SMART GRID COMMUNICATIONS

Asbery, Christopher W

01 January 2012

Smart grid technologies are starting to be the future of electric power systems. These systems are giving the utilities detailed information about their systems in real time. One of the most challenging things of implementing smart grid applications is employing the communications into the systems. Understanding the available communications can help ease the transition to these smart grid applications. Many of the utility personnel are spending too much time trying to figure out which communication is better for their application or applications. So this thesis presents the different communication types available with discussing the different attributes in which these communication types are going to offer to the utility. Then these communication types are looked such that utilities can quickly understand how to approach the difficult task of obtaining the information from the different smart grid applications by the use of different communication options.

Smart Grid Technologies

Communications

Automatic Metering Infrastructure

Supervisory Control and Data Acquisition

Communication Reliability

Power and Energy

Systems and Communications

An intrusion detection system for supervisory control and data acquisition systems

Hansen, Sinclair D.

January 2008

Despite increased awareness of threats against Critical Infrastructure (CI), securing of Supervisory Control and Data Acquisition (SCADA) systems remains incomplete. The majority of research focuses on preventative measures such as improving communication protocols and implementing security policies. New attempts are being made to use commercial Intrusion Detection System (IDS) software to protect SCADA systems. These have limited effectiveness because the ability to detect specific threats requires the context of the SCADA system. SCADA context is defined as any information that can be used to characterise the current status and function of the SCADA system. In this thesis the standard IDS model will be used with the varying SCADA data sources to provide SCADA context to a signature and anomaly detection engine. A novel addition to enhance the IDS model will be to use the SCADA data sources to simulate the remote SCADA site. The data resulting from the simulation is used by the IDS to make behavioural comparison between the real and simulated SCADA site. To evaluate the enhanced IDS model the specific context of a water and wastewater system is used to develop a prototype. Using this context it was found that the inflow between sites has similar diurnal characteristic to network traffic. This introduced the idea of using inflow data to detect abnormal behaviour for a remote wastewater site. Several experiments are proposed to validate the prototype using data from a real SCADA site. Initial results show good promise for detecting abnormal behaviour and specific threats against water and wastewater SCADA systems.

Information security

intrusion detection system (IDS)

remote telemetry device (RTU)

anomaly detection

signature detection

Διαχείριση και έλεγχος Programmable Logic Controller (PLC) μέσω Ethernet/Internet

Χριστόπουλος, Κωνσταντίνος

20 September 2010

Ο στόχος της παρούσας διπλωματικής εργασίας είναι ο έλεγχος και αποκατάσταση της θερμοκρασίας και της υγρασίας από απόσταση σε ένα χώρο ο οποίος απαιτεί συγκεκριμένες τιμές των δύο παραπάνω μεγεθών. Ένας τέτοιος χώρος μπορεί να είναι μια αίθουσα χειρουργείου ή μια μονάδα εντατικής θεραπείας. Ανάλογα με τις επιθυμητές θερμοκρασίες που έχουν τεθεί, ενεργοποιούνται οι βάνες του θερμαντικού ή του ψυκτικού στοιχείου. Όταν η υγρασία του χώρου είναι κατώτερη της επιθυμητής, ενεργοποιείται η τρίοδος βάνα ατμού. Όταν η υγρασία του χώρου είναι υψηλότερη της επιθυμητής ενεργοποιείται η τρίοδος βάνα του ψυκτικού στοιχείου για επιπλέον ψύξη (αφύγρανση) και παράλληλα, αν χρειαστεί ενεργοποιεί και την τρίοδο βάνα του θερμαντικού στοιχείου για να διατηρήσει τη θερμοκρασία του χώρου στα επιθυμητά επίπεδα. Όλα αυτά υλοποιούνται με τη βοήθεια του PLC S7 300 όσο αφορά το λειτουργικό μέρος, της μονάδας CP 343-1 Lean για την επικοινωνία της εγκατάστασης από απόσταση μέσω ethernet, το LabVIEW 9.0 για την υλοποίηση του SCADA(Supervisory Control and Data Acquisition) και τέλος ο OPC SERVER της National instrument για την επικοινωνία του PLC S7 300 με το LabVIEW 9.0. / The scope of this thesis is the control and restoration of temperature and humidity from distance in environments which demand precise values of these two measurements. Such an environment can be an Operating Room or an Intensive Care Unit. The valves of the heating or the cooling element are activated according to the desired temperature. When room humidity is below the desired one, the dew three-port valve is activated. On the other hand when humidity is above the desired level the three-port valve of the cooling element is activated for further cooling (dehydration) and at the same time, if needed, it activates the three-port valve of the heating element to maintain the room temperature at the desired level. This is possible with the use of PLC S7 300, when it comes to the functional part, the CP 343-1 Lean unit for the distant communication of the installation through the use of Ethernet, the LabVIEW 9.0 for the implementation of the SCADA(Supervisory Control and Data Acquisition) and the OPC SERVER of the National Instrument for the communication of the PLC S7 300 with LabVIEW 9.0.

