skip to main content

Attention:

The NSF Public Access Repository (PAR) system and access will be unavailable from 11:00 PM ET on Thursday, January 16 until 2:00 AM ET on Friday, January 17 due to maintenance. We apologize for the inconvenience.


Title: A Survey on Cybersecurity Challenges, Detection, and Mitigation Techniques for the Smart Grid
The world is transitioning from the conventional grid to the smart grid at a rapid pace. Innovation always comes with some flaws; such is the case with a smart grid. One of the major challenges in the smart grid is to protect it from potential cyberattacks. There are millions of sensors continuously sending and receiving data packets over the network, so managing such a gigantic network is the biggest challenge. Any cyberattack can damage the key elements, confidentiality, integrity, and availability of the smart grid. The overall smart grid network is comprised of customers accessing the network, communication network of the smart devices and sensors, and the people managing the network (decision makers); all three of these levels are vulnerable to cyberattacks. In this survey, we explore various threats and vulnerabilities that can affect the key elements of cybersecurity in the smart grid network and then present the security measures to avert those threats and vulnerabilities at three different levels. In addition to that, we suggest techniques to minimize the chances of cyberattack at all three levels.  more » « less
Award ID(s):
1745829
PAR ID:
10301456
Author(s) / Creator(s):
; ; ;
Date Published:
Journal Name:
Energies
Volume:
14
Issue:
18
ISSN:
1996-1073
Page Range / eLocation ID:
5894
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. The fast-growing installation of solar PVs has a significant impact on the operation of distribution systems. Grid-tied solar inverters provide reactive power capability to support the voltage profile in a distribution system. In comparison with traditional inverters, smart inverters have the capability of real time remote control through digital communication interfaces. However, cyberattack has become a major threat with the deployment of Information and Communications Technology (ICT) in a smart grid. The past cyberattack incidents have demonstrated how attackers can sabotage a power grid through digital communication systems. In the worst case, numerous electricity consumers can experience a major and extended power outage. Unfortunately, tracking techniques are not efficient for today’s advanced communication networks. Therefore, a reliable cyber protection system is a necessary defense tool for the power grid. In this paper, a signature-based Intrusion Detection System (IDS) is developed to detect cyber intrusions of a distribution system with a high level penetration of solar energy. To identify cyberattack events, an attack table is constructed based on the Temporal Failure Propagation Graph (TFPG) technique. It includes the information of potential cyberattack patterns in terms of attack types and time sequence of anomaly events. Once the detected anomaly events are matched with any of the predefined attack patterns, it is judged to be a cyberattack. Since the attack patterns are distinguishable from other system failures, it reduces the false positive rate. To study the impact of cyberattacks on solar devices and validate the performance of the proposed IDS, a realistic Cyber-Physical System (CPS) simulation environment available at Virginia Tech (VT) is used to develop an interconnection between the cyber and power system models. The CPS model demonstrates how communication system anomalies can impact the physical system. The results of two example cyberattack test cases are obtained with the IEEE 13 node test feeder system and the power system simulator, DIgSILENT PowerFactory. 
    more » « less
  2. Abstract

    Cyberattacks on control systems in the chemical process industries cause concern regarding how they can impact finances, safety, and production levels of companies. A key practical challenge for cyberattack detection and handling using process information is that process behavior evolves over time. Conceivably, changes in process dynamics might cause some detection strategies to flag a change in the dynamics as an attack due to the new data appearing abnormal compared to data from before the dynamics changed. In this work, we utilize several case studies to probe the question of what might be the impacts, benefits, and limitations of cyberattack detection and handling policies when the process dynamics change over time. The goal of this work is to characterize, through simulation studies, characteristics, which might be desirable and undesirable in cyberattack detection and handling procedures when process evolution is inevitable. We demonstrate challenges with cyberattack detection when process dynamics change and subsequently, discuss two concepts for handling attacks—one which utilizes a two‐tier detection strategy in which model reidentification is triggered when it is not clear whether an attack or a change in the process dynamics has occurred, and one in which control signals are injected at intervals by the actuators. We utilize simulations to elucidate characteristics of these strategies and demonstrate that verifiability of attack‐handling methods is key to their implementation (i.e.,ad hoctuning has potential to leave vulnerabilities which an attacker might locate and exploit).

