Yinan Wang,Gangfeng Yan,Ronghao Zheng

DOI: https://doi.org/10.3390/app8050768

2018-01-01

Applied Sciences

Abstract:The integration of modern computing and advanced communication with power grids has led to the emergence of electrical cyber-physical systems (ECPSs). However, the massive application of communication technologies makes the power grids become more vulnerable to cyber attacks. In this paper, we study the vulnerability of ECPSs and develop defence strategies against cyber attacks. Detection and protection algorithms are proposed to deal with the emergency of cascading failures. Moreover, we propose a weight adjustment strategy to solve the unbalanced power flows problem which is caused by splitting incidents. A MATLAB-based platform with advantages of easy programming, fast calculation, and no damage to systems is built for the offline simulation and analysis of the vulnerability of ECPSs. We also propose a five-aspect method of vulnerability assessment which includes the robustness, economic costs, degree of damage, vulnerable equipment, and trip point. The study is of significance to decision makers as they can get specific advice and defence strategies about a special power system.

Ruiwen He,Xiaoyu Ji,Wenyuan Xu

DOI: https://doi.org/10.1109/ei250167.2020.9346835

2020-01-01

Abstract:With the development of information technology and Power Internet of Things, the increasing number of networked terminals presents new network security threats. Industrial control equipment and systems have vulnerabilities in hardware, software and firmware, and advanced persistent threat against ICS has become more complex and diverse. However, most of the research are aimed at the detection of single vulnerability, and lack attack mechanism analysis and threat assessment for attack chain. We proposed a threat assessment method based on vulnerability descriptive text and described the attributes of attack samples according to the classification results in attack targets, methods and consequences. We constructed attack graphs based on attack sample attributes and cyber-physical topology to quantitatively evaluate the feasibility and benefits of each attack path from vulnerability capabilities and the impact of devices in the physical world. Finally, we took the substation device status monitoring system as an example to verify the feasibility of this method.

Sheng Xu,Yongxiang Xia,Hui-Liang Shen

DOI: https://doi.org/10.1109/tcsii.2020.2999875

2020-01-01

Abstract:In this brief, we analyze the damage caused by malware-induced cyber attacks in Cyber-Physical Power Systems (CPPSs). Incubation period and detection probability of the malware are considered in our analytical framework. From attacker's perspective, the trade-off between attack effectiveness and detection risk is studied to help choose the best attack timing and obtain the maximum payoff. Moreover, we conduct case studies in CPPSs formed by coupling IEEE 118-Bus System with scale-free communication networks. Simulation results reveal that the maximum expected payoff for the attacker is affected by the coupling pattern and the structure of communication network in CPPSs.

Sheng Xu,Yongxiang Xia,Hui-Liang Shen

DOI: https://doi.org/10.1109/jsyst.2022.3150576

IF: 4.802

2022-01-01

IEEE Systems Journal

Abstract:In this article, we study how to resist malware attacks in cyber-physical power systems (CPPSs) through cyber protection. A model that incorporates the power flow analysis, the cyber monitoring and control, and the factor of cyber protection is proposed to simulate malware attacks in CPPSs. Meanwhile, an evaluation method is also developed to estimate the effectiveness of different cyber protection strategies. Through simulations, we conduct case studies in a test CPPS generated by coupling the IEEE 118 Bus System with a scale-free communication network. The protection effects of three heuristic cyber protection strategies, namely, target protection, random protection, and acquaintance protection are compared and analyzed. Simulation results reveal that compared with the other two strategies, target protection can suppress malware propagation and resist malware attacks more effectively. Moreover, we also investigate the optimal cyber protection problem in CPPSs and formulate it as a zero-one integer programming problem. We solve the problem by genetic algorithm and find that some low-degree cyber nodes also play a significant role in resisting malware attacks in CPPSs, especially when the protection budget is tight.

