Developing correlation indices to identify coordinated cyber-attacks on power grids

The large deployment of Information and Communication Technology~(ICT) exposes the power grid to a large number of coordinated cyber-attacks. Thus, it is necessary to design new security policies that allow an efficient and reliable operation in such conflicted cyber-space. The detection of cyber-attacks is known to be a challenging problem, however, through the coordinated effort of defense-in-depth tools (e.g., Intrusion Detection Systems~(IDSs), firewalls, etc.) together with grid context information, the grid's real security situation can be estimated. In this paper, we derive a Correlation Index~(CI) using grid context information (i.e., analytical models of attack goals and grid responses). The CI reflects the spatial correlation of cyber-attacks and the physical grid, i.e., indicates the target cyber-devices associated to attack goals. This is particularly important to identify (together with intrusion data from IDSs) coordinated cyber-attacks that aim to manipulate static power applications, and ultimately cause severe consequences on the grid. In particular, the proposed CI, its properties, and defense implications are analytically derived and numerically tested for the Security Constrained Economic Dispatch~(SCED) control loop subject to measurement attacks. However, our results can be extended to other static power applications, such as Reactive Power support, Optimal Power Flow, etc.

[1]  Bruno Sinopoli,et al.  Integrity Data Attacks in Power Market Operations , 2011, IEEE Transactions on Smart Grid.

[2]  Zuyi Li,et al.  Transmission Line Rating Attack in Two-Settlement Electricity Markets , 2016, IEEE Transactions on Smart Grid.

[3]  R D Zimmerman,et al.  MATPOWER: Steady-State Operations, Planning, and Analysis Tools for Power Systems Research and Education , 2011, IEEE Transactions on Power Systems.

[4]  Oliver Kosut,et al.  Vulnerability Analysis and Consequences of False Data Injection Attack on Power System State Estimation , 2015, IEEE Transactions on Power Systems.

[5]  Stephan Dempe,et al.  Foundations of Bilevel Programming , 2002 .

[6]  Le Xie,et al.  Ramp-Induced Data Attacks on Look-Ahead Dispatch in Real-Time Power Markets , 2013, IEEE Transactions on Smart Grid.

[7]  Zuyi Li,et al.  Modeling Load Redistribution Attacks in Power Systems , 2011, IEEE Transactions on Smart Grid.

[8]  H. Vincent Poor,et al.  Distributed joint cyber attack detection and state recovery in smart grids , 2011, 2011 IEEE International Conference on Smart Grid Communications (SmartGridComm).

[9]  Stephen P. Boyd,et al.  Convex Optimization , 2004, Algorithms and Theory of Computation Handbook.

[10]  Zhao Yang Dong,et al.  A Review of False Data Injection Attacks Against Modern Power Systems , 2017, IEEE Transactions on Smart Grid.

[11]  Zuyi Li,et al.  False Data Attacks Against AC State Estimation With Incomplete Network Information , 2017, IEEE Transactions on Smart Grid.

[12]  Chen-Ching Liu,et al.  Vulnerability Assessment of Cybersecurity for SCADA Systems Using Attack Trees , 2007, 2007 IEEE Power Engineering Society General Meeting.

[13]  Chen-Ching Liu,et al.  Anomaly Detection for Cybersecurity of the Substations , 2011, IEEE Transactions on Smart Grid.

[14]  F. Bullo,et al.  Novel insights into lossless AC and DC power flow , 2013, 2013 IEEE Power & Energy Society General Meeting.

[15]  Andrew Ginter,et al.  Cyber-Based Contingency Analysis , 2016, IEEE Transactions on Power Systems.

[16]  S. Shankar Sastry,et al.  A Taxonomy of Cyber Attacks on SCADA Systems , 2011, 2011 International Conference on Internet of Things and 4th International Conference on Cyber, Physical and Social Computing.

[17]  Ali Tajer,et al.  False Data Injection Attacks in Electricity Markets by Limited Adversaries: Stochastic Robustness , 2019, IEEE Transactions on Smart Grid.

[18]  Hamed Mohsenian Rad,et al.  False data injection attacks with incomplete information against smart power grids , 2012, 2012 IEEE Global Communications Conference (GLOBECOM).

[19]  Bethany L. Nicholson,et al.  Mathematical Programs with Equilibrium Constraints , 2021, Pyomo — Optimization Modeling in Python.

[20]  Chen-Ching Liu,et al.  A coordinated cyber attack detection system (CCADS) for multiple substations , 2016, 2016 Power Systems Computation Conference (PSCC).

[21]  Thomas M. Chen,et al.  Petri Net Modeling of Cyber-Physical Attacks on Smart Grid , 2011, IEEE Transactions on Smart Grid.

[22]  Jie YAN,et al.  Risk assessment framework for power control systems with PMU-based intrusion response system , 2015 .

[23]  J. Arroyo,et al.  On the solution of the bilevel programming formulation of the terrorist threat problem , 2005, IEEE Transactions on Power Systems.

[24]  Ali A. Ghorbani,et al.  Alert Correlation for Extracting Attack Strategies , 2006, Int. J. Netw. Secur..

[25]  Wenxia Liu,et al.  Security Assessment for Communication Networks of Power Control Systems Using Attack Graph and MCDM , 2010, IEEE Transactions on Power Delivery.

[26]  Chen-Ching Liu,et al.  Intruders in the Grid , 2012, IEEE Power and Energy Magazine.

[27]  Aditya Ashok,et al.  Cyber-physical risk assessment for smart grid System Protection Scheme , 2015, 2015 IEEE Power & Energy Society General Meeting.