Protection and Cybersecurity in Inverter-Based Microgrids

Mohammadhassani, Ardavan

06 July 2023

Developing microgrids is an attractive solution for integrating inverter-based resources (IBR) in the power system. Distributed control is a potential strategy for controlling such microgrids. However, a major challenge toward the proliferation of distributed control is cybersecurity. A false data injection (FDI) attack on a microgrid using distributed control can have severe impacts on the operation of the microgrid. Simultaneously, a microgrid needs to be protected from system faults to ensure the safe and reliable delivery of power to loads. However, the irregular response of IBRs to faults makes microgrid protection very challenging. A microgrid is also susceptible to faults inside IBR converters. These faults can remain undetected for a long time and shutdown an IBR. This dissertation first proposes a method that reconstructs communicated signals using their autocorrelation and crosscorrelation measurements to make distributed control more resilient against FDI attacks. Next, this dissertation proposes a protection scheme that works by classifying measured harmonic currents using support vector machines. Finally, this dissertation proposes a protection and fault-tolerant control strategy to diagnose and clear faults that are internal to IBRs. The proposed strategies are verified using time-domain simulation case studies using the PSCAD/EMTDC software package. / Doctor of Philosophy / Renewable energy resources, such as wind, solar, and geothermal, are interfaced with the grid using DC-to-AC power electronic converters, popularly known as inverters. These “inverterbased resources (IBR)” are mostly distributed and located near consumers. During outages, IBRs can be used to provide power to customers. This gives developers the idea of integrating IBRs in microgrids. A microgrid is a miniature grid that consists of IBRs and customers. A microgrid is normally connected to the grid but can disconnect from the grid and operate on its own. To run efficiently, a microgrid uses fast and reliable communication between IBRs to create a high-performance distributed control strategy. However, this creates cybersecurity concerns for microgrids. This dissertation proposes a cybersecure distributed control strategy to make sure microgrids can keep their advantages. This dissertation also proposes a protection method that relies on machine learning to clear short circuits in the microgrid. Finally, this dissertation proposes a strategy to diagnose failures inside IBRs and ride through them. The proposed solutions are verified using the industry-grade simulation software PSCAD/EMTDC.

Cybersecurity

inverter-based resources

microgrids

power system protection

Cybersecurity and The Resilience Measures in Critical Infrastructure in Sweden : A Comparative Desk Study Between Sweden and The United States

Idengren, Pauline

January 2024

In an era marked by pervasive digitization, the reliance on interconnected information and communication technologies (ICTs) has become indispensable for the functioning of modern society. However, this digital transformation has exposed critical infrastructure sectors to a multitude of cyber threats, ranging from malicious cybercriminal activities to state-sponsored cyber espionage. As a result, ensuring the resilience of cybersecurity measures within critical infrastructure has emerged as a paramount concern for governments, organizations, and societies worldwide. This thesis investigates the approaches to cybersecurity resilience protection, with a comparative analysis between Sweden and the United States. Through an examination of cybersecurity risk management practices, threat intelligence sharing mechanisms, and public-private partnerships, the study aims to evaluate the resilience measures implemented in safeguarding vital sectors such as energy, healthcare and finance against cyber threats.  Drawing upon complexity theory and human security theory as theoretical frameworks, the research explores the institutional dynamics and socio-political factors shaping cybersecurity resilience strategies in both countries. By synthesizing empirical data from government reports, literature, industry publications, and expert interviews, the thesis aims to identify strengths and weaknesses together with key challenges, best practices, and areas for improvement in enhancing cybersecurity resilience capabilities. The findings of this study contribute to the academic discourse on cybersecurity resilience and by understanding the comparative strengths and weaknesses of cybersecurity resilience approaches, decision-makers can formulate evidence-based strategies to mitigate cyber risks and foster greater resilience in the face of evolving cyber threats.