Έλεγχος θερμοκρασίας

Υγρασία

629.895

Programmable Logic Controller (PLC)

NI OPC Server

Temperature control

Humidity

Proposta de arquitetura orientada a recursos para SCADA na Web

Polônia, Pablo Valério

January 2011

Dissertação (mestrado) - Universidade Federal de Santa Catarina, Centro Tecnológico, Programa de Pós-Graduação em Engenharia de Automação e Sistemas, Florianópolis, 2011 / Made available in DSpace on 2012-10-26T04:49:05Z (GMT). No. of bitstreams: 1 299173.pdf: 2790960 bytes, checksum: 3a2ce4ee4fd5dc7d5f239e8d7350372c (MD5) / Esta dissertação descreve uma proposta de arquitetura de software para aplicações típicas de Sistemas de Supervisão e Aquisição de Dados (SCADA), utilizando a World Wide Web como plataforma. O objetivo é mostrar como os requisitos característicos de aplicações SCADA podem ser incorporados em uma arquitetura condizente com os princípios arquiteturais que fundamentam a Web, dado que as arquiteturas comumente propostas para SCADA, baseadas em Chamadas Remota de Procedimento (RPC, na sigla em inglês), apresentam problemas de forte acoplamento, manutenção de estado e interfaces especializadas, que dificultam uma integração plena com a Web. Para isto é projetada uma Arquitetura Orientada a Recursos (ROA, na sigla em inglês), que utiliza as tecnologias da Web (HTTP, URI e tipos de mídia) de acordo com seus princípios de arquitetura. A arquitetura é projetada utilizando como cenário uma Célula Flexível de Manufatura (CFM), ambiente característico de um SCADA. As funcionalidades típicas de SCADA são projetadas como recursos e expostas para clientes que podem exibir sinóticos em uma IHM, esperar pelo disparo de alarmes, controlar o processo, configurar dispositivos e abastecer com dados sistemas de MES/ERP. Uma implementação é realizada, para demonstrar como se dá a interação entre aplicações na arquitetura. Nesta implementação um aplicativo SCADA (Mango M2M) teve sua arquitetura de software estudada e modificada para se adaptar as necessidades da arquitetura proposta. Como resultado, obtém-se uma arquitetura que cobre os requisitos típicos de aplicações SCADA, integrando-se à Web de forma condizente com seus princípios arquiteturais. Posteriormente a arquitetura projetada é comparada com uma arquitetura baseada em Web Services RPC e as diferenças em termos de integração com a Web e no cumprimento dos requisitos típicos de SCADA são analisadas

Engenharia de sistemas

Serviços da Web

Software

Arquitetura

Sequential-injection analysis

Marshall, Graham Dean

25 March 2010

Please read the abstract in the section 00front of this document / Thesis (PhD)--University of Pretoria, 2010. / Chemistry / unrestricted

