To combat dynamic, cyber-physical disturbances in the electric grid, online and adaptive remedial action schemes (RASs) are needed to achieve fast and effective response. However, a major challenge lies in reducing the computational burden of analyses needed to inform selection of appropriate controls. This paper proposes the use of a role and interaction discovery (RID) algorithm that leverages control sensitivities to gain insight into the controller roles and support groups. Using these results, a procedure is developed to reduce the control search space to reduce computation time while achieving effective control response. A case study is presented that considers corrective line switching to mitigate geomagnetically induced current (GIC) -saturated reactive power losses in a 20-bus test system. Results demonstrated both significant reduction of both the control search space and reactive power losses using the RID approach.
The constantly evolving nature of the grid is compelling the design process of Remedial Action Schemes (RAS) to keep up with the changes. This document proposes a flexible and computationally efficient approach to automatically determine RAS corrective actions that alleviate line overloading violations. Statistical and functional characteristics summarized from RAS implemented in real power systems are used to guide the design parameters. This report also leverages sensitivity-based techniques to determine corrective actions for specific contingencies quickly without repeated numerical simulations. Finally, future directions for implementing this approach for a fully automated, online RAS are discussed.
The benefits and risks associated with Volt-Var Curve (VVC) control for management of voltages in electric feeders with distributed, roof-top photovoltaic (PV) can be defined using a stochastic hosting capacity analysis methodology. Although past work showed that a PV inverter's reactive power can improve grid voltages for large PV installations, this study adds to the past research by evaluating the control method's impact (both good and bad) when deployed throughout the feeder within small, distributed PV systems. The stochastic hosting capacity simulation effort iterated through hundreds of load and PV generation scenarios and various control types. The simulations also tested the impact of VVCs with tampered settings to understand the potential risks associated with a cyber-attack on all of the PV inverters scattered throughout a feeder. The simulation effort found that the VVC can have an insignificant role in managing the voltage when deployed in distributed roof-top PV inverters. This type of integration strategy will result in little to no harm when subjected to a successful cyber-attack that alters the VVC settings.
The penetration of Internet-of-Things (IoT) devices in the electric grid is growing at a rapid pace; from smart meters at residential homes to distributed energy resource (DER) system technologies such as smart inverters, various devices are being integrated into the grid with added connectivity and communications. Furthermore, with these increased capabilities, automated grid-support functions, demand response, and advanced communication-assisted control schemes are being implemented to improve the operation of the grid. These advancements render our power systems increasingly cyber-physical. It is no longer sufficient to only focus on the physical interactions, especially when implementing cybersecurity mechanisms such as intrusion detection systems (IDSs) and mitigation schemes that need to access both cyber and physical data. This new landscape necessitates novel methods and technologies to successfully interact and understand the overall cyber-physical system. Specifically, this paper will investigate the need and definition of cyber-physical observability for the grid.
Reducing the risk of cyber-attacks that affect the confidentiality, integrity, and availability of distributed Photovoltaic (PV) inverters requires the implementation of an Intrusion Detection System (IDS) at the grid-edge. Often, IDSs use signature or behavior-based analytics to identify potentially harmful anomalies. In this work, the two approaches are deployed and tested on a small, single-board computer; the computer is setup to monitor and detect malevolent traffic in-between an aggregator and a single PV inverter. The Snort, signature-based, analysis tool detected three of the five attack scenarios. The behavior-based analysis, which used an Adaptive Resonance Theory Artificial Neural Network, successfully identified four out of the five attacks. Each of the approaches ran on the single-board computer and decreased the chances of an undetected breach in the PV inverters control system.
This document will detail a field demonstration test procedure for the Module OT device developed for the joint NREL-SNL DOE CEDS project titled "Modular Security Apparatus for Managing Distributed Cryptography for Command & Control Messages on Operational Technology (OT) Networks." The aim of this document is to create the testing and evaluation procedure for field demonstration of the device; this includes primarily functional testing and implementation testing at Public Service Company of New Mexico's (PNM's) Prosperity solar site environment. Specifically, the Module OT devices will be integrated into the Prosperity solar site system; traffic will be encrypted between several points of interest at the site (e.g., inverter micrologger and switch). The tests described in this document will be performed to assess the impact and effectiveness of the encryption capabilities provided by the Module OT device.
The grid of the future will integrate various distributed energy resources (DERs), microgrids, and other new technologies that will revolutionize our energy delivery systems. These technologies, as well as proposed grid-support functions, require inverter-based systems to achieve incorporation into the overall system(s). However, the presence of inverters and other power electronics changes the behavior of the grid and renders many traditional tools and algorithms less effective. An inverter is typically designed to limit its own current output to avoid overloading. This can result in both voltage collapse at the inverter output and limited energy being delivered during a fault so that protective relays cannot respond properly. To avoid sustained faults and unnecessary loss of service, it is proposed that either supercapacitor or flywheel energy storage be utilized to energize faults upon overload of the inverter to achieve fault current correction. This paper will discuss these challenges for inverter-based system fault detection, explore fault current correction strategies, and provide MATLAB/Simulink simulation results comparing the effectiveness of each strategy.
As the power grid incorporates increasing amounts of distributed energy resources (DER) that provide new generation sources, new opportunities are created for improving operation of the grid while large challenges also arise for preserving grid reliability and security. To improve grid performance, DERs can be utilized to provide important support functionality, such as supporting frequency and voltage levels, especially if they are assisted by communication schemes as part of an advanced distribution management system (ADMS). Unfortunately, such connectivity and grid support functionality also creates additional cyber security risk with the potential for degradation of grid services, especially under conditions with high amounts of distributed generation. This paper will first discuss the communications needed by DERs to support system and interoperability objectives, as well as the security requirements and impact of securing these communications. Some common security mechanisms are discussed in relation to DERs, and a simulated 15-bus model of a distribution feeder is used to demonstrate aspects of the DER communications and impact to grid performance. These results help to advance understanding of the benefits, requirements, and mechanisms for securely implementing DER communications while ensuring that grid reliability is maintained.
This document will detail a test procedure, involving bench and emulation testing, for the Module OT device developed for the joint NREL-SNL DOE CEDS project titled "Modular Security Apparatus for Managing Distributed Cryptography for Command & Control Messages on Operational Technology (OT) Networks." The aim of this document is to create the testing and evaluation protocol for the module for lab-level testing; this includes checklists and experiments for information gathering, functional testing, cryptographic implementation, public key infrastructure, key exchange/authentication, encryption, and implementation testing in the emulation environment.
The integration of communication-enabled grid-support functions in distributed energy resources (DER) and other smart grid features will increase the U.S. power grid's exposure to cyber-physical attacks. Unwanted changes in DER system data and control signals can damage electrical infrastructure and lead to outages. To protect against these threats, intrusion detection systems (IDSs) can be deployed, but their implementation presents a unique set of challenges in industrial control systems (ICSs), New approaches need to be developed that not only sense cyber anomalies, but also detect undesired physical system behaviors. For DER systems, a combination of cyber security data and power system and control information should be collected by the IDS to provide insight into the nature of an anomalous event. This allows joint forensic analysis to be conducted to reveal any relationships between the observed cyber and physical events. In this paper, we propose a hybrid IDS approach that monitors and evaluates both physical and cyber network data in DER systems, and present a series of scenarios to demonstrate how our approach enables the cyber-physical IDS to achieve more robust identification and mitigation of malicious events on the DER system.
This is a review of existing microgrid design tool capabilities, such as the Microgrid Design Tool (MDT), LANL PNNL NRECA Optimal Resilience Model (LPNORM), Distributed Energy Resource-Customer Adoption Model (DER-CAM), Renewable Energy Optimization (REopt), and the Hybrid Optimization Model for Multiple Energy Resources (HOMER). Additionally, other simulation and analysis tools which may provide fundamental support will be examined. These will include GridLAB-DTM, OpenDSS, and the hierarchical Engine for Large-scale Infrastructure Co-Simulation (HELICS). Their applicability to networked microgrid operations will be evaluated, and strengths and gaps of existing tools will be identified. This review will help to determine which elements of the proposed optimal design and operations (OD&D) tool should be formulated from first principles, and which elements should be integrated from past DOE investments.
Control systems for critical infrastructure are becoming increasingly interconnected while cyber threats against critical infrastructure are becoming more sophisticated and difficult to defend against. Historically, cyber security has emphasized building defenses to prevent loss of confidentiality, integrity, and availability in digital information and systems, but in recent years cyber attacks have demonstrated that no system is impenetrable and that control system operation may be detrimentally impacted. Cyber resilience has emerged as a complementary priority that seeks to ensure that digital systems can maintain essential performance levels, even while capabilities are degraded by a cyber attack. This paper examines how cyber security and cyber resilience may be measured and quantified in a control system environment. Load Frequency Control is used as an illustrative example to demonstrate how cyber attacks may be represented within mathematical models of control systems, to demonstrate how these events may be quantitatively measured in terms of cyber security or cyber resilience, and the differences and similarities between the two mindsets. These results demonstrate how various metrics are applied, the extent of their usability, and how it is important to analyze cyber-physical systems in a comprehensive manner that accounts for all the various parts of the system.
In designing a security module for inverter communications in a DER environment, it is critical to consider the impact of the additional security on the environment as well as what types of security is required for the various messages that must pass from the inverter to and from a utility. Also, since cyber security is more than just preventing an unauthorized user from viewing data, mechanisms for proving identity and ensuring that data cannot be altered without such a modification being discovered are needed. This is where the security principles of confidentiality, integrity, and availability come into play. For different types of communications, these different security principles may be important or not needed at all. Furthermore, the cost and constraints for applying cryptography for securing DER communications must be considered to help determine what is feasible within this environment and what will be the impact and cost of applying common cryptographic protections to inverter communications.