Smart Grid Cyber Security 17 Sep 2014 EA Victoria Division Prof Joe Dong The University of Sydney University of Sydney Australia s oldest university established in 1850 Broad range of courses Ranked 38 th in the QS World University Rankings in 2013, 37 th in 2014 1
ELECTRICAL AND INFORMATION ENGINEERING 3 Research Excellence @ School of EIE research with industry and government towards national wealth building ERA 5 & 4 well above world ranking in research The best engineering school in NSW (2013) Part of a $56M Financial Services Innovation Partnership (FSIP) key R&D support for Australia Government s $100m Smart Grid, Smart City Project 4 2
School of EIE Research Research Excellence in Electrical & Information Engineering Fibre optics engineering - Smart sensor technology - ICT fibre networks technology Power / energy systems engineering - Smart grid technology (Smart Grid, Smart City R&D support) - Future grid technology (CSIRO future grid cluster node) - Grid applications (demand side, EV, renewable, inverter, peak demand, efficiency, market, security, stability and control, policy & economics) Software and computer engineering - Cloud computing, grid computing, data analytics (FSIP), image & signal processing, biomedical - VLSI, HPC technology, networking, internet of things Telecommunications - Smart grid technology (telco networks, LTE) - Sensor & measurement, signal processing, security/efficiency coding, telco networks 5 Industrial Linkage Current Research & Educational Capacity EIE has been providing research and educational services in the following areas Advanced sensor technology Big data and computer networks Defence technology Fibre networks Next generation telco technologies Smart grid technologies Renewable energy Biomedical engineering 6 3
Teaching WIDE RANGE OF ELECTIVE TOPICS BACKED BY CUTTING EDGE RESEARCH Power Engineering Software Engineering Bioelectronics (Biomedical Engineering) Computer Engineering Radio / Wireless Engineering Network Management Optical Networks Internet Engineering Multimedia Engineering 7 Smart Grid Power Engineering Complex Systems Vulnerability, security, topological analysis Power network, comm s & internet, Software Tools PSS/E,DSA,DigSILENT, PSCAD /EMTDC, GridLAB-D, ASPEN, SINCAL, OpenDSS, Prophet, Plexos, OPNET, NS-2/3 Power system stability / vulnerability Transient, Voltage Small-signal/osc. stab. RE / DG/EV impact Power System / market modeling, operations and planning Market simulation, risk, forecasting Optimization Optimal Power Flow System planning & operations Economic Dispatch / Unit C t ATC Calculation Wind farm optimisation Smart Grid Micro-grid Grid Apps, Energy storage, Peakdemand, DGs, EV, security Cyber System ICTnetwork Network modelling, security / vulnerability Monitoring Load modeling and parameter estimation Contingences Control Design Power System Stabilizer FACTS Device Wind power/pv control 8 Soft Computing & Data Mining Computational intelligence Learning Multi-agents Data mining Computing Platform HPC Server / Cluster Parallel Computing Grid Computing Cloud computing 4
Centre for Intelligent Electricity Networks 2 x centres established under Smart Grid Smart City project by Ausgrid at the University of Sydney and The University of Newcastle Actively involved in Australian federal government s Smart Grid Smart City project Future grid, smart grid, power system, electricity market research Aiming at building up national and international research collaborations in smart grid/power systems engineering also provide professional training in Power system load modelling Electricity market simulation techniques, and Smart Grid Technologies together with the industry and international smart grid vendors Smart Grids Distributed Generation Demand Response Distributed Renewables Electric Vehicles Islanding & MicroGrids Cost Reflective Pricing Dynamic Rating Self Healing Applications Sensors, Monitoring and Control Communications and and Networks Standards and Security Infrastructure Source: Energeia 5
Power Engineering / Smart Grid Research Power systems Generation, conventional and renewable, centralized and distributed Transmission and subtransmission networks, interconnections and system security Distribution, supply reliability and operations Telecommunications Wireless solutions WAN, LAN, 3G, LTE Broadband IT/computing Enterprise services bus CIM common information model Power model Data cleansing Historian, and Data mining, Visualisation DMS distribution management system (GE staff) OMS - Outage management system SCADA/EMS Introduction Smart Grids Tightly link the power grid, computing, sensing, and communication technologies This brings unique vulnerabilities and places a premium on low cost cyber defensive measures that will be effective with minimal operating and sustainment costs Being piloted world-wide Open communication network structure risks of cyber attacks Risks/issues: trust, attacks, privacy, legal 12 6