Sia

Process analysis

Fia

Sequential-injection analysis

Device control and data acquisition

Flow-injection analysis

Flow-based analysis

UCTD

Resource- and Time-Constrained Control Synthesis for Multi-Agent Systems

Yu, Pian

January 2018

Multi-agent systems are employed for a group of agents to achieve coordinated tasks, in which distributed sensing, computing, communication and control are usually integrated with shared resources. Efficient usage of these resources is therefore an important issue. In addition, in applications such as robotics, a group of agents may encounter the request of a sequence of tasks and deadline constraint on the completion of each task is a common requirement. Thus, the integration of multi-agent task scheduling and control synthesis is of great practical interest. In this thesis, we study control of multi-agent systems under a networked control system framework. The first purpose is to design resource-efficient communication and control strategies to solve consensus problem for multi-agent systems.The second purpose is to jointly schedule task sequence and design controllers for multiagent systems that are subject to a sequence of deadline-constrained tasks. In the first part, a distributed asynchronous event-triggered communication and control strategy is proposed to tackle multi-agent consensus. It is shown that the proposed event-triggered communication and control strategy fulfils the reduction of both the rates of sensor-controller communication and controller-actuator communication as well as excluding Zeno behavior. To further relax the requirement of continuous sensing and computing, a periodic event-triggered communication and control strategy is proposed in the second part. In addition, an observer-based encoder-decoder with finite-level quantizeris designed to deal with the constraint of limited data rate. An explicit formula for the maximum allowable sampling period is derived first. Then, it is proven that exponential consensus can be achieved in the presence of data rate constraint. Finally, in the third part, the problem of deadline-constrained multi-agent task scheduling and control synthesis is addressed. A dynamic scheduling strategy is proposed and a distributed hybrid control law is designed for each agent that guarantees the completion and deadline satisfaction of each task. The effectiveness of the theoretical results in the thesis is verified by several simulation examples. / <p>QC 20180918</p>

Control Engineering

Reglerteknik

Extensible Model and Policy Engine for Usage Control and Policy-Based Governance: Industrial Applications

Hariri, Ali

25 March 2024

The main focus of this thesis is applied research targeting industrial applications of Usage Control (UCON) and policy-based governance. Nonetheless, we also tackle an associated core problem to address the diverse requirements of the targeted application domains. The core research problem is three-fold. (1) UCON enacts usage control in a fixed life cycle of three temporal phases: pre, ongoing and post. However, emerging security paradigms require custom and finer-grained lifecycles with phases and transitions tailored for the application domain. For example, data hub applications entail data-oriented usage control throughout the different stages of the data lifecycle (e.g., collection, retention, processing and destruction). Therefore, policy systems must enable custom lifecycles to accommodate a wide variety of applications. (2) Although UCON allows attribute values to change and updates usage decisions accordingly, it does not specify a mechanism to govern attribute values. This becomes necessary in decentralised environments where attributes are collected from external parties that are not necessarily trusted. For this reason, policy systems must incorporate a mechanism to govern attributes, prepare them for policy evaluation and ensure their trustworthiness. (3) Due to its widespread adoption, UCON has been extended and adapted for diverse purposes, leading to a proliferation of frameworks. While these variations added significant contributions in their respective fields, they lack comprehensiveness and generality. Therefore, a unified solution is needed to encompass the existing variations of UCON as well as future applications. By addressing these core problems, we aim to leverage policy-based governance in the following four industrial applications: (1) Industrial/International Data Spaces (IDS), (2) data hubs, (3) smart vehicles, and (4) credential transformation.To address these challenges and fulfil our applied research goals, we present six contributions in this thesis. (1) We propose UCON+: an extensible model that extends beyond traditional access and usage control providing a comprehensive framework for policy-based governance. UCON+ builds on the same foundations of UCON, making it an attribute-based model that incorporates continuous monitoring and policy re-evaluation. However, it only defines general structures and common functions, and outlines extensible behaviour to be implemented by concrete extensions. Specifically, UCON+ allows concrete extensions to govern attribute values and updates, and to specify custom lifecycles tailored for their respective requirements. (2) We introduce a general-purpose policy engine that implements the UCON+ model. The engine conserves an Attribute-Based Access Control (ABAC) baseline using a standard policy language. The policy engine also introduces another type of policies used to govern attribute values, and to define and drive custom lifecycles. Thus, different extensions of UCON+ can be realised within the same policy engine using policies, eliminating the need for reimplementation. The policy engine leverages a modular architecture with an optimised implementation. (3) We demonstrate the use of the policy engine in a cloud service that provides an IDS for contract-based data exchange. We specifically used the policy engine and designed a custom lifecycle to govern and drive the contract negotiation between the data provider and data consumer using policies. We also used the policy engine to govern data usage based on the negotiated data sharing agreement. (4) We also showcase the policy engine in a data hub setting, where we leveraged it to track and govern data objects throughout their lifecycles. We designed a lifecycle that captures the different stages of the data lifecycle based on the General Data Protection Regulation (GDPR). We show how data usage is controlled at each stage of the lifecycle using policies. (5) We present a dynamic identity management and usage control framework for smart vehicles using the policy engine. We specifically introduce a policy-based Security Token Service (STS) that issues contextualised capabilities that specify what subjects are allowed to do within the vehicle. The STS also manages the capabilities throughout their lifecycles and revokes them if the corresponding policies are violated, while also taking safety measures into consideration. (6) Finally, we describe an application of the policy engine for policy-based credential transformation. Specifically, we introduce a policy-based credential bridge that exchanges, aggregates or maps credentials between different domains or regulatory frameworks. The bridge uses policies that specify how to transform or issue credentials according to the requirements of each domain.

