Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cyber Physical Power Systems

Published byDennis Wilkinson Modified over 8 years ago

Similar presentations

Presentation on theme: "Cyber Physical Power Systems"— Presentation transcript:

1 Cyber Physical Power Systems
Fall 2015 Security

2 Review from 1st week To find the power flow along lines we need to calculate: To calculate the above equation we need to solve This is an undetermined system of equations (the matrix is singular) then, the voltage (magnitude and angle) at a bus (called slack or swing bus) is set (usually a relative per unit voltage of 1 with an angle of 0). As a result, the equation for the slack bus replaced by this set voltage value and the real and reactive power at this bus are now unknown. Other knows and unknowns are: In a PQ (load) bus: P and Q are known, voltage is unknown In a PV (generator) bus: P and V are known, reactive power and voltage angle are unknown.

3 Review from 1st week Operation of a power grid is controlled from a dispatch center. Responsible for monitoring power flow and coordinating operations so demand and generation are match in an economically optimal way. That is, from a stability perspective demand (plus losses) needs to equal generation but from an operational perspective, such match needs to be achieve in an economically optimal way. Source: Scientific American

4 Review from 1st week Operation and monitoring of electric power grids is usually performed with a SCADA (supervisory control and data acquisition) system. At a basic level a SCADA system includes: Remote terminals Central processing unit Data acquisition (sensing) units Telemetry Human interfaces (usually computers). SCADA systems require communication links but, usually, these are dedicated links separate from the public communication networks used by people for their every day lives.

5 Power grids cyber-physical infrastructure
Physical infrastructure (from 1st week). Generation Distribution / consumption Transmission Generation Generation Distribution / consumption

6 Power grids cyber-physical infrastructure
ISO Energy Market Wide Area Network Generation Control Center Transmission Control Center Distribution Control Center

7 Past Cyber-intrusions/attacks on Energy Infrastructure
“ISIS is attacking the US energy grid (and failing)” CNN-Money 10/15/15. Other events from CRS June 2015 “Cybersecurity Issues for the Bulk Power System.” BlackEnergy (Trojan horse designed to attack critical energy infrastructure): Reported in Targets human-machine interface. Modular. Modules include keylogging, audio recording, and grabbing screenshots. A module can destroy hard disks. Can migrate through network files into removable storage media. HAVEX: Reported in 2013 Used as a remote access tool (RAT) to extract data from Outlook address books and ICS-related software files used for remote access from the infected computer to other servers. The cyberattack leaves the company’s system in what appears to be a normal operating condition, but the attacker now has a backdoor to access and possibly control the company’s ICS or SCADA operations. Sandworm: Reported in 2014 affecting GE’s SCADA human-machine interface

8 Control Architecture Hierarchical control:
At the highest level an economical optimization algorithm is run in order to produce a set point for power generation units. Local autonomous controllers at the power generation units use droop controls that uses the set point inputs produced by the higher level controller. Additional controllers exist at the power transmission and distribution levels to ensure electric power is delivered according to the specified power quality parameters. The economic dispatch algorithm implies solving power flow equations and also knowing other information (e.g. market conditions, prices from each unit, etc.). In addition to considering economic profitability, stable system operation needs to be ensured by the controller. Also power flow and other constrains exist…… All of these factors affect control decisions

9 Control Architecture Control decisions require state estimation. I.e. knowing voltages and angles. State estimation, in turn, requires measuring real, reactive powers or current flows. It also require knowing system parameters (e.g. lines data). Measured data needs to be transmitted to the dispatch center so a cybernetic infrastructure is needed. This cyber infrastructure includes sensors and communications infrastructure. Additionally, system parameters need to be stored so they can be accessed and used when running the economic dispatch algorithm. Hence, optimal operation requires communication Limited operation of a power grid can still be performed without communications thanks to the droop controllers. However, this operation will be economically suboptimal and with reduced stability margins.

10 Communications Architecture
In general, power grids use dedicated networks so intrusive access is difficult. However, some legacy equipment may still use resources from public communication networks.

