V. Rajkumar
Please Note
34 records found
1
The growth in adoption of communication technologies in the power system results in an increase in its vulnerability towards cyberattacks. This paper presents a novel state partition-particle filter (SP-PF) based detection algorithm that dynamically adapts to varying operating conditions. The algorithm partitions state variables into size-restricted blocks, effectively grouping highly correlated variables to enhance computational efficiency and detection accuracy. Our approach consists of two main steps: (i) state-partition estimation of variables and (ii) detection based on likelihood conditions. The proposed detection algorithm was tested in a real-time cyber-physical environment using a real-time digital simulator (RTDS) in hardware-in-loop configuration with PMUs and a synchronization clock, all connected via standard TCP/UDP protocols. Experimental results demonstrate successful detection of false data injection attacks, replay attacks, and hybrid attacks under various operating conditions. Comparative analysis with extended Kalman filter shows that our approach achieves significantly improved accuracy in state estimation with reduced mean square error, enhancing the overall robustness of the detection mechanism.
Digital Twins for Power Systems
Review of Current Practices, Requirements, Enabling Technologies, Data Federation and Challenges
The Digital Twins (DT) have emerged as the technology that provides capabilities to simulate and analyze cyber-physical systems’ behaviors using digital replicas. This is achieved through high-fidelity digital models, bi-directional communication and (near) real-time data exchange between physical real-world systems and DTs. Despite its capabilities of facilitating real-time monitoring, optimization, and predicting system performance, effectively leveraging DT for power system applications requires integrating data from heterogeneous sources and addressing various data related aspects. These include data modeling, exchange and interoperability. One promising concept to address these aspects is that of data federation which promotes interoperability, allowing DTs to operate autonomously, yet interact seamlessly. While various studies in literature have addressed DT applications, technologies, and challenges, a comprehensive review on the data federation aspects within power systems still needs to be investigated. This research seeks to bridge this gap by providing an in-depth review of DT practices in academia and industry, functional and non-functional requirements, and enabling technologies, with emphasis on data federation. Its role in enhancing system-wide interoperability in the power system, along with associated challenges are summarized and discussed.
Digitalization is paving the way toward enhanced power grid operational capabilities and intelligence. The increased digitalization, however, also implies a greater risk of cyber vulnerabilities and threats. Therefore, various power systems facets such as transmission and distribution systems, digital substations, control centers, and wide-area communication networks are vulnerable to cyber-attacks. The most notable cyber-attacks on power grids are the twin attacks on the Ukrainian power grid in 2015 and 2016. These incidents clearly highlighted that cyber-attacks on power grids are an imminent threat that needs to be addressed. Keeping this in mind, this chapter provides essential knowledge of cyber-attack mitigation for cyber-physical power systems, i.e., secure communication protocols for operational technologies, penetration testing using cyber ranges and cyber-physical co-simulation, security controls, and intrusion detection and prevention systems. Among the wide-scope mitigation, artificial intelligence is highlighted as an emerging solution. This chapter presents how hybrid deep learning based on graph convolutional long short-term memory is used for anomaly detection in power system operational technology (OT) networks. Unlike traditional signature and supervised learning-based intrusion detection, the hybrid deep learning anomaly detection utilizes the OT traffic throughput. It takes advantage of the OT traffic’s deterministic and homogenous characteristics to provide a robust and flexible anomaly detection for a wide scope of cyber-attacks. The traffic anomalies are incorporated into an attack graph that aids power system operators identify and localize anomalies of active attacks on power systems in near real time. Cyber-attack case studies and cyber-physical co-simulation results are provided to demonstrate the efficiency of hybrid deep learning for anomaly detection.
Power grids are undergoing a fast-paced process of digitalization for enhanced monitoring and control capabilities and grid intelligence. However, the increased integration of digital technologies, such as the next generation of operational technologies (OTs) and digital substations, implies a new risk as information technology (IT)-OT systems are vulnerable to cyberattacks. Furthermore, the combination of heterogeneous, co-existing smart and legacy technologies generates significant vulnerabilities and security challenges. Examples of cybersecurity incidents related to power grids already exist around the world. On December 23, 2015, cyberattacks were conducted on the power grid in Ukraine that resulted in power outages, which affected 225,000 customers. More sophisticated cyberattacks on the Ukrainian power grid followed on December 17, 2016, resulting in a power outage in the distribution network where 200 MW of load was unsupplied. The complexity of cyberattacks on power systems is likely to increase. This chapter provides the state-of-the-art and essential knowledge of threats and cyberattacks on power systems. This chapter reviews major cyberattacks on power grids and industrial control systems. A detailed taxonomy of cyberattacks is provided. Power grid vulnerability to six main types of cyberattacks is discussed, that is, phishing, malware, network-based attacks, man-in-the-middle attacks, host-based attacks, and denial of service. The impact of cyberattacks on grid operation is analyzed in terms of loss of load, cascading effects, and equipment damage. A case study of a cyberattack scenario and simulation results are provided.
Mitigation strategies to absorb impacts from extreme events that may trigger cascading outages are crucial for modern power systems, particularly given the increasing penetration of power electronics, thereby enhancing system resilience. This paper presents a comprehensive resilience-centered framework that integrates cyber-physical cascading mitigation through network topology reinforcement and operational strategies, specifically DC segmentation and controlled islanding, respectively. The methodology first identifies AC lines at segmentation boundaries (i.e., those that most frequently contribute to system partitioning) and evaluates the benefits of replacing them with VSC-HVDC links through dynamic cascading analysis and quantification, thereby enabling the asynchronous interconnection of segments. This approach helps confine cascading impacts within segments, significantly reducing the risk of widespread blackouts, especially in renewable-rich power grids with a heightened risk of instability. Next, to enhance operational resilience against cascading failures, controlled islanding is implemented within the DC-segmented system undergoing cascade initiation, effectively further confining cascading stress to a limited area around the origin of the initiating events. Tailored to enhance resilience in hybrid AC/DC power grids against cyber and physical cascade triggering events, the method leverages a cyber-anomaly detection technique to identify elements affected by fabricated protection trip commands and measurement replay attacks, distinguishing cyberattacks from physical disturbances. Implemented in the IEEE 39-bus and 118-bus test systems with dynamic cascading failure modeling that fully captures voltage and frequency transients in system response, the method demonstrates improvements of up to 88 % and 97 % in served demand, respectively, highlighting its effectiveness in mitigating cascading impacts and enhancing system resilience.
Cyber Security of Power Systems: Dynamical Analysis of Cascading Failures and Defense
How the bits and bytes can influence the volts and the amps
The increased digitalization of the power grid and transition to cyber-physical power systems raise serious concerns about cyber security and secure operation of the power system. It is now well recognized that information and communication technologies are vulnerable to cyber attacks. Thereby, electrical power grids as critical infrastructures are susceptible to cyber attacks as well. Malicious cyber attacks on power grid infrastructure can detrimentally affect power system operation and stability. In the worst-case, it can trigger cascading failures across the system, leading to a blackout. A coordinated cyber attack across multiple locations can collapse the entire interconnected power grids of nations, or even continents. This is a real modern-day threat, as seen during the cyber attacks on the Ukrainian power grid in 2015, 2016, and 2022. Therefore, power grid resilience and cyber security are now recognized challenges for power system operation and security of electricity supply. The gist of this entire thesis can be summarized as follows.
“Analyze and demonstrate how cyber attacks on power grids may cause and accelerate cascading failures. Based on this analysis, develop suitable proactive defense measures to contain the spread of cascading failures.” Consequently, the core research focus of the thesis with a threefold objective is as follows:
Cyber security of digital substations
This thesis investigated the impact of cyber threats targeting digital substations. Experiments demonstrate the catastrophic impact of spoofing and replay attacks targeting OT protocols and standards used in digital substations, leading to relay denial-of-service and malfunction. Subsequently, it is experimentally shown how these events may snowball resulting in cascading failures and blackouts. Based on this analysis, this thesis developed mitigation measures based on IEC 62351-6 using HMAC to secure critical control communications in digital substations, adherent to latency requirements of 4ms. The aforementioned studies are conducted using a hardware-in-the-loop cyber-physical experimental framework that closely resembles real-world conditions within a digital substation, including intelligent electronic devices and protection schemes. Thus, the outcomes of this research are of particular importance to both, vendors and utilities.