Fan Zhang,Jamie B. Coble

DOI: https://doi.org/10.1016/j.pnucene.2020.103446

IF: 2.461

2020-10-01

Progress in Nuclear Energy

Abstract:Most nuclear power plants (NPPs) are looking deploying digital instrumentation and control (I&C) systems, which allow for more precise control and more economical operation. However, both the quantity and capability of industrial control system (ICS)-targeted cyber-attacks have grown dramatically over recent years. Therefore, one of the most significant challenges that digital I&C systems bring is the issue of cybersecurity, which should be enhanced before their deployment.Several different types of cyber-attacks can be introduced to NPPs; a false data injection attack on key equipment is the focus of this research due to the potential severe consequences associated with such an attack. In false data injection, the attackers may alter the reading of control sensors or commands to change the operation of an NPP. Current cybersecurity efforts focus on intrusion prevention by firewalls or data-flow direction control and use commercial intrusion detection systems, which usually focus on monitoring Internet Protocol (IP) addresses, ports, and payload length. However, attention should be given to conditions where these approaches can fail, such as an insider attack. Previous research based on process data shows the potential of a last defenseâ, line using online monitoring of the process data in concern with cyber data analysis. However, existing models involve different subsystems across the whole NPP, which has a wide attack surface and may require high computing cost. This holistic approach may not meet the time-sensitive requirements imposed upon I&C systems. This paper proposes a localized kit for key equipment in a process as a complementary detection method to improve the robustness of key equipment under cyber-attacks. Compared to existing models, this reduces the number of variables used in the model and significantly improves the computational speed. It also reduces the attack surface by limiting the data acquisition locally. This localized kit includes a cyber-attack detection model to detect anomalies within key components, such as the control system actuator, and an inference model to potentially reconstruct a compromised signal to allow the safe shut down.To develop and demonstrate the localized cybersecurity kit, a hardware-in-the-loop (HIL) testbed was built with a pressurized water reactor (PWR) simulator and a programmable logical controller (PLC). The PLC was programmed to control the steam generator (SG) water level at a specified set point, and the PWR simulator was utilized to simulate the nuclear system and response for parameters outside of the SG. Three false data injection attacks were conducted towards the testbed to generate the data needed for the localized kit development and evaluation. The results show the cyber-attack detection model is effective under false data injection scenarios and the inference model is promising as a signal reconstruction method.

nuclear science & technology

Jianghai Li,Chao Guo,Wen Si,Xiaojin Huang

DOI: https://doi.org/10.1007/978-981-13-3113-8_33

2019-01-01

Abstract:The framework of prevention, detection, and response has been proven an effective approach to enhance cybersecurity of Information Technology (IT) systems. This framework can be also applied to Instrumentation and Control (I&C) systems in Nuclear Power Plants (NPPs), although there are significant differences between IT systems and I&C systems. The differences include the operational real-time requirement, the distinct communication protocols, and the continuous availability of the systems. These specified requirements must be well addressed when applying the framework of prevention, detection, and response to I&C systems. Therefore, the specific approaches to implement this framework for I&C systems are proposed. For prevention, the monitoring and auditing for I&C systems is suggested to meet the real-time requirement. For detection, the intrusion detection approach based on physical data is presented to deal with the distinct communication protocols. For response, the intrusion-tolerant control is proposed to maintain the continuous availability. The above three approaches together form the overall solution for cybersecurity of I&C systems in NPPs. The reasons why these proposed approaches can deal with the specified challenges of I&C systems security are elaborated in this paper.

Yan-Fu Li,Shou-Zhou Liu

2018-01-01

Abstract:In recent years, human society has observed a world-widely increasing number of cyberattacks, with increasing complexities, applied onto different information, telecommunication and control (ITC) systems including those in the nuclear power plants (NPPs). The target of those attacks against NPPs can be various subsystems of instrumental and control (I&C) systems, e.g. reactor protection systems, engineering workstations, etc. In response to the rising threats from the cyber space, regulations and technologies have been and are being developed to protect and enhance the cyber-security of I&C systems. Recently, a number of regulations and standards have been made for the prevention and mitigation of cyber threats. Meanwhile, an increasing number of research works have been published with the focuses on cyber-security assessment and protection To understand what are the cyber-attacks, how are they implemented, what are their consequences, how to analyze, assess and predict the cyber threats as well as what are the protection mechanisms, what are the optimal ways of deploy them, are beneficial to both researchers and practitioners. In this paper, we will deliver a state-of-the-art overview on various aspects of the cyber-security of NPP.

