Cyber-physical systems have behaviour that crosses domain boundaries during events such as planned operational changes and malicious disturbances. Traditionally, the cyber and physical systems are monitored separately and use very different toolsets and analysis paradigms. The security and privacy of these cyber-physical systems requires improved understanding of the combined cyber-physical system behaviour and methods for holistic analysis. Therefore, the authors propose leveraging clustering techniques on cyber-physical data from smart grid systems to analyse differences and similarities in behaviour during cyber-, physical-, and cyber-physical disturbances. Since clustering methods are commonly used in data science to examine statistical similarities in order to sort large datasets, these algorithms can assist in identifying useful relationships in cyber-physical systems. Through this analysis, deeper insights can be shared with decision-makers on what cyber and physical components are strongly or weakly linked, what cyber-physical pathways are most traversed, and the criticality of certain cyber-physical nodes or edges. This paper presents several types of clustering methods for cyber-physical graphs of smart grid systems and their application in assessing different types of disturbances for informing cyber-physical situational awareness. The collection of these clustering techniques provide a foundational basis for cyber-physical graph interdependency analysis.
The power grid, traditionally perceived as an independent physical network has undergone a significant transformation in recent years due to its integration with cyber communication networks and modern digital components. Cyber situations, including cyber-attacks and network anomalies, can directly affect the physical operation of the grid; therefore, studying this intricate relationship between the physical and cyber systems is pivotal for enhancing the resilience and security of modern power systems. In this digest, a novel Long Short-Term Memory (LSTM)-based Autoencoder (AE) model for cyber-physical data fusion and threat detection is proposed. The scenario under consideration includes the effective detection of a physical disturbance and a Denial-of-Service (DoS) attack, which obstructs control commands during the physical disturbance in the power grid. Detailed analysis and quantitative results regarding the LSTM-based AE model's training and evaluation phases is provided, which highlight its key operation features and benefits for guaranteeing security and resilience in the power grid.
Network Operation Centers (NOCs) and Security Operation Centers (SOCs) play a critical role in addressing a wide range of threats in critical infrastructure systems such as the electric grid. However, when considering the electric grid and related industrial control systems (ICSs), visibility into the information technology (IT), operational technology (OT), and underlying physical process systems are often disconnected and standalone. As the electric grid becomes increasingly cyber-physical and faces dynamic, cyber-physical threats, it is vital that cyber-physical situational awareness (CPSA) across the interconnected system is achieved. In this paper, we review existing NOC and SOC capabilities and visualizations, motivate the need for CPSA, and define design principles with example visualizations for a next-generation grid cyber-physical integrated SOC (CP-ISOC).
As the electric grid becomes increasingly cyber-physical, it is important to characterize its inherent cyber-physical interdepedencies and explore how that characterization can be leveraged to improve grid operation. It is crucial to investigate what data features are transferred at the system boundaries, how disturbances cascade between the systems, and how planning and/or mitigation measures can leverage that information to increase grid resilience. In this paper, we explore several numerical analysis and graph decomposition techniques that may be suitable for modeling these cyber-physical system interdependencies and for understanding their significance. An augmented WSCC 9-bus cyber-physical system model is used as a small use-case to assess these techniques and their ability in characterizing different events within the cyber-physical system. These initial results are then analyzed to formulate a high-level approach for characterizing cyber-physical interdependencies.
The harmonized automatic relay mitigation of nefarious intentional events (HARMONIE) special protection scheme (SPS) was developed to provide adaptive, cyber-physical response to unpredictable disturbances in the electric grid. The HARMONIE-SPS methodology includes a machine learning classification framework that analyzes real time cyber-physical data and determines if the system is in normal conditions, cyber disturbance, physical disturbance, or cyber-physical disturbance. This classification then informs response, if needed and/or suitable, and included cyber-physical corrective actions. Beyond standard power system mitigations, a few novel approaches were developed that included a consensus algorithm-based relay voting scheme, an automated power system triggering condition and corrective action pairing algorithm, and a cyber traffic routing optimization algorithm. Both the classification and response techniques were tested within a newly integrated emulation environment composed of a real-time digital simulator (RTDS) and SCEPTREâ„¢. This report details the HARMONIE-SPS methodology, highlighting both the classification and response techniques, and the subsequent testing results from the emulation environment.