Cybersecurity

Resilience

Critical Infrastructure

Cyberattacks

ICTs

Social Sciences

Samhällsvetenskap

<b>EXPLORING FACTORS INFLUENCING ADOPTION AND USAGE OF PRIVACY-ENHANCING TOOLS AMONG SMARTPHONE USERS</b>

Renusree Varma Mudduluru (18859075)

24 June 2024

<p dir="ltr">In this era of digital surveillance and data breaches, it is important to understand how users protect their smartphone privacy. There needs to be more detailed information regarding the prevalence, factors, and motivations influencing the adoption of privacy-enhancing tools and settings on mobile devices. This study aimed to address this knowledge gap by investigating the use of privacy tools among smartphone users and examining the impact of factors like demographics, awareness levels, and device platforms.</p><p dir="ltr">The study surveyed 342 participants recruited through Amazon Mechanical Turk (MTurk), and the data were analyzed. The survey gathered data on user characteristics, privacy concerns, experiences with breaches, and use of various privacy tools. Statistical analysis showed that demographic factors, particularly age, significantly influenced the use of privacy tools, aligning with previous research. Users with a higher awareness of digital privacy risks were likelier to adopt privacy-enhancing tools. The study found no significant difference in the prevalence and type of privacy tools used between iOS and Android users.</p><p dir="ltr">The study's focus on privacy-enhancing tools among smartphone users and the proposed hypotheses provide valuable insights for law enforcement and forensic practitioners, aiding in digital investigations, evidence collection, and understanding user behavior related to smartphone privacy measures. The study's outcomes contribute to digital forensics, cybersecurity, and privacy domains by providing insights into user behaviors, motivations, and the factors shaping privacy tool adoption on smartphones. These findings can inform the development of more user-centric privacy tools, policies, and educational campaigns, ultimately enhancing digital privacy protection and supporting law enforcement investigations in the digital age.</p>

Smartphone Privacy

Privacy-enhancing tools

An analysis of authentication models in cloud computing and on-premise Windows environments.

Viktorsson, Samuel

January 2024

The increased usage of cloud computing has transformed modern information technology by providing organisations with a scalable, flexible, and cost-effective alternative to the traditional on-premise service model. Both service models have their own set of advantages and disadvantages. One key aspect both service models have in common is the importance of keeping private data secure. There is an ongoing debate on whether cloud computing is safe enough to store private data. This thesis will help organisations understand the security considerations of the different service models. This will be accomplished through a case study researching the different authentication models of both service models and an experiment to gain further insights. The case study and experiment will conclude with a heuristic that organisations can use when picking an authentication model. The main conclusion of this thesis is that we consider the cloud computing service model less secure than the on-premise Windows service model. We also concluded that we consider an LDAP on-premise Windows authentication model and the Azure authentication model to have a higher chance of being less secure than the other authentication models researched in this thesis.

cybersecurity

cloud computing

authentication

on-premise

Computer and Information Sciences

Data- och informationsvetenskap

Essays on Innovation and Dynamic Capabilities: Evidence from Public Sector Operations and Cybersecurity

