Siddharth Sridhar

Cyber–Physical System Security for the Electric Power Grid

The development of a trustworthy smart grid requires a deeper understanding of potential impacts resulting from successful cyber attacks. Estimating feasible attack impact requires an evaluation of the grids dependency on its cyber infrastructure and its ability to tolerate potential failures. A further exploration of the cyber-physical relationships within the smart grid and a specific review of possible attack vectors is necessary to determine the adequacy of cybersecurity efforts. This paper highlights the significance of cyber infrastructure security in conjunction with power application security to prevent, mitigate, and tolerate cyber attacks. A layered approach is introduced to evaluating risk based on the security of both the physical power applications and the supporting cyber infrastructure. A classification is presented to highlight dependencies between the cyber-physical controls required to support the smart grid and the communication and computations that must be protected from cyber attack. The paper then presents current research efforts aimed at enhancing the smart grids application and infrastructure security. Finally, current challenges are identified to facilitate future research efforts.

Cyber-Physical Security Testbeds: Architecture, Application, and Evaluation for Smart Grid

The development of a smarter electric grid will depend on increased deployments of information and communication technology (ICT) to support novel communication and control functions. Unfortunately, this additional dependency also expands the risk from cyber attacks. Designing systems with adequate cyber security depends heavily on the availability of representative environments, such as testbeds, where current issues and future ideas can be evaluated. This paper provides an overview of a smart grid security testbed, including the set of control, communication, and physical system components required to provide an accurate cyber-physical environment. It then identifies various testbed research applications and also identifies how various components support these applications. The PowerCyber testbed at Iowa State University is then introduced, including the architecture, applications, and novel capabilities, such as virtualization, Real Time Digital Simulators (RTDS), and ISEAGE WAN emulation. Finally, several attack scenarios are evaluated using the testbed to explore cyber-physical impacts. In particular, availability and integrity attacks are demonstrated with both isolated and coordinated approaches, these attacks are then evaluated based on the physical systems voltage and rotor angle stability.

Data integrity attacks and their impacts on SCADA control system

Cyber threats for critical infrastructures is an area of growing concern. Data integrity attacks (e.g., manipulating sensor or control signals) on the power system through the SCADA network could have severe effects as it misleads operators into making wrong decisions. However, for an integrity attack to be successful, the malicious data should be within an acceptable range. Hence, only an attacker with intelligence or an understanding of system functionality can cause an effective attack. This paper extends cyber security attack concepts to control systems in an electric power system. Impact on the physical system is estimated by magnitude of load-generation imbalance and frequency deviation after a successful attack on the Automatic Generation Control (AGC) loop. We conduct experiments creating integrity attacks from our attack template on a sample system and evaluate the impact. Our simulation studies show that an integrity attack plan can have severe effects.

Model-Based Attack Detection and Mitigation for Automatic Generation Control

Cyber systems play a critical role in improving the efficiency and reliability of power system operation and ensuring the system remains within safe operating margins. An adversary can inflict severe damage to the underlying physical system by compromising the control and monitoring applications facilitated by the cyber layer. Protection of critical assets from electronic threats has traditionally been done through conventional cyber security measures that involve host-based and network-based security technologies. However, it has been recognized that highly skilled attacks can bypass these security mechanisms to disrupt the smooth operation of control systems. There is a growing need for cyber-attack-resilient control techniques that look beyond traditional cyber defense mechanisms to detect highly skilled attacks. In this paper, we make the following contributions. We first demonstrate the impact of data integrity attacks on Automatic Generation Control (AGC) on power system frequency and electricity market operation. We propose a general framework to the application of attack resilient control to power systems as a composition of smart attack detection and mitigation. Finally, we develop a model-based anomaly detection and attack mitigation algorithm for AGC. We evaluate the detection capability of the proposed anomaly detection algorithm through simulation studies. Our results show that the algorithm is capable of detecting scaling and ramp attacks with low false positive and negative rates. The proposed model-based mitigation algorithm is also efficient in maintaining system frequency within acceptable limits during the attack period.

Development of the PowerCyber SCADA security testbed

Meeting current demands for critical infrastructure cyber security education and research will require accurate testbed development. The PowerCyber was designed to closely resemble power grid communication utilizing actual field devices and SCADA software. The testbed provides a novel environment where students can explore cyber attacks and defenses while evaluating their impact on power flow. This paper documents the design and implementation of the testbed while proposing cyber attack scenarios which will negatively affect grid operations. In addition, it documents the results of an initial cyber vulnerability assessment to evaluate the security posture of the current design.