Kaixing Huang,Chunjie Zhou,Yu-Chu Tian,Shuanghua Yang,Yuanqing Qin

DOI: https://doi.org/10.1109/tie.2018.2798605

IF: 7.7

2018-10-01

IEEE Transactions on Industrial Electronics

Abstract:Industrial cyber-physical systems (ICPSs) are widely applied in critical infrastructures such as chemical plants, water distribution networks, and power grids. However, they face various cyberattacks, which may cause physical damage to these industrial facilities. Therefore, ensuring the security of ICPSs is of paramount importance. For this purpose, a new risk assessment method is presented in this paper to quantify the impact of cyberattacks on the physical system of ICPSs. This method helps carry out appropriate attack mitigation measures. The method uses a Bayesian network to model the attack propagation process and infers the probabilities of sensors and actuators to be compromised. These probabilities are fed into a stochastic hybrid system (SHS) model to predict the evolution of the physical process being controlled. Then, the security risk is quantified by evaluating the system availability with the SHS model. The effectiveness of the proposed method is demonstrated with a case study on a hardware-in-the-loop simulation test bed.

automation & control systems,engineering, electrical & electronic,instruments & instrumentation

Nils Müller,Charalampos Ziras,Kai Heussen

DOI: https://doi.org/10.48550/arXiv.2202.09352

2022-02-18

Cryptography and Security

Abstract:The increasing interaction of industrial control systems (ICSs) with public networks and digital devices introduces new cyber threats to power systems and other critical infrastructure. Recent cyber-physical attacks such as Stuxnet and Irongate revealed unexpected ICS vulnerabilities and a need for improved security measures. Intrusion detection systems constitute a key security technology, which typically monitors cyber network data for detecting malicious activities. However, a central characteristic of modern ICSs is the increasing interdependency of physical and cyber network processes. Thus, the integration of network and physical process data is seen as a promising approach to improve predictability in real-time intrusion detection for ICSs by accounting for physical constraints and underlying process patterns. This work systematically assesses machine learning-based cyber-physical intrusion detection and multi-class classification through a comparison to its purely network data-based counterpart and evaluation of misclassifications and detection delay. Multiple supervised detection and classification pipelines are applied on a recent cyber-physical dataset, which describes various cyber attacks and physical faults on a generic ICS. A key finding is that the integration of physical process data improves detection and classification of all considered attack types. In addition, it enables simultaneous processing of attacks and faults, paving the way for holistic cross-domain root cause identification.

G Y Sree Varshini,S Latha

DOI: https://doi.org/10.1016/j.heliyon.2024.e26332

IF: 3.776

2024-02-19

Heliyon

Abstract:Cyber-Physical Power System (CPPS) refers to a system in which the elements of the internet and the physical power system communicate and work together. With the use of modern communication and information technology, grid monitoring and control have improved. However, the components of a cyber system are extremely vulnerable to cyberattacks via cyber connections due to inadequate cyber security measures. Therefore, an adaptive defence strategy is required for the analysis and mitigation of the coordinated attack. The conventional approach of using an offline controller requires tuning for changes in the operating conditions of the system, which is inappropriate for the modern CPPS. To counter the coordinated attack, a framework that integrates STATCOM based Adaptive Model Predictive Controller with RPME and time delay compensator is proposed. This paper addresses attack impact, detection, and mitigation methods in CPPS. In both time domain and frequency domain simulations the case studies are conducted for three distinct situations namely physical attack, cyberattack, and coordinated attack. Convolutional Neural Network (CNN), Support Vector Machine (SVM), Random Forest (RF), and K Nearest Neighbour (KNN) are four data-driven methods used for the detection of anomalies in PMU measurement data. Simulation studies show that CNN performs better in anomaly detection than other classifiers based on assessed performance metrics. For coordinated attack mitigation the proposed STATCOM based Adaptive Model Predictive Controller with RPME quickly recovers the system than the STATCOM based conventional lead-lag controller. The efficacy of the proposed strategy is validated on the WSCC 3 machine 9 bus system.

