Sensor attacks on grid-tie photovoltaic (PV) inverters can cause severe damage. Considering uncertain environments and unknown model mismatches, real-time estimation and defense for sensor attacks on actual PV inverters are challenging. In this article, we propose an optimization-driven robust estimator within the attack frequency range using the H_∞ index, while the model mismatch effect on estimation is also minimized. To improve the real-time response under varying environments, an analytical solution from a convex quadratic programming reformulation is constructed. Guided by the estimation, we further develop a closed-loop compensation strategy with a tracking controller and a low-pass filter. Through code porting, our proposed defense strategy has been implemented in a microcommercial PV inverter. Hardware implementations show that our defense approach can effectively mitigate sensor attacks and maintain stable inverter operation.

@en

The main objective of this article is to develop scalable dynamic anomaly detectors with high-fidelity simulators of power systems. On the one hand, models in high-fidelity simulators are typically 'intractable' if one opts to describe them in a mathematical formulation in order to apply existing model-based approaches from the anomaly detection literature. On the other hand, pure data-driven methods developed primarily in the machine learning literature neglect our knowledge about the underlying dynamics of power systems. In this study, we combine tools from these two mainstream approaches to develop a data-assisted model-based diagnosis filter utilizing both the knowledge from a picked abstract model and also the data of simulation results from high-fidelity simulators. The proposed diagnosis filter aims to achieve two desired features: (i) performance robustness with respect to model mismatch; (ii) high scalability. To this end, we propose a tractable (convex) optimization-based reformulation in which decisions are the filter parameters, the model-based information introduces feasible sets, and the data from the simulator forms the objective function to-be-minimized regarding the effect of model mismatch on the filter performance. To validate the theoretical results, we implement the developed diagnosis filter in DIgSILENT PowerFactory to detect false data injection attacks on the Automatic Generation Control measurements in the three-area IEEE 39-bus system.

@en

Equilibrium analysis has been widely studied as an effective tool to model gaming interactions and predict market results. However, as competition modes are fundamentally changed by the decarbonization and decentralization of power systems, analysis techniques must evolve. This article comprehensively reviews recent developments in modelling methods, practical settings and solution techniques in equilibrium analysis. Firstly, we review equilibrium in the evolving wholesale power markets which feature new entrants, novel trading products and multi-stage clearing. Secondly, the competition modes in the emerging distribution market and distributed resource aggregation are reviewed, and we compare peer-to-peer clearing, cooperative games and Stackelberg games. Furthermore, we summarize the methods to treat various information acquisition degrees, risk preferences and rationalities of market participants. To deal with increasingly complex market settings, this review also covers refined analytical techniques and agent-based models used to compute the equilibrium. Finally, based on this review, this paper summarizes key issues in the gaming and equilibrium analysis in power markets under decarbonization and decentralization. @en

This paper proposes a novel application for the optimal Linear Quadratic Gaussian (LQG) servo controller to enable a proper coordination of the AC/HVDC interconnected system with Virtual Synchronous Power (VSP) based inertia emulation. Particularly, the proposed control design takes the process disturbances and measurement noise of the studied VSP-HVDC system into account, while few studies have focused on this perspective. The proposed LQG controller with modifications is designed by means of a combination of Kalman Filter (state estimator) and an added Linear Quadratic Integrator (LQI) to observe the system model's states and track the reference commands while rejecting the effects of system noise. Besides, we utilize a swarm-based optimization algorithm to operate as the search process for the tuning of the elements in the weighting matrices involved in the controller design. The role of the proposed optimal LQG controller is to stabilize such AC/DC interconnected system with VSP-based inertia emulator while minimizing the associated performance index. According to the obtained simulation results, in addition to the advancement from the VSP-based approach for damping frequency oscillations excited by faults, application of the proposed LQG servo controller can achieve the targets on both estimating the state variables and tracking the reference signals with satisfactory performance, comparing with the conventional LQG regulator.