The electric grid has undergone rapid, revolutionary changes in recent years; from the addition of advanced smart technologies to the growing penetration of distributed energy resources (DERs) to increased interconnectivity and communications. However, these added communications, access interfaces, and third-party software to enable autonomous control schemes and interconnectivity also expand the attack surface of the grid. To address the gap of DER cybersecurity and secure the grid-edge to motivate a holistic, defense-in-depth approach, a proactive intrusion detection and mitigation system (PIDMS) device was developed to secure PV smart inverter communications. The PIDMS was developed as a distributed, flexible bump-in-the-wire (BITW) solution for protecting PV smart inverter communications. Both cyber (network traffic) and physical (power system measurements) are processed using network intrusion monitoring tools and custom machinelearning algorithms for deep packet analysis and cyber-physical event correlation. The PIDMS not only detects abnormal events but also deploys mitigations to limit or eliminate system impact; the PIDMS communicates with peer PIDMSs at different locations using the MQTT protocol for increased situational awareness and alerting. The details of the PIDMS methodology and prototype development are detailed in this report as well as the evaluation results within a cyber-physical emulation environment and subsequent industry feedback.
Due to the increasing complexity of energy systems and consequent increase in attack vectors, protecting the power grid from unknown disturbances and attacks using special protection schemes is crucial. In this paper, we discuss the machine learning component of the HARMONIE special protection scheme which relies on a novel combination of graph neural networks and Transformer models to jointly process cyber (network) and physical data. Our approach shows promise in detecting cyber and physical disturbances and includes the capability to identify relevant portions of the input sequence that contribute to the model's prediction. With this in place, the end goal of developing automated mitigation strategies is within reach.
Unpredictable disturbances with dynamic trajectories such as extreme weather events and cyber attacks require adaptive, cyber-physical special protection schemes to mitigate cascading impact in the electric grid. A harmonized automatic relay mitigation of nefarious intentional events (HARMONIE) special protection scheme (SPS) is being developed to address that need. However, for evaluating the HARMONIE-SPS performance in classifying system disturbances and mitigating consequences, a cyber-physical testbed is required to further development and validate the methodology. In this paper, we present a design for a co-simulation testbed leveraging the SCEPTREâ„¢ platform and the real-time digital simulator (RTDS). The integration of these two platforms is detailed, as well as the unique, specific needs for testing HARMONIE-SPS within the environment. Results are presented from tests involving a WSCC 9-bus system with different load shedding scenarios with varying cyber-physical impact.
The electric grid is becoming increasingly cyber-physical with the addition of smart technologies, new communication interfaces, and automated grid-support functions. Because of this, it is no longer sufficient to only study the physical system dynamics, but the cyber system must also be monitored as well to examine cyber-physical interactions and effects on the overall system. To address this gap for both operational and security needs, cyber-physical situational awareness is needed to monitor the system to detect any faults or malicious activity. Techniques and models to understand the physical system (the power system operation) exist, but methods to study the cyber system are needed, which can assist in understanding how the network traffic and changes to network conditions affect applications such as data analysis, intrusion detection systems (IDS), and anomaly detection. In this paper, we examine and develop models of data flows in communication networks of cyber-physical systems (CPSs) and explore how network calculus can be utilized to develop those models for CPSs, with a focus on anomaly and intrusion detection. This provides a foundation for methods to examine how changes to behavior in the CPS can be modeled and for investigating cyber effects in CPSs in anomaly detection applications.
Distributed controllers play a prominent role in electric power grid operation. The coordinated failure or malfunction of these controllers is a serious threat, where the resulting mechanisms and consequences are not yet well-known and planned against. If certain controllers are maliciously compromised by an adversary, they can be manipulated to drive the system to an unsafe state. The authors present a strategy for distributed controller defence (SDCD) for improved grid tolerance under conditions of distributed controller compromise. The work of the authors’ first formalises the roles that distributed controllers play and their control support groups using controllability analysis techniques. With these formally defined roles and groups, the authors then present defence strategies for maintaining or regaining system control during such an attack. A general control response framework is presented here for the compromise or failure of distributed controllers using the remaining, operational set. The SDCD approach is successfully demonstrated with a 7-bus system and the IEEE 118-bus system for single and coordinated distributed controller compromise; the results indicate that SDCD is able to significantly reduce system stress and mitigate compromise consequences.
Traditional protective relay voting schemes utilize simple logic to achieve confidence in relay trip actions. However, the smart grid is rapidly evolving and there are new needs for a next-generation relay voting scheme. In such new schemes, aspects such as inter-relay relationships and out-of-band data can be included. In this work, we explore the use of consensus algorithms and how they can be utilized for groups of relays to vote on system protection actions and also reach consensus on the values of variables in the system. A proposed design is explored with a simple case study with two different scenarios, including simulation in PowerWorld Simulator, to demonstrate the consensus algorithm benefits and future directions are discussed.
The electric grid is rapidly being modernized with novel technologies, adaptive and automated grid-support functions, and added connectivity with internet-based communications and remote interfaces. These advancements render the grid increasingly 'smart' and cyber-physical, but also broaden the vulnerability landscape and potential for malicious, cascading disturbances. The grid must be properly defended with security mechanisms such as intrusion detection systems (IDSs), but these tools must account for power system behavior as well as network traffic to be effective. In this paper, we present a cyber-physical IDS, the proactive intrusion detection and mitigation system (PIDMS), that analyzes both cyber and physical data streams in parallel, detects intrusion, and deploys proactive response. We demonstrate the PIDMS with an exemplar case study exploring a packet replay attack scenario focused on photovoltaic inverter communications; the scenario is tested with an emulated, cyber-physical grid environment with hardware-in-the-loop inverters.
Recent trends in the growth of distributed energy resources (DER) in the electric grid and newfound malware frameworks that target internet of things (IoT) devices is driving an urgent need for more reliable and effective methods for intrusion detection and prevention. Cybersecurity intrusion detection systems (IDSs) are responsible for detecting threats by monitoring and analyzing network data, which can originate either from networking equipment or end-devices. Creating intrusion detection systems for PV/DER networks is a challenging undertaking because of the diversity of the attack types and intermittency and variability in the data. Distinguishing malicious events from other sources of anomalies or system faults is particularly difficult. New approaches are needed that not only sense anomalies in the power system but also determine causational factors for the detected events. In this report, a range of IDS approaches were summarized along with their pros and cons. Using the review of IDS approaches and subsequent gap analysis for application to DER systems, a preliminary hybrid IDS approach to protect PV/DER communications is formed in the conclusion of this report to inform ongoing and future research regarding the cybersecurity and resilience enhancement of DER systems.
Special protection schemes (SPSs) safeguard the grid by detecting predefined abnormal conditions and deploying predefined corrective actions. Utilities leverage SPSs to maintain stability, acceptable voltages, and loading limits during disturbances. However, traditional SPSs cannot defend against unpredictable disturbances. Events such as cyber attacks, extreme weather, and electromagnetic pulses have unpredictable trajectories and require adaptive response. Therefore, we propose a harmonized automatic relay mitigation of nefarious intentional events (HARMONIE)-SPS that learns system conditions, mitigates cyber-physical consequences, and preserves grid operation during both predictable and unpredictable disturbances. In this paper, we define the HARMONIE-SPS approach, detail progress on its development, and provide initial results using a WSCC 9-bus system.
Networked microgrids are clusters of geographically-close, islanded microgrids that can function as a single, aggregate island. This flexibility enables customer-level resilience and reliability improvements during extreme event outages and also reduces utility costs during normal grid operations. To achieve this cohesive operation, microgrid controllers and external connections (including advanced communication protocols, protocol translators, and/or internet connection) are needed. However, these advancements also increase the vulnerability landscape of networked microgrids, and significant consequences could arise during networked operation, increasing cascading impact. To address these issues, this report seeks to understand the unique components, functions, and communications within networked microgrids and what cybersecurity solutions can be implemented and what solutions need to be developed. A literature review of microgrid cybersecurity research is provided and a gap analysis of what is additionally needed for securing networked microgrids is performed. Relevant cyber hygiene and best practices to implement are provided, as well as ideas on how cybersecurity can be integrated into networked microgrid design. Lastly, future directions of networked microgrid cybersecurity R&D are provided to inform next steps.
To combat dynamic, cyber-physical disturbances in the electric grid, online and adaptive remedial action schemes (RASs) are needed to achieve fast and effective response. However, a major challenge lies in reducing the computational burden of analyses needed to inform selection of appropriate controls. This paper proposes the use of a role and interaction discovery (RID) algorithm that leverages control sensitivities to gain insight into the controller roles and support groups. Using these results, a procedure is developed to reduce the control search space to reduce computation time while achieving effective control response. A case study is presented that considers corrective line switching to mitigate geomagnetically induced current (GIC) -saturated reactive power losses in a 20-bus test system. Results demonstrated both significant reduction of both the control search space and reactive power losses using the RID approach.
The constantly evolving nature of the grid is compelling the design process of Remedial Action Schemes (RAS) to keep up with the changes. This document proposes a flexible and computationally efficient approach to automatically determine RAS corrective actions that alleviate line overloading violations. Statistical and functional characteristics summarized from RAS implemented in real power systems are used to guide the design parameters. This report also leverages sensitivity-based techniques to determine corrective actions for specific contingencies quickly without repeated numerical simulations. Finally, future directions for implementing this approach for a fully automated, online RAS are discussed.
The benefits and risks associated with Volt-Var Curve (VVC) control for management of voltages in electric feeders with distributed, roof-top photovoltaic (PV) can be defined using a stochastic hosting capacity analysis methodology. Although past work showed that a PV inverter's reactive power can improve grid voltages for large PV installations, this study adds to the past research by evaluating the control method's impact (both good and bad) when deployed throughout the feeder within small, distributed PV systems. The stochastic hosting capacity simulation effort iterated through hundreds of load and PV generation scenarios and various control types. The simulations also tested the impact of VVCs with tampered settings to understand the potential risks associated with a cyber-attack on all of the PV inverters scattered throughout a feeder. The simulation effort found that the VVC can have an insignificant role in managing the voltage when deployed in distributed roof-top PV inverters. This type of integration strategy will result in little to no harm when subjected to a successful cyber-attack that alters the VVC settings.
The penetration of Internet-of-Things (IoT) devices in the electric grid is growing at a rapid pace; from smart meters at residential homes to distributed energy resource (DER) system technologies such as smart inverters, various devices are being integrated into the grid with added connectivity and communications. Furthermore, with these increased capabilities, automated grid-support functions, demand response, and advanced communication-assisted control schemes are being implemented to improve the operation of the grid. These advancements render our power systems increasingly cyber-physical. It is no longer sufficient to only focus on the physical interactions, especially when implementing cybersecurity mechanisms such as intrusion detection systems (IDSs) and mitigation schemes that need to access both cyber and physical data. This new landscape necessitates novel methods and technologies to successfully interact and understand the overall cyber-physical system. Specifically, this paper will investigate the need and definition of cyber-physical observability for the grid.
Reducing the risk of cyber-attacks that affect the confidentiality, integrity, and availability of distributed Photovoltaic (PV) inverters requires the implementation of an Intrusion Detection System (IDS) at the grid-edge. Often, IDSs use signature or behavior-based analytics to identify potentially harmful anomalies. In this work, the two approaches are deployed and tested on a small, single-board computer; the computer is setup to monitor and detect malevolent traffic in-between an aggregator and a single PV inverter. The Snort, signature-based, analysis tool detected three of the five attack scenarios. The behavior-based analysis, which used an Adaptive Resonance Theory Artificial Neural Network, successfully identified four out of the five attacks. Each of the approaches ran on the single-board computer and decreased the chances of an undetected breach in the PV inverters control system.
This document will detail a field demonstration test procedure for the Module OT device developed for the joint NREL-SNL DOE CEDS project titled "Modular Security Apparatus for Managing Distributed Cryptography for Command & Control Messages on Operational Technology (OT) Networks." The aim of this document is to create the testing and evaluation procedure for field demonstration of the device; this includes primarily functional testing and implementation testing at Public Service Company of New Mexico's (PNM's) Prosperity solar site environment. Specifically, the Module OT devices will be integrated into the Prosperity solar site system; traffic will be encrypted between several points of interest at the site (e.g., inverter micrologger and switch). The tests described in this document will be performed to assess the impact and effectiveness of the encryption capabilities provided by the Module OT device.
The grid of the future will integrate various distributed energy resources (DERs), microgrids, and other new technologies that will revolutionize our energy delivery systems. These technologies, as well as proposed grid-support functions, require inverter-based systems to achieve incorporation into the overall system(s). However, the presence of inverters and other power electronics changes the behavior of the grid and renders many traditional tools and algorithms less effective. An inverter is typically designed to limit its own current output to avoid overloading. This can result in both voltage collapse at the inverter output and limited energy being delivered during a fault so that protective relays cannot respond properly. To avoid sustained faults and unnecessary loss of service, it is proposed that either supercapacitor or flywheel energy storage be utilized to energize faults upon overload of the inverter to achieve fault current correction. This paper will discuss these challenges for inverter-based system fault detection, explore fault current correction strategies, and provide MATLAB/Simulink simulation results comparing the effectiveness of each strategy.
As the power grid incorporates increasing amounts of distributed energy resources (DER) that provide new generation sources, new opportunities are created for improving operation of the grid while large challenges also arise for preserving grid reliability and security. To improve grid performance, DERs can be utilized to provide important support functionality, such as supporting frequency and voltage levels, especially if they are assisted by communication schemes as part of an advanced distribution management system (ADMS). Unfortunately, such connectivity and grid support functionality also creates additional cyber security risk with the potential for degradation of grid services, especially under conditions with high amounts of distributed generation. This paper will first discuss the communications needed by DERs to support system and interoperability objectives, as well as the security requirements and impact of securing these communications. Some common security mechanisms are discussed in relation to DERs, and a simulated 15-bus model of a distribution feeder is used to demonstrate aspects of the DER communications and impact to grid performance. These results help to advance understanding of the benefits, requirements, and mechanisms for securely implementing DER communications while ensuring that grid reliability is maintained.
The integration of communication-enabled grid-support functions in distributed energy resources (DER) and other smart grid features will increase the U.S. power grid's exposure to cyber-physical attacks. Unwanted changes in DER system data and control signals can damage electrical infrastructure and lead to outages. To protect against these threats, intrusion detection systems (IDSs) can be deployed, but their implementation presents a unique set of challenges in industrial control systems (ICSs), New approaches need to be developed that not only sense cyber anomalies, but also detect undesired physical system behaviors. For DER systems, a combination of cyber security data and power system and control information should be collected by the IDS to provide insight into the nature of an anomalous event. This allows joint forensic analysis to be conducted to reveal any relationships between the observed cyber and physical events. In this paper, we propose a hybrid IDS approach that monitors and evaluates both physical and cyber network data in DER systems, and present a series of scenarios to demonstrate how our approach enables the cyber-physical IDS to achieve more robust identification and mitigation of malicious events on the DER system.
This document will detail a test procedure, involving bench and emulation testing, for the Module OT device developed for the joint NREL-SNL DOE CEDS project titled "Modular Security Apparatus for Managing Distributed Cryptography for Command & Control Messages on Operational Technology (OT) Networks." The aim of this document is to create the testing and evaluation protocol for the module for lab-level testing; this includes checklists and experiments for information gathering, functional testing, cryptographic implementation, public key infrastructure, key exchange/authentication, encryption, and implementation testing in the emulation environment.
This is a review of existing microgrid design tool capabilities, such as the Microgrid Design Tool (MDT), LANL PNNL NRECA Optimal Resilience Model (LPNORM), Distributed Energy Resource-Customer Adoption Model (DER-CAM), Renewable Energy Optimization (REopt), and the Hybrid Optimization Model for Multiple Energy Resources (HOMER). Additionally, other simulation and analysis tools which may provide fundamental support will be examined. These will include GridLAB-DTM, OpenDSS, and the hierarchical Engine for Large-scale Infrastructure Co-Simulation (HELICS). Their applicability to networked microgrid operations will be evaluated, and strengths and gaps of existing tools will be identified. This review will help to determine which elements of the proposed optimal design and operations (OD&D) tool should be formulated from first principles, and which elements should be integrated from past DOE investments.
Control systems for critical infrastructure are becoming increasingly interconnected while cyber threats against critical infrastructure are becoming more sophisticated and difficult to defend against. Historically, cyber security has emphasized building defenses to prevent loss of confidentiality, integrity, and availability in digital information and systems, but in recent years cyber attacks have demonstrated that no system is impenetrable and that control system operation may be detrimentally impacted. Cyber resilience has emerged as a complementary priority that seeks to ensure that digital systems can maintain essential performance levels, even while capabilities are degraded by a cyber attack. This paper examines how cyber security and cyber resilience may be measured and quantified in a control system environment. Load Frequency Control is used as an illustrative example to demonstrate how cyber attacks may be represented within mathematical models of control systems, to demonstrate how these events may be quantitatively measured in terms of cyber security or cyber resilience, and the differences and similarities between the two mindsets. These results demonstrate how various metrics are applied, the extent of their usability, and how it is important to analyze cyber-physical systems in a comprehensive manner that accounts for all the various parts of the system.
In designing a security module for inverter communications in a DER environment, it is critical to consider the impact of the additional security on the environment as well as what types of security is required for the various messages that must pass from the inverter to and from a utility. Also, since cyber security is more than just preventing an unauthorized user from viewing data, mechanisms for proving identity and ensuring that data cannot be altered without such a modification being discovered are needed. This is where the security principles of confidentiality, integrity, and availability come into play. For different types of communications, these different security principles may be important or not needed at all. Furthermore, the cost and constraints for applying cryptography for securing DER communications must be considered to help determine what is feasible within this environment and what will be the impact and cost of applying common cryptographic protections to inverter communications.
Penetration of distributed energy resources (DERs) is rapidly increasing in the bulk power system (BPS); they are growing to be a significant portion of generation. As such, grid-support capabilities are being developed and implemented; IEEE Std. 1547 mandates new interconnection and interoperability standards to achieve these capabilities and allow remote users to change behaviors to many devices. However, as their presence increases, the impact of DERs on the BPS also increases. Therefore, if a disturbance occurs in the DER system, its effects could propagate throughout the BPS. These disturbances could range from equipment malfunctions to resource variability to cyber attacks. This document will discuss general requirements needed for developing a distributed cryptography module for implementation in DER systems. First, we will examine the composition of DER systems in Section 2. Procedures to identify critical assets and the security of DERs is discussed in Section 3. Section 4 introduces cryptography concepts and Section 5 discusses implementation needs and options. Finally, practical considerations are provided in Section 6 and conclusions are provided in Section 7.
Penetration of distributed energy resources (DERs) is rapidly increasing in the bulk power system (BPS); they are growing to be a significant portion of generation. As such, grid-support capabilities are being developed and implemented. However, as their presence increases, the impact of DERs on the BPS also increases. Therefore, if a disturbance occurs in the DER system, its effects could propagate throughout the BPS. These disturbances could range from equipment malfunctions to resource variability to cyber attacks.