Security Games and Risk Minimization for Automatic Generation Control in Smart Grid

The power grid, on which most economic activities rely, is a critical infrastructure that must be protected against potential threats. Advanced monitoring technologies at the center of smart grid evolution increase its efficiency but also make it more susceptible to malicious attacks such as false data injection. This paper develops a game-theoretic approach to smart grid security by combining quantitative risk management with decision making on protective measures. Specifically, the consequences of data injection attacks are quantified using a risk assessment process based on simulations. Then, the quantified risks are used as an input to a stochastic game model, where the decisions on defensive measures are made taking into account resource constraints. Security games provide the framework for choosing the best response strategies against attackers in order to minimize potential risks. The theoretical results obtained are demonstrated using numerical examples.

[1]  Jason Stamp,et al.  Reliability impacts from cyber attack on electric power systems , 2009, 2009 IEEE/PES Power Systems Conference and Exposition.

[2]  T. Van Cutsem,et al.  Undervoltage load shedding scheme for the Hydro-Quebec system , 2004, IEEE Power Engineering Society General Meeting, 2004..

[3]  Sara Kathryn Mullen Plug-In Hybrid Electric Vehicles as a Source of Distributed Frequency Regulation , 2009 .

[4]  Zhang Xin,et al.  WAMS information security assessment based on evidence theory , 2009, 2009 International Conference on Sustainable Power Generation and Supply.

[5]  Wenxia Liu,et al.  Security Assessment for Communication Networks of Power Control Systems Using Attack Graph and MCDM , 2010, IEEE Transactions on Power Delivery.

[6]  Deepa Kundur,et al.  Towards modelling the impact of cyber attacks on a smart grid , 2011, Int. J. Secur. Networks.

[7]  Haibo He,et al.  Risk-Aware Attacks and Catastrophic Cascading Failures in U.S. Power Grid , 2011, 2011 IEEE Global Telecommunications Conference - GLOBECOM 2011.

[8]  G. Manimaran,et al.  Vulnerability Assessment of Cybersecurity for SCADA Systems , 2008, IEEE Transactions on Power Systems.

[9]  Tansu Alpcan,et al.  Security Risk Management via Dynamic Games with Learning , 2011, 2011 IEEE International Conference on Communications (ICC).

[10]  Thomas P. von Hoff,et al.  Security for Industrial Communication Systems , 2005, Proceedings of the IEEE.

[11]  Adriano Valenzano,et al.  Detecting Chains of Vulnerabilities in Industrial Networks , 2009, IEEE Transactions on Industrial Informatics.

[12]  Jack Wiles Techno Security's Guide to Securing SCADA: A Comprehensive Handbook On Protecting The Critical Infrastructure , 2008 .

[13]  L. Nordstrom,et al.  Modeling Security of Power Communication Systems Using Defense Graphs and Influence Diagrams , 2009, IEEE Transactions on Power Delivery.

[14]  John Lygeros,et al.  Cyber attack in a two-area power system: Impact identification using reachability , 2010, Proceedings of the 2010 American Control Conference.

[15]  Deepa Kundur,et al.  Towards a Framework for Cyber Attack Impact Analysis of the Electric Smart Grid , 2010, 2010 First IEEE International Conference on Smart Grid Communications.

[16]  Goran Andersson,et al.  Dynamics and Control of Electric Power Systems , 2007 .

[17]  Boon-Teck Ooi,et al.  Estimation of Wind Penetration as Limited by Frequency Deviation , 2006, IEEE Transactions on Energy Conversion.

[18]  Tansu Alpcan,et al.  Network Security , 2010 .

[19]  P. Kundur,et al.  Power system stability and control , 1994 .

[20]  Annabelle Lee,et al.  Guidelines for Smart Grid Cyber Security , 2010 .

[21]  Hassan Bevrani,et al.  Robust Power System Frequency Control , 2009 .

[22]  G. Manimaran,et al.  Cyber Attack Exposure Evaluation Framework for the Smart Grid , 2011, IEEE Transactions on Smart Grid.

[23]  George H Baker,et al.  Supervisory Control and Data Acquisition (SCADA) Systems , 2002 .

[24]  Ibraheem,et al.  Recent philosophies of automatic generation control strategies in power systems , 2005, IEEE Transactions on Power Systems.

[25]  Mohsen Jafari,et al.  An integrated security system of protecting Smart Grid against cyber attacks , 2010, 2010 Innovative Smart Grid Technologies (ISGT).

[26]  Chen-Ching Liu,et al.  Risk Analysis of Coordinated Cyber Attacks on Power Grid , 2012 .

[27]  Douglas W. Hubbard,et al.  The Failure of Risk Management: Why It's Broken and How to Fix It , 2009 .

[28]  Tansu Alpcan,et al.  Dynamic Control and Mitigation of Interdependent IT Security Risks , 2010, 2010 IEEE International Conference on Communications.

[29]  Pravin Varaiya,et al.  Smart Operation of Smart Grid: Risk-Limiting Dispatch , 2011, Proceedings of the IEEE.

[30]  G. Manimaran,et al.  Cybersecurity for Critical Infrastructures: Attack and Defense Modeling , 2010, IEEE Transactions on Systems, Man, and Cybernetics - Part A: Systems and Humans.

[31]  Richard Kissel,et al.  Glossary of Key Information Security Terms , 2014 .

[32]  Khosrow Moslehi,et al.  Power System Control Centers: Past, Present, and Future , 2005, Proceedings of the IEEE.

[33]  K. R. Padiyar,et al.  Power system dynamics : stability and control , 1996 .

[34]  Tansu Alpcan,et al.  Modeling dependencies in security risk management , 2009, 2009 Fourth International Conference on Risks and Security of Internet and Systems (CRiSIS 2009).

[35]  John Lygeros,et al.  A robust policy for Automatic Generation Control cyber attack in two area power network , 2010, 49th IEEE Conference on Decision and Control (CDC).

[36]  Matthew Leitch,et al.  ISO 31000:2009—The New International Standard on Risk Management , 2010, Risk analysis : an official publication of the Society for Risk Analysis.