@en

Power systems are moving towards hybrid AC/DC grids with the integration of HVDC links, renewable resources and energy storage modules. The load frequency control (LFC) of tomorrow has to consider the complex interactions between these components. Meanwhile, more attention should be paid to cyber security concerns as the LFC loop highly depends on data communications which may be exposed to cyber attacks. In this regard, this article aims to analyze the false data injection (FDI) attacks on the AC/DC interconnected LFC system with inertia emulation and develop advanced diagnosis tools to reveal their occurrence. We build an optimization-based framework for the purpose of vulnerability analysis. Considering the attack impact on frequency stability, it is shown that the multi-area LFC system with parallel AC/DC links and emulated inertia by storage devices is more vulnerable to FDI attacks, compared to the one without inertia emulation and the normal AC system. We then propose a detection approach to detect and isolate each FDI intrusion with a sufficient fast response, and even recover the attack value. In addition to theoretical results, the effectiveness of the proposed method is validated through simulations on the two-area AC/DC interconnected LFC system with inertia emulation capabilities.

@en

The security of energy supply in a power grid critically depends on the ability to accurately estimate the state of the system. However, manipulated power flow measurements can potentially hide overloads and bypass the bad data detection scheme to interfere the validity of estimated states. In this paper, we use an autoencoder neural network to detect anomalous system states and investigate the impact of hyperparameters on the detection performance for false data injection attacks that target power flows. Experimental results on the IEEE 118 bus system indicate that the proposed mechanism has the ability to achieve satisfactory learning efficiency and detection accuracy.@en

The high penetration of renewable energy resources and power electronic-based components has led to a low-inertia power grid which would bring challenges to system operations. The new model of load frequency control (LFC) must be able to handle the modern scenario where controlled areas are interconnected by parallel AC/HVDC links and storage devices are added to provide virtual inertia. Notably, vulnerabilities within the communication channels for wide-area data exchange in LFC loops may make them exposed to various cyber attacks, while it still remains largely unexplored how the new LFC in the AC/HVDC interconnected system with emulated inertia would be affected under malicious intrusions. Thus, in this article, we are motivated to explore possible effects of the major types of data availability and integrity attacks—Denial of Service (DoS) and false data injection (FDI) attacks—on such a new LFC system. By using a system-theoretic approach, we explore the optimal strategies that attackers can exploit to launch DoS or FDI attacks to corrupt the system stability. Besides, a comparison study is performed to learn the impact of these two types of attacks on LFC models of power systems with or without HVDC link and emulated inertia. The simulation results on the the exemplary two-area system illustrate that both DoS and FDI attacks can cause large frequency deviations or even make the system unstable; moreover, the LFC system with AC/HVDC interconnections and emulated inertia could be more vulnerable to these two types of attacks in many adversarial scenarios.

@en

State estimation is of considerable significance for the power system operation and control. However, well-designed false data injection attacks can utilize blind spots in conventional residual-based bad data detection methods to manipulate measurements in a coordinated manner and thus affect the secure operation and economic dispatch of grids. In this paper, we propose a detection approach based on an autoencoder neural network. By training the network on the dependencies intrinsic in ‘normal’ operation data, it effectively overcomes the challenge of unbalanced training data that is inherent in power system attack detection. To evaluate the detection performance of the proposed mechanism, we conduct a series of experiments on the IEEE 118-bus power system. The experiments demonstrate that the proposed autoencoder detector displays robust detection performance under a variety of attack scenarios.@en

The digital transformation of power systems has introduced a new challenge for robustness: cyber security threats. Motivated by the feasibility of a potent attack (e.g., the Stuxnet worm attack and the one in the hacker-caused Ukraine blackout) that it can be equipped with extensive system knowledge, vast attack resources to manipulate multiple measurements (multivariate attacks) and also strong capability to keep stealthy from possible detectors, the thesis work has built a framework capable of both vulnerability analysis and attack detection. Security index quantifying attack resources was proposed and the attack scenario was extended to subsume the combined data integrity and availability attacks. Realistic aspects of limited adversarial knowledge or resources were considered in the overall cyber risk assessment. Co-simulation tool specially for cyber security analysis has been developed, capturing the character of a cyber-physical system of intelligent power grids. A diagnosis filter was designed with a scalable and robust feature to detect all the plausible multivariate attacks in an admissible set by exploiting the attack impact on the system dynamics, with non-zero transient or non-zero steady-state residual output. The yielding Nash equilibrium implies that the proposed diagnosis filter is not based on a conservative design in the sense of its long-term behavior. In the end, this thesis also tried to implement the diagnosis filter in a real or simulated power system. A further robustification method was proposed to mitigate the effects from possible model mismatches on the residual output by using the simulation data to extract the model mismatch signatures, which has contributed to a novel data-assisted model-based attack detection approach.@en