Data integrity attack and its impacts on voltage control loop in power grid

A modern power system consists of several control and monitoring loops, both automated and manually operated, to ensure that the system remains within safe operating bounds at all times. The focus of this paper is on data integrity attacks on messages exchanged between the control center and actuators in the voltage control loop. Devices such as the ones belonging to the FACTS family (STATCOM, SVC, TCR, etc.), are connected to the system at designated points for voltage control purposes. An attacker could cause a detrimental impact on the system by performing an attack on the control messages sent to these devices which would manipulate its settings. The aim of this paper is to highlight the impact of an attack targeted at such voltage control deices in the system. This paper presents a template that might be used by an attacker with knowledge of system functionality. The paper also explains the sensitivity analysis technique which will help the attacker identify the device to be compromised. A successful attack would result in abnormal voltage conditions in the system, thus violating NERC reliability standards.

Risk Analysis of Coordinated Cyber Attacks on Power Grid

The supervisory control and data acquisition (SCADA) network provides adversaries with an opportunity to perform coordinated cyber attacks on power system equipment as it presents an increased attack surface. Coordinated attacks, when smartly structured, can not only have severe physical impacts, but can also potentially nullify the effect of system redundancy and other defense mechanisms. This chapter proposes a vulnerability assessment framework to quantify risk due to intelligent coordinated attacks, where risk is defined as the product of probability of successful cyber intrusion and resulting power system impact. The cyber network is modeled using Stochastic Petri Nets and the steady-state probability of successful intrusion into a substation is obtained using this. The model employs a SCADA network with firewalls and password protection schemes. The impact on the power system is estimated by load unserved after a successful attack. The New England 39-bus system is used as a test model to run Optimal Power Flow (OPF) simulations to determine load unserved. We conduct experiments creating coordinated attacks from our attack template on the test system and evaluate the risk for every case. Our attack cases include combinations of generation units and transmission lines that form coordinated attack pairs. Our integrated risk evaluation studies provide a methodology to assess risk from different cyber network configurations and substation capabilities. Our studies identify scenarios, where generation capacity, cyber vulnerability, and the topology of the grid together could be used by attackers to cause significant power system impact.

Cyber attack-resilient control for smart grid

The smart grid further intensifies the dependence of power system operation on cyber infrastructure for control and monitoring purposes. With the advent of new-generation applications like wide-area measurement systems and demand side management, power utilities are in the process of planning/ building additional communication infrastructure to support their operational requirements. This expansion increases the effective attack surface available to an adversary and exposes the control applications that depend on it. Hence, in addition to improving cyber security of the communication network, it becomes imperative to develop control system algorithms that are both, attack resilient and tolerant. In this paper, we identify the types of cyber attacks that are directed at industrial control systems. We then identify key control loops in power systems operation and then determine the types of attacks that will be effective against each control loop. In the end, we present basic concepts of attack resilient control.

Testbed-based performance evaluation of Attack Resilient Control for AGC

The modern electric power grid is a complex cyber-physical system whose reliable operation is enabled by a wide-area monitoring and control infrastructure. Recent events have shown that vulnerabilities in this infrastructure may be exploited to manipulate the data being exchanged. Such a scenario could cause the associated control applications to mis-operate, potentially causing system-wide instabilities. There is a growing emphasis on looking beyond traditional cybersecurity solutions to mitigate such threats. In this paper we perform a testbed-based validation of one such solution - Attack Resilient Control (ARC) - on Iowa State Universitys PowerCyber testbed. ARC is a cyber-physical security solution that combines domain-specific anomaly detection and model-based mitigation to detect stealthy attacks on Automatic Generation Control (AGC). In this paper, we first describe the implementation architecture of the experiment on the testbed. Next, we demonstrate the capability of stealthy attack templates to cause forced under-frequency load shedding in a 3-area test system. We then validate the performance of ARC by measuring its ability to detect and mitigate these attacks. Our results reveal that ARC is efficient in detecting stealthy attacks and enables AGC to maintain system operating frequency close to its nominal value during an attack. Our studies also highlight the importance of testbed-based experimentation for evaluating the performance of cyber-physical security and control applications.

Substation monitoring to enhance situational awareness — challenges and opportunities

Situational awareness during sophisticated cyber attacks on the power grid is critical for the system operator to perform suitable attack response and recovery functions to ensure grid reliability. The overall theme of this paper is to identify existing practical issues and challenges that utilities face while monitoring substations, and to suggest potential approaches to enhance the situational awareness for the grid operators. In this paper, we provide a broad discussion about the various gaps that exist in the utility industry today in monitoring substations, and how those gaps could be addressed by identifying the various data sources and monitoring tools to improve situational awareness. The paper also briefly describes the advantages of contextualizing and correlating substation monitoring alerts using expert systems at the control center to obtain a holistic systems-level view of potentially malicious cyber activity at the substations before they cause impacts to grid operation.