11 Communications Architecture
Smart grids, Internet of things and other increasingly used technologies (e.g., demand response or electric vehicles), may motivate increased used of public communication networks or the Internet as a result of the need for more bandwidth or more access points.

12 Communications Architecture
Secure Communications Commonly used protocols (unsecure): Modbus, DNP3, IEC61850, ICCP. Mitigating approaches: Encryption: VPN may be a solution but added latency and use of non-IP networks makes this solution inapplicable in many cases. Ongoing research is aiming at retrofitting SCADA protocols such as Modbus, DNP3 and ICCP, or addition of encryption hardware (e.g. bump in the wire). Authentication (remote keys and passwords): Research is being done with the goal of developing flexible, robust, adaptive and highly available authentication mechanisms. Access Control The goal is use proper software configuration and protocol usage to protect against internal attackers or attackers that have gained access to the system. Use firewalls at multiple levels and creating vertical and horizontal separated secure cyber-areas.

13 Communications Architecture
Device Security Embedded devices creates important vulnerabilities as more of these devices are added with grids migrating into smart grids and the deployment of IoT. Smart meters are a special point of concern. Addressing issues with device security involves the development of remote attestation mechanisms. From “Principles of Remote Attestation” by Coker et. al.: “Attestation is the activity of making a claim to an appraiser about the properties of a target by supplying evidence which supports that claim. An attester is a party performing this activity. An appraiser's decision-making process based on attested information is appraisal.” “An appraiser is a party, generally a computer on a network, making a decision about some other party or parties. A target is a party about which an appraiser needs to make such a decision.” “An attestation protocol is a cryptographic protocol involving a target, an attester, an appraiser, and possibly other principals serving as trust proxies. The purpose of an attestation protocol is to supply evidence that will be considered authoritative by the appraiser, while respecting privacy goals of the target (or its owner).”

14 Sensing Architecture SCADA system:
Primarily developed as proprietary solution operating in an isolated system. Power grids are migrating into using integration of off-the-shelf sensing and management equipment in an interconnected environment. Modern SCADA systems are increasingly relying on Internet for various functions, such as remote access or remote monitoring, thus, creating additional vulnerabilities. IT Management systems are in some cases integrated with the SCADA system adding complexity and potential security vulnerabilities. Mitigating strategies: Decouple SCADA and IT management systems. Use firewalls between administrative and operational areas of power grids.

15 Sensing Architecture PMUs may be another potential point of entry or a piece of equipment that can be acted upon directly leading to state estimation errors. Additional entry points: Renewable energy sources generation location. Smart meters Home energy management systems Electric vehicles Internet of Things equipment (e.g. appliances). Supply chain (e.g. firmware in new equipment, memory sticks, etc.) Cyber dependencies create vulnerabilities. Examples of cyber dependencies include: GPS systems Weather and other important external data.

16 Cyber Attacks Modeling
Cyber attacks may directly target: State estimation (state estimation is important for optimal power flow operation, contingency analysis, automatic generator control, etc.). Parameter database Act directly by sending commands to equipment (e.g. relays controlling circuit breakers). Indirect cyber attacks: those targeting cyber-lifelines directly and leading to power grids operation disruptions indirectly. Type of cyber attacks: Reconnaissance Denial of Service Command injection Measurement injection

17 Cyber Attacks Modeling
The idea here is to model cyber attacks as additive inputs affecting the state and the inputs (from “Attack Detection and Identification in Cyber-Physical Systems – Part I: Models and Fundamental Limitations” by Pasqualetti et. al.) The system (a power grid) is modeled by simplicity as a LTI system: It is assumed that each state and output variable can be independently compromised by an attacker. So B= [I,0] and D=[0,I]. Hence, the attack (Bu(t);Du(t)) = (ux(t); uy(t)) can be classified as state attack affecting the system dynamics and as output attack corrupting directly the measurements vector.

18 Cyber Attacks Modeling
Attack strategies: Stealth attacks correspond to output attacks compatible with the measurements equation; Replay attacks are state and output attacks which affect the system dynamics and reset the measurements;

19 Cyber Attacks Modeling
Attack strategies: Covert attacks are closed-loop replay attacks, where the output attack is chosen to cancel out the effect on the measurements of the state attack; (Dynamic) false-data injection attacks are output attacks rendering an unstable mode (if any) of the system unobservable. E.g., load redistribution attacks leading to suboptimal power dispatch or loss of stability Notice that the referenced paper does not consider attacks affecting system parameters. Model such attack will make the system non LTI. In fact, it will become a switched system, as A=A(t) based on a switched behavior.

Download ppt "Cyber Physical Power Systems"

Similar presentations

June 2009 1 Intelligently Connecting Plug-In Vehicles & the Grid.

June Intelligently Connecting Plug-In Vehicles & the Grid.
Www.selaprojects.net. What we do Larotecs Web2M is an off-the shelf, end-to-end, web-based solution designed to manage multiple widely distributed devices.

What we do Larotecs Web2M is an off-the shelf, end-to-end, web-based solution designed to manage multiple widely distributed devices.
David Grochocki et al.  Lures Potential attackers  Smartmeters do two way communication  Millions of Meters has to be replaced  Serious damages just.

David Grochocki et al.  Lures Potential attackers  Smartmeters do two way communication  Millions of Meters has to be replaced  Serious damages just.
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.

Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.
Presenter: Raghu Ranganathan ECE / CMR Tennessee Technological University March 22th, 2011 Smart grid seminar series Yao Liu, Peng Ning, and Michael K.

Presenter: Raghu Ranganathan ECE / CMR Tennessee Technological University March 22th, 2011 Smart grid seminar series Yao Liu, Peng Ning, and Michael K.
Cyber Security and the Smart Grid George W. Arnold, Eng.Sc.D. National Institute of Standards and Technology (NIST) U.S. Department of Commerce

Cyber Security and the Smart Grid George W. Arnold, Eng.Sc.D. National Institute of Standards and Technology (NIST) U.S. Department of Commerce
Team Dec13_11: Cole Hoven Jared Pixley Derek Reiser Rick Sutton Adviser/Client: Prof. Manimaran Govindarasu Graduate Assistant: Aditya Ashok PowerCyber.

Team Dec13_11: Cole Hoven Jared Pixley Derek Reiser Rick Sutton Adviser/Client: Prof. Manimaran Govindarasu Graduate Assistant: Aditya Ashok PowerCyber.
Cyber Security and Privacy Issues in Smart Grids Presenter: Hongwei Li.

Cyber Security and Privacy Issues in Smart Grids Presenter: Hongwei Li.
Smart Grid Projects Andrew Bui.

Smart Grid Projects Andrew Bui.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.

Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.
Ee392n - Spring 2011 Stanford University Intelligent Energy Systems 1 Lecture 3 Intelligent Energy Systems: Control and Monitoring Basics Dimitry Gorinevsky.

Ee392n - Spring 2011 Stanford University Intelligent Energy Systems 1 Lecture 3 Intelligent Energy Systems: Control and Monitoring Basics Dimitry Gorinevsky.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Smart Grid Cyber Security Framework

Smart Grid Cyber Security Framework
By Lauren Felton. The electric grid delivers electricity from points of generation to consumers, and the electricity delivery network functions via two.

By Lauren Felton. The electric grid delivers electricity from points of generation to consumers, and the electricity delivery network functions via two.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
What is adaptive web technology?  There is an increasingly large demand for software systems which are able to operate effectively in dynamic environments.

What is adaptive web technology?  There is an increasingly large demand for software systems which are able to operate effectively in dynamic environments.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Secure Systems Research Group - FAU 1 SCADA Software Architecture Meha Garg Dept. of Computer Science and Engineering Florida Atlantic University Boca.

Secure Systems Research Group - FAU 1 SCADA Software Architecture Meha Garg Dept. of Computer Science and Engineering Florida Atlantic University Boca.

Similar presentations

Ads by Google