Cyber Security of Power Grids

Similar documents
Cyber-Physical System Security of the Power Grid Chen-Ching Liu American Electric Power Professor Director, Power and Energy Center Virginia Tech

Cyber-Physical System Security of the Power Grid

Dmitry Ishchenko/Reynaldo Nuqui/Steve Kunsman, September 21, 2016 Collaborative Defense of Transmission and Distribution Protection & Control Devices

Cyber Physical System Security

November 29, ECE 421 Session 28. Utility SCADA and Automation. Presented by: Chris Dyer

Author Copy. Do not redistribute.

Failure Diagnosis and Cyber Intrusion Detection in Transmission Protection System Assets Using Synchrophasor Data

Lecture 5 Substation Automation Systems. Course map

Semantic Security Analysis of SCADA Networks to Detect Malicious Control Commands in Power Grids

Overview of BC-Hydro/BCIT Smart Power Microgrid

IEC Overview. Grant Gilchrist. Principal Consultant, Smart Grid Engineering November 2009

Cybersecurity Test and Evaluation Facilities at Texas A&M

Resilient Smart Grids

Evolution of Control for the Power Grid

Power System Network Simulator (PSNsim)

EPRI Research Overview IT/Security Focus. Power Delivery & Energy Utilization Sector From Generator Bus Bar to End Use

Building A Resilient and Secure Power Grid A UCF Microgrid Demo

Smart Grid Automation in a Cyber-Physical Context

AUTOMATED SECURITY ASSESSMENT AND MANAGEMENT OF THE ELECTRIC POWER GRID

Smart Grid Labs. Overview

9 th Electricity Conference at CMU

How smart can the grid really be?

Smart Grid Operations - Clemson University Research, Education and Innovation-Ecosystem Opportunities

Exchange of Data and Models between Control Centers

New security solutions enabled by 5G

GE Grid Solutions. Electric Grid Modernization and Substation Automation. John D. McDonald, P.E.

SDG&E EPIC Program Overview

Securing the Smart Grid. Understanding the BIG Picture 11/1/2011. Proprietary Information of Corporate Risk Solutions, Inc. 1.

Communication Pattern Anomaly Detection in Process Control Systems

The Smart Utility Meets The Smart tgid Grid. The Smart. Bob Uluski. Technology Quanta Technology LLC

Smart grid control based on heterogeneous communications and adaptive layers

October 05, ECE 421 Session 12. Utility SCADA and Automation. Presented by: Chris Dyer

FAULT DETECTION ISOLATION AND RESTORATION ON THE FEEDER (FDIR): PICK YOUR TECHNOLOGY

DUKE ENERGY OHIO SMART GRID / GRID MODERNIZATION. Don Schneider GM, Smart Grid Field Deployment May 24, 2012

Iowa State University

IDE4L project overview and ANM concept. Distributed automation system

Advanced Protection and Control Technologies for T&D Grid Modernization

Kaspersky Industrial CyberSecurity. Cybersecurity for Electric Power Infrastructure. #truecybersecurity

Lesson Learned CIP Version 5 Transition Program

Smart Grid Security Illinois

PREEMPTIVE Preventive methodology and tools to protect utilities

COMMUNICATION NETWORKS. FOX615/612 TEGO1 IEC GOOSE Proxy Gateway interface module.

The debut of Relion 2.2 The new IEDs generation A suitable portfolio for your digital substation

IEEE 1588v2 Time Synchronization in Energy Automation Applications Case Studies from China

T&D Challenges and Opportunities

Interoperability and Security for Converged Smart Grid Networks

Cyber Vulnerabilities on Agent-based Smart Grid Protection System

Lecture 6 Substation Automation Systems

IP in MV/LV: Expanding IP services to the medium and low voltage layers of the power distribution grid

Pepco s Plans for Smart Grid. Rob Stewart Blueprint Technology Strategist

Jeff Dagle. P.O. Box 999, M/S K5-20; Richland WA ; Fax: ;

