ArticlePDF Available

Time-Delay Switch Attack on Load Frequency Control in Smart Grid

Authors:

Figures

Content may be subject to copyright.
Time-Delay Switch Attack on Load Frequency Control in Smart Grid
Arman Sargolzaei1,a, Kang K. Yen1,b, MN. Abdelghani2,c
1Department of Electrical and Computer Engineering, Florida International University, Miami, USA
2Department of Mathematics and Statistical Sciences, University of Alberta, Edmonton, Canada
aasarg001@fiu.edu, bkang.yen@fiu.edu, cmnabdelghani@gmail.com
Keywords: Systems with delay, TDS attack, Smart grids, Load frequency control (LFC), Switched
systems, Power systems component, Hybrid systems
Abstract. Current smart power grids have communication infrastructure to improve efficiency,
reliability and sustainability of supply. However, their open communication architecture makes them
vulnerable to cyber-attacks with potentially catastrophic consequences. In this paper, we propose a
new model of time-delay switch (TDS) attack by introducing different time delays to each state in the
dynamics of a power system. This means, we delay the telemetered sensed state of a plant by a
specific amount of time delay for some specified attack time. Such an attack will have devastating
consequences or introduce hidden inefficiency on smart grids if no prevention measures are
considered in the design of these power systems. Here we will consider examples of the effects of the
TDS attack on the dynamic performance of a power system. To do this, we first formulated a state
space model of a smart power grid system under TDS attack using a hybrid systems approach. Then
we prove by analysis and demonstrate by simulations how a TDS attack can be used to sabotage and
destabilize a smart grid.
1. Introduction
Power grids and water supply systems are constantly updated by new telecommunication
technologies for control and monitoring to improve efficiency, reliability and sustainability of supply
and distribution. However, this modernization effort relies on computers and multi-purpose networks
which make power grids and water supply systems vulnerable to cyber-attacks which may cause
major impact on people’s life and economy. For example, the US power is operated with SCADA,
i.e. supervisory control and data acquisition systems. SCADA systems are industrial control systems
for large-scale processes that include multiple sites and are operated over long distances. Despite the
precautions, several cyber-attacks on SCADA systems have been reported [1, 2, 3, 4, 5, 6].
Furthermore, replacing proprietary communication networks by open communication standards
exposes process control and SCADA systems to risks associated with open networks such as
corrupted data, network delays and cyber-attacks [7].
Investigating methods of attacks on industrial control systems of sensitive infrastructures and
devising countermeasures and security control protocols have attracted the attention of academia,
industries, and governments. All of their efforts have culminated in a large amount of studies many
hardware and software systems dedicated to security countermeasures to prevent possible attacks on
industrial systems. We will review some of the most common attacks and expand on an attack known
as the time-delay switch attack or TDS for short.
Generally, an intruder enact an attack into the IT infrastructure of industrial control systems by
obtaining access various sensors and control signals, and/or manipulateing them to disrupt and
sabotage the systems. For instance, an intruder can disrupt a power system by increasing the load on
2013 International Conference on Advanced in Communication Technology
Advances in Communication Technology, Vol.5
978-1-61275-063-7/10/$25.00 ©2013 IERI ICACT 2013
a particular power transformer, by shutting down one or more sections of a smart power grid, or by
introducing inefficiencies in the power supply [8, 9, 10, 11].
The delay attack has been studied in [12] for sensor networks where can be happened in
communication lines. A class of false data injection (FDI) attacks bypassing the bad data detection in
SCADA systems was proposed by [11]. In [13], adversaries launched FDI attacks against state
estimates of power systems knowing only the perturbed model of the power systems. Y. Mo et al.
[14], studied FDI attacks on a control system equipped with Kalman filter. In [15], the smallest set of
adversary controlled meters was identified to perform an unobservable attack. Recently, Amin et al.
[8] considered denial of service (DoS) attacks on the communication channels in the measurements
telemetered in remote terminal units (RTUs) sent to the control center of power systems. They
demonstrated that an adversary may make power systems unstable by properly designing DoS attack
sequences. Liu et al. [10] considered how a switched-DoS attack on a smart grid can affect the
dynamic performance of its power systems. The Viking projects [16, 17] considered cyber-attacks to
Load Frequency Control (LFC), one of a few automatic control loops in SCADA power systems.
They analyzed the impacts of cyber-attacks on the control centers of power systems, by using
reachability methods. However, they only considered attacks on the control centers which are usually
harder to be attacked than the communication channels in the sensing loop of a power system.