Dynamical analysis of power system cascading failures caused by cyber attacks
This thesis proposed a data-driven method for dynamical analysis of power system cascading failures caused by cyberattacks. It provides experimental proof on how cyber attacks may accelerate the cascading failure mechanism, in comparison to historically observed blackouts. Using a dynamic power grid model, consisting of multiple, coordinated protection schemes, the point of no return is defined and analysed in a cascading failure sequence by applying the Hilbert–Huang transform for time-frequency analysis. Numerical results indicate, cyber attacks may accelerate cascading failures at least by a factor of 3x. This is due to the excitation and non-damping of multiple frequency modes greater than 1 Hz in a short time span. This thesis demonstrates semi-analytically how cyber attacks can cause and accelerate power system cascading failures, thereby leading to a quicker point of no return.
Defense against cyber attack induced cascading failures
Cyber-physical power systems are vulnerable to cyber attacks that may lead to cascading failures and power outages. A promising solution to tackle this emerging issue is the concept of preventive/proactive controlled islanding before the cyber event occurs based on early detection of cyber attacks. Hence, this thesis developed a novel physics-informed graph convolution network to perform preventive controlled islanding. By incorporating power system physics into the neural network loss function formulations, the resulting islands were made self-sufficient and voltage and frequency stable. Experimental simulations using a modified version of the IEEE 39-bus test system with coordinated protection schemes prove that the islands formed using the proposed method can contain the spread of cascading failures. This results in minimization of loss of load by up to 90\% and 62% when single and multiple substations are compromised, respectively. Hence, this work paves the way towards automated cyber-resilience for power systems and provides system operators with decision making recommendations to curtail the spread of cascading failures.
This thesis addressed the increasingly crucial topic of cyber security for power systems. It provides a comprehensive analysis of how cyber attacks may trigger and accelerate cascading failures in power grids, potentially leading to large-scale power outages. Furthermore, this research enhances our understanding of power grid cyber resilience by experimentally demonstrating the vulnerabilities of digital substations, proposing a novel data-driven method for analysing cyber-induced cascading failures, and developing an advanced physics-informed graph convolutional network for preventive controlled islanding. The findings of this thesis are highly relevant to utilities and vendors, as they offer practical insights into the pitfalls associated with power system digitalization and possible adverse consequences. Thereby, the proposed cascading failure analysis technique and preventive islanding defense strategy directly contribute towards enhancing the cyber security of power systems and ensuring better preparedness in the face of the ever-growing cyber threat landscape. Ultimately, this research contributes to a more cyber secure and resilient power system. ...
The increased digitalization of the power grid and transition to cyber-physical power systems raise serious concerns about cyber security and secure operation of the power system. It is now well recognized that information and communication technologies are vulnerable to cyber attacks. Thereby, electrical power grids as critical infrastructures are susceptible to cyber attacks as well. Malicious cyber attacks on power grid infrastructure can detrimentally affect power system operation and stability. In the worst-case, it can trigger cascading failures across the system, leading to a blackout. A coordinated cyber attack across multiple locations can collapse the entire interconnected power grids of nations, or even continents. This is a real modern-day threat, as seen during the cyber attacks on the Ukrainian power grid in 2015, 2016, and 2022. Therefore, power grid resilience and cyber security are now recognized challenges for power system operation and security of electricity supply. The gist of this entire thesis can be summarized as follows.
“Analyze and demonstrate how cyber attacks on power grids may cause and accelerate cascading failures. Based on this analysis, develop suitable proactive defense measures to contain the spread of cascading failures.” Consequently, the core research focus of the thesis with a threefold objective is as follows:
Cyber security of digital substations
This thesis investigated the impact of cyber threats targeting digital substations. Experiments demonstrate the catastrophic impact of spoofing and replay attacks targeting OT protocols and standards used in digital substations, leading to relay denial-of-service and malfunction. Subsequently, it is experimentally shown how these events may snowball resulting in cascading failures and blackouts. Based on this analysis, this thesis developed mitigation measures based on IEC 62351-6 using HMAC to secure critical control communications in digital substations, adherent to latency requirements of 4ms. The aforementioned studies are conducted using a hardware-in-the-loop cyber-physical experimental framework that closely resembles real-world conditions within a digital substation, including intelligent electronic devices and protection schemes. Thus, the outcomes of this research are of particular importance to both, vendors and utilities.
