01-01

Abstract:This paper considers a framework of electrical cyber-physical systems (ECPSs) in which each bus and branch in a power grid is equipped with a controller and a sensor. By means of measuring the damages of cyber attacks in terms of cutting off transmission lines, three solution approaches are proposed to assess and deal with the damages caused by faults or cyber attacks. Splitting incident is treated as a special situation in cascading failure propagation. A new simulation platform is built for simulating the protection procedure of ECPSs under faults. The vulnerability of ECPSs under faults is analyzed by experimental results based on IEEE 39-bus system.

Yinan Wang,Wei Li,Gangfeng Yan,Sumian Song

DOI: https://doi.org/10.1109/icit.2017.7915433

2017-01-01

Abstract:This paper proposes an unified framework for electrical cyber physical systems (ECPSs) and studies the mechanism of cyber attacks and cyber security. Communication networks are designed by characteristics of power grids. This model is universal to both transmission and distribution grids. The fragility of ECPSs under cyber attacks (DoS attacks and false data injection attacks) is analyzed in three scenarios based on different types and attackers' acknowledgments of the ECPSs. It has been proved that attacks happen at information uploading routers or control strategy downloading routers will influence the system differently. The effectiveness of relay protection policies and cyber security policies are verified by experimental results.

Peili Ding,Yinan Wang,Gangfeng Yan,Wei Li

DOI: https://doi.org/10.1109/cac.2017.8243929

2017-01-01

Abstract:Recent years, the issue of cyber security has become ever more prevalent in the analysis and design of electrical cyber-physical systems (ECPSs). In this paper, we present the TrueTime Network Library for modeling the framework of ECPSs and focuses on the vulnerability analysis of ECPSs under DoS attacks. Model predictive control algorithm is used to control the ECPS under disturbance or attacks. The performance of decentralized and distributed control strategies are compared on the simulation platform. It has been proved that DoS attacks happen at dada collecting sensors or control instructions actuators will influence the system differently.

Yinan Wang,Gangfeng Yan,Ronghao Zheng

DOI: https://doi.org/10.3390/app8050768

2018-01-01

Applied Sciences

Abstract:The integration of modern computing and advanced communication with power grids has led to the emergence of electrical cyber-physical systems (ECPSs). However, the massive application of communication technologies makes the power grids become more vulnerable to cyber attacks. In this paper, we study the vulnerability of ECPSs and develop defence strategies against cyber attacks. Detection and protection algorithms are proposed to deal with the emergency of cascading failures. Moreover, we propose a weight adjustment strategy to solve the unbalanced power flows problem which is caused by splitting incidents. A MATLAB-based platform with advantages of easy programming, fast calculation, and no damage to systems is built for the offline simulation and analysis of the vulnerability of ECPSs. We also propose a five-aspect method of vulnerability assessment which includes the robustness, economic costs, degree of damage, vulnerable equipment, and trip point. The study is of significance to decision makers as they can get specific advice and defence strategies about a special power system.

Chunming Zhang,Fengji Luo,Mingyang Sun,Gianluca Ranzi

DOI: https://doi.org/10.1109/tnse.2020.3015220

IF: 6.6

2021-01-01

IEEE Transactions on Network Science and Engineering

Abstract:Advanced Metering Infrastructure (AMI) is a critical and fundamental component of smart grids. Cyber security of AMI thus has direct implications to smart grid's secure and reliable operations. This paper establishes analytical models for studying AMI system's robustness with presence of Distributed Denial-of-Service (DDoS) attacks. This paper firstly proposes a state transition model for individual smart meter nodes and data collector nodes in an AMI communication network; based on this, a dynamic differential system is formulated to describe the network's state evolution. We analyze the dynamic differential system's stability under DDoS attacks and propose a defending strategy, which optimally allocate defending resources in the AMI network, aiming at mitigating the DDoS's threaten with minimum defending loss and cost. Extensive simulations are conducted to validate the proposed method under different AMI network topologies.

Suleman Ashraf,Mohammad H Shawon,Haris M Khalid,S M Muyeen

DOI: https://doi.org/10.3390/s21196415

2021-09-26

Abstract:The generation of the mix-based expansion of modern power grids has urged the utilization of digital infrastructures. The introduction of Substation Automation Systems (SAS), advanced networks and communication technologies have drastically increased the complexity of the power system, which could prone the entire power network to hackers. The exploitation of the cyber security vulnerabilities by an attacker may result in devastating consequences and can leave millions of people in severe power outage. To resolve this issue, this paper presents a network model developed in OPNET that has been subjected to various Denial of Service (DoS) attacks to demonstrate cyber security aspect of an international electrotechnical commission (IEC) 61850 based digital substations. The attack scenarios have exhibited significant increases in the system delay and the prevention of messages, i.e., Generic Object-Oriented Substation Events (GOOSE) and Sampled Measured Values (SMV), from being transmitted within an acceptable time frame. In addition to that, it may cause malfunction of the devices such as unresponsiveness of Intelligent Electronic Devices (IEDs), which could eventually lead to catastrophic scenarios, especially under different fault conditions. The simulation results of this work focus on the DoS attack made on SAS. A detailed set of rigorous case studies have been conducted to demonstrate the effects of these attacks.