Dajun Du,Minggao Zhu,Xue Li,Minrui Fei,Siqi Bu,Lei Wu,Kang Li

DOI: https://doi.org/10.35833/mpce.2021.000604

IF: 4.469

2023-01-01

Journal of Modern Power Systems and Clean Energy

Abstract:Potential malicious cyber-attacks to power systems which are connected to a wide range of stakeholders from the top to tail will impose significant societal risks and challenges. The timely detection and defense are of crucial importance for safe and reliable operation of cyber-physical power systems (CPPSs). This paper presents a comprehensive review of some of the latest attack detection and defense strategies. Firstly, the vulnerabilities brought by some new information and communication technologies (ICTs) are analyzed, and their impacts on the security of CPPSs are discussed. Various malicious cyber-attacks on cyber and physical layers are then analyzed within CPPSs framework, and their features and negative impacts are discussed. Secondly, two current mainstream attack detection methods including state estimation based and machine learning based methods are analyzed, and their benefits and drawbacks are discussed. Moreover, two current mainstream attack defense methods including active defense and passive defense methods are comprehensively discussed. Finally, the trends and challenges in attack detection and defense strategies in CPPSs are provided.

engineering, electrical & electronic

Jinping Liu,Wuxia Zhang,Tianyu Ma,Zhaohui Tang,Yongfang Xie,Weihua Gui,Jean Paul Niyoyita

DOI: https://doi.org/10.1016/j.eswa.2020.113578

IF: 8.5

2020-11-01

Expert Systems with Applications

Abstract:<p>Industrial Cyber-physical systems (ICPSs), integrating communication, computation and control of industrial processes are referred to as a core technology to approach the <em>Industry 4.0</em>. Ensuring the ICPS security is of paramount importance in smart manufacturing. Considering the characteristics of large-scale, geographically-dispersed and multi-dimensional heterogeneous, federated and life-critical natures of ICPSs, this paper investigates a hierarchically distributed intrusion detection scheme that seeks to achieve the all-round safety protection of ICPSs according to the system structure and attacking types of each ICPS layer. For physical system-relevant perceptual executive layer, potential and covert attacks are detected by the clustered sensory system state residual anomaly monitoring based on a process noise and measurement noise-adaptive Kalman filter (PNMN-AKF). PNMN-AKF can perform a joint recursive estimation of dynamic system states, time-varying process and measurement noise covariance matrices by the variational Bayes approximation framework. In cyberspace, potential cyber-attacks are detected by the anomaly monitoring of the statistical distribution of the network transmission characteristics of data transmission layer by introducing a forgetting factor-induced recursive Gaussian mixture model (FF-RGMM). In the application control layer, a regularized sparse deep belief network model is introduced to characterize the misuse behavior for detecting potential attacks. Extensive validation and comparative experiments have been conducted on a numerical simulation system and a comprehensive ICPS simulation platform by using OPNET and a commonly-used benchmark simplified Tennessee Eastman process (STEP) based on Matlab/Simulink. Experimental results demonstrate that the proposed hierarchically distributed intrusion detection method can efficiently recognize potential and covert cyber-attacks in each ICPSs link with low false alarm rate and missing detection rate, which lays a foundation for the overall security monitoring of ICPSs.</p>

computer science, artificial intelligence,engineering, electrical & electronic,operations research & management science

Yu-Chu Tian,Chunjie Zhou,Xiaoya Hu,Bowen Hu,Xin Du

DOI: https://doi.org/10.1109/TII.2022.3168774

IF: 12.3

2023-03-01

IEEE Transactions on Industrial Informatics

Abstract:Advanced cyber-physical power systems (CPPS) has been put forward by the strong integration of energy networks and communication networks. While CPPS brings a promising solution with high efficiency, strong flexibility, great scalability, and improved reliability, it inevitably poses some security challenges. In order to address these challenges, it is essential to accurately describe the attack behavior and system security situation. In this article, a dynamic risk propagation evaluation approach is proposed for accurately predicting attacks and quantitatively analyzing system risk. It is equipped with a partitioned cellular automata model to deal with spatial heterogeneity in the partitioned system. The intentions of targeted attack are also considered for predicting attacks. Then, the cyber-to-physical risk is quantitatively identified from multiple dimensions. Finally, the verification of attack intention is designed to dynamically update and adjust the predicted result. The presented approach is demonstrated through a case study on a CPPS.