Miller, Marcus Soren

16 August 2024

The public sector needs the capacity for continual improvement and innovation. Cybersecurity threats against U.S. federal civilian agencies and national critical infrastructure stand out as a major problem area requiring agile and timely responses. Moreover, curbing ransomware attacks directed towards uniquely vulnerable domains, such as healthcare, education, and local government poses a particularly vexing policy challenge for government leaders. In three discrete essays, this dissertation examines management theories applied to the public sector and cybersecurity. The first two essays investigate a public management approach for improvement and innovation based on dynamic capabilities - that is, the organizational capacity to observe, understand, learn, and react in a transformational manner. The first essay of this dissertation presents a systematic literature review of empirical research on dynamic capabilities in the public sector which indicates clear benefits from the employment of dynamic capabilities through impacts on organizational capabilities, innovation, organizational change, operational performance, and public value. Building upon that literature review, the second essay of this dissertation applies archival data research and first-person interviews to examine the pivotal role played by dynamic capabilities in facilitating the generation and deployment of innovative cybersecurity approaches among the federal civilian agencies. This novel research identified and categorized dynamic capabilities in action and assessed their operational influence, specifically inter- and intra-agency collaboration, strategic planning, governance, and signature processes. The third essay of this dissertation was the first-ever documented system dynamics model of the ransomware ecosystem to understand incident trend patterns and provide insight into policy decisions. Simulation showed improvement by mandating incident reporting, reducing reporting delays, and strengthening passive defenses, but unexpectedly not by capping ransom payments. / Doctor of Philosophy / The public sector needs the capacity for continual improvement and innovation. Cybersecurity threats against U.S. federal civilian agencies and national critical infrastructure stand out as a major problem area requiring agile and timely responses. Moreover, curbing ransomware attacks directed towards uniquely vulnerable domains, such as healthcare, education, and local government poses a particularly vexing policy challenge for government leaders. In three discrete essays, this dissertation examines management theories applied to the public sector and cybersecurity. The first two essays investigate a public management approach for improvement and innovation based on dynamic capabilities - that is, the organizational capacity to observe, understand, learn, and react in a transformational manner. This dissertation first presents a review of prior research on dynamic capabilities in the public sector which indicates clear operational benefits. In the following essay, this dissertation examines the pivotal role played by dynamic capabilities in facilitating the generation and deployment of innovative cybersecurity approaches among the federal civilian agencies. The third essay of this dissertation highlights the simulation of the ransomware ecosystem to better understand incident trend patterns and provide insight into policy decisions such mandatory reporting requirements and defensive measures.

dynamic capabilities

innovation

public sector

cybersecurity

ransomware

system dynamics model

Challenges Within V2X : A cybersecurity risk assessment for V2X use cases

Brorsson, Adrian

January 2022

Vehicle-to-Everything (V2X) is referred to as the technology enabling communication and data exchange between vehicles and is considered a significant milestone within automotive. By enabling inter-vehicle communication, the vehicles will be more aware of their surroundings—including things outside their current line-of-sight (LOS). The vehicles utilizing this technology are in Europe referred to as Cooperative Intelligent Transport Systems (C-ITS). A single vehicle is referred to as an ITS station (ITS-S). These are the terms presented in the European V2X standard called the ETSI ITS. This thesis considered the ETSI ITS standard since it is one of the most mature within the V2X standardization flora. This thesis investigated some significant V2X use cases and conducted a risk assessment on a selection of these use cases. These significant use cases were discovered by performing semi-structured interviews with five candidates within the field. The conducted risk assessment was performed according to a method called Threat, Vulnerability, and Risk Assessment (TVRA), which ETSI has developed. The results of this thesis work became a set of safety-functional use cases that were considered significant. The cybersecurity risk varied and spanned from critical to minor risk concerning the attacks taken into account. Since security and hardening are critical aspects of automotive connectivity, this thesis provides some future research directions at the end of this thesis. One of these topics is, for example, the privacy perspective on V2X, which was not considered in this thesis.

Automotive cybersecurity

V2X cybersecurity

V2X use cases

ETSI ITS

ETSI TVRA

V2X risk assessment

Communication Systems

Kommunikationssystem

The effect of time pressure on human behavior regarding phishing susceptibility : Human aspects in information security

Abbasi, Muhammad Abbas Khan

January 2023

Human errors are common in the contemporary cyber ecosystem, and in an organization’s cybersecurity chain, humans are considered the weakest link. Cybercriminals exploit human vulnerabilities using sophisticated attacks such as phishing. Human susceptibility to phishing is a persistent threat, and has a devastating effect on organizational and personal security. Previous researchers found that human susceptibility to phishing increases in presence of some factors such as organizational, individual, and environmental. Various studies highlight time pressure as one of the influencing factors that can negatively or positively impact human behavior. This research study aimed to investigate the effect of time pressure on human cybersecurity behavior regarding the ability to detect phishing. The study used quantitative research and developed a questionnaire comprising interactive phishing emails distributed online to 03 random groups having different time limits to complete the questionnaire. The study received 356 complete responses. The study's result shows a slight change in user behavior under time pressure, and the impact of time pressure can be positive or negative. However, the results are not statistically significant for all demographic groups to accept this slight change in variance. Moreover, this study's results validate previous studies on human susceptibility to phishing and found more than 50 % of respondents vulnerable to phishing. Thus, the results of this study indicate that the factor of time pressure itself does not significantly impact the human ability to detect phishing. However, it is essential to note that other work-related tasks or stress associated with time pressure can influence human behavior in detecting phishing attempts. In conclusion, the author also proposes further testing and some methodology tweaking by modifying the time given to each tested group and adding more elements to the questionnaire. Finally, the study also suggested conducting the same analysis on physically controlled groups in an organizational or institutional setting.

