Upload
others
View
29
Download
0
Embed Size (px)
Citation preview
Cyber-Physical System Security
of the Power Grid
Chen-Ching Liu
American Electric Power Professor
Director, Power and Energy Center
Virginia Tech
Sponsored by National Science Foundation, Department of
Energy, and Science Foundation Ireland, Murdock Charitable
Trust, ESIC Washington State University, State of Washington
WECC JSIS New Technology R&D Topics, May 7, 2020
2
CPS Security Research in Power Grids
Transmission system
SCADA
SAS
PMU
Distribution system
DER
DA
Vulnerability assessment
Intrusion/Anomaly detection
Mitigation methodology
Impact analysis
Identify weaknesses
Attack simulation/analysis
Detection approach
Validation (Testbed)
Cyber system
Physical system
SAS
AMI
Intrusion/Anomaly detection
Source: Avista
System modeling
Cyber-Physical System Model
Substation Level at
Cyber System Layer
Power System Layer
Transmission Operator Layer
Control Center Level at
Cyber System Layer
16 kVU
0t 1t 2t 1kt − kt mt sect
t
G5
G4
G1 G2 G31 2 3
4
5
678
9
10
11
1213
14 15
U1616
IED 1 IED i
RTU
Server
LAN
Engineering
Workstation
Station
HMIs WEB HMIRouter
Firewall
Server
Substation m ICT model
IED 1 IED i
RTU
Server
LAN
Engineering
Workstation
Station
HMIs WEB HMIRouter
Firewall
Server
Substation m+1 ICT model
IED 1 IED i
RTU
Server
LAN
Engineering
Workstation
Station
HMIs WEB HMIRouter
Firewall
Server
Substation n ICT model
System
Servers
Application
Servers HMIsSynchronization
System
RTU
Servers
CC
Servers
TO
Servers
Routers
Firewalls
Control Center Hot-Standby ICT model
System
Servers
Application
Servers HMIsSynchronization
System
RTU
Servers
CC
Servers
TO
Servers
Routers
Firewalls
Control Center k ICT model
System
Servers
Application
ServersHMIs Synchronization
System
RTU
Servers
CC
ServersCC
Hot-Standby
Servers
Routers
Firewalls
Router
Router
HistoriansMarket System
ServersHMIs
Market
Web Servers
Communication
Servers Firewall
Cyber Security Applications
Dual LAN
Dual LAN
Dual LAN
Dual LAN
IED 1 IED i
RTU
Server
LAN
Engineering
Workstation
Station
HMIs WEB HMIRouter
Firewall
Server
Substation 1 ICT model
Impact on Power System - Dynamics
➢ Cyber-Physical Security Assessment
➢ Impact of the cyber attack is assessed by monitoring the dynamic behavior:
• frequency
• bus voltage magnitudes
• current levels on network elements
• loss of loads
➢ It shows how much the operation has moved from the secure condition:
• secure
• insecure
• critical
➢ The most critical attack path is identified based on the attack’s efficiency
,j , , ,
,
1 1 1, ,
+
= = =
= + +
= + + +
L j
Loads bus branch
f j P U j L j
n n nL i i i
f P U I
i i irated initial i rated rated i
Pf U I
f P U I
Simulation of Cyber-Power Systems
Potential Threats in a Substation
Based on IEC 61850
IED Relay PMU
Merging Unit
User-interface
GPSStation
Level
Bay
Level
Process
Level
Compromise user-interface
Gain access to bay level
devices
Modify GOOSE
message
Generate fabricated
analog values
Change device
settings
CT and VT
Circuit Breaker
Actuator
IEEE 39 Bus System
Normal status
Sequential attacks – Sub # 6 → 12 → 15 → 28 → 36 → 33 → 34
Sequential attacks – Sub # 6 → 12 → 15 → 28 → 36 → 33 → 34
Sequential attacks – Sub # 6 → 12 → 15 → 28 → 36 → 33 → 34
Sequential attacks – Sub # 6 → 12 → 15 → 28 → 36 → 33 → 34
Sequential attacks – Sub # 6 → 12 → 15 → 28 → 36 → 33 → 34
Sequential attacks – Sub # 6 → 12 → 15 → 28 → 36 → 33 → 34
HMI
HMI
Anomaly Detection
System
Coordinated Cyber Attack Detection System
(CCADS)
16
User defined threshold valueCompromised substations
Similarity index
Coordinated Cyber Attack Detection System
(CCADS)
17
Substation Communication Networks
ADSs in each Substation
Abnormal
Behavior
Criticality of
Substation
Geographical
Data
Relation Correlation System
Detection
Layer
Relation
Layer
Decision
Layer
Relation AlgorithmTime Failure
Propagation
Graph (TFPG)
Frequency/Voltage Responses to Attacks w/o Intrusion Detection System
18
G8: Electrical Frequency in Hz
G5: Electrical Frequency in Hz
G2: Electrical Frequency in Hz
Bus 28 : Voltage, Magnitude in p.u.
Bus 11 : Voltage, Magnitude in p.u.
Bus 16 : Voltage, Magnitude in p.u.
20.00 40.00 60.00 80.000.0040.00
50.00
60.00
70.00
80.00
90.00
0.00 20.00 40.00 60.00 80.00
100.00
100.00
[s]
[s]0.20
0.40
0.60
0.80
1.00
1.20
Further Information [1] Cyber Physical Systems Approach to Smart Electric Power Grid, 383 pages, Eds. S. Khaitan, J. D. McCalley, and C. C.
Liu, Springer 2015.
[2] C. W. Ten, C. C. Liu, and M. Govindarasu, “Vulnerability Assessment of Cybersecurity for SCADA Systems,” IEEE
Trans. Power Systems, Nov. 2008, pp. 1836-1846.
[3] S. Pudar, M. Govindarasu, and C. C. Liu, “PENET: A Practical Method and Tool for Integrated Modeling of Security
Attacks and Countermeasures,” Computers and Security, Elsevier, 28, Nov. 2009, pp. 754-771.
[4] C. W. Ten, M. Govindarasu, and C. C. Liu, “Cybersecurity for Critical Infrastructures: Attack and Defense Modeling,”
IEEE Trans. Systems, Man, and Cybernetics, Vol. 40, No. 4, July 2010, pp. 853-865.
[5] C. W. Ten, J. Hong, and C. C. Liu, “Anomaly Detection for Cybersecurity of the Substations,” IEEE Trans. Smart Grid,
Dec 2011, pp. 865-873.
[6] C. C. Liu, A. Stefanov, J. Hong, and P. Panciatici, “Intruders in the Grid,” IEEE Power and Energy Magazine, Jan/Feb
2012, pp. 58-66.
[7] J. Hong, C. C. Liu, and M. Govindarasu, "Integrated Anomaly Detection for Cyber Security of the Substations," IEEE
Trans. Smart Grid, July 2014, pp. 1643-1653.
[8] A. Stefanov, C. C. Liu, and M. Govindarasu, "Modeling and Vulnerability Assessment of Integrated Cyber-Power
Systems," Int. Transactions on Electrical Energy Systems, Vol. 25, No. 3, March 2015, pp. 498-519.
[9] J. Xie, C. C. Liu, M. Sforna, M. Bilek, and R. Hamza, "On-Line Physical Security Monitoring of Power Substations,
Int. Trans. Electrical Energy Systems, June 2016, pp. 1148–1170.
[10] J. Xie, A. Stefanov, and C. C. Liu, "Physical and Cyber Security in a Smart Grid Environment," Wiley
Interdisciplinary Reviews Energy and Environment, WIREs Energy Environ 2016. DOI: 10.1002/wene.202
[11] C. C. Sun, C. C. Liu, and Jing Xie, "Cyber-Physical System Security of a Power Grid: State-of-the-Art," Electronics,
2016, DOI: 10.3390/electronics5030040.
[12] Y. Chen, J. Hong, and C. C. Liu, "Modeling of Intrusion and Defense for Assessment of Cyber Security at Power
Substations," IEEE Trans. Smart Grid, July 2018, pp. 2541-2552.
[13] C. C. Sun, A. Hahn, and C. C. Liu, “Cyber Security of a Power Grid,” Int. J. Electrical Power and Energy Systems,
vol. 99, Jan 2018, pp. 45-56.
[14] J. Hong and C. C. Liu, "Intelligent Electronic Devices with Collaborative Intrusion Detection Systems," IEEE Trans.
Smart Grid. Jan 2019, pp. 271-281.