A one-class NIDS for SDN-based SCADA systems / Um NIDS baseado em OCC para sistemas SCADA baseados em SDN

Silva, Eduardo Germano da

January 2007

Sistemas elétricos possuem grande influência no desenvolvimento econômico mundial. Dada a importância da energia elétrica para nossa sociedade, os sistemas elétricos frequentemente são alvos de intrusões pela rede causadas pelas mais diversas motivações. Para minimizar ou até mesmo mitigar os efeitos de intrusões pela rede, estão sendo propostos mecanismos que aumentam o nível de segurança dos sistemas elétricos, como novos protocolos de comunicação e normas de padronização. Além disso, os sistemas elétricos estão passando por um intenso processo de modernização, tornando-os altamente dependentes de sistemas de rede responsáveis por monitorar e gerenciar componentes elétricos. Estes, então denominados Smart Grids, compreendem subsistemas de geração, transmissão, e distribuição elétrica, que são monitorados e gerenciados por sistemas de controle e aquisição de dados (SCADA). Nesta dissertação de mestrado, investigamos e discutimos a aplicabilidade e os benefícios da adoção de Redes Definidas por Software (SDN) para auxiliar o desenvolvimento da próxima geração de sistemas SCADA. Propomos também um sistema de detecção de intrusões (IDS) que utiliza técnicas específicas de classificação de tráfego e se beneficia de características das redes SCADA e do paradigma SDN/OpenFlow. Nossa proposta utiliza SDN para coletar periodicamente estatísticas de rede dos equipamentos SCADA, que são posteriormente processados por algoritmos de classificação baseados em exemplares de uma única classe (OCC). Dado que informações sobre ataques direcionados à sistemas SCADA são escassos e pouco divulgados publicamente por seus mantenedores, a principal vantagem ao utilizar algoritmos OCC é de que estes não dependem de assinaturas de ataques para detectar possíveis tráfegos maliciosos. Como prova de conceito, desenvolvemos um protótipo de nossa proposta. Por fim, em nossa avaliação experimental, observamos a performance e a acurácia de nosso protótipo utilizando dois tipos de algoritmos OCC, e considerando eventos anômalos na rede SCADA, como um ataque de negação de serviço (DoS), e a falha de diversos dispositivos de campo. / Power grids have great influence on the development of the world economy. Given the importance of the electrical energy to our society, power grids are often target of network intrusion motivated by several causes. To minimize or even to mitigate the aftereffects of network intrusions, more secure protocols and standardization norms to enhance the security of power grids have been proposed. In addition, power grids are undergoing an intense process of modernization, and becoming highly dependent on networked systems used to monitor and manage power components. These so-called Smart Grids comprise energy generation, transmission, and distribution subsystems, which are monitored and managed by Supervisory Control and Data Acquisition (SCADA) systems. In this Masters dissertation, we investigate and discuss the applicability and benefits of using Software-Defined Networking (SDN) to assist in the deployment of next generation SCADA systems. We also propose an Intrusion Detection System (IDS) that relies on specific techniques of traffic classification and takes advantage of the characteristics of SCADA networks and of the adoption of SDN/OpenFlow. Our proposal relies on SDN to periodically gather statistics from network devices, which are then processed by One- Class Classification (OCC) algorithms. Given that attack traces in SCADA networks are scarce and not publicly disclosed by utility companies, the main advantage of using OCC algorithms is that they do not depend on known attack signatures to detect possible malicious traffic. As a proof-of-concept, we developed a prototype of our proposal. Finally, in our experimental evaluation, we observed the performance and accuracy of our prototype using two OCC-based Machine Learning (ML) algorithms, and considering anomalous events in the SCADA network, such as a Denial-of-Service (DoS), and the failure of several SCADA field devices.