Examples of Cyber attacks on Physical systems An Australian conducted a series of electronic attacks on the Maroochy Shire sewage control system after a job application he had made was rejected by the area's Council. At the time he was employed by the company that had installed the system. He made at least 46 attempts to take control of the sewage system during March and April 2000 and managed to dump raw sewage into the surrounding area near Brisbane. Caused 800,000 liters of raw sewage to spill out into local parks, rivers and even the grounds of a Hyatt Regency hotel Marine life died, the creek water turned black and the stench was unbearable for residents. Source: http://www.theregister.co.uk/2001/10/31/hacker_jailed_for_revenge_sewage/ Events on attacks and risks The Wall Street journal - April Sniper Attack Knocked Out Substation, Raises Concern for Country's Power Grid On16 April 2013, a US electricity substation was attacked by firearms by an unknown number of shooters. The shooters targeted the oil cooling systems on 17 transformers, meaning that there were no explosions, but the system eventually overheated and shut down. The substation was out of business for 27 days. According to FERC, strategically attacking 9 substations could bring down the US grid 14 1) http://online.wsj.com/news/article_email/sb10001424052702304851104579359141941621778-lmyqjaxmta0mdawndewndqywj 2) http://spectrum.ieee.org/energywise/energy/the-smarter-grid/attack-on-nine-substations-could-take-down-us-grid 7
A power system cyber attack example Control Centre Cyber attack impact analysis: a simple example CC Load1 S2 S1 Generator S3 Load2 Ratings: Generator : 0.8MW, Load 1 : 0.4MW, Load 2 : 0.6MW Switches: S1, S2, S3 each has sensor to inform control centre the power/load Control centre (CC): sets the state of switch based on the sensor information. = Sx + Ix Signal received by CC from each sensor; Sx : Signal sent by each sensor; Ix : Intervention to each sensor; 15 D. Kundur, Towards modelling the impact of cyber attacks on a smart grid, International Journal of Security and Networks, Volume 6 Issue 1, April 2011 What could happen if sensor(s) are compromised? Equivalent graphic representation I2 0.8 CC G S1 T S2 L1 0.4 S3 L2 0.6 Total load is 1.0 MW, which is greater than generator s maximum capacity. Therefore, only L2 (the heavier load) can be connected. Normally, the total is equal to actual load. However, if S2 (Load 1) is compromised at 100 sec. and sends faulty signal to CC. Consider three cases: Case 1: I2 = 0.2, S2 = 0.4, 2= 0.6, total 1.2, L2 is still connected. ok Case 2: I2 = 0.4, S2 = 0.4, 2= 0.8, total 1.4, L2 should be disconnected and L1 should be connected because CC believes L1 is heavier than L2. lost of L2, ok for freq Case 3: I2 = -0.3, S2 = 0.4, 2= 0.1, total 0.7, both load should be connected. overload, freq drop 16 8
CPS approach Failure of nodes in one network may cause failure of dependent nodes in another network, which may lead to cascading failure Interdependency links the cyber and physical system S. Buldyrev R. Parshani, G. Paul, H. Stanley, Catastrophic cascade of failures in interdependent networks, Nature, Vol 464, 15 April, 2010 17 The Mechanism that Cyber Attacks Affect the Smart Grid Cyber attacks or the failures of key cyber devices will firstly downgrade the performance of the smart grid cyber system. The performance degradation of the cyber system will disturb the control process of the smart grid. The power system instability can cause the cascading failures of its components (e.g. generators or transmission lines), or lead to the continuous drop of voltages or freq Both may finally lead to large-scale blackouts. 18 9
The Framework for Smart Grid Cyber Security and Vulnerability Assessment 19 The Role of Cyber Technologies in The Smart Grid Advanced cyber technologies plays a vital role in the implementation of the smart grid. smart grid relays on sensing, communication and computing systems to collect, transfer and process information. 20 10
Why Modelling the Cyber System? The number of devices (distributed generators, electric vehicles, controllable loads, energy storage devices) to be controlled in the smart grid can be huge. All these devices will exchange information with the control centre; the traffic of the power communication network therefore will be much higher. For economic reason, the communication of the smart grid will possibly be implemented based on general purpose networks (e.g. Internet), which are more vulnerable to cyber attacks. Significant communication delay and data packet loss can be inevitable, which will greatly influence the control system performance. The security of the cyber system will also affect the security of the smart grid. 21 The Unified Modeling Approach of the Smart Grid The smart grid is the integration of power system and cyber system. Smart Grid The cyber system can be divided into three components: computing, communication and sensing. Cyber System Physical Power System Computing Devices (Server, PC, Embeded Processor, etc) Communication Network (Internet, Corporate WAN, etc) Sensors (Smart Meters, PMU, etc) Large Power Plants Transmission & Distribution Networks Distributed Generators, Electric Vehicles, Controllable Loads, etc 22 11