Dynamical analysis of power system cascading failures caused by cyber attacks
This thesis proposed a data-driven method for dynamical analysis of power system cascading failures caused by cyberattacks. It provides experimental proof on how cyber attacks may accelerate the cascading failure mechanism, in comparison to historically observed blackouts. Using a dynamic power grid model, consisting of multiple, coordinated protection schemes, the point of no return is defined and analysed in a cascading failure sequence by applying the Hilbert–Huang transform for time-frequency analysis. Numerical results indicate, cyber attacks may accelerate cascading failures at least by a factor of 3x. This is due to the excitation and non-damping of multiple frequency modes greater than 1 Hz in a short time span. This thesis demonstrates semi-analytically how cyber attacks can cause and accelerate power system cascading failures, thereby leading to a quicker point of no return.
Defense against cyber attack induced cascading failures
Cyber-physical power systems are vulnerable to cyber attacks that may lead to cascading failures and power outages. A promising solution to tackle this emerging issue is the concept of preventive/proactive controlled islanding before the cyber event occurs based on early detection of cyber attacks. Hence, this thesis developed a novel physics-informed graph convolution network to perform preventive controlled islanding. By incorporating power system physics into the neural network loss function formulations, the resulting islands were made self-sufficient and voltage and frequency stable. Experimental simulations using a modified version of the IEEE 39-bus test system with coordinated protection schemes prove that the islands formed using the proposed method can contain the spread of cascading failures. This results in minimization of loss of load by up to 90\% and 62% when single and multiple substations are compromised, respectively. Hence, this work paves the way towards automated cyber-resilience for power systems and provides system operators with decision making recommendations to curtail the spread of cascading failures.
This thesis addressed the increasingly crucial topic of cyber security for power systems. It provides a comprehensive analysis of how cyber attacks may trigger and accelerate cascading failures in power grids, potentially leading to large-scale power outages. Furthermore, this research enhances our understanding of power grid cyber resilience by experimentally demonstrating the vulnerabilities of digital substations, proposing a novel data-driven method for analysing cyber-induced cascading failures, and developing an advanced physics-informed graph convolutional network for preventive controlled islanding. The findings of this thesis are highly relevant to utilities and vendors, as they offer practical insights into the pitfalls associated with power system digitalization and possible adverse consequences. Thereby, the proposed cascading failure analysis technique and preventive islanding defense strategy directly contribute towards enhancing the cyber security of power systems and ensuring better preparedness in the face of the ever-growing cyber threat landscape. Ultimately, this research contributes to a more cyber secure and resilient power system.
Power systems are undergoing rapid digitalization. This introduces new vulnerabilities and cyber threats in future Cyber-Physical Power Systems (CPPS). Some of the most notable incidents include the cyber attacks on the power grid in Ukraine in 2015, 2016, and 2022, which employed Advanced Persistent Threat (APT) strategies that took several months to reach their objectives and caused power outages. This highlights the urgent need for an in-depth analysis of APTs on CPPS. However, existing frameworks for analyzing cyber attacks, i.e., MITRE ATT&CK ICS and Cyber Kill Chain, have limitations in comprehensively analyzing APTs in CPPS environments. To address this gap, we propose a novel Advanced Cyber-Physical Power System (ACPPS) kill chain framework. The ACPPS kill chain identifies the APT characteristics that are unique to power systems. It defines and examines the cyber-physical APT stages spanning from the initial phases of infiltration to cascading failures and a power system blackout. The proposed ACPPS kill chain is validated with real-world APT attacks on the power grid in Ukraine in 2015 and 2016, and cyber-physical simulations.
Digital Twins Serving Cybersecurity
More Than a Model: Cybersecurity as a Future Benefit of Digital Twins 2
The virtual integration of geographically distributed Research Infrastructures (RIs) for joint experiments in the domain of power and energy systems poses numerous challenges, particularly in terms of tool compatibility and user-friendliness. To address some of these challenges, this work presents the development and implementation of a laboratory-based middleware and data exchange service as part of the H2020 ERIGrid 2.0 project. The middleware comprises a suite of shared software tools and services designed to seamlessly integrate RIs including transport protocols as well as interface semantics. Specifically, this work details the development of a simplified and standardised interface known as the Universal Application Programming Interface (UAPI). It eliminates the need for users to grapple with the diverse intricacies of each individual RI, offering instead a tool-agnostic and standardised interface for conducting joint experiments. The work also presents and discusses the results of a real-world case study of a geographically distributed, sector-coupling experiment conducted between laboratories in Denmark, Greece, Italy, Netherlands, and Norway utilising the developed middleware.
Cyber actors can target the unsecured IEC 61850 protocols in digital substations to open circuit breakers and affect the power system operation. Thus, system operators must detect cyber-physical anomalies and differentiate in real-time between power system faults and cyber attacks on digital substations for effective incident response. In this work, we propose a novel image encoding method for event correlation using cyber-physical time-series data, i.e., Phasor Measurement Units (PMUs) and Operational Technology (OT) network traffic. More specifically, we propose a dynamic variation of the Gramian Angular Field method, which generates image streams capturing in real-time the spatial-temporal features in PMU measurements and IEC 61850 GOOSE traffic throughput. The proposed method for cyber-physical event correlation uses an image fusion technique. The method is tested using the benchmark IEEE 9-bus system. It successfully distinguishes between three-phase faults and GOOSE cyber attacks, demonstrating its usefulness for power system cyber security analytics.
Cyber-physical power systems are susceptible to cyber threats and attacks that can lead to cascading failures and widespread power outages. Therefore, mitigating the impact of such attacks requires the timely implementation of operational strategies to prevent cascading blackouts. One Such strategy is the controlled islanding of the affected power grid, serving as a last resort against the propagation of the cascading outages. In this context, this paper introduces a novel detection-informed operational mitigation strategy, i.e., controlled islanding, against cyberattack-induced cascading failures, addressing 'when' and 'where' to implement controlled islanding. The proposed strategy leverages dynamic cascading failure modeling to quantify the impact of ongoing cyberattacks on power grids, using quantitative metrics such as demand-not-served (DNS). For effective operational mitigation, the strategy initiates controlled islanding when any attack, including fabricated protection trip commands and measurements' replay attacks, are detected, and any operating limits, such as line loading, are violated. It then proceeds to the implementation of controlled islanding, where identified cyberattack-affected elements are effectively surrounded by stable and self-sufficient islanded areas, while minimizing the system DNS. Numerical results on the IEEE 39-bus system demonstrate the effectiveness of the proposed strategy, reducing the DNS value by up to 47% when the controlled islanding strategy is implemented.
Cyber Security of HVDC Systems
A Review of Cyber Threats, Defense, and Testbeds
High Voltage Direct Current (HVDC) technology is one of the key enablers of the energy transition, especially for offshore wind energy systems. While extensive research on cyber security of High Voltage Alternating Current (HVAC) systems has been conducted, limited research exists on cyber security aspects of HVDC systems. These systems exhibit unique attributes, in comparison to HVAC systems, such as longer transmission line distances and increased volume of data samples for wide-area monitoring, control, and protection applications. These factors lead to a higher vulnerability of HVDC systems to cyber attacks. Existing state-of-the-art HVDC surveys, however, are primarily focused on HVDC physical components and exclude cyber security elements. Therefore, this paper presents the first detailed survey on the cyber security of HVDC Cyber-Physical Systems (CPS). We present a comprehensive review of the state-of-the-art HVDC systems, with a special focus on cyber threats and vulnerabilities, defense and mitigation strategies, and testbeds. Based on the review and analysis, insights and recommendations on future research directions to address the research gaps in this field of study are provided. Future research on cyber security for HVDC systems should prioritize the integration of cyber and physical system data and focus on early-stage detection to mitigate the potentially severe impacts of cyber attacks on HVDC grids.
Cascading failures in power systems are extremely rare occurrences caused by a combination of multiple, low probability events. The looming threat of cyberattacks on power grids, however, may result in unprecedented large-scale cascading failures, leading to a blackout. Therefore, new analysis methods are needed to study such cyber induced phenomena. In this article, we propose a data-driven method for dynamical analysis of power system cascading failures caused by cyberattacks. We provide experimental proof on how attacks may accelerate the cascading failure mechanism, in comparison to historically observed blackouts. Using a dynamic power grid model, consisting of multiple, coordinated protection schemes, we define and analyze the point of no return in a cascading failure sequence by applying the Hilbert-Huang transform for time-frequency analysis. Numerical results indicate, cyberattacks may accelerate cascading failures at least by a factor of 3x. This is due to the excitation and non-damping of multiple frequency modes greater than 1 Hz in a short time span. The proposed method is tested using time domain simulations conducted through a modified IEEE 39-bus test system, which can simulate cascading outages using coordinated protection schemes.
Incipient Fault Detection in Power Distribution Networks
Review, Analysis, Challenges, and Future Directions