Redes : Computadores

Seguranca : Redes : Computadores

Supervisory control and data acquisition

Software-defined networking

Smart grids

Network-based intrusion detection system

One-class classification

Assistance à l'Abstraction de Composants Virtuels pour la Vérification Rapide de Systèmes Numériques

Muhammad, W.

19 December 2008

De nos jours la conception des IP (IP: Intellectual Property) peut bénéficier de nouvelles techniques de vérification symbolique: abstraction de donnée et analyse statique formelle. Nous pensons qu'il est nécessaire de séparer clairement le Contrôle des Données avant toute vérification automatique. Nous avons proposé une définition du contrôle qui repose sur l'idée intuitive qu'il a un impact sur le séquencement de données. Autour de cette idée, le travail a consisté à s'appuyer sur la sémantique des opérateurs booléens et proposer une extension qui exprime cette notion deséquencement. Ceci nous a mené à la conclusion que la séparation parfaite du contrôle et des données est illusoire car les calculs dépendent trop de la représentation syntaxique. Pour atteindre notre objectif, nous nous sommes alors basés sur la connaissance fournie par le concepteur: séparation a priori des entrées contrôle et des entrées données. De cela, nous avons proposé un algorithme de slicing pour partitionner le modèle. Une abstraction fut alors obtenue dans le cas où le contrôle est bien indépendant des données. Pour accélérer les simulations, nous avons remplacé le traitement de données, défini au niveau bit par un modèle d'exécution fonctionnel, tout en gardant inchangé la partie contrôle. Ce modèle intègre des aspects temporels qui permet de se greffer sur des outils de model checking. Nous introduisons la notion de significativité support des données intentionnelles dans les modèles IP. La significativité est utilisée pour représenter des dépendances de données booléennes en vue de vérifier formellement et statiquement les lots de données. Nous proposons plusieurs approximations qui mettent en oeuvre cette nouvelle notion.

[SPI:OTHER] Engineering Sciences/Other

RTL models

System-on-Chip (SoC)

Verification

Abstraction

Slicing

Control and Data

Semantics

Data dependence

VHDL

Synchronous models

Logic synthesis

Model checking

Formal verification

Inter-Area Data Exchange Performance Evaluation and Complete Network Model Improvement

Su, Chun-Lien

20 June 2001

A power system is typically one small part of a larger interconnected network and is affected to a varying degree, by contingencies external to itself as well as by the reaction of external network to its own contingencies. Thus, the accuracy of a complete interconnected network model would affect the results of many transmission level analyses. In an interconnected power system, the real-time network security and power transfer capability analyses require a ¡§real-time¡¨ complete network base case solution. In order to accurately assess the system security and the inter-area transfer capability, it is highly desirable that any available information from all areas is used. With the advent of communications among operations control center computers, real-time telemetered data can be exchanged for complete network modeling. Measurement time skew should be considered in the complete network modeling when combining large area data received via a data communication network. In this dissertation, several suggestions aiming toward the improvement of complete network modeling are offered. A discrete event simulation technique is used to assess the performance of a data exchange scheme that uses Internet interface to the SCADA system. Performance modeling of data exchange on the Internet is established and a quantitative analysis of the data exchange delay is presented. With the prediction mechanisms, the effect of time skew of interchanged data among utilities can be minimized, and consequently, state estimation (SE) could provide the accurate real-time complete network models of the interconnected network for security and available transfer capability analyses. In order to accommodate the effects of randomly varying arrival of measurement data and setup a base case for more accurate analyses of network security and transfer capability, an implementation of a stochastic Extended Kalman Filter (EKF) algorithm is proposed to provide optimal estimates of interconnected network states for systems in which some or all measurements are delayed. To have an accurate state estimation of a complete network, it is essential to have the capability of detecting bad data in the model. An efficient information debugging methodology based on the stochastic EKF algorithm is used for the detection, diagnosis and elimination of bad data.

Communication Network Simulation

Complete Network Model

Inter Control Center Data Exchange

Measurement Delay

Security Analysis

Bad Data Processing

Kalman Filter

State Estimation