Power systems have been analyzed and studied as purely physical systems for a long time. Such efforts were critical to the establishment of the power grid as it is today. However, with the increased interest in the integration of renewable energy, the grid is experiencing more vulnerabilities to its operation, stability, and resiliency from the cyber realm. As such, it is crucial to understand the cyber-physical power system interdependencies. In this paper, we advance a Bayesian Network generation algorithm, called CyberDep. CyberDep quantifies cyber-physical interdependencies through conditional probability calculations and aids in analyzing bidirectional data flow dependencies and n-to-1 nodal connections between elements. CyberDep is implemented on a dataset of the cyber-physical emulation of the WSCC 9-bus system, which includes running physical, cyber, and cyber-physical disturbances on the system. The results showcase an improved interdependency quantification and visualization of the n-to-1 probabilistic relationships between the physical and cyber system components.
Cyber-physical systems have behaviour that crosses domain boundaries during events such as planned operational changes and malicious disturbances. Traditionally, the cyber and physical systems are monitored separately and use very different toolsets and analysis paradigms. The security and privacy of these cyber-physical systems requires improved understanding of the combined cyber-physical system behaviour and methods for holistic analysis. Therefore, the authors propose leveraging clustering techniques on cyber-physical data from smart grid systems to analyse differences and similarities in behaviour during cyber-, physical-, and cyber-physical disturbances. Since clustering methods are commonly used in data science to examine statistical similarities in order to sort large datasets, these algorithms can assist in identifying useful relationships in cyber-physical systems. Through this analysis, deeper insights can be shared with decision-makers on what cyber and physical components are strongly or weakly linked, what cyber-physical pathways are most traversed, and the criticality of certain cyber-physical nodes or edges. This paper presents several types of clustering methods for cyber-physical graphs of smart grid systems and their application in assessing different types of disturbances for informing cyber-physical situational awareness. The collection of these clustering techniques provide a foundational basis for cyber-physical graph interdependency analysis.
Modular Multi Agent Grid Emulations for Joined Breakdowns in Linked Generative Emulations (MMAREJBLIGE) introduces an agent-based modeling framework into real-time cyber-physical emulation to achieve a context-aware environment that introduces operator/attacker/external-condition variability to improve emulation fidelity and testing rigor. We detail our agent framework design, internal communication via message passing, and time synchronization, as well as the individual components of the system. We include a brief analysis of several scenarios run on a real-time, hardware-in-the-loop, Industrial Control Systems (ICS) test-bed which include normal operation, physical disruption, disruption with mitigation, and disruption with mitigation during a cyber denial-of-service (DOS) attack.
The slides will be presented at a DOE CESER Peer Review for the Risk Management Tools and Technology (RMT) that provide an overview of the sDERC project. The slides discuss the project plan for this new project and how the results will be demonstrated at the conclusion of this project. The peer review is scheduled for August 27-29.
The power grid, traditionally perceived as an independent physical network has undergone a significant transformation in recent years due to its integration with cyber communication networks and modern digital components. Cyber situations, including cyber-attacks and network anomalies, can directly affect the physical operation of the grid; therefore, studying this intricate relationship between the physical and cyber systems is pivotal for enhancing the resilience and security of modern power systems. In this digest, a novel Long Short-Term Memory (LSTM)-based Autoencoder (AE) model for cyber-physical data fusion and threat detection is proposed. The scenario under consideration includes the effective detection of a physical disturbance and a Denial-of-Service (DoS) attack, which obstructs control commands during the physical disturbance in the power grid. Detailed analysis and quantitative results regarding the LSTM-based AE model's training and evaluation phases is provided, which highlight its key operation features and benefits for guaranteeing security and resilience in the power grid.
Network Operation Centers (NOCs) and Security Operation Centers (SOCs) play a critical role in addressing a wide range of threats in critical infrastructure systems such as the electric grid. However, when considering the electric grid and related industrial control systems (ICSs), visibility into the information technology (IT), operational technology (OT), and underlying physical process systems are often disconnected and standalone. As the electric grid becomes increasingly cyber-physical and faces dynamic, cyber-physical threats, it is vital that cyber-physical situational awareness (CPSA) across the interconnected system is achieved. In this paper, we review existing NOC and SOC capabilities and visualizations, motivate the need for CPSA, and define design principles with example visualizations for a next-generation grid cyber-physical integrated SOC (CP-ISOC).
As the electric grid becomes increasingly cyber-physical, it is important to characterize its inherent cyber-physical interdepedencies and explore how that characterization can be leveraged to improve grid operation. It is crucial to investigate what data features are transferred at the system boundaries, how disturbances cascade between the systems, and how planning and/or mitigation measures can leverage that information to increase grid resilience. In this paper, we explore several numerical analysis and graph decomposition techniques that may be suitable for modeling these cyber-physical system interdependencies and for understanding their significance. An augmented WSCC 9-bus cyber-physical system model is used as a small use-case to assess these techniques and their ability in characterizing different events within the cyber-physical system. These initial results are then analyzed to formulate a high-level approach for characterizing cyber-physical interdependencies.
The harmonized automatic relay mitigation of nefarious intentional events (HARMONIE) special protection scheme (SPS) was developed to provide adaptive, cyber-physical response to unpredictable disturbances in the electric grid. The HARMONIE-SPS methodology includes a machine learning classification framework that analyzes real time cyber-physical data and determines if the system is in normal conditions, cyber disturbance, physical disturbance, or cyber-physical disturbance. This classification then informs response, if needed and/or suitable, and included cyber-physical corrective actions. Beyond standard power system mitigations, a few novel approaches were developed that included a consensus algorithm-based relay voting scheme, an automated power system triggering condition and corrective action pairing algorithm, and a cyber traffic routing optimization algorithm. Both the classification and response techniques were tested within a newly integrated emulation environment composed of a real-time digital simulator (RTDS) and SCEPTRE™. This report details the HARMONIE-SPS methodology, highlighting both the classification and response techniques, and the subsequent testing results from the emulation environment.
The electric grid has undergone rapid, revolutionary changes in recent years; from the addition of advanced smart technologies to the growing penetration of distributed energy resources (DERs) to increased interconnectivity and communications. However, these added communications, access interfaces, and third-party software to enable autonomous control schemes and interconnectivity also expand the attack surface of the grid. To address the gap of DER cybersecurity and secure the grid-edge to motivate a holistic, defense-in-depth approach, a proactive intrusion detection and mitigation system (PIDMS) device was developed to secure PV smart inverter communications. The PIDMS was developed as a distributed, flexible bump-in-the-wire (BITW) solution for protecting PV smart inverter communications. Both cyber (network traffic) and physical (power system measurements) are processed using network intrusion monitoring tools and custom machinelearning algorithms for deep packet analysis and cyber-physical event correlation. The PIDMS not only detects abnormal events but also deploys mitigations to limit or eliminate system impact; the PIDMS communicates with peer PIDMSs at different locations using the MQTT protocol for increased situational awareness and alerting. The details of the PIDMS methodology and prototype development are detailed in this report as well as the evaluation results within a cyber-physical emulation environment and subsequent industry feedback.
Due to the increasing complexity of energy systems and consequent increase in attack vectors, protecting the power grid from unknown disturbances and attacks using special protection schemes is crucial. In this paper, we discuss the machine learning component of the HARMONIE special protection scheme which relies on a novel combination of graph neural networks and Transformer models to jointly process cyber (network) and physical data. Our approach shows promise in detecting cyber and physical disturbances and includes the capability to identify relevant portions of the input sequence that contribute to the model's prediction. With this in place, the end goal of developing automated mitigation strategies is within reach.
Unpredictable disturbances with dynamic trajectories such as extreme weather events and cyber attacks require adaptive, cyber-physical special protection schemes to mitigate cascading impact in the electric grid. A harmonized automatic relay mitigation of nefarious intentional events (HARMONIE) special protection scheme (SPS) is being developed to address that need. However, for evaluating the HARMONIE-SPS performance in classifying system disturbances and mitigating consequences, a cyber-physical testbed is required to further development and validate the methodology. In this paper, we present a design for a co-simulation testbed leveraging the SCEPTRE™ platform and the real-time digital simulator (RTDS). The integration of these two platforms is detailed, as well as the unique, specific needs for testing HARMONIE-SPS within the environment. Results are presented from tests involving a WSCC 9-bus system with different load shedding scenarios with varying cyber-physical impact.
The electric grid is becoming increasingly cyber-physical with the addition of smart technologies, new communication interfaces, and automated grid-support functions. Because of this, it is no longer sufficient to only study the physical system dynamics, but the cyber system must also be monitored as well to examine cyber-physical interactions and effects on the overall system. To address this gap for both operational and security needs, cyber-physical situational awareness is needed to monitor the system to detect any faults or malicious activity. Techniques and models to understand the physical system (the power system operation) exist, but methods to study the cyber system are needed, which can assist in understanding how the network traffic and changes to network conditions affect applications such as data analysis, intrusion detection systems (IDS), and anomaly detection. In this paper, we examine and develop models of data flows in communication networks of cyber-physical systems (CPSs) and explore how network calculus can be utilized to develop those models for CPSs, with a focus on anomaly and intrusion detection. This provides a foundation for methods to examine how changes to behavior in the CPS can be modeled and for investigating cyber effects in CPSs in anomaly detection applications.
