skip to main content


Title: Cyber Attack and Defense for Smart Inverters in a Distribution System
The fast-growing installation of solar PVs has a significant impact on the operation of distribution systems. Grid-tied solar inverters provide reactive power capability to support the voltage profile in a distribution system. In comparison with traditional inverters, smart inverters have the capability of real time remote control through digital communication interfaces. However, cyberattack has become a major threat with the deployment of Information and Communications Technology (ICT) in a smart grid. The past cyberattack incidents have demonstrated how attackers can sabotage a power grid through digital communication systems. In the worst case, numerous electricity consumers can experience a major and extended power outage. Unfortunately, tracking techniques are not efficient for today’s advanced communication networks. Therefore, a reliable cyber protection system is a necessary defense tool for the power grid. In this paper, a signature-based Intrusion Detection System (IDS) is developed to detect cyber intrusions of a distribution system with a high level penetration of solar energy. To identify cyberattack events, an attack table is constructed based on the Temporal Failure Propagation Graph (TFPG) technique. It includes the information of potential cyberattack patterns in terms of attack types and time sequence of anomaly events. Once the detected anomaly events are matched with any of the predefined attack patterns, it is judged to be a cyberattack. Since the attack patterns are distinguishable from other system failures, it reduces the false positive rate. To study the impact of cyberattacks on solar devices and validate the performance of the proposed IDS, a realistic Cyber-Physical System (CPS) simulation environment available at Virginia Tech (VT) is used to develop an interconnection between the cyber and power system models. The CPS model demonstrates how communication system anomalies can impact the physical system. The results of two example cyberattack test cases are obtained with the IEEE 13 node test feeder system and the power system simulator, DIgSILENT PowerFactory.  more » « less
Award ID(s):
1824577
NSF-PAR ID:
10099566
Author(s) / Creator(s):
; ;
Date Published:
Journal Name:
CIGRE Study Committee D2 Colloquium, Helsinki, Finland
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. In this paper, a signature-based Intrusion Detection System (IDS) is developed to detect cyber intrusions of a distribution system with a high level penetration of solar energy. To identify cyberattack events, an attack table is constructed based on the Temporal Failure Propagation Graph (TFPG) technique. It includes the information of potential cyberattack patterns in terms of attack types and time sequence of anomaly events. Once the detected anomaly events are matched with any of the predefined attack patterns, it is judged to be a cyberattack. Since the attack patterns are distinguishable from other system failures, it reduces the false positive rate. To study the impact of cyberattacks on solar devices and validate the performance of the proposed IDS, a realistic Cyber-Physical System (CPS) simulation environment available at Virginia Tech (VT) is used to develop an interconnection between the cyber and power system models. The CPS model demonstrates how communication system anomalies can impact the physical system. The results of two example cyberattack test cases are obtained with the IEEE 13 node test feeder system and the power system simulator, DIgSILENT PowerFactory. 
    more » « less
  2. Cyberattacks targeted to the energy cyber-physical system (ECPS), also known as the smart grid, could interrupt the electricity supply with major ramifications. Attackers identify and exploit any vulnerable portion of the energy power grid, including the inverters with solar-powered photovoltaic (PV) panels. PV presents unique challenges as electricity consumers have also become providers of solar energy for utilities. As mandates require increased PV penetration across the world for positive environmental impacts, increased cyberattacks targeted at PV systems impact reliability and efficiency within the ECPS. The new technologies continuously being introduced to manage the ECPS and ensure bi-directional communications and energy flow between components also lead to more attack surfaces, system vulnerabilities, and heightened malicious attacks. Data integrity attacks are increasing within PV systems. In this paper, we present a survey of different methods that are proposed and explored for identifying and preventing cyberattacks targeted at PV systems. The attack detection methods include voltage control, data diodes, and voltage measurement algorithms. Furthermore, we present blockchain, cyber switching, and other attack mitigation techniques for PV systems. 
    more » « less
  3. Recent advances in machine learning enable wider applications of prediction models in cyber-physical systems. Smart grids are increasingly using distributed sensor settings for distributed sensor fusion and information processing. Load forecasting systems use these sensors to predict future loads to incorporate into dynamic pricing of power and grid maintenance. However, these inference predictors are highly complex and thus vulnerable to adversarial attacks. Moreover, the adversarial attacks are synthetic norm-bounded modifications to a limited number of sensors that can greatly affect the accuracy of the overall predictor. It can be much cheaper and effective to incorporate elements of security and resilience at the earliest stages of design. In this paper, we demonstrate how to analyze the security and resilience of learning-based prediction models in power distribution networks by utilizing a domain-specific deep-learning and testing framework. This framework is developed using DeepForge and enables rapid design and analysis of attack scenarios against distributed smart meters in a power distribution network. It runs the attack simulations in the cloud backend. In addition to the predictor model, we have integrated an anomaly detector to detect adversarial attacks targeting the predictor. We formulate the stealthy adversarial attacks as an optimization problem to maximize prediction loss while minimizing the required perturbations. Under the worst-case setting, where the attacker has full knowledge of both the predictor and the detector, an iterative attack method has been developed to solve for the adversarial perturbation. We demonstrate the framework capabilities using a GridLAB-D based power distribution network model and show how stealthy adversarial attacks can affect smart grid prediction systems even with a partial control of network. 
    more » « less
  4. Abstract

    This paper addresses the cybersecurity of hierarchical control of AC microgrids with distributed secondary control. The false data injection (FDI) cyberattack is assumed to alter the operating frequency of inverter‐based distributed generators (DGs) in an islanded microgrid. For the microgrids consisting of the grid‐forming inverters with the secondary control operating in a distributed manner, the attack on one DG deteriorates not only the corresponding DG but also the other DGs that receive the corrupted information via the distributed communication network. To this end, an FDI attack detection algorithm based on a combination of Gaussian process regression and one‐class support vector machine (OC‐SVM) anomaly detection is introduced. This algorithm is unsupervised in the sense that it does not require labelled abnormal data for training which is difficult to collect. The Gaussian process model predicts the response of the DG, and its prediction error and estimated variances provide input to an OC‐SVM anomaly detector. This algorithm returns enhanced detection performance than the standalone OC‐SVM. The proposed cyberattack detector is trained and tested with the data collected from a 4 DG microgrid test model and is validated in both simulation and hardware‐in‐the‐loop testbeds.

     
    more » « less
  5. null (Ed.)
    Smart grids integrate advanced information and communication technologies (ICTs) into traditional power grids for more efficient and resilient power delivery and management, but also introduce new security vulnerabilities that can be exploited by adversaries to launch cyber attacks, causing severe consequences such as massive blackout and infrastructure damages. Existing machine learning-based methods for detecting cyber attacks in smart grids are mostly based on supervised learning, which need the instances of both normal and attack events for training. In addition, supervised learning requires that the training dataset includes representative instances of various types of attack events to train a good model, which is sometimes hard if not impossible. This paper presents a new method for detecting cyber attacks in smart grids using PMU data, which is based on semi-supervised anomaly detection and deep representation learning. Semi-supervised anomaly detection only employs the instances of normal events to train detection models, making it suitable for finding unknown attack events. A number of popular semi-supervised anomaly detection algorithms were investigated in our study using publicly available power system cyber attack datasets to identify the best-performing ones. The performance comparison with popular supervised algorithms demonstrates that semi-supervised algorithms are more capable of finding attack events than supervised algorithms. Our results also show that the performance of semi-supervised anomaly detection algorithms can be further improved by augmenting with deep representation learning. 
    more » « less