Developing advanced diagnosis tools to detect cyber attacks is the key to security of power systems. It has been shown that multivariate data injection attacks can bypass bad data detection schemes typically built on static behavior of the systems, which misleads operators to disruptive decisions. In this article, we depart from the existing static viewpoint to develop a diagnosis filter that captures the dynamics signatures of such a multivariate intrusion. To this end, we introduce a dynamic residual generator approach formulated as robust optimization programs in order to detect a class of disruptive multivariate attacks that potentially remain stealthy in view of a static bad data detector. We investigate two possible desired features: (i) a non-zero transient and (ii) a non-zero steady-state behavior of the residual generator in the presence of an attack. In case (i), the problem is reformulated as a finite, but possibly non-convex, optimization program. We further develop a linear programming relaxation that improves the scalability, and as such practicality, of the diagnosis filter design. In case (ii), it turns out that the resulting robust program admits an exact convex reformulation, yielding a Nash equilibrium between the attacker and the residual generator. This assertion has an interesting implication: the proposed approach is not conservative in the sense that the additional knowledge of the worst-case attack does not improve the diagnosis performance. To illustrate our theoretical results, we implement the proposed diagnosis filter to detect multivariate attacks on the system measurements deployed to generate the so-called Automatic Generation Control signals in a three-area IEEE 39-bus system.@en

The situational grid awareness is becoming increasingly important for power system operations due to smaller operational margins, wide range of uncertainties entailed by renewables and highly critical infrastructure failures due to potential cyber-attacks. In this chapter, we look at some of the state-of-the-art technologies to monitor events in a power system under normal operating condition, followed by detection algorithms for regular business risk events, such as faults and equipment failures, and finally, we look into methods for quantifying vulnerability of under the rare and men-orchestrated cyber-attacks. First, we outline an architecture of a central piece of today’s grid awareness system, Wide Area Monitoring, Protection and Control technology. Next, we review an event detection method used to identify and record faults and failures in the grid. Finally, we present a method for vulnerability assessment of grids under cyber-attacks.@en

The evolved smart grid has become a cyber physical energy system that could be exposed to a massive amount of cyber threats. Vulnerabilities within the cyber part can be used to launch multiple types of attacks that corrupt the physical system. The complexity of cyber physical energy system, the existing of different kinds of attacks, require an appropriate tool to aid in modeling and simulation for cyber security analysis. In this paper, we introduce a modeling language - Modelica to the security community of cyber physical system. We show the capability of Modelica in modeling complex systems and attacks by building up a power grid model with frequency control loop (i.e., automatic generation control), as well as data integrity attack and data availability attack models. The simulation results show how different types of attacks or even combined attacks can affect the system frequency stability.

@en

Understanding smart grid cyber attacks is key for developing appropriate protection and recovery measures. Advanced attacks pursue maximized impact at minimized costs and detectability. This paper conducts risk analysis of combined data integrity and availability attacks against the power system state estimation. We compare the combined attacks with pure integrity attacks -false data injection (FDI) attacks. A security index for vulnerability assessment to these two kinds of attacks is proposed and formulated as a mixed integer linear programming problem. We show that such combined attacks can succeed with fewer resources than FDI attacks. The combined attacks with limited knowledge of the system model also expose advantages in keeping stealth against the bad data detection. Finally, the risk of combined attacks to reliable system operation is evaluated using the results from vulnerability assessment and attack impact analysis. The findings in this paper are validated and supported by a detailed case study.