In this paper, we will focus on the impact of introducing time delays in the sensing loop (SL) or in
the automatic generation control (AGC) signal--the only automatic closed loop between the IT and
the power system on the controller area. When an adversary chooses to introduce delays in a control
system, he or she is performing a time-delay-switch attack (TDS). Our work will show how TDS
attacks could make any control system, in particular a power control system, unstable. Therefore,
future smart grids will have to use advanced two-way communication and artificial intelligence
technologies to provide better situational awareness of power grid states keeping smart grids reliable
and safe from FDI, DOS or TDS attacks. While smart grid technologies will facilitate the aggregation
and communication of both system-wide information and local measurement, they will for sure
introduce their own cyber security challenges.
This paper is organized as follows: The power system and TDS attacks are modeled using hybrid
systems approach in the second section. In section III damage and risk assessment of power systems
under TDS attacks are analyzed using sabotage and instability analysis. In section IV we evaluate the
effects of TDS attacks on an example of a LTI approximation of a two-area LFC model.
Other
Parts
Other
Parts
Load
Frequency
Control
Communication
channels
Communication
channels
Attacker Attacker
Control SignalControl Signal
Tie line power felow
Loads
Loads
SensorsSensors
Reference Inputs
Power Area 1 Power Area 2
SW SW
Figure 1 Two-area power system with Load Frequency Control (LFC) under TDS attacks
2. Model of Power Systems with TDS Attacks
It is reasonable to model a power system under TDS attacks as a hybrid system, by formulating TDS
attacks as a switch action, “Off/Delay-by- ”, where is some random delay time, of the sensed
system states or control signals of a power system. Here we will consider the TDS attack on the power
LFC system.
Consider a two-area power system with automatic gain control in Fig.1 [10]. The LFC sends
control signals to the plant and the controller gets updated by feedback states through the
communication channels from/to the turbine and from the telemeter’s measurements for RTUs. The
communication channels are wireless networks. Attacks can be lunched by jamming the
communication channels (i.e. DOS attack), by distorting feedback signals (e.g. FDI attack) by
injecting delays (i.e. TDS attack) in data coming from telemeters measurements.
An LFC is usually designed as an optimal feedback controller. For the LFC to operate optimally it
requires power states estimation to be telemetered in real time. If an adversary introduces significant
time delays in the telemetered control signals or measured states, the LFC will deviate from it
optimality and in most cases the system will break down.
The two-area power system model and its extension to the multi-area interlock power system have
been proposed in [10]. The dynamic model of the LFC for the th
K
area is given by
KK
K
l
LK
K
K
KK
K
XX
PtXftUBtXAtX
0
)0(
)),(()()()( (1)
where 5
R
X
and 5
RU are the state and the control vectors, respectively. This model also depends
on the th
L
power area. Matrices KK
Aand K
B are constant matrices with appropriate dimensions, K
l
P
is the load deviation. Then K
X0 is an initial value vector for the th
K
power area. The state vector is
defined as
T
KK
pf
K
tu
K
g
KK ePPPftX )( (2)
where K
f, K
g
P, K
tu
P, K
pf
P and K
eare frequency deviation, power deviation of generator, value
position of the turbine, tie-line power flow and control error on the th
K
power area, respectively. The
control error of the th
K
power area is expressed as
t
K
K
Kdtfte
0
)( (3)
where K denotes the frequency bias factor.
In the dynamic model of the LFC, KK
A, K
B, and )),(( K
l
LPtXf are represented by
1000
00002
00
1
0
1
00
11
0
0
1
0
1
1
K
N
L
LK
KL
KgKgK
KtuKtu
KKK
K
KK
T
TT
TT
JJJ
A(4)
T
Kg
KT
B00
1
00 (5)
K
lK
L
N
L
LK
KL
K
l
LPDtXAPtXf )()),((
1
(6)
where N is the total number of power areas, K
J, K, K, Kg
T and Ktu
T are the generator moment
of inertia, the speed-droop coefficient, generator damping coefficient, the governor time constant, the
turbine time constant in the th
K
power area and KL
Tis the stiffness constant between the t h
K
and the
th
L
power area, respectively. Also we have
00000
00002
00000
00000
00000
KL
KL
T
A (7)
and
T
K
KJ
D0000
1 (8)
Equation 9 given the extension of the dynamic model (1) to the multi-area power system with
attack model using Equations (4), (5), (6), (7) and (8).
0
)0(
)()()(
XX
PDtBUtAXtX l (9)
where
NNNNN
N
N
N
AAAA
AAAA
AAAA
AAAA
A
321
3333231
2232221
1131 211
(10)
}{ 321
T
N
BBBBdiagB (11)
}{ 321
T
N
DDDDdiagD (12)
The optimal feedback controller is given by
XKU ˆ (13)
and the new state after the attack can be modeled by
)(
)(
)(
ˆ
ˆ
ˆ
2
1
2
1
dN
d
d
NttX
ttX
ttX
X
X
X
(14)
In (14), ...,, 21 dd tt and dN
t are different time-delays and are positive integers. When dNdd ttt ...,,, 21 are
all zero, the system is in the normal operation. An adversary can get access to the communication line
and switch on/off a delay attack on the line to cause the system to abnormal operations. This paper
analyzes TDS attacks in some detail and shows how it can be used to switch a system to unstable
states.