Implementing the Cyber System Models with OPNET OPNET is used to model and simulate the communication networks in the smart grid. OPNET can model a wide variety of networks and technologies: TCP (Transmission Control Protocol); OSPFv3 (Open Shortest Path First v3); MPLS (Multiprotocol Label Switching); IPv6 (Internet Protocol v6); Wimax (Worldwide Interoperability for Microwave Access); OPNET can estimate the key performance indices of a communication network (e.g. latency and data dropout rate). 23 The Smart Grid Communication Network Test-bed Test Communication Network Test Substation Network 24 12
Simulation Results Failure of a Communication Link Failure of a Frame Relay Switch 25 Procedure of Evaluating the Threats of Cyber Attacks Functional Dependency Analysis Formulate Attack and Environment Profiles Analyse the functional dependency of the cyber system, to identify critical cyber assets and possible attack paths. Construct the cyber attack knowledge base, which contains the detailed information of potential cyber attacks and attack objectives. Input Attack Scenario Construct Probability Density Tree (PDT) Evaluate the Impacts of the Cyber Attack using SIME For a specific attack scenario, construct the probability density tree (PDT) to model the entire attack path and calculate the attack success probability. If it is determined that the attack will succeed, the fast stability analysis will be employed to quantify the impacts of the attack on system dynamic security. 26 13
Vulnerability Identification with FDA The aim of functional dependency analysis (FDA) is to analyse the structure of the cyber system, understand the functional dependency relationships between its components, and identify potential system vulnerabilities. The FDA will produce a set of service contracts which take the following form: Component A will provide service A1 with 95% probability, if component B will provide service B1 with 90% probability and component C will provide service C2 with 98% probability. Based on the FDA, we can identify the cyber assets that may be attacked (vulnerabilities). We can also identify the potential path an attacker may follow to compromise the system. 27 Cyber Security Knowledge Base The cyber security knowledge base contains environment profiles and attack profiles. For each component (asset) of the cyber system, an environment profile will be formulated. The environment profile contains detailed asset information which can influence the success probability of a specific attack. 28 14
Cyber Security Knowledge Base An attack profile contains detailed information of a potential attack, such as the attack objective, attack method, and the pre-conditions that should be satisfied before this attack can be launched. For an attack A, its pre-attacks are the attacks that must be launched successfully before A can be launched. The post-attacks of attack A are the possible attacks that can be launched if A has succeeded. Probability Density Tree A probability density tree is a modified decision tree; The ellipse node represents a system state which is caused by a launched attack; The number in an ellipse node denotes the occurrence probability of this state; Each arrow from an attack to a system state contains several conditions which can influence the occurrence probability P. 30 15
Evaluating Cyber Attack Risks with Fast Stability Analysis The fast stability analysis (FSA) will be employed to quantitatively evaluate the risks of cyber attacks. The FSA firstly obtains the dynamic trajectories of power systems by solving system differential & algebraic equations; then evaluate the dynamic security of the system by e.g. calculating the transient stability index (TSI). The probability that a cyber asset is compromised can be calculated by employing PDT. The risk of a cyber attack can then be evaluated by calculating the expected transient stability index (ETSI). 31 Randomly Constructed PDT 32 16
Monte Carlo Based Attack Simulation A PDT will be randomly generated, its parameters can be estimated from historical network attack data; Using fast stability analysis to calculate TSI and measure the impact of this attack scenario on smart grid security; After N iterations finished, calculate the expected TSI; 33 Case Studies (Power Plant Scenario) In this scenario, the attacker will compromise the power plant control system via the corporate network. Three defensive measures, password-based access control, anti-malware system (AMS) and intrusion detection system (IDS), are considered. Stronger password, AMS and IDS will improve the cyber security (leading to higher ETSI). 34 17