@en

It is challenging to assess the vulnerability of a cyber-physical power system to data attacks from an integral perspective. In order to support vulnerability assessment except analytic analysis, suitable platform for security tests needs to be developed. In this paper we analyze the cyber security of energy management system (EMS) against data attacks. First we extend our analytic framework that characterizes data attacks as optimization problems with the objectives specified as security metrics and constraints corresponding to the communication network properties. Second, we build a platform in the form of co-simulation - coupling the power system simulator DIgSILENT PowerFactory with communication network simulator OMNeT++, and Matlab for EMS applications (state estimation, optimal power flow). Then the framework is used to conduct attack simulations on the co-simulation based platform for a power grid test case. The results indicate how vulnerable of EMS to data attacks and how co-simulation can help assess vulnerability.@en

Distributed energy resources (DERs) have seen significant expansion in utilization over the past decade. This expansion is best observed with the rooftop solar panels whose penetration has substantially grown in terms of deployed MWs. With the transformation of the grid towards more distributed supply of electricity, a new set of challenges arise. Although the challenges for adoption of DERs are plenty which span across technical, economical and policy domain, in this paper we discuss simulation challenges within two particular domains, cyber-security and voltage stability. For addressing each of these challenges, co-simulation has shown to be a promising path to take. Co-simulation (or combined simulation) represents the connection of two or more simulation tools with the goal of addressing a particular problem that neither one of these tools could address individually. Within each of these domains, we discuss the aspects for the design of co-simulation that one must consider when addressing the problem. The discussion is followed by short simulation examples.@en

Smart grids link various types of energy technologies, such as power electronics, machines, grids, and markets, via communication technology, which leads to transdisciplinary, multidomain systems. Simulation packages for assessing the system integration of components typically cover only one subdomain, while greatly simplifying the others. Cosimulation overcomes this by coupling subdomain models that are described and solved within their native environments, using specialized solvers and validated libraries. This article discusses the state of the art and conceptually describes the main challenges for simulating intelligent power systems. The article "Cosimulation of Intelligent Power Systems: Fundamentals, Software Architecture, Numerics, and Coupling," published in the March 2017 issue of this magazine [88], covered the fundamental concepts of this topic, and this follow-up article covers the applied aspects of the subject.@en

Smart grids link various types of energy technologies-such as power electronics, machines, grids, and markets-via communication technology, which leads to a transdisciplinary, multidomain system. Simulation packages for assessing system integration of components typically cover only one subdomain, while simplifying the others. Cosimulation overcomes this by coupling subdomain models that are described and solved within their native environments, using specialized solvers and validated libraries. This article discusses the state of the art and conceptually describes the main challenges for simulating intelligent power systems. This article, part 1 of 2 on this subject, covers fundamental concepts. Part 2 will appear in a future issue of IEEE Electrification Magazine and cover applications.@en

It has shown that with perfect knowledge of the system model and the capability to manipulate a certain number of measurements, the false data injection (FDI) attacks, as a class of data integrity attacks, can coordinate measurements corruption to keep stealth against the bad data detection schemes. However, a more realistic attack is essentially an attack with limited adversarial knowledge of the system model and limited attack resources due to various reasons. In this paper, we generalize the data attacks that they can be pure FDI attacks or combined with availability attacks (e.g., DoS attacks) and analyze the attacks with limited adversarial knowledge or limited attack resources. The attack impact is evaluated by the proposed metrics and the detection probability of attacks is calculated using the distribution property of data with or without attacks. The analysis is supported with results from a power system use case. The results show how important the knowledge is to the attacker and which measurements are more vulnerable to attacks
with limited resources.
@en

This work introduces combined data integrity and availability attacks to expand the attack scenarios against intelligent power grids. We propose security metrics that quantify vulnerability of power grids to combined data attacks under both power system models and communication models. The security metrics can be formulated as optimization problems. The relation between the security metrics of combined data attacks and pure data integrity attacks will be analyzed. Furthermore, co-simulation techniques will be employed to measure consequences of combined data attacks.@en

This paper introduces combined data integrity and availability attacks to expand the attack scenarios against power system state estimation. The goal of the adversary, who uses the combined attack, is to perturb the state estimates while remaining hidden from the observer. We propose security metrics that quantify vulnerability of power grids to combined data attacks under single and multi-path routing communication models. In order to evaluate the proposed security metrics, we formulate them as mixed integer linear programming (MILP) problems. The relation between the security metrics of combined data attacks and pure data integrity attacks is analyzed, based on which we show that, when data availability and data integrity attacks have the same cost, the two metrics coincide. When data availability attacks have a lower cost than data integrity attacks, we show that a combined data attack could be executed with less attack resources compared to pure data integrity attacks. Furthermore, it is shown that combined data attacks would bypass integrity-focused mitigation schemes. These conclusions are supported by the results obtained on a power system model with and without a communication model with single or multi-path routing.@en