Cybersecurity behavior

phishing susceptibility

cybersecurity awareness

time pressure

the human factor

Information Systems, Social aspects

A MACHINE LEARNING BASED WEB SERVICE FOR MALICIOUS URL DETECTION IN A BROWSER

Hafiz Muhammad Junaid Khan (8119418)

12 December 2019

Malicious URLs pose serious cyber-security threats to the Internet users. It is critical to detect malicious URLs so that they could be blocked from user access. In the past few years, several techniques have been proposed to differentiate malicious URLs from benign ones with the help of machine learning. Machine learning algorithms learn trends and patterns in a data-set and use them to identify any anomalies. In this work, we attempt to find generic features for detecting malicious URLs by analyzing two publicly available malicious URL data-sets. In order to achieve this task, we identify a list of substantial features that can be used to classify all types of malicious URLs. Then, we select the most significant lexical features by using Chi-Square and ANOVA based statistical tests. The effectiveness of these feature sets is then tested by using a combination of single and ensemble machine learning algorithms. We build a machine learning based real-time malicious URL detection system as a web service to detect malicious URLs in a browser. We implement a chrome extension that intercepts a browser’s URL requests and sends them to web service for analysis. We implement the web service as well that classifies a URL as benign or malicious using the saved ML model. We also evaluate the performance of our web service to test whether the service is scalable.

Computer System Security

Machine learning in cyber-security

Real time malicious URL detection

Generic features for malicious URLs

Cybersecurity

cybersecurity engineering

Development of a guideline for cybersecurity awareness-raising in large Swedish public organizations : A design science project

Burvall, Felicia

January 2023

Technological advancement has significantly impacted people and organizations during the last decade. Society is exposed to an increasing rate of cyber-attacks utilizing sophisticated tools to accomplish their objectives. Previously attackers’ primary focus was exploiting technological vulnerabilities to access organizations’ information; however, attackers have shifted their focus to exploiting the vulnerabilities in people’s human nature instead. This has resulted in organizations acknowledging that technical security measures alone are insufficient in providing adequate protection for organizations and need to invest in mitigating the risk people pose to an organization’s cybersecurity. Thus realizing the need to address cybersecurity’s social-technical nature. Organizations have begun implementing cybersecurity awareness-raising initiatives to increase people’s cybersecurity awareness to reduce human-instigated breaches. This is especially crucial for organizations in the public sector to achieve because they tend to produce more destructive and widespread repercussions to society. To provide organizations in the public sector with the means to achieve good cybersecurity awareness, this thesis aims to develop a guideline for managers in large Swedish public organizations to assist them in their complex cybersecurity awareness-raising endeavors. The thesis employs a design science research strategy to develop, evaluate, and validate the guideline with the assistance of cybersecurity awareness experts. The results show six principal factors have been established as significant for raising cybersecurity awareness in large Swedish public organizations. These factors range from user-oriented, managerial, and technical, supporting the assertion that cybersecurity is a complex socio-technical matter. The key contribution of this thesis is to introduce a highly abstract guideline to enhance large Swedish public organizations’ cybersecurity awareness efforts.