     
    more » « less
  3. In the process of protecting power systems against different types of cyberattacks, the primary step is to precisely model such frameworks from attacker's perspective. This paper investigates a false data injection (FDI) attack framework, which can target under-load tap changing (ULTC) transformers, resulting in manipulated voltage profile in radial smart distribution networks. The developed FDI model compromises the voltage profile of a distribution feeder through misleading the volt/var optimization, that optimally manages system-wide voltage profile and flow of reactive power. The presented attack model is formulated as a bi-objective optimization problem. The objective functions from the attacker's point of view are 1) minimizing the level of false data to be injected into the smart meters associated with load data and 2) maximizing the voltage deviation of the distribution grid. Negative impacts of such a cyberattack model have been validated and discussed in this work on an IEEE distribution test system, necessitating proper remedial actions, which will be elaborated in the next step of this research. 
    more » « less
  4. The controllers for a cyber-physical system may be impacted by sensor measurement cyberattacks, actuator signal cyberattacks, or both types of attacks. Prior work in our group has developed a theory for handling cyberattacks on process sensors. However, sensor and actuator cyberattacks have a different character from one another. Specifically, sensor measurement attacks prevent proper inputs from being applied to the process by manipulating the measurements that the controller receives, so that the control law plays a role in the impact of a given sensor measurement cyberattack on a process. In contrast, actuator signal attacks prevent proper inputs from being applied to a process by bypassing the control law to cause the actuators to apply undesirable control actions. Despite these differences, this manuscript shows that we can extend and combine strategies for handling sensor cyberattacks from our prior work to handle attacks on actuators and to handle cases where sensor and actuator attacks occur at the same time. These strategies for cyberattack-handling and detection are based on the Lyapunov-based economic model predictive control (LEMPC) and nonlinear systems theory. We first review our prior work on sensor measurement cyberattacks, providing several new insights regarding the methods. We then discuss how those methods can be extended to handle attacks on actuator signals and then how the strategies for handling sensor and actuator attacks individually can be combined to produce a strategy that is able to guarantee safety when attacks are not detected, even if both types of attacks are occurring at once. We also demonstrate that the other combinations of the sensor and actuator attack-handling strategies cannot achieve this same effect. Subsequently, we provide a mathematical characterization of the “discoverability” of cyberattacks that enables us to consider the various strategies for cyberattack detection presented in a more general context. We conclude by presenting a reactor example that showcases the aspects of designing LEMPC. 
    more » « less
  5. null (Ed.)
    Internet of Things (IoT) has facilitated the connection of many smart devices via internet. Recent cyberattacks have shown that resource constrained IoT nodes are easy prey that lead towards compromising the secrecy of the data and vulnerabilities could be exploited remotely to take control of safety-critical systems. Photoresistor sensors have applications in IoT systems, such as smart street lighting, intelligent cameras, light activated smart consumer electronics, smart home, smart healthcare, etc. Building hardware security primitives, such as True Random Number Generator (TRNG), based on the intrinsic properties of photoresistor would be a novel direction to develop cost-savvy IoT security primitives. Therefore, this paper proposes a TRNG prototype that is devised from uncertainty presents in photoresistor sensors. The proposed TRNG prototype does not require any complex interfacing for preprocessing the weak signal, thereby reducing the unnecessary delay and the recurring hardware cost. The proposed prototype employs the novel approach of additive scrambling that aids to sample sensors at a higher rate. The proposed TRNG has an average random bit generation rate of 8 kbps that is better than the recent work in the literature. The quality of randomness was validated by 15 test batteries of NIST STS test. 
    more » « less