Recently, smart grid cyber-security has come to the forefront of national security priorities. Several power system anomalies have been attributed to cyber-attacks, highlighting the importance of research on the impact of new kinds of attacks on complex power systems. Nation states and utilities are increasingly concerned about power system integrity, privacy and confidentiality. Recently, the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) reported that among the 245 cyber incidents across all sectors of the critical infrastructure in the fiscal year 2014, the majority (32% or 79 incidents) were in the energy sector. In today’s smart grid, the physical energy system and the information and communications technology based cyber system are highly coupled which introduces new security threats.
I am motivated to investigate the new security threats and vulnerabilities of a modernised energy grid and to provide effective solutions towards making the grid more secured. Some of my research works on smart grid cyber security is outlined below:
1. Data Injection (Integrity) Attacks
The state estimator (SE) is a key operational module used in a smart grid energy management system (EMS) to estimate the power system states (e.g., voltage magnitudes and angles) from sensor measurements by minimizing estimation error. A bad data detector module (BDD) works in conjunction with the SE module to identify any anomalies in the measurement data. Recent studies have revealed that these critical operational modules (e.g., SE and BDD) are vulnerable to a class of cyber-attack, known as a false data injection (FDI) attack. Existing research works have shown that an attacker can construct a stealthy FDI attack that cannot be detected by traditional anomaly detection modules (BDD) of an EMS.
Existing attack strategies require the system Jacobian matrix H or the grid topological connectivity information. In practice, it is very difficult to obtain the information of H matrix or topological connectivity information as it requires to gain insider access. Moreover, historically obtained information may be outdated if system configuration is changed.
In our approach, we provide an alternative measurement data-driven technique which does not need the system Jacobian nor the connectivity information but generates stealthy injection attacks. The overall architecture of measurement signal based false injection attack is demonstrated in the figure below.
More information on data injection or integrity attacks can be obtained from the following publications:
Several smart grid modules require the topological information of the physical energy grid as input to make critical operational and planning decisions. For example, operational modules like state estimators also require grid topology to be known to calculate operational states of the system. Although the information of grid topology is heavily used for planning and operational purpose by the power system operators, any illegitimate access of such information by an adversary can cause significant threat to the power delivery and the critical infrastructures.
Traditionally, smart grid operation centre has topology-processor which is responsible to keep track the network topology changes. The topology processor starts with a static grid connectivity model either imported from the geographical information system or obtained from the repository, then dynamically updates the connectivity based on the measurements from Supervisory Control and Data Acquisition (SCADA) system. Although a good number of research has been performed focusing different aspects of topology processing, very few addresses blind estimation of smart grid topology. By saying blind estimation, we refer that the estimation method depends only on the measurement data and does not depend on other information (e.g., knowledge of power system states). Based on the structural properties of the topology matrix (i.e., positive semi-definiteness, null space and symmetric property), the joint estimation of system state and topology matrix are formulated as a constraint optimization problem and solved using ADMM. Performance of grid topology estimation using IEEE 14 bus is demonstrated in the figure below:
Fig. Visual comparison between the original and the estimated grid topologies of IEEE 14 bus system
Fig. Topology estimation performance, (a) The original topology matrix, (b) Estimated topology matrix using the proposed method with improved initialization, (c) Estimated topology matrix using pricing data from existing literature, (d) Estimated topology matrix using the proposed method with random initialization (see details in our paper with ref.)
Related published work:
Anomaly detection is an important data analysis task.The main objective of anomaly detection is to detectanomalous or abnormal data from a given dataset. This is an interesting area of data mining research which involves discovering new and rare patterns from a dataset. Anomaly detection has been widely studied in statistics and machine learning. It is also known as outlier detection, novelty detection, deviation detection and exception mining. In our work, we have developed anomaly detection frameworks using both supervised (e.g., support vector machine) and unsupervised techniques for energy grid to SCADA systems.
In one of our work, we have considered a problem where anomalies of an energy grid database is detected using a novel graph matching approach. Performance is demonstrated in the figure below:
More information on anomaly detection for smart grid/SCADA system can be obtained from our following published papers: