The introduction of communication technology into the electric power grid has made the grid more reliable. Power system operators gain visibility over the power system and are able to resolve operational issues remotely via Supervisory Control And Data Acquisition (SCADA) technology. This reduces outage periods. Nonetheless, the remote-control capability has rendered the power grid vulnerable to cyberattacks. In December 2015, over 200,000 people in Ukraine became victims of the first publicly reported cyberattack on the power grid. Consequently, cyber-physical security research for the power system as a critical infrastructure is in critical need.
Research on cybersecurity for power grids has produced a diverse literature; the multi-faceted nature of the grid makes it vulnerable to different types of cyberattacks, such as direct power grid, supply chain and ransom attacks. The attacks may also target different levels of grid operation, such as the transmission system, distribution system, microgrids, and generation. As these levels are characterized by varying operational constraints, the literature may be categorized not only according to the type of attack it targets, but also according to the level of power system operation under consideration. It is noteworthy that cybersecurity research for the transmission system dominates the literature, although the distribution system is noted to have a larger attack surface.
For the distribution system, a notable attack type is the so-called direct switching attack, in which an attacker aims to disrupt power supply by compromising switching devices that connect equipment such as generators, and power grid lines. To maximize the damage, this attack tends to be coordinated as the attacker optimally selects the nodes and switches to attack. This decision-making process is often a bi- or tri-level optimization problem which models the interaction between the attacker and the power system defender. It is necessary to detect attacks and establish coordination/correlation among them. Determining coordination is a necessary step to predict the targets of an attack before attack completion, and aids in the mitigation strategy that ensues.
While the literature has addressed the direct switching attack on the distribution system in different ways, there are also shortcomings. These include: (i) techniques to establish coordination among attacks are centralized, making them prone to single-point failures; (ii) techniques to establish coordination among attacks leverage only power system models, ignoring the influence of communication network vulnerabilities and load criticality in the decisions of the attacker; (iii) attacker-defender optimization models assume specific knowledge of the attacker resources and constraints by the defender, a strong unrealistic assumption that reduces their usability; (iv) and, mitigation strategies tend to be static and one-sided, being implemented only at the physical level, or at the communication network level.
In light of this, this dissertation culminates in major contributions concerning real-time decentralized correlation of detected direct switching attacks and hybrid mitigation for electric power distribution systems. Concerning this, four novel contributions are presented: (i) a framework for decentralized correlation of attacks and mitigation; (ii) an attacker-defender optimization model that accounts for power system laws, load criticality, and cyber vulnerabilities in the decision-making process of the attacker; (iii) a real-time learning-based mechanism for determining correlation among detected attacks and predicting attack targets, and which does not assume knowledge of the attacker's resources and constraints by the power system defender; (iv) a hybrid mitigation strategy optimized in real-time based on information learned from detected attacks, and which combines both physical level and communication network level mitigation.
Since the execution of intrusion detection systems and mechanisms such as the ones proposed in this dissertation may deter attackers from directly attacking the power grid, attackers may perform a supply chain cyberattack to yield the same results. Although, supply chain cyberattacks have been acknowledged as potentially far-reaching, and compliance directives put forward for this, the detection of supply chain cyberattacks is in a nascent stage. Consequently, this dissertation also proposes a novel method for detecting supply chain cyberattacks. To the best of the knowledge of the author, this work is the first preliminary work on supply chain cyberattack detection. / Doctor of Philosophy / The electric power grid is the network that transports electricity from generation to consumers, such as homes and factories. The power grid today is highly remote-monitored and controlled. Should there be a fault on the grid, the human operator, often remotely located, may only need to resolve it by sending a control signal to telemetry points, called nodes, via a communication network. This significantly reduces outage periods and improves the reliability of the grid. Nonetheless, the high level connectivity also exposes the grid to cyberattacks. The cyber connectivity between the power grid and the human operator, like all communication networks, is vulnerable to cyberattacks that may allow attackers to gain control of the power grid. If and when successful, wide-spread and extended outages, equipment damage, etc. may ensue. Indeed, in December 2015, over 200,000 people in Ukraine became victims to the first publicly reported cyberattack on a power grid. As a critical infrastructure, cybersecurity for the power grid is, therefore, in critical need.
Research on cybersecurity for power grids has produced a diverse literature; the multi-faceted nature of the grid makes it vulnerable to different types of cyberattacks, such as direct power grid, supply chain and ransom attacks. Notable is the so-called direct switching attack, in which an attacker aims to compromise the power grid communication network in order to toggle switches that connect equipment such as generators, and power grid lines. The aim is to disrupt electricity service. To maximize the damage, this attack tends to be coordinated; the attacker optimally selects several grid elements to attack. Thus, it is necessary to both detect attacks and establish coordination among them. Determining coordination is a necessary step to predict the targets of an attack before attack completion. This aids the power grid owner to intercept and mitigate attacks. While the literature has addressed the direct switching attack in different ways, there are also shortcomings. Three outstanding ones are: (i) techniques to determine coordination among attacks and predict attack targets are centralized, making them prone to single-point failures; (ii) techniques to establish coordination among attacks leverage only power system physical laws, ignoring the influence of communication network vulnerabilities in the decisions of the attacker; (iii) and, studies on the interaction between the attacker and the defender (i.e., power grid owner) assume specific knowledge of the attacker resources and constraints by the defender, a strong unrealistic assumption that reduces their usability.
This research project addresses several of the shortcomings in the literature, particularly the aforementioned. The work focuses on the electric distribution system, which is the power grid that connects directly to consumers. Indeed, this choice is ideal, as the distribution system has a larger attack surface than other parts of the grid and is characterized by computing devices with more constrained computational capability. Thus, adaptability to simple computing devices is a priority. The contributions of this dissertation provide leverage to the power grid owner to intercept and mitigate attacks in a resilient manner. The original contributions of the work are: (i) a novel realistic model that shows the decision making process of the attacker and their interactions with the defender; (ii) a novel decentralized mechanism for predicting the targets of coordinated cyberattacks on the electric distribution grid in real-time and which is guided by the attack model, (iii) and a novel hybrid optimized mitigation strategy that provides security to the power grid at both the communication network level and the physical power grid level.
Since the power grid is constructed with smart equipment from various vendors, attackers may launch effective attacks by compromising the devices deployed in the power grid through a compromised supply chain. By nature, such an attack is evasive to traditional intrusion detection systems and algorithms such as the aforementioned. Therefore, this work also provides a new method to defend the grid against supply chain attacks, resulting in a mechanism for its detection in a critical power system communication device.
Identifer | oai:union.ndltd.org:VTETD/oai:vtechworks.lib.vt.edu:10919/111546 |
Date | 17 August 2022 |
Creators | Appiah-Kubi, Jennifer |
Contributors | Electrical Engineering, Liu, Chen-Ching, Ampadu, Paul K., Murzi Escobar, Homero Gregorio, Mehrizi-Sani, Ali, Jin, Ming |
Publisher | Virginia Tech |
Source Sets | Virginia Tech Theses and Dissertation |
Language | English |
Detected Language | English |
Type | Dissertation |
Format | ETD, application/pdf |
Rights | In Copyright, http://rightsstatements.org/vocab/InC/1.0/ |
Page generated in 0.0029 seconds