Cyber Security

Recently, smart grid cyber-security has come to the forefront of national security priorities. Several power system anomalies have been attributed to cyber-attacks, highlighting the importance of research on the impact of new kinds of attacks on complex power systems. Nation states and utilities are increasingly concerned about power system integrity, privacy and confidentiality. Recently, the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) reported that among the 245 cyber incidents across all sectors of the critical infrastructure in the fiscal year 2014, the majority (32% or 79 incidents) were in the energy sector. In today’s smart grid, the physical energy system and the information and communications technology based cyber system are highly coupled which introduces new security threats.

I am motivated to investigate the new security threats and vulnerabilities of a modernised energy grid and to provide effective solutions towards making the grid more secured. Some of my research works on smart grid cyber security is outlined below:

1. Data Injection (Integrity) Attacks

The state estimator (SE) is a key operational module used in a smart grid energy management system (EMS) to estimate the power system states (e.g., voltage magnitudes and angles) from sensor measurements by minimizing estimation error. A bad data detector module (BDD) works in conjunction with the SE module to identify any anomalies in the measurement data. Recent studies have revealed that these critical operational modules (e.g., SE and BDD) are vulnerable to a class of cyber-attack, known as a false data injection (FDI) attack. Existing research works have shown that an attacker can construct a stealthy FDI attack that cannot be detected by traditional anomaly detection modules (BDD) of an EMS.

Existing attack strategies require the system Jacobian matrix H or the grid topological connectivity information. In practice, it is very difficult to obtain the information of H matrix or topological connectivity information as it requires to gain insider access. Moreover, historically obtained information may be outdated if system configuration is changed.

In our approach, we provide an alternative measurement data-driven technique which does not need the system Jacobian nor the connectivity information but generates stealthy injection attacks. The overall architecture of measurement signal based false injection attack is demonstrated in the figure below.

More information on data injection or integrity attacks can be obtained from the following publications:

1. Adnan Anwar, Abdun Naser Mahmood, and Mark Pickering, "Modeling and performance evaluation of stealthy false data injection attacks on smart grid in the presence of corrupted measurements," in Journal of Computer and System Sciences, Volume 83, Issue 1, February 2017, Pages 58-72.
2. Anwar, A., Mahmood, A. N., and Tari, Z., "Identification of vulnerable node clusters against false data injection attack in an AMI based Smart Grid," in Information Systems, Elsevier, 2015.
3. Anwar, A., and Mahmood, A. N., "Cyber Security of Smart Grid Infrastructure," The State of the Art in Intrusion Prevention and Detection. CRC Press, USA, 2014.
4. Anwar, A., and Mahmood, A. N., "Vulnerabilities of Smart Grid State Estimation Against False Data Injection Attack, Renewable Energy Integration," Springer, 2014.
5. A. Anwar and A. N. Mahmood, "Stealthy and blind false injection attacks on SCADA EMS in the presence of gross errors," 2016 IEEE Power and Energy Society General Meeting (PESGM), Boston, MA, 2016. (Flagship Conference In Power and Energy Society)
6. Adnan Anwar, Abdun Naser Mahmood, and Mark Pickering, "Data-Driven Stealthy Injection Attacks on Smart Grid with Incomplete Measurements," In Intelligence and Security Informatics, LNCS, Springer, 2016.

2. Revealing energy grid topology from measurement data

Several smart grid modules require the topological information of the physical energy grid as input to make critical operational and planning decisions. For example, operational modules like state estimators also require grid topology to be known to calculate operational states of the system. Although the information of grid topology is heavily used for planning and operational purpose by the power system operators, any illegitimate access of such information by an adversary can cause significant threat to the power delivery and the critical infrastructures.

Traditionally, smart grid operation centre has topology-processor which is responsible to keep track the network topology changes. The topology processor starts with a static grid connectivity model either imported from the geographical information system or obtained from the repository, then dynamically updates the connectivity based on the measurements from Supervisory Control and Data Acquisition (SCADA) system. Although a good number of research has been performed focusing different aspects of topology processing, very few addresses blind estimation of smart grid topology. By saying blind estimation, we refer that the estimation method depends only on the measurement data and does not depend on other information (e.g., knowledge of power system states). Based on the structural properties of the topology matrix (i.e., positive semi-definiteness, null space and symmetric property), the joint estimation of system state and topology matrix are formulated as a constraint optimization problem and solved using ADMM. Performance of grid topology estimation using IEEE 14 bus is demonstrated in the figure below:

Fig. Visual comparison between the original and the estimated grid topologies of IEEE 14 bus system

Fig. Topology estimation performance, (a) The original topology matrix, (b) Estimated topology matrix using the proposed method with improved initialization, (c) Estimated topology matrix using pricing data from existing literature, (d) Estimated topology matrix using the proposed method with random initialization (see details in our paper with ref.)

Related published work:

• A. Anwar, A. Mahmood and M. Pickering, "Estimation of smart grid topology using SCADA measurements," IEEE International Conference on Smart Grid Communications (SmartGridComm), Sydney, Australia, 2016.

3. Development of Anomaly detection system

Anomaly detection is an important data analysis task.The main objective of anomaly detection is to detectanomalous or abnormal data from a given dataset. This is an interesting area of data mining research which involves discovering new and rare patterns from a dataset. Anomaly detection has been widely studied in statistics and machine learning. It is also known as outlier detection, novelty detection, deviation detection and exception mining. In our work, we have developed anomaly detection frameworks using both supervised (e.g., support vector machine) and unsupervised techniques for energy grid to SCADA systems.

In one of our work, we have considered a problem where anomalies of an energy grid database is detected using a novel graph matching approach. Performance is demonstrated in the figure below:

More information on anomaly detection for smart grid/SCADA system can be obtained from our following published papers:

1. Anwar, A., Mahmood, and A. N., "Anomaly detection in electric network database of smart grid: Graph matching approach," in Electric Power Systems Research, Elsevier, Volume 133, April 2016, Pages 51-62.
2. Ahmed, M., Anwar, A., Mahmood, A., Shah, Z., and Maher, M. J., "An Investigation of Performance Analysis of Anomaly Detection Techniques for Big Data in SCADA Systems," EAI Transactions on Industrial Networks and Intelligent Systems, 2015.
3. Adnan Anwar, Abdun Naser Mahmood, and Zubair Shah, "A Data-Driven Approach to Distinguish Cyber-Attacks from Physical Faults in a Smart Grid," In Proceedings of the 24th ACM International on Conference on Information and Knowledge Management (CIKM '15). ACM, New York, NY, USA