Road Map to Grid Modernization

Security and Privacy Issues In Smart Grid

Managing Security, Risk and Compliance for Critical Assets on the Smart Grid

Evolution of Control for the Power Grid

Cyber Security and Privacy Issues in Smart Grids

/ Charlie Hsu, Sales, PSAC, Power System Division, TWABB, June.2013 IEC The Approach and the Standard. ABB Group July 1, 2013 Slide 1

JULIO OLIVEIRA, ABB POWER GRIDS GRID AUTOMATION, DECEMBER 01 ST ABB Ability - Digital Substations. FISE 7a Edición

SIPROTEC 5 V7.8 Protection, automation and monitoring for digital substations

Using Defense in Depth to Safely Present SCADA Data for Read-Only and Corporate Reporting. Rick Bryson

Maxwell Dondo PhD PEng SMIEEE

Evaluation of Business Cases for Smart Grid Solutions Kenny Mercado, Senior VP Electric Operations

Cisco Smart Grid. Powering End-to-End Communications. Annette Winston Sr. Mgr., Product Operations Customer Value Chain Management

Substation. Communications. Power Utilities. Application Brochure. Typical users: Transmission & distribution power utilities

Hugo E. Meier, Heidelberg, Germany, June 2014 Integrator Partner Seminar2014 Substation automation trends

Technical Spotlight DEMO6-S6

KCP&L SmartGrid Demonstration

On Network Performance Evaluation toward the Smart Grid: A Case Study of DNP3 over TCP/IP

SCADA Training - T&D Automation

Trends in Station Bus and Process Bus Communications Via the Several IEC Protocols. Schweitzer Engineering Laboratories, Inc.

The current state of the electrical grid And the technologies that will enable its transformation

DRTS-DRTS Link for Distributed Real Time Simulation. Dr. Rob Hovsapian

Smart Grid solutions. Reliable innovation. Personal solutions. Public distribution. System LEVEL 2. Communications LEVEL 1. Network LEVEL 0 ADA SCADA

Network Planning for Smart Grid

DTE Initiatives. August 13, 2007

Automation System Solutions

THE ENEL SMART GRID TEST SYSTEM: A REAL-TIME DIGITAL SIMULATOR-BASED INFRASTRUCTURE

Digital substations. Introduction, benefits, offerings

SEEDS Industry Engagement Event

Substa'on Automa'on and SCADA The Key to efficiency. Empowering Lives

Digital Substation Overview of Technology, Industry

Karl Iliev, San Diego Gas & Electric Company

PROTECTING MANUFACTURING and UTILITIES Industrial Control Systems

OpenWay by Itron Security Overview

Why Security Fails in Federated Systems

PREEMPTIVE PREventivE Methodology and Tools to protect utilities

SDG&E s EPIC Demonstration Projects on Emerging Communication Standards. IEC Europe 2017 Conference. Frank Goodman, SDG&E EPIC Program Manager

Smart Distribution Grid: Status, Goals, Vision and Pathway for Success

Virtualizing Industrial Control Systems Testbeds for Cybersecurity Research

POWER GRID AUTOMATION. Pág.. n. RMU Automation

Graduate School of Fundamental Science and Engineering Computer and Communication Engineering. Waseda University. Master s Thesis

Lecture 14. Course wrap up & Smartgrid Architectures. Professor Lars Nordström Dept of Industrial Information & Control systems, KTH

Trends for Smart Grid Automation and Industry 4.0 Integration. presented by Detlef Raddatz Managing Director SystemCORP Embedded Technology

Detection and Analysis of Threats to the Energy Sector (DATES)

CEER Cyber-Physical Testbeds (a generational leap)

Identity-Based Cyber Defense. March 2017

Chapter 2 State Estimation and Visualization

Time Synchronization and Standards for the Smart Grid

POWER GRIDS. We are bridging the gap. Enabling Digital Substations.

Upgrading From a Successful Emergency Control System to a Complete WAMPAC System for Georgian State Energy System

Transcription:

Cyber Security of Power Grids Chen-Ching Liu Boeing Distinguished Professor Director, Energy Systems Innovation Center Washington State University In Collaboration with M. Govindarasu, Iowa State University This research is sponsored by U.S. National Science Foundation, and NSF/Department of Energy through CURENT ERC. 1

Research framework Intrusion detection Preventive / remedial actions Before Intrusion Intrusion After Intrusion Real-time monitoring Security rules Data and information logs Intrusion detection using detection algorithms Find same type of attacks Impact analysis (what-if scenario) Find more vulnerable point Mitigation actions Preventive and remedial action Reconfigure firewall rules 2

System Vulnerability A system is defined as the wide area interconnected, IPbased computer communication networks linking the control center and substations-level networks System vulnerability is the maximum vulnerability level over a set of scenarios represented by I V S max V ( I ) 3

Access Point Vulnerability Access point provides the port services to establish a connection for an intruder to penetrate SCADA computer systems Vulnerability of a scenario i, V(i), through an access point is evaluated to determine its potential damage Scenario vulnerability - weighted sum of the potential damages over the set S. V i js where j is the steady state probability that a SCADA system is attacked through a specific access point j, which is linked to the SCADA system. The damage factor, j, represents the level of damage on a power system when a substation is removed j j 4

Password Model Intrusion attempt to a machine A solid bar - transition probability An empty bar - processing execution rate that responds to the attacker Account lockout feature, with a limited number of attempts, can be simulated by initiating the N tokens (password policy threshold). number of intrusion attempts Intrusion attempt starts (terminal 1) p pw i f N pw i pw i Attempt logging on to the targeted system, p i pw Targeted system responds to attacker, pw i the intrusion attempt probability of a computer system, i total number of observed records Targeted system attempted (terminal 2) 5

Firewall Model Firewall model Denial or access of each rule Malicious packets traveling through policy rule j on each firewall i is taken into account. probability of malicious packets traveling through a firewall rule p fp i, j f N fp i, j fp i, j probability of the packets being rejected denotes the frequency of malicious packets through the firewall rule total record of firewall rule j. p fr i f N fr i fr i n i the number of rejected packets fr p i Deny denotes the total number of packets in the firewall logs fp fp pi, 1 pi 2 f i Rule 1... fp, Rule 2 f i Malicious packets passed through Firewall A (terminal 2) Intrusion Attempts (terminal 1) p i, n f i Rule n 6

Impact Factor Evaluation Impact factor for the attack upon a SCADA system is P P LOL Total L1 Loss of load (LOL) is quantified for a disconnected substation To determine the value of L, one starts with the value of L=1 at the substation and gradually increases the loading level of the entire system without the substation that has been attacked. Stop when power flow fails to converge 7

Vulnerabilities of substations Control centers rely on substations and communications to make decisions Substations are a critical infrastructure in the power grid (relays, IEDs, PMUs) Remote access to substation user interface or IEDs for maintenance purposes Unsecured standard protocol, remote controllable IED and unauthorized remote access Some IED and user-interface have available web servers and it may provide a remote access for configuration and control with default passwords Well coordinated cyber attacks can compromise more than one substation it may become a multiple, cascaded sequence of events 8

Station Level Bay Level Potential threats in a substation based on IEC 61850 Compromise userinterface Gain access to bay level devices Userinterface GPS Change device settings IED Relay PMU Process Level Modify GOOSE message Actuator Circuit Breaker Merging Unit CT and VT Generate fabricated analog values 9

Anomaly detection at substations 10

Host-based anomaly detection Detection of temporal anomalies is performed by comparing consecutive row vectors representing a sequence of time instants If a discrepancy exists between two different periods (rows, 10 seconds), the anomaly index is a number between 0 and 1 A value of 0 implies no discrepancy whereas 1 indicates the maximal discrepancy Host-based anomaly indicators ψ^a (intrusion attempt on user interface or IED) ψ^cf (change of the file system) ψ^cs (change of IED critical settings) ψ^o (change of status of breakers or transformer taps) ψ^m (measurement difference) 11

Attack similarity The simultaneous anomaly detection is achieved in 3 steps, i.e., 1) Find the total number of types of attacks 2) Find the same attack groups, and 3) Calculate the similarity between attacks in the same group Attack similarity value of 0 indicates no overlap and a value 1 indicates a complete overlap similarity index = 0.9643 12

Coordinated cyber attack Coordinated cyber attacks cause a greater impact In coordinated cyber attacks, attack steps are associated with each other. Identifying relations helps system operators detect a coordinated cyber attack. Intrusion Type Critical Level Geography Relations 13

System Integration 14

HMI Anomaly Detection System 15

IEEE 39 bus system (DIgSILENT) Normal status 16

IEEE 39 bus system (DIgSILENT) 4. Bus 28 3. Bus 15 1. Bus 6 2. Bus 12 5. Bus 36 7. Bus 34 6. Bus 33 Simultaneous attacks without ADS 17

IEEE 39 bus system (DIgSILENT) Gen 10 4. Bus 28 3. Bus 15 Gen 9 Gen 6 Gen 1 2. Bus 12 1. Bus 6 5. Bus 36 7. Bus 34 6. Bus 33 Gen 2 Gen 3 Without ADS - Blackout 18

IEEE 39 bus system (DIgSILENT) Attack Start Attack End Without ADS - Blackout 19

IEEE 39 bus system (DIgSILENT) With ADS - Normal 20

Smart Meter Smart Meter Smart Meter Smart Meter WSU Smart City Testbed Transmission Level Control Center EMS (ALSTOM) LAN (Ethernet Switch) Distribution Operation Center Alstom Grid Donation WA State Funds DMS HMI (ALSTOM) EMS & DMS Server (DELL) Firewall (CISCO) Network Cable Firewall (CISCO) User Interface WAN (DNP 3.0, UDP, TCP) LAN (Ethernet Switch) Firewall (CISCO) PLC Murdock Grant User Interface IEDs FRTU Engineering Unit Relays GPS IPS Substation Firewall (CISCO) Server Distribution System Feeder Automation Switch LAN (Ethernet Switch) Server Dispatch Operator Training Simulator (ALSTOM) User Interface Distribution Communication Network RF Radio AMI MDMS Renewable Devices ITRON Donation Modeling and Simulation Tools Converters 88888 Customers Supermicro platform Power System Simulation Tool (DIgSILENT) PSCAD/ EMTDC Grid LAB-D Wind Solar Fuel Battery Generator PV cell Simulator Simulator Simulator Simulator 88888 88888 88888 Source Generator Protocol Gateway RTDS/ RSCAD MATLAB AutoCAD (GIS) NI Lab View Smart Meters HMI: Human Machine Interface EMS: Energy Management System DMS: Distribution Management System LAN: Local Area Network WAN: Wide Area Network RTDS: Real Time Data Simulator IED: Intelligent Electronic Device AMI: Advanced Metering Infrastructure MDMS: Meter Data Management System PLC: Power Line Communication FRTU: Feeder Remote Terminal Unit ICCP: Inter Control Center Communication Protocol IPS: Intrusion Prevention System Research Stations Transmission System Renewable Generation Distribution System Smart Meters Substation Automation <13>

Conclusions and future work Substation cyber security enhancement Anomaly detection using proposed Integrated IDS Attack similarity and Impact factor analysis Vulnerability assessment by cyber-physical testbed More protocols and more anomaly indicators Cyber-physical vulnerability analysis Coordinated simultaneous cyber attack detection Smart city testbed 22

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback