Cyber-Physical System Security

of the Power Grid

Chen-Ching Liu

American Electric Power Professor

Director, Power and Energy Center

Virginia Tech

Sponsored by National Science Foundation, Department of

Energy, and Science Foundation Ireland, Murdock Charitable

Trust, ESIC Washington State University, State of Washington

WECC JSIS New Technology R&D Topics, May 7, 2020

2

CPS Security Research in Power Grids

Transmission system

SCADA

SAS

PMU

Distribution system

DER

DA

Vulnerability assessment

Intrusion/Anomaly detection

Mitigation methodology

Impact analysis

Identify weaknesses

Attack simulation/analysis

Detection approach

Validation (Testbed)

Cyber system

Physical system

SAS

AMI

Intrusion/Anomaly detection

Source: Avista

System modeling

Cyber-Physical System Model

Substation Level at

Cyber System Layer

Power System Layer

Transmission Operator Layer

Control Center Level at

Cyber System Layer

16 kVU

0t 1t 2t 1kt − kt mt sect

t

G5

G4

G1 G2 G31 2 3

4

5

678

9

10

11

1213

14 15

U1616

IED 1 IED i

RTU

Server

LAN

Engineering

Workstation

Station

HMIs WEB HMIRouter

Firewall

Server

Substation m ICT model

IED 1 IED i

RTU

Server

LAN

Engineering

Workstation

Station

HMIs WEB HMIRouter

Firewall

Server

Substation m+1 ICT model

IED 1 IED i

RTU

Server

LAN

Engineering

Workstation

Station

HMIs WEB HMIRouter

Firewall

Server

Substation n ICT model

System

Servers

Application

Servers HMIsSynchronization

System

RTU

Servers

CC

Servers

TO

Servers

Routers

Firewalls

Control Center Hot-Standby ICT model

System

Servers

Application

Servers HMIsSynchronization

System

RTU

Servers

CC

Servers

TO

Servers

Routers

Firewalls

Control Center k ICT model

System

Servers

Application

ServersHMIs Synchronization

System

RTU

Servers

CC

ServersCC

Hot-Standby

Servers

Routers

Firewalls

Router

Router

HistoriansMarket System

ServersHMIs

Market

Web Servers

Communication

Servers Firewall

Cyber Security Applications

Dual LAN

Dual LAN

Dual LAN

Dual LAN

IED 1 IED i

RTU

Server

LAN

Engineering

Workstation

Station

HMIs WEB HMIRouter

Firewall

Server

Substation 1 ICT model

Impact on Power System - Dynamics

➢ Cyber-Physical Security Assessment

➢ Impact of the cyber attack is assessed by monitoring the dynamic behavior:

• frequency

• bus voltage magnitudes

• current levels on network elements

• loss of loads

➢ It shows how much the operation has moved from the secure condition:

• secure

• insecure

• critical

➢ The most critical attack path is identified based on the attack’s efficiency

,j , , ,

,

1 1 1, ,

+

= = =

= + +

= + + +

L j

Loads bus branch

f j P U j L j

n n nL i i i

f P U I

i i irated initial i rated rated i

Pf U I

f P U I

Simulation of Cyber-Power Systems

Potential Threats in a Substation

Based on IEC 61850

IED Relay PMU

Merging Unit

User-interface

GPSStation

Level

Bay

Level

Process

Level

Compromise user-interface

Gain access to bay level

devices

Modify GOOSE

message

Generate fabricated

analog values

Change device

settings

CT and VT

Circuit Breaker

Actuator

IEEE 39 Bus System

Normal status

Sequential attacks – Sub # 6 → 12 → 15 → 28 → 36 → 33 → 34

Sequential attacks – Sub # 6 → 12 → 15 → 28 → 36 → 33 → 34

Sequential attacks – Sub # 6 → 12 → 15 → 28 → 36 → 33 → 34

Sequential attacks – Sub # 6 → 12 → 15 → 28 → 36 → 33 → 34

Sequential attacks – Sub # 6 → 12 → 15 → 28 → 36 → 33 → 34

Sequential attacks – Sub # 6 → 12 → 15 → 28 → 36 → 33 → 34

HMI

HMI

Anomaly Detection

System

Coordinated Cyber Attack Detection System

(CCADS)

16

User defined threshold valueCompromised substations

Similarity index

Coordinated Cyber Attack Detection System

(CCADS)

17

Substation Communication Networks

ADSs in each Substation

Abnormal

Behavior

Criticality of

Substation

Geographical

Data

Relation Correlation System

Detection

Layer

Relation

Layer

Decision

Layer

Relation AlgorithmTime Failure

Propagation

Graph (TFPG)

Frequency/Voltage Responses to Attacks w/o Intrusion Detection System

18

G8: Electrical Frequency in Hz

G5: Electrical Frequency in Hz

G2: Electrical Frequency in Hz

Bus 28 : Voltage, Magnitude in p.u.

Bus 11 : Voltage, Magnitude in p.u.

Bus 16 : Voltage, Magnitude in p.u.

20.00 40.00 60.00 80.000.0040.00

50.00

60.00

70.00

80.00

90.00

0.00 20.00 40.00 60.00 80.00

100.00

100.00

[s]

[s]0.20

0.40

0.60

0.80

1.00

1.20

Further Information [1] Cyber Physical Systems Approach to Smart Electric Power Grid, 383 pages, Eds. S. Khaitan, J. D. McCalley, and C. C.

Liu, Springer 2015.

[2] C. W. Ten, C. C. Liu, and M. Govindarasu, “Vulnerability Assessment of Cybersecurity for SCADA Systems,” IEEE

Trans. Power Systems, Nov. 2008, pp. 1836-1846.

[3] S. Pudar, M. Govindarasu, and C. C. Liu, “PENET: A Practical Method and Tool for Integrated Modeling of Security

Attacks and Countermeasures,” Computers and Security, Elsevier, 28, Nov. 2009, pp. 754-771.

[4] C. W. Ten, M. Govindarasu, and C. C. Liu, “Cybersecurity for Critical Infrastructures: Attack and Defense Modeling,”

IEEE Trans. Systems, Man, and Cybernetics, Vol. 40, No. 4, July 2010, pp. 853-865.

[5] C. W. Ten, J. Hong, and C. C. Liu, “Anomaly Detection for Cybersecurity of the Substations,” IEEE Trans. Smart Grid,

Dec 2011, pp. 865-873.

[6] C. C. Liu, A. Stefanov, J. Hong, and P. Panciatici, “Intruders in the Grid,” IEEE Power and Energy Magazine, Jan/Feb

2012, pp. 58-66.

[7] J. Hong, C. C. Liu, and M. Govindarasu, "Integrated Anomaly Detection for Cyber Security of the Substations," IEEE

Trans. Smart Grid, July 2014, pp. 1643-1653.

[8] A. Stefanov, C. C. Liu, and M. Govindarasu, "Modeling and Vulnerability Assessment of Integrated Cyber-Power

Systems," Int. Transactions on Electrical Energy Systems, Vol. 25, No. 3, March 2015, pp. 498-519.

[9] J. Xie, C. C. Liu, M. Sforna, M. Bilek, and R. Hamza, "On-Line Physical Security Monitoring of Power Substations,

Int. Trans. Electrical Energy Systems, June 2016, pp. 1148–1170.

[10] J. Xie, A. Stefanov, and C. C. Liu, "Physical and Cyber Security in a Smart Grid Environment," Wiley

Interdisciplinary Reviews Energy and Environment, WIREs Energy Environ 2016. DOI: 10.1002/wene.202

[11] C. C. Sun, C. C. Liu, and Jing Xie, "Cyber-Physical System Security of a Power Grid: State-of-the-Art," Electronics,

2016, DOI: 10.3390/electronics5030040.

[12] Y. Chen, J. Hong, and C. C. Liu, "Modeling of Intrusion and Defense for Assessment of Cyber Security at Power

Substations," IEEE Trans. Smart Grid, July 2018, pp. 2541-2552.

[13] C. C. Sun, A. Hahn, and C. C. Liu, “Cyber Security of a Power Grid,” Int. J. Electrical Power and Energy Systems,

vol. 99, Jan 2018, pp. 45-56.

[14] J. Hong and C. C. Liu, "Intelligent Electronic Devices with Collaborative Intrusion Detection Systems," IEEE Trans.

Smart Grid. Jan 2019, pp. 271-281.