Cybersecurity awareness (CSA)

cybersecurity awareness-raising

design science research (DSR)

guideline development

large Swedish public organization

Information Systems, Social aspects

AUTOSARLang: Threat Modeling and Attack Simulation for Vehicle Cybersecurity

Girmay Mesele, Asmelash

January 2018

The rapid growth and development of the Information and Communications Technology attract many industries including the automotive industry. Since the last four decades, the automotive engineering has been impacted by the Information Technology. Nowadays, modern vehicles are being designed with up to hundreds of electronic control units (ECUs) and be able to communicate with other vehicles, infrastructure, and other things via wireless networks and sensors. For such in-vehicle networks, serial bus systems like CAN bus, LIN bus, FlexRay, and MOST are standardized. Parallel to this, the automotive industry vendors designed and standardized automotive open systems architecture (AUTOSAR) software platform. AUTOSAR has two main standards - the classical platform and adaptive platform. The classical platform (CP) is designed for the current embedded ECUs, whereas the adaptive platform (AP) is being designed for the future intelligent ECUs. The intelligent AP ECU constitute many multi-processing processors and Ethernet to realize the future autonomous vehicles.On the other hand, automotive industries shall ensure “safety first” in their design and regard it as part of their market feature. Directly or indirectly, the safety of the modern connected vehicles is related to their cybersecurity. Today, cybersecurity professionals are conducting researches to bring remarkable solutions to the sophisticated cyberattacks. One approach of cybersecurity solution is to make a cyber threat modeling and attack simulations. Example, meta-attack-language (MAL) is a threat modeling and attack simulation language, which is designed to make domain-specific threat analysis.In this study, potential assets of an automotive vehicle with AP ECUs are identified. Then, threats of each identified asset are collected from different literature. With both inputs, a cyber threat model is written using MAL. Finally, validation of the model is made with a simulation language. Consequently, modern vehicle with AP ECUs is modeled and simulated.This study contributes four important things - list of potential assets that AP running vehicle constitutes, collected list of threats of the identified assets, validated cyber threat model, and simulation test cases for each potential attack paths in the model. / Den snabba tillväxten och utvecklingen av informations- och kommunikationstekniken lockar många‌ branscher, däribland bilindustrin. Sedan de senaste fyra decennierna har automotive engineering påverkats av informationstekniken. Numera är moderna fordon utformade med upp till hundratals elektroniska styrenheter (ECU) och kan kommunicera med andra fordon, infrastruktur och andra saker via trådlösa nätverk och sensorer. För sådana inbyggda nätverk är seriella bussystem som CAN-buss, LIN-buss, FlexRay och MOST standardiserade. Parallellt med detta har automotive-leverantörerna utformat och standardiserat automatsystem för öppna systemarkitekturer (AUTOSAR). AUTOSAR har två huvudstandarder - den klassiska plattformen och den adaptiva plattformen. Den klassiska plattformen (CP) är utformad för nuvarande inbyggda ECU, medan den adaptiva plattformen (AP) är utformad för framtida intelligenta ECU. Den intelligenta AP-enheten utgör många processorer och Ethernet för att förverkliga de framtida autonoma fordonen. Bilindustrin ska å andra sidan säkerställa "säkerhet först" i sin design och betrakta den som en del av deras marknadsfunktion. Direkt eller indirekt är säkerheten hos moderna anslutna fordon relaterad till sin cybersäkerhet. Idag genomför cybersecurity-proffs för att få anmärkningsvärda lösningar på de sofistikerade cyberattackarna. Ett tillvägagångssätt för cybersecurity-lösningen är att göra en modellering av cyberhot och attack simuleringar. Exempel, meta-attack-language (MAL) är ett hot modellerings-och attack simuleringsspråk, som är utformat för att göra domänspecifik hotanalys. I denna studie identifieras potentiella tillgångar i ett fordonsbil med AP-ECU. Därefter samlas hot av varje identifierad tillgång från olika litteratur. Med båda ingångarna skrivs en cyber-hotmodell med MAL. Slutligen görs validering av modellen med ett simuleringsspråk. Följaktligen modelleras och simuleras moderna fordon med AP-ECU. Denna studie bidrar till fyra viktiga saker - en lista över potentiella tillgångar som AP-körfordon utgör, samlad lista över hot av identifierade tillgångar, validerad cyberhot-modell och simuleringsprovfall för varje potentiell attackvägar i modellen.

vehicular cybersecurity

threat model

attack simulation

AUTOSAR Adaptive Platform

vehicular cybersecurity

hot modell

attack simulering

AUTOSAR Adaptiv plattform

Engineering and Technology

Teknik och teknologier