Jianmin Zhang,Hang Mu,Ji Xu,Yutao Qiu,Kangyi Li,Naizheng Jin

DOI: https://doi.org/10.1109/ei259745.2023.10512919

2023-01-01

Abstract:IEC 61850 provides an excellent physical-cyber-logic model for substation networked automation, to describe the data and logic relationships between atomic elements of physical power system as well as communication network and automation system. As a fact, cyber-attack and corresponding cyber security protection belong to information and communication technology whose behaviors are all automated, and targeting substation networked automation. Therefore, unified modeling of physical-cyber-logic-attack-protection for digital substation becomes necessary and possible. The existing cyber security protection system does not model functions according to 61850 logical nodes and logical devices, and IEC 61850 does not model function-based logical nodes for cyber security protection and attack behavior, which makes the security system not transparent. In this paper, the basic functions of cyber-attack and corresponding cyber security protection are decomposed into atomic scale, which are modeled as logical nodes to establish a unified 61850 logic space model for digital substations in the future.

Mansi Girdhar,Junho Hong,Wencong Su,Akila Herath,Chen-Ching Liu

2024-03-08

Abstract:In recent years, critical infrastructure and power grids have experienced a series of cyber-attacks, leading to temporary, widespread blackouts of considerable magnitude. Since most substations are unmanned and have limited physical security protection, cyber breaches into power grid substations present a risk. Nowadays, software-defined network (SDN), a popular virtual network technology based on the OpenFlow protocol is being widely used in the substation automation system. However, the susceptibility of SDN architecture to cyber-attacks has exhibited a notable increase in recent years, as indicated by research findings. This suggests a growing concern regarding the potential for cybersecurity breaches within the SDN framework. In this paper, we propose a hybrid intrusion detection system (IDS)-integrated SDN architecture for detecting and preventing the injection of malicious IEC 61850-based generic object-oriented substation event (GOOSE) messages in a digital substation. Additionally, this program locates the fault's location and, as a form of mitigation, disables a certain port. Furthermore, implementation examples are demonstrated and verified using a hardware-in-the-loop (HIL) testbed that mimics the functioning of a digital substation.

Cryptography and Security,Computers and Society

YANG Wen-zheng,GUO Chuang-xin,CAO Yi-jia,YI Yong-hui

DOI: https://doi.org/10.3969/j.issn.1001-4551.2007.09.029

2007-01-01

Abstract:The digital substation will be the essential tendency of substation's development.And the information security and its safeguard will become a hot spot.Based on the analysis of the ethernet of digital substation,the security meaning and threats of digital substation information were discussed.Some security strategies and measures were proposed,such as digital signature、VLAN、multi-agent and firewall.

Yi Chen,Jianmin Zhang,Qiguo Han,Chuangxin Guo,Qianzhi Zhang

DOI: https://doi.org/10.1109/cyber.2017.8446593

2017-01-01

Abstract:The message flow modeling of a digital substation plays a decisive role to model the normal communication, from which its abnormal and cyber attack scenario could be identified. Based on a review of present message flow modeling method and application analysis, network calculus and path flow model is selected as the modeling method for study; a much more simple and clear modeling processes are worked from source port message characteristic vector definition, to physical network, message transmission path, message flow distribution, finally a clear calculation flowchart is achieved. Result of case study proved the correctness of present calculation method.

Caiming Yang,Jianmin Zhang,Kangyi Li,Jiayu Zhang,Naizheng Jin,Xijian Wang

DOI: https://doi.org/10.1109/ispec48194.2019.8975306

2019-11-01

Abstract:When abormalities, including equipment failure and/or cyber attacks, occur in the substation, it is essential to specify their difference in performance, e.g., process layer of digital substation will encounter stochastic messages and burst messages in normal operation, abnormal traffic caused by equipment fault, or denial-of-service (DoS) attacks by virus intrusion. In this reason, a novel cyber physical fusion based abnormal traffic detection approach has been proposed, a difference-sequence-variance based abnormal message traffic detection method and flowchart is proposed, including a new substation traffic anomaly membership function and its parameter estimation method. The simulation verification of the T1-1 type substation network is done by OPNET, which prove that the random and burst GOOSE messages as well as DoS attacks in the layer can be identified by proposed method.