Computer Science,Engineering

Kang-Di Lu,Zheng-Guang Wu

DOI: https://doi.org/10.1109/tcsii.2022.3181827

2022-01-01

Abstract:In cyber-physical power systems (CPPSs), false data injection attack (FDIA) has drawn much attention due to its stealthiness. It is of great importance to investigate the potential behaviors of attackers to improve the cyber-security of CPPSs. However, most FDIA models are often constructed separately on the effect of attackers or the impact of attacks. Accordingly, this brief proposes a multi-objective stealthy FDIA scheme in AC grid model. The attack model is described as a multi-objective optimization problem, where minimization of contaminated measurements and maximization of the attack impact are considered as two objectives while remaining stealthy. To deal with the established attack model, a non-dominated sorting genetic algorithm II (NSGAII) is introduced as the solver. To improve the efficiency of generating attack vector, a new representation mechanism is proposed to describe locations and values of injected states. Additionally, during the evolutionary process, we propose a mutation operation to balance the sparsity and impact of FDIA. Simulation results on the IEEE 14-bus, 30-bus, and 118-bus systems demonstrate the feasibility of the NSGAII-based FDIA model.

Fan Zhang,Kevin Kelly

DOI: https://doi.org/10.1080/00295450.2022.2092356

IF: 1.667

2022-09-04

Nuclear Technology

Abstract:Digital instrumentation and control (I&C) systems are being deployed in nuclear power plants (NPPs) for both existing and advanced reactor designs. As I&C systems become more digitized to allow features like near autonomous control and remote operation, they introduce greater cyber risk to NPPs. Cyberattacks targeting industrial control systems (ICSs) are growing in both qualities and capabilities, which indicates that cybersecurity needs to be an integral part of risk assessment in the industry. Although there are some risk assessment methods in traditional information technology (IT) cybersecurity, the differences between IT and ICS cybersecurity make it infeasible to apply these risk assessment methods directly to ICSs. Some research has focused on risk assessment methods for ICSs, but few studies focus on applications to NPPs. Ideal risk frameworks for the nuclear industry are dynamic and account for system dependencies; this survey review focuses on such risk assessment methods both in and outside the nuclear field. The major challenges in cybersecurity risk assessment research are pointed out, and further research suggestions and considerations for cyber risk assessment in I&C systems are identified.

nuclear science & technology

Dan Zhang,Qing-Guo Wang,Gang Feng,Yang Shi,Athanasios V Vasilakos,Athanasios V. Vasilakos

DOI: https://doi.org/10.1016/j.isatra.2021.01.036

IF: 7.3

2021-01-01

ISA Transactions

Abstract:This paper provides a comprehensive survey on attack detection, secure estimation, and control of ICPSs from the control science perspective, the main content are much more broader than existing survey papers.Classifications of current studies are analyzed and summarized based on different system modeling and analysis methods. In addition, advantages and disadvantage of various methodologies are also discussed. Readers can find out appropriate methods for further research problems quickly from existing results.Cyber-physical systems (CPSs) are complex systems that involve technologies such as control, communication, and computing. Nowadays, CPSs have a wide range of applications in smart cities, smart grids, smart manufacturing and intelligent transportation. However, with integration of industrial control systems with modern communication technologies, CPSs would be inevitably exposed to increasing security threats, which could lead to severe degradation of the system performance and even destruction of CPSs. This paper presents a survey on recent advances on security issues of industrial cyber-physical systems (ICPSs). We specifically discuss two typical kinds of attacks, i.e., Denial-of-Service (DoS) attack and Deception attack, and present recent results in terms of attack detection, estimation, and control of ICPSs. Classifications of current studies are analyzed and summarized based on different system modeling and analysis methods. In addition, advantages and disadvantage of various methodologies are also discussed. Finally, the paper concludes with some potential future research directions on secure ICPSs.

automation & control systems,instruments & instrumentation,engineering, multidisciplinary

Tianbo Lu,Xiaobo Guo,Yang Li,Yong Peng,Xiaoyan Zhang,Feng Xie,Yang Gao

DOI: https://doi.org/10.1155/2014/438350

IF: 1.938

2014-06-01

International Journal of Distributed Sensor Networks

Abstract:In recent years, the security of cyberphysical system (CPS) has been focused on increasingly. The most common example of CPS is industrial control system (ICS), which is prevalent in almost every critical infrastructure, such as electricity, oil and gas, water, chemical processing, and healthcare. So ICS security has become a top priority in the security field. Based on a general description of the wireless sensor network (WSN), which is an important element of CPS, this paper first gives a comprehensive and deep understanding of CPS. Secondly, it provides a comprehensive description of the current situation of ICS security in the U.S. and the corresponding approaches the U.S. government and some industries have taken, including management, technology, standards and regulations, and researches of national laboratories. Thirdly, the paper shows the research on ICS in Europe, focusing on the most important report issued by ENISA. Then, compared with developed countries, it presents the grim situation of ICS security and describes the efforts of ICS security management in China.

