Cybersecurity of Smart Grid Systems

Dr. Vittal S. RaoElectrical and Computer Engineering

Texas Tech University

November 8, 2012NSF-SFS Workshop on Education Initiatives in Cybersecurity for

Critical Infrastructure

Out Line of Presentation• Smart Grid Systems• TTU’s Unique Capabilities• TTU Real Time Simulator• Security Features of Smart Grid• Wide Area Monitoring Using SCADA and PMU Data• Multidisciplinary approaches for Cybersecurity• Cyber security/ Intrusion Detection Methods• Vulnerability of Smart Grid Communication Protocols• Conclusions

Benefits of the Smart Grid

• Near-zero wide-area blackouts and greatly reduced local interruptions.

• High-quality power for sensitive electronics and complex computer applications.

• Plug-and-play integration of renewable sources, distributed resources and control systems

• Options for consumers to manage their electricity use and costs, Smart Homes

• Improved resilience to attack, natural disasters, and operator errors.

Characteristics of Smart Grid Enables Active Consumer Participation Accommodates all Generation and Storage

Options Enables New Products, Services, and Markets Provides Power Quality for the Digital Economy Optimize Asset Utilization and Operates

Efficiently Anticipates and Responds to System

Disturbances (Self-heals) Operates Resiliently Against Attack and Natural

Disaster

Smart Grid

Essential Functions

• Integration of ‘Electrical Infrastructure’ with ‘Intelligence Infrastructure’

• Smart Sensors, Protective Relays and Control Devices

• On-Line Equipment Monitoring• Communications Infrastructure• New Operating Models and Algorithms• Real-Time Simulation and Contingency Analysis• Improved Operator Visualization Techniques• Interconnection Codes and Standards• Cyber Security

Integration of Generation and Storage Options

• Distributed Generation : small, widely dispersed plants

• Renewables: Wind, Solar, Biomass, etc• Maximum Penetration of Renewable Energy

Sources with Grid• Energy Storage: Giant Batteries and Capacitors• Demand Response(DR): Response to peak

loads

Smart Grid Systems at Texas Tech• Multidisciplinary Research Centers (Wind Science and Engineering,

Smart Grid Energy Center)• Alstom 1.5MW Commercial Grade Wind Turbine on TTU campus• DOE/Sandia Facilities for Testing Wind Farms/ Energy Storage

Systems• TTU Real Time Simulator sponsored by the National Science

Foundation (NSF)• Smart Microgrid Test Bed• Interdisciplinary research teams for Smart Grid and Cyber Security:

ECE, CSc, ME, IE, Mathematics, Business, and Law• New BS Degree program in Wind Energy• Interdisciplinary Curriculum for Cyber Security

Unique Capabilities• Formation of a Team of applied and academic background researchers

to address the “Technology for Cyber-Physical Systems”.• Accessibility of industrial partners of CCET and PMU manufacturer,

National Instruments (NI).• TTU is the leader in Wind Sciences and Engineering in the Nation. TTU

has established an interdisciplinary PhD program in Wind Energy. Texas Tech in collaboration with Group NIRE has developed a significant facilities related with Smart Microgrid Systems. This system has commercial grade Wind Turbines, Large scale battery storage (proposed) , planning to install 4 or 5 PMUs in Southwest Power Pool (SPP) Power System.

• TTU has received a major research instrumentation (MRI) and Capacity Building grant for Cybersecurity from NSF. TTU is working with Northrop Grumman Corporation, who is the industrial leader for Cyber Security.

Thematic Research Areas

• Maximum Penetration of Distributed Renewable Energy Sources to Grid

• Cyber Security of Energy Delivery Systems/ SCADA Control Systems

• PMU based Wide Area Monitoring and Damping Control Strategies

• Home Area Networks• Hybrid Energy Storage Systems• Dynamic Stability of Power Systems• Development of Experimental Microgrid Test Bed• Optimal Energy Management of Smart Micro grids

TTU Real Time Simulator

DFIG

Solar Data

Inverter Control

RTDSRTDS

Controller

RSCAD

Wind Data

Campus Wind Turbine

Solar

Battery Storage

Utility Grid

Controller

GTNET PMU

GE N60 & D90 plus

SEL-421 ABB-REL-670

D400 Substation Gateway

Phasor Data Concentrator

Visualization Screen in our lab

IEC 61850

IEEE C37.118

Cyber Security

IEC 61850

IEEE C37.118

Interoperability• Energy Management Systems (EMS) architecture

with products from different companies.

REF: 1. http://zone.ni.com/devzone/cda/pub/p/id/1238 2. www.multilin.com

PHEV

Natural Gas Engine

Wind Energy

Solar Energy

DC/AC Inverter

Fuel Cells

Battery Storage Ultra Capacitor

UTILITY GRID

DC/AC Inverter

DC/AC InverterGenerator

DC/AC Inverter

Smart Meter

Laboratory Building

Priority LoadsPriority Loads

Micro GridMicro Grid

Control and Energy Management

Control and Energy Management

Generator

Transformer /CB

Distributed Micro Energy Sources

Distributed Micro Energy Sources

Local LoadsLocal Loads

Dis

trib

uted

St

orag

eD

istr

ibut

ed

Stor

age

Generator

Flywheel Storage

DFIG

Micro Turbine

Cyber Security

• Today’s grid lacks the robustness needed to withstand attacks by saboteurs or acts of nature. (Supervisory Control and Data Acquisition (SCADA) systems)

• Today’s grid lacks the information and control capabilities to rapidly recover from manmade or natural events.

• Advanced cyber security protection systems have to be integrated utilizing cyber security standards to ensure that new smart grid technologies are secure and that existing technologies such as SCADA, protective relaying, and communication systems are retrofitted with methods that provide the same level of advanced cyber security.

Cyber Security of Energy Delivery Systems

• Assessment and monitoring of risk• Development and integration of protective

measures• Detection of intrusion and implementation of

response strategies• Enhancement of security methods

Smart Grid Information Networks

Increased Connectivity

Security Features

Integrated Communications Interoperability standards that include advanced cyber

security protection Transport vehicle that provides the needed operational

and condition data to enable self healing Redundant communication paths making interruption of

data flows unlikelySensing & Measurement

Remote monitoring that detects potential events anywhere in the grid

Sensors and measuring devices with embedded protection Events detected in time to respond

Security Features

Advanced Components Tolerant and resilient grid devices Rapid response to emergent threats Fewer critical points of failure Reduced consequences of failure Distributed, autonomous resources

Advanced Control Methods Islanding to isolate vulnerable areas in response to real or expected

security events Automated network “agents” for dynamic reconfiguration and demand

management Self-healing with preventive or corrective actions in real time

Improved Interfaces & Decision Support Greatly enhanced situational awareness Recommendations for addressing security threats provided to operators

in real time Advanced real-time modeling and simulation tools with predictive

capabilities Improved operator training and guidance systems aimed at response to

security events

R&D Theme Areas for Cybersecurity

Device Level Cost effective secure architecture for Smart meters

Cryptography and Key management On processors with strict space/computation limits

System Level Built to adapt to changing needs in scale and functionality Able to tolerate and survive malicious attacks of the present and future Denial of service resiliency Infrastructure interdependency issues

Legacy System Integration Compatibility problems

Emerging Research Topics Synchrophasor Security/ NASPI Net Anonymization Infrastructure interdependency issues

Wide Area Monitoriong

• Analysis of power system performance in different oscillation modes.

• Intelligent system protection schemes

• Situational awareness

• Monitoring of power system harmonics

• Frequency monitoring

• Data visualization using the geographical coordinates

• Black out monitoring and real time grid control center application

• Post event analysis

Phasor Measurement UnitsA PMU measures bus voltage (phase or sequence) and all 3-phase line currents on all branches (transmission lines and transformers) emanating from the substation along with the phasor angles

Integration of PMU data

Wide Area Monitoring Using PMUs and PDCs

Threats against these devices include: Denial of service (DoS) attacks

Attacks against open ports and services

Attempt to change device settings

Attempt to inject malicious data

Attempt to place a man-in-the-middle(MITM) between devices.

24

Reference: Salvatore, et al., Presentation on “Security analysis of a commercial synchrophasor device, May, 30-31,2011”25

Open PDC• C37.118 is the IEEE standard for PDC, current version issued in 2005.

• Three adapter layer:

Input adapter (C37.118)

Action adapter

Output adapter (32 bit access)

26

Vulnerabilities1. C37.118 vulnerabilities : lack of encryption and source verification (MITM)

2. OpenPDC vulnerabilities: lack of input validation (Malicious Data Injection)

Drop statement injection: destroy all the measurements data for a PMU

Delete statement injection: selectively erase some specific measurements

Alter statement injection:

Can be used to smartly swap the names of measurements tables

Deceive the monitoring operator

Cheat the triangulation used to detect source of dangerous event like blackouts

27

Intrusion Detection

• There are several reasons that make intrusion detection a necessary part of the entire

defense system.

• First, many traditional systems and applications were developed without security in

mind. In other cases, systems and applications were developed to work in a different

environment and may become vulnerable when deployed in the current environment.

(For example, a system may be perfectly secure when it is isolated but become

vulnerable when it is connected to the Internet.) Intrusion detection provides a way to

identify and thus allow responses to, attacks against these systems.

• Second, due to the limitations of information security and software engineering practice,

computer systems and applications may have design flaws or bugs that could be used by

an intruder to attack the systems or applications. As a result, certain preventive

mechanisms (e.g., firewalls) may not be as effective as expected.

28

Intrusion Detection MethodsIntrusion detection systems (IDSs) are usually deployed along with other

preventive security mechanisms, such as access control and authentication, as a

second line of defense that protects information systems.

Anomaly detection: based on normal behavior of a user and any action that

significantly deviate from the normal behavior is considered intrusive.

Misuse detection: catches intrusion in terms of the characteristics of known

attacks and any action that conforms to the pattern of a known attack is

considered intrusive.

29

Functions of IDS

• Monitoring users and system activity

• Auditing system configuration for vulnerabilities and misconfigurations

• Assessing the integrity of critical system and data files

• Recognizing known attack patterns in system activity.

• Identifying abnormal activity through statistical analysis

• Managing audit trails and highlighting user violation of policy or normal

activity

• Correcting system configuration errors

• Installing and operating traps to record information about intruders

30

Intrusion Detection MethodsAnomaly detection:

Statistical models (Discrete Wavelet Transform)

Machine learning and data mining techniques

Specification-based methods

Information-theoretic measures

Misuse detection:

Rule-based language

Abstraction-based intrusion detection

State transition analysis tool kit

Colored Petri automata

31

Statistical Decision Theory in Intrusion Detection

By Saed Alajlouni

SCADA Systems

• SCADA systems, What are they?

11/07/2012 S. Alajlouni. "Cyber-Security of Critical Infrastructure" 33

Intro-Efforts for securing SCADA systems

• IT perspective: “Obscurity Principle”.

• Control Engineering perspective:“reliability” .

• Very few researchers have investigated how

malicious attacks affect the estimation and

control algorithms, and ultimately, how

attacks affect the physical world

11/07/2012 S. Alajlouni. "Cyber-Security of Critical Infrastructure" 34

Interdisciplinary research

Statistical Decision Theory: Main Idea

• A receiver is reading an input signal that is corrupted by some additive noise

• Depending on the application, the receiver has to make a decision whether the received signal is high or low (Binary applications), or whether the data is malicious or true.

• The decision rule is based on minimizing a risk function (average cost).

S. Alajlouni. "Cyber-Security of Critical Infrastructure"

Binary Bayesian hypothesis testing

• H0=N~(0,σ2)

• H1=m+N~(0,σ2)

• P0+P1=1 (Probabilities are given a priori)

• Bayes rule example:

• P(D1,H0)=P(decide H1 given H∣ 0 is true)xP0

• =PFxP0

S. Alajlouni. "Cyber-Security of Critical Infrastructure"

Decision rule

• Decision Risk= C00P(D0,H0)+ C11P(D1,H1)+ C10P(D1,H0)+

C01P(D0,H1)

• Minimization of the risk function yields the receiver’s optimal decision rule

11/07/2012 S. Alajlouni. "Cyber-Security of Critical Infrastructure" 38

Composite Hypothesis Testing

• If the parameters defining probability density functions of the expected

hypothesis are unknown, then the hypothesis testing problem is called

composite.

• In some cases the unknown parameters does not appear in the decision

rule equation, so a decision can still be made.

• If the decision rule depends on the unknown parameters, then the

parameters must be estimated before a decision can be made

• Parameters are usually estimated using maximum likelihood estimation.

11/07/2012 S. Alajlouni. "Cyber-Security of Critical Infrastructure" 39

Sequential detection

• In a sequence of data samples, one of the following decisions must be made after each sample:

• Decide H1

• Decide H0

• Not enough information

• If Decisions H0 or H1 are made, the hypothesis testing

procedure stops. Otherwise, an additional sample is taken.

11/07/2012 S. Alajlouni. "Cyber-Security of Critical Infrastructure" 40

Hardware Cyber Security

• Threats against hardware security:– Physical tampering– Side channel attacks– Data injection– Man in the middle attacks

• How to protect hardware:– Secure Startup– Configuration hopping– Masking power consumption

41

Secure Startup

• Use of module separate from normal device operations

• Module uses hardware ID and TCM for security

• TCM checks hardware ID and sends encrypted packet out, is returned and checked before system is allowed to fully operate [1]

42

[1] A security embedded system base on TCM and FPGA

Configuration Hopping

• Several processors in system assigned to individual tasks

• At random intervals processor configuration changes

• Creates narrower window for hacking [2]

43

Processor 1

Processor 2

Processor 3

Data In

Data Out

Side Channel Attacks

• Types of SCA:– Simple Power Analysis– Differential Power

Analysis

• Masking– Current Equalizing– Current Randomization

Current Equalizer States [3]44

Conclusions• TTU has significant infrastructural and

research capabilities in Cyber-Physical Systems

• Multidisciplinary approaches to address cybersecurity of critical infrastructural systems.

• We are very enthusiastic to develop “ Smart Micro Grid System” with embedded Cyber Security capabilities.