Yirui Zhao,Yong Li,Yijia Cao,Mingyu Yan

DOI: https://doi.org/10.1016/j.apenergy.2023.121551

IF: 11.2

2023-07-22

Applied Energy

Abstract:Substation with various communication and control devices has become a major target of cyber-attacks. In general, two main types of cyber-attacks can be performed on substations through direct intelligent electronic device connections from remote accesses or via compromising local substation supervisory control center and data acquisition systems, thus respectively resulting in different damage to the power systems. In this paper, the combination of two types of cyber-attacks on the power systems are considered. The generalized stochastic Petri net is utilized to simulate dynamic intrusion processes of these two types of cyber-attacks. Furthermore, the successful attack probabilities of cyber-attacks are calculated based on simulation results. Then, a probabilistic bi-level optimization model is proposed to identify critical components with the maximum cyber risk and the types of cyber-attacks. The two types of cyber-attacks initiated from substation space to individual components are particularly modeled in the proposed model. Finally, a two-stage algorithm using the network flow is proposed to solve the proposed model more efficiently. Simulation results tested on the IEEE RTS 24-bus and the 118-bus systems validate the effectiveness of the proposed model. Results also show that the devised algorithm can improve the computation performance in dealing with larger-scale power systems.

energy & fuels,engineering, chemical

Kaikai Pan,Andre Teixeira,Claudio David Lopez,Peter Palensky

DOI: https://doi.org/10.1109/smartgridcomm.2017.8340668

2017-10-01

Abstract:It is challenging to assess the vulnerability of a cyber-physical power system to data attacks. In order to support vulnerability assessment, with the exception of analytic methods, a suitable platform for security tests needs to be developed. In this paper we analyze the cyber security of energy management system (EMS) against data attacks. First we extend our analytic framework that characterizes data attacks as optimization problems with the objectives specified as security metrics and constraints corresponding to the communication network properties. Second, we build a platform in the form of co-simulation - coupling the power system simulator DIgSILENT PowerFactory with communication network simulator OMNeT++, and Matlab for EMS applications (state estimation, optimal power flow). Then the framework is used to conduct attack simulations on the cosimulation based platform for a power grid test case. The results indicate how vulnerable of EMS to data attacks and how cosimulation can help assess vulnerability.

Wanxing Sheng,Keyan Liu,Ying Liang

DOI: https://doi.org/10.1049/cps2.12003

2021-02-20

Abstract:With the many characteristics of cyber–physical systems (CPS), including the complex evolution of various dynamic processes in distribution networks (DNs), communication modes and serious network security events have become important issues. From the perspective of DN analysis, traditional electrical digital simulations cannot access current models of communication systems and cyber network security events. The interactions between cyber and physical networks cannot be simulated and analysed simultaneously, which is challenging to the development of CPS simulations of DNs. To evaluate the impact of cyber networks on physical networks, a CPS simulation platform that contains physical, communication and control layers is discussed. Three‐phase short‐circuit fault processing and islanding operation control are simulated by data interactions among three‐layer models that are used to analyse the impact of communication data tampering on fault handling processes. The influence of data tampering on fault processing and the influence of false data injection and data interception on islanding operation control processes are analysed. The simulation results show that the network information security has a large impact on fault protection and islanding operation control, which leads to the expansion of the outage scope and the failure of islanding operation frequency adjustment. This article also provides a simulation basis for the analysis of CPS operation characteristics and the identification and prevention of cyber network security events.

Weiming Tong,Jixing Gao,Zhongwei Li,Xianji Jin

DOI: https://doi.org/10.1109/lcomm.2018.2868342

IF: 3.5529

2018-01-01

IEEE Communications Letters

Abstract:The information security of smart substations has become a major issue, as substations become increasingly dependent on communication networks. This letter analyzes the data flows in the communication networks of smart substations and proposes a protection method based on message identification and flow monitoring for managing the congestion arising from network attacks. This method implements the rapid identification and filtering of messages by condensing key information into a message information tag and then examines the tag along with the traffic rates at switches to identify and discard counterfeit messages. OPNET simulation results show that the method successfully identifies and discards counterfeit messages and avoids timeouts and packet drops in the transmission process of authentic messages during periods of congestion.