computer science, information systems,telecommunications

Yingjun Wu,R. Fu,Xiaojuan Huang,Yusheng Xue,D. Yue,Yi Tang

DOI: https://doi.org/10.1109/ACCESS.2018.2855752

IF: 3.9

IEEE Access

Abstract:A cyber physical distribution power system (CPDS) is a large and complex infrastructure that coordinates the cyber communication system and the physical distribution power system. Because of the increasingly advanced information communication technology, the development of cyber physical distribution power system has caused key cyber security issues related to system operation. This paper is focused on realizing a unified system attack modeling and security assessment of an active distribution power system. In this paper, first we present an overview of the system operation from the fusion system perspective. The significant effects of network intrusion attacks on operational security are evaluated. A new unified cyber physical network model is established using a limited stochastic Petri net graph theory that considers refined firewalls and password components. Then, a security effectiveness evaluation method is proposed to analyze channel throughput variation and system robustness. Overall CPDS security risk values are determined based on physical influence coefficients. Finally, simulations of an improved IEEE-33 bus distribution power system and security assessment under intrusion attacks are described. The research work could raise awareness of the cyber intrusion threats and provide the basis for security defense.

Engineering,Computer Science

Luyang Liu,Zaman Sajid,Costas Kravaris,Faisal Khan

DOI: https://doi.org/10.1016/j.psep.2024.03.088

IF: 7.8

2024-05-01

Process Safety and Environmental Protection

Abstract:Due to cyber threats, Process Control Systems (PCS) are increasingly at risk in the interconnected world. This review elucidates PCS&#x27;s mounting cybersecurity challenges, underscored by past incidents. Utilizing the National Institute of Standards and Technology (NIST) framework, we emphasize the importance of a comprehensive approach to cybersecurity, spanning risk identification to its mitigation. This systematic framework comprises five pillars: risk identification, protective measures, active threat detection, timely incident response, and post-attack recovery. This study then delves into the range of cyber-attack detection algorithms, from traditional fault detection and isolation techniques to advanced machine learning-based methods, qualitative models, hybrid approaches, and signature-based methods. Notwithstanding the progress, research gaps, challenges, and a demand for a proactive path forward remain. This study proposes a path forward that integrates the digital system with a resilient control system to ensure the security of the process control systems and a harmonious blend of domain expertise and evolving technological innovations.

engineering, environmental, chemical

Yifan Hu,Peidong Zhu,Peng Xun,Bo Liu,Wenjie Kang,Yinqiao Xiong,Weiheng Shi

DOI: https://doi.org/10.1016/j.cose.2021.102465

2021-12-01

Abstract:Cyber-physical system (CPS) like smart grid deeply integrated with communication networks are often subjected to sophisticated cyber-attacks like false data injection attack (FDIA) with a strong capability of strategic reconnaissance required to learn the environment, where the static characteristics of the system enable easier profiling of the critical infrastructure resources by the adversary. In this paper, we propose a cyber-physical moving target defense (CPMTD) mechanism that focuses on both attack prevention and detection to mitigate such static vulnerabilities and provide combined protections for power system. For attack prevention, we design the Cyber-MTD strategy to disrupt and mislead attack preparation by randomizing data acquisitions with controlled change across multiple system dimensions based on protocol oblivious forwarding (POF) among trusted peer devices in SCADA networks. For attack detection, we design the Physical-MTD strategy to improve the detection probability of FDIAs by periodically changing the measurement matrix of state estimation based on the D-FACTS devices' capability of perturbing the transmission line susceptances in power grids and explore the optimal perturbation in transmission line susceptances based on a cost-benefit analysis. Finally, we discuss two attack cases for network security analysis and evaluate the impact on network performance. Simulations on IEEE 14-bus and 57-bus systems verify the improvement of FDIA detection without significantly increasing operation cost.

computer science, information systems