In this paper we report preliminary results from the novel coupling of cyber-physical emulation and interdiction optimization to better understand the impact of a CrashOverride malware attack on a notional electric system. We conduct cyber experiments where CrashOverride issues commands to remote terminal units (RTUs) that are controlling substations within a power control area. We identify worst-case loss of load outcomes with cyber interdiction optimization; the proposed approach is a bilevel formulation that incorporates RTU mappings to controllable loads, transmission lines, and generators in the upper-level (attacker model), and a DC optimal power flow (DCOPF) in the lower-level (defender model). Overall, our preliminary results indicate that the interdiction optimization can guide the design of experiments instead of performing a “full factorial” approach. Likewise, for systems where there are important dependencies between SCADA/ICS controls and power grid operations, the cyber-physical emulations should drive improved parameterization and surrogate models that are applied in scalable optimization techniques.
[1]
F.D. Galiana,et al.
A mixed-integer LP procedure for the analysis of electric grid security under disruptive threat
,
2005,
IEEE Transactions on Power Systems.
[2]
Michal Choras,et al.
Simulation platform for cyber-security and vulnerability analysis of critical infrastructures
,
2017,
J. Comput. Sci..
[3]
Katherine R. Davis,et al.
A Cyber-Physical Modeling and Assessment Framework for Power Grid Infrastructures
,
2015,
IEEE Transactions on Smart Grid.
[4]
Peter Palensky,et al.
An Integrated Research Infrastructure for Validating Cyber-Physical Energy Systems
,
2017,
HoloMAS.
[5]
Stephan Dempe,et al.
Linear bilevel programming with upper level constraints depending on the lower level solution
,
2006,
Appl. Math. Comput..
[6]
Robert G. Jeroslow,et al.
The polynomial hierarchy and a simple model for competitive analysis
,
1985,
Math. Program..