Shahbaz Hussain,Atif Iqbal,S M Suhail Hussain,Stefano Zanero,Abdullatif Shikfa,Enrico Ragaini,Irfan Khan,Rashid Alammari

DOI: https://doi.org/10.1038/s41598-022-27157-z

2023-02-01

Abstract:IEC 61850 is emerging as a popular communication standard for smart grids. Standardized communication in smart grids has an unwanted consequence of higher vulnerability to cyber-attacks. Attackers exploit the standardized semantics of the communication protocols to launch different types of attacks such as false data injection (FDI) attacks. Hence, there is a need to develop a cybersecurity testbed and novel mitigation strategies to study the impact of attacks and mitigate them. This paper presents a testbed and methodology to simulate FDI attacks on IEC 61850 standard compliant Generic Object-Oriented Substation Events (GOOSE) protocol using real time digital simulator (RTDS) together with open-source tools such as Snort and Wireshark. Furthermore, a novel hybrid cybersecurity solution by the name of sequence content resolver is proposed to counter such attacks on the GOOSE protocol in smart grids. Utilizing the developed testbed FDI attacks in the form of replay and masquerade attacks on are launched and the impact of attacks on electrical side is studied. Finally, the proposed hybrid cybersecurity solution is implemented with the developed testbed and its effectiveness is demonstrated.

Mansi Girdhar,Kuchan Park,Wencong Su,Junho Hong,Akila Herath,Chen-Ching Liu

2024-11-12

Abstract:In recent years, critical infrastructure and power grids have increasingly been targets of cyber-attacks, causing widespread and extended blackouts. Digital substations are particularly vulnerable to such cyber incursions, jeopardizing grid stability. This paper addresses these risks by proposing a cybersecurity framework that leverages software-defined networking (SDN) to bolster the resilience of substations based on the IEC-61850 standard. The research introduces a strategy involving smart cyber switching (SCS) for mitigation and concurrent intelligent electronic device (CIED) for restoration, ensuring ongoing operational integrity and cybersecurity within a substation. The SCS framework improves the physical network's behavior (i.e., leveraging commercial SDN capabilities) by incorporating an adaptive port controller (APC) module for dynamic port management and an intrusion detection system (IDS) to detect and counteract malicious IEC-61850-based sampled value (SV) and generic object-oriented system event (GOOSE) messages within the substation's communication network. The framework's effectiveness is validated through comprehensive simulations and a hardware-in-the-loop (HIL) testbed, demonstrating its ability to sustain substation operations during cyber-attacks and significantly improve the overall resilience of the power grid.

Cryptography and Security,Emerging Technologies

Hwei-Ming Chung,Wen-Tai Li,Chau Yuen,Wei-Ho Chung,Chao-Kai Wen

DOI: https://doi.org/10.1109/SmartGridComm.2017.8340712

2017-08-10

Abstract:A well-designed attack in the power system can cause an initial failure and then results in large-scale cascade failure. Several works have discussed power system attack through false data injection, line-maintaining attack, and line-removing attack. However, the existing methods need to continuously attack the system for a long time, and, unfortunately, the performance cannot be guaranteed if the system states vary. To overcome this issue, we consider a new type of attack strategy called combinational attack which masks a line-outage at one position but misleads the control center on line outage at another position. Therefore, the topology information in the control center is interfered by our attack. We also offer a procedure of selecting the vulnerable lines of its kind. The proposed method can effectively and continuously deceive the control center in identifying the actual position of line-outage. The system under attack will be exposed to increasing risks as the attack continuously. Simulation results validate the efficiency of the proposed attack strategy.

Systems and Control

Filip Holik,Sule Yildirim Yayilgan,Guro Bråten Olsborg

DOI: https://doi.org/10.3390/electronics13122318

IF: 2.9

2024-06-14

Electronics

Abstract:Increasing power consumption and reliance on non-predictable renewable power generation is pushing the transition from analog to digital power grid substations forward. Grid digitalization helps to reduce substation complexity and therefore costs, and improves observability and management, but introduces new cyber security issues. To make the digital substations secure, cyber security awareness and efficient personnel training is one of the most important research areas as the power grid is a part of critical infrastructure. In our previous work, we have proposed an approach for analyzing cyber security threats and attacks in digital substations based on a case study from Norway. In this article, we present how we developed a tool for emulation of digital substation communication for cyber security awareness based on experiences from the case study. We present technical details of the tool—called the SGSim—so the community can easily replicate the process or only the selected parts. We also freely provide source code on GitHub and distribution in the form of a virtual machine on request. Finally, we validate the tool performance in several scenarios and evaluate its usability on a survey conducted among a wide range of professionals.

engineering, electrical & electronic,physics, applied,computer science, information systems