An official website of the United States government
The fast-growing installation of solar PVs has a significant impact on the operation of distribution systems. Grid-tied solar inverters provide reactive power capability to support the voltage profile in a distribution system. In comparison with traditional inverters, smart inverters have the capability of real time remote control through digital communication interfaces. However, cyberattack has become a major threat with the deployment of Information and Communications Technology (ICT) in a smart grid. The past cyberattack incidents have demonstrated how attackers can sabotage a power grid through digital communication systems. In the worst case, numerous electricity consumers can experience a major and extended power outage. Unfortunately, tracking techniques are not efficient for today’s advanced communication networks. Therefore, a reliable cyber protection system is a necessary defense tool for the power grid. In this paper, a signature-based Intrusion Detection System (IDS) is developed to detect cyber intrusions of a distribution system with a high level penetration of solar energy. To identify cyberattack events, an attack table is constructed based on the Temporal Failure Propagation Graph (TFPG) technique. It includes the information of potential cyberattack patterns in terms of attack types and time sequence of anomaly events. Once the detected anomaly events are matched with any of the predefined attack patterns, it is judged to be a cyberattack. Since the attack patterns are distinguishable from other system failures, it reduces the false positive rate. To study the impact of cyberattacks on solar devices and validate the performance of the proposed IDS, a realistic Cyber-Physical System (CPS) simulation environment available at Virginia Tech (VT) is used to develop an interconnection between the cyber and power system models. The CPS model demonstrates how communication system anomalies can impact the physical system. The results of two example cyberattack test cases are obtained with the IEEE 13 node test feeder system and the power system simulator, DIgSILENT PowerFactory.
more »
« less
A Survey on Cybersecurity Challenges, Detection, and Mitigation Techniques for the Smart Grid
The world is transitioning from the conventional grid to the smart grid at a rapid pace. Innovation always comes with some flaws; such is the case with a smart grid. One of the major challenges in the smart grid is to protect it from potential cyberattacks. There are millions of sensors continuously sending and receiving data packets over the network, so managing such a gigantic network is the biggest challenge. Any cyberattack can damage the key elements, confidentiality, integrity, and availability of the smart grid. The overall smart grid network is comprised of customers accessing the network, communication network of the smart devices and sensors, and the people managing the network (decision makers); all three of these levels are vulnerable to cyberattacks. In this survey, we explore various threats and vulnerabilities that can affect the key elements of cybersecurity in the smart grid network and then present the security measures to avert those threats and vulnerabilities at three different levels. In addition to that, we suggest techniques to minimize the chances of cyberattack at all three levels.
more »
« less
- Award ID(s):
- 1745829
- PAR ID:
- 10301456
- Date Published:
- Journal Name:
- Energies
- Volume:
- 14
- Issue:
- 18
- ISSN:
- 1996-1073
- Page Range / eLocation ID:
- 5894
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
Abstract Cyberattacks on control systems in the chemical process industries cause concern regarding how they can impact finances, safety, and production levels of companies. A key practical challenge for cyberattack detection and handling using process information is that process behavior evolves over time. Conceivably, changes in process dynamics might cause some detection strategies to flag a change in the dynamics as an attack due to the new data appearing abnormal compared to data from before the dynamics changed. In this work, we utilize several case studies to probe the question of what might be the impacts, benefits, and limitations of cyberattack detection and handling policies when the process dynamics change over time. The goal of this work is to characterize, through simulation studies, characteristics, which might be desirable and undesirable in cyberattack detection and handling procedures when process evolution is inevitable. We demonstrate challenges with cyberattack detection when process dynamics change and subsequently, discuss two concepts for handling attacks—one which utilizes a two‐tier detection strategy in which model reidentification is triggered when it is not clear whether an attack or a change in the process dynamics has occurred, and one in which control signals are injected at intervals by the actuators. We utilize simulations to elucidate characteristics of these strategies and demonstrate that verifiability of attack‐handling methods is key to their implementation (i.e.,ad hoctuning has potential to leave vulnerabilities which an attacker might locate and exploit).more » « less
-
In the process of protecting power systems against different types of cyberattacks, the primary step is to precisely model such frameworks from attacker's perspective. This paper investigates a false data injection (FDI) attack framework, which can target under-load tap changing (ULTC) transformers, resulting in manipulated voltage profile in radial smart distribution networks. The developed FDI model compromises the voltage profile of a distribution feeder through misleading the volt/var optimization, that optimally manages system-wide voltage profile and flow of reactive power. The presented attack model is formulated as a bi-objective optimization problem. The objective functions from the attacker's point of view are 1) minimizing the level of false data to be injected into the smart meters associated with load data and 2) maximizing the voltage deviation of the distribution grid. Negative impacts of such a cyberattack model have been validated and discussed in this work on an IEEE distribution test system, necessitating proper remedial actions, which will be elaborated in the next step of this research.more » « less
-
This paper proposes an on-line remedial action scheme (OLRAS) in order to mitigate the voltage violations caused by false data injection attacks (FDIAs) targeting under load tap changing (ULTC) transformers in smart distribution systems. The FDIA framework contains two different phases. In the attack phase, distribution system operator (DSO), being in attacker's shoe, considers cyberattack scenarios through compromising the results of volt-var optimization problem in a radial distribution grid modified with distributed energy resources (DERs) such as photovoltaic (PV) units and wind turbines (WTs). The outcome of the attack phase will be the compromised voltage profile of the distribution grid showing different rates of voltage violations. In the reaction phase, the DSO rapidly identifies a customized distribution feeder reconfiguration (CDFR) in order to update the flows of active and reactive power throughout the targeted distribution system and recover the voltage profile. The objective functions of the proposed CDFR are defined to minimize the impacts of such cyberattacks targeting ULTCs within distribution grids. This will empower DSOs to react to severe cyberattacks, bypassing the detection stage, and address the voltage violations in a timely manner. The effectiveness of the proposed OLRAS is validated on an IEEE test system.more » « less
-
The controllers for a cyber-physical system may be impacted by sensor measurement cyberattacks, actuator signal cyberattacks, or both types of attacks. Prior work in our group has developed a theory for handling cyberattacks on process sensors. However, sensor and actuator cyberattacks have a different character from one another. Specifically, sensor measurement attacks prevent proper inputs from being applied to the process by manipulating the measurements that the controller receives, so that the control law plays a role in the impact of a given sensor measurement cyberattack on a process. In contrast, actuator signal attacks prevent proper inputs from being applied to a process by bypassing the control law to cause the actuators to apply undesirable control actions. Despite these differences, this manuscript shows that we can extend and combine strategies for handling sensor cyberattacks from our prior work to handle attacks on actuators and to handle cases where sensor and actuator attacks occur at the same time. These strategies for cyberattack-handling and detection are based on the Lyapunov-based economic model predictive control (LEMPC) and nonlinear systems theory. We first review our prior work on sensor measurement cyberattacks, providing several new insights regarding the methods. We then discuss how those methods can be extended to handle attacks on actuator signals and then how the strategies for handling sensor and actuator attacks individually can be combined to produce a strategy that is able to guarantee safety when attacks are not detected, even if both types of attacks are occurring at once. We also demonstrate that the other combinations of the sensor and actuator attack-handling strategies cannot achieve this same effect. Subsequently, we provide a mathematical characterization of the “discoverability” of cyberattacks that enables us to consider the various strategies for cyberattack detection presented in a more general context. We conclude by presenting a reactor example that showcases the aspects of designing LEMPC.more » « less
- Free Publicly Accessible Full Text
-
Accepted Manuscript1.0
- Journal Article:
- https://doi.org/10.3390/en14185894
