André Teixeira

Cyber security analysis of state estimators in electric power systems

In this paper, we analyze the cyber security of state estimators in Supervisory Control and Data Acquisition (SCADA) systems operating in power grids. Safe and reliable operation of these critical infrastructure systems is a major concern in our society. In current state estimation algorithms there are bad data detection (BDD) schemes to detect random outliers in the measurement data. Such schemes are based on high measurement redundancy. Although such methods may detect a set of very basic cyber attacks, they may fail in the presence of a more intelligent attacker. We explore the latter by considering scenarios where deception attacks are performed, sending false information to the control center. Similar attacks have been studied before for linear state estimators, assuming the attacker has perfect model knowledge. Here we instead assume the attacker only possesses a perturbed model. Such a model may correspond to a partial model of the true system, or even an out-dated model. We characterize the attacker by a set of objectives, and propose policies to synthesize stealthy deceptions attacks, both in the case of linear and nonlinear estimators. We show that the more accurate model the attacker has access to, the larger deception attack he can perform undetected. Specifically, we quantify trade-offs between model accuracy and possible attack impact for different BDD schemes. The developed tools can be used to further strengthen and protect the critical state-estimation component in SCADA systems.

A secure control framework for resource-limited adversaries

Cyber-secure networked control is modeled, analyzed, and experimentally illustrated in this paper. An attack space defined by the adversarys model knowledge, disclosure, and disruption resources is introduced. Adversaries constrained by these resources are modeled for a networked control system architecture. It is shown that attack scenarios corresponding to denial-of-service, replay, zero-dynamics, and bias injection attacks on linear time-invariant systems can be analyzed using this framework. Furthermore, the attack policy for each scenario is described and the attacks impact is characterized using the concept of safe sets. An experimental setup based on a quadruple-tank process controlled over a wireless network is used to illustrate the attack scenarios, their consequences, and potential counter-measures.

Brief paper: Distributed fault detection for interconnected second-order systems

In this paper, the existence of unknown input observers for networks of interconnected second-order linear time invariant systems is studied. Two classes of distributed control systems of large practical relevance are considered. It is proved that for these systems, one can construct a bank of unknown input observers, and use them to detect and isolate faults in the network. The result presents a distributed implementation. In particular, by exploiting the system structure, this work provides further insight into the design of UIO for networked systems. Moreover, the importance of certain network measurements is shown. Infeasibility results with respect to available measurements and faults are also provided, as well as methods to remove faulty agents from the network. Applications to power networks and robotic formations are presented. It is shown how the developed methodology apply to a power network described by the swing equation with a faulty bus. For a multi-robot system, it is illustrated how a faulty robot can be detected and removed.

Optimal parameter selection for the alternating direction method of multipliers (ADMM) : quadratic problems

The alternating direction method of multipliers (ADMM) has emerged as a powerful technique for large-scale structured optimization. Despite many recent results on the convergence properties of ADMM, a quantitative characterization of the impact of the algorithm parameters on the convergence times of the method is still lacking. In this paper we find the optimal algorithm parameters that minimize the convergence factor of the ADMM iterates in the context of ℓ2-regularized minimization and constrained quadratic programming. Numerical examples show that our parameter selection rules significantly outperform existing alternatives in the literature.

Networked control systems under cyber attacks with applications to power networks

Networked control systems under certain cyber attacks are analyzed. The communication network of these control systems make them vulnerable to attacks from malicious outsiders. Our work deals with two types of attacks: attacks on the network nodes and attacks on the communication between the nodes. We propose a distributed scheme to detect and isolate the attacks using observers. Furthermore, we discuss how to reduce the number of observer nodes while maintaining the coverage of the entire network. The results are applied to two classes of networked control systems: a network running the consensus protocol and a power network defined by the linearized swing equation. Sufficient conditions for the existence of the proposed attack detection scheme are provided for the first class of systems. For the second class, we provide a necessary condition for the existence of the proposed detection scheme.

Revealing stealthy attacks in control systems

In this paper the problem of revealing stealthy data-injection attacks on control systems is addressed. In particular we consider the scenario where the attacker performs zero-dynamics attacks on the system. First, we characterize and analyze the stealthiness properties of these attacks for linear time-invariant systems. Then we tackle the problem of detecting such attacks by modifying the systems structure. Our results provide necessary and sufficient conditions that the modifications should satisfy in order to detect the zero-dynamics attacks. The results and proposed detection methods are illustrated through numerical examples.

Secure Control Systems: A Quantitative Risk Management Approach

Critical infrastructures must continuously operate safely and reliably, despite a variety of potential system disturbances. Given their strict operating requirements, such systems are automated and controlled in real time by several digital controllers receiving measurements from sensors and transmitting control signals to actuators. Since these physical systems are often spatially distributed, there is a need for information technology (IT) infrastructures enabling the timely data flow between the system components. These networked control systems are ubiquitous in modern societies [1]. Examples include the electric power network, intelligent transport systems, and industrial processes.

A Cyber Security Study of a SCADA Energy Management System: Stealthy Deception Attacks on the State Estimator*

A Cyber Security Study of a SCADA Energy Management System : Stealthy Deception Attacks on the State Estimator

Distributed Fault Detection and Isolation Resilient to Network Model Uncertainties

The ability to maintain state awareness in the face of unexpected and unmodeled errors and threats is a defining feature of a resilient control system. Therefore, in this paper, we study the problem of distributed fault detection and isolation (FDI) in large networked systems with uncertain system models. The linear networked system is composed of interconnected subsystems and may be represented as a graph. The subsystems are represented by nodes, while the edges correspond to the interconnections between subsystems. Considering faults that may occur on the interconnections and subsystems, as our first contribution, we propose a distributed scheme to jointly detect and isolate faults occurring in nodes and edges of the system. As our second contribution, we analyze the behavior of the proposed scheme under model uncertainties caused by the addition or removal of edges. Additionally, we propose a novel distributed FDI scheme based on local models and measurements that is resilient to changes outside of the local subsystem and achieves FDI. Our third contribution addresses the complexity reduction of the distributed FDI method, by characterizing the minimum amount of model information and measurements needed to achieve FDI and by reducing the number of monitoring nodes. The proposed methods can be fused to design a scalable and resilient distributed FDI architecture that achieves local FDI despite unknown changes outside the local subsystem. The proposed approach is illustrated by numerical experiments on the IEEE 118-bus power network benchmark.

Optimal power flow: Closing the loop over corrupted data

Recently the power system state estimator was shown to be vulnerable to malicious deception attacks on the measurements, resulting in biased estimates. In this work we analyze the behavior of the Optimal Power Flow (OPF) algorithm in the presence of such maliciously biased estimates and the resulting consequences to the system operator. In particular, we characterize the set of attacks that may lead the operator to apply the erroneous OPF recommendation. Such characterization is used to improve a previously proposed security index by also considering the attack impact, which may be used for allocation and prioritization of protective measures. Additionally, we propose an analytical expression for the optimal solution of a simplified OPF problem with corrupted measurements. A small analytical example is discussed to illustrate and motivate our contributions.