Case Studies (Substation Scenario) In this scenario, the attacker will compromise the substation control system via remote connections. Attacking power plant poses greater threats than attacking substations based on case study results. Integrating Cyber Security Assessment Tool with PSS_E The developed tool has been integrated with an industrial software, PSS_E, for fast and reliable power system stability assessment; In the above scenario, the rotor angle curves indicate that the grid remains secure given the cyber attack; 18
Integrating Cyber Security Assessment Tool with PSS_E In the second scenario, the grid become unstable given the cyber attack at a key power plant. Smart Grid Sensor Network Security The smart grid relies on a variety of sensors to know its working states: Phasor measurement unit; Smart meter; Protective relay; Once sensors are compromised by attackers, they can generate false data, which is referred to as false data injection attack ; False data injection can cause catastrophic effects: Incorrect economic dispatch plans (lower economic efficiency) or huge market manipulation power Incorrect frequency and voltage control strategies (degraded system stability); Incorrect fault diagnosis results (equipment damage); 19
Power System State Estimation The objective of SE is to estimate system state based on meter measurements. The control centre will receive meter readings: Z H Y e Z : meter readings, Y : system state, H : measurement matrix, e : a vector of Gaussian measurement noise. Given an initial system state Y 0, all meter readings except the compromised meter are randomly generated using above equation. The reading of compromised meter can be manipulated by the attacker. Eigenvalue Analysis The small disturbance stability index of the power system can be obtained by performing the eigenvalue analysis. Consider the following linearized model of the system: 0 Here represents the vector of system dynamic states (e.g. generator rotor angle and angular speed).,,, are parameter matrices. We can assess the small disturbance stability of the system by calculating the eigenvalues of the following matrix: 20
Assessing the Impacts of False Data Injection Attack (FDIA) Given an initial system state and a compromised meter (If we are interested in determining how vulnerable a sensor S is, we will then choose it to be the compromised meter), randomly generate a set of meter readings for the uncompromised meters, and set the reading of the compromised meter to a false value. Obtain a system state estimate using a particular state estimation algorithm based on the false meter readings; this state estimate is referred to as a false system state. Solve an OPF model to obtain a dispatch plan based on the false system state. Employing eigenvalue analysis to calculate the system dynamic security index based on the dispatch plan and true system state. A smaller index indicates that the system is more secure. Repeat steps 1) - 3) for N times to obtain the expected value of the security index. Change the compromised meter reading and repeat steps 1) 4) until the expected security index is sufficiently close to 0; we define the reading, which makes the security index equals 0, as the marginal reading. It measures the vulnerability of a meter under FDIA. Simulation Results 21
Findings & Recommendations The business network of the electricity utility is an important point of entry for cyber attacks. Whitelisting can be an effective tool for defending against cyber attacks. To ensure its effectiveness, it should be deployed on all possible assets. Moreover, special attentions should be given to the attacks towards whitelisting system itself. Disable all unnecessary ports in the network; frequently perform vulnerability assessment and system update. Smart meters and home area networks will introduce new vulnerabilities. Emergency control measures are important to ensure the secure operation of the smart grid after being attacked. The control system network should be protected from the business network using all possible measures, 43 Findings & Recommendations Smart grid security can be affected by attacks from the physical power system as well as the cyber system System modelling Fast security assessment and preventative control The mechanisms of physical system attacks together with cyber attacks need to be better understood System modelling Cyber attacks Sensor network security Measures for smart grid security enhancement need to include physical as well as cyber system counter attack measures Interactions and interdependencies between physical and cyber systems 44 22
Thank you! Any Questions? Prof Z.Y. Dong Head of School Director, Centre for Future Energy Networks School of Electrical & Information Engineering Director, Clean Intelligent Energy Networks Cluster Faculty of Engineering & IT THE UNIVERSITY OF SYDNEY Tel +62 2 9351 2335 Mbl +62 481 008 973 E: joe.dong@sydney.edu.au 45 23