The analysis starts with the design of an optimal controller for the LFC in the normal operation
(i.e., with no attack), then we analyze the behavior of the system under attacks.Consider the system
model described by (9) with the performance index described by
dttRUtUtQXtXJ T
t
T
f
)}()()()({
2
1
0
(15)
where matrix nn
RQ is positive semi-definite and mm
RR is positive definite. Then the optimal
control problem is to the obtain optimal control )(
*tU that minimize the performance index (15),
subject to the dynamic of the system with no time-delay in its states.
3. Sabotage and Destability Analysis
To show that TDS attacks can destabilize the systems, we use the following proof for our hybrid
system. Before commenceing the proof the instibilzing effect of the TDS attack, we assume that the
LFC can be approximated by a linear time-invarient (LTI) system and its optimal controller has the
form ).()( tKXtU
Where under a TDS attack, the control can be described by
b
ba
a
tttXK
ttttXK
tttXK
tU
)(
)(
)(
)( (16)
where is a set of dNdd ttt ,,, 2,1 ,a
t is the start time of attack and b
t is the end time of an attack. It is
obvious that the system is stable for all a
tt and maybe stable for b
tt by the definition of the
optimal controller. However, for ba ttt it is not obvious that the system would be stable.
Theorem 1: Without loss of generality we suppose b
t. Then we consider the system described
in (9) with an attack described by (16). The system under attack is not stable if the hybrid dynamic
model of system has at least one positive eigenvalue or at least one pole in the right hand plane
(RHP).
Proof: Consider (9) with 0
l
P(for simplicity). Applying (16) to (9) for a
tt , we obtain
)()()( tBKXtAXtX (17)
Its characteristic equation is
0)( BKAsI (18)
Solving (18) for
s
’ gives the eigenvalues of the system before attack.
For a
tt the system is described by
)()()( tXBKtAXtX (19)
Taking the Laplace transform from of the above equation, we obtain
XBKeAXsX s (20)
Let st
etX )( be a proposed solution of (19), then we have
stsstst eBKeAeIse (21)
Here ‘
s
’ must satisfy the characteristic equation of the delay system (19), i.e.
0)( s
BKeAsI (22)
In order to keep the system in the same stable situation as before the attack, the new eigenvalues
should be at the same place as those eigenvalues right before the attack. So from (18) and (22) we
obtain
IIeIeIBK ss 0)( (23)
Equation (23) is satisfies if and only if 0. Then we can conclude for 0, the system (9) will be
disturbed for those subspaces (time-delays), where for larger time-delays, the system will be
unstable.
4. Demonstration of Instability by Simulation
Simulation studies have been conducted to evaluate the effects of TDS attacks on the dynamics of the
system. Based on the Pontryagin’s minimum principle [18], the optimal control law can be found for
the system in its normal operation. For simplicity of discussion, we set 2N, which means a
two-power-area system. Table 1 shows parameter values used in this process. Since simulation on
certain duration tracks a step load change, we also set 1
l
Pand 0
2
l
P.
Table 1 Parameter values for two area power system optimal controller design
Paramet
er Value Paramet
er Value
1
J 10 1 05.0
1 5.1 1g
T s12.0
1tu
T s2.0 2tu
T s45.0
12
T radpu/198.0 21
T radpu /198.0
2
J 12 2 05.0
2 1 2g
T s18.0
R 100 f
Q 0
Q 100 f
t
1 5.21 221
Then the instability of the system can be studies by finding the eigenvalues of the system before
and after the attack. Roots (zeros) of (22) determine the stability of the system. For simulation
simplicity, the fifth order Pade approximation [19] has been used to approximate s
e.
0)
3042033601512030240
3042033601512030240
(55443322
55443322
sssss
sssss
BKAsI (24)
Fig. 2 shows the results of the system eigenvalues before and after different TDS attacks. As
tends to be larger than zero, the eigenvalues move from the LHP to the RHP. It clearly shows that
the system become unstable for time-delay larger than sec3.0 . In Fig.2 crosses, points, circles and
stars denote eigenvalues of the system with no attack and attacks with time delay sec1.0 ,
sec4.0 and sec6.0 , respectfully. Fig. 3 shows the maximum eigenvalue track based on different
time-delay. Figures 2 and 3 clearly show that the system become unstable when delay value
increases.
-12 -10 - 8 -6 -4 -2 0 2 4
-20
-15
-10
-5
0
5
10
15
20
Figure 2 Eigenvalues of the system for normal operation and attack by different time-delays
Figure 3 Maximum Eigenvalues for different time-delay attacks
The total simulation time is 40 seconds. We deliberate that the adversary has an access to switch
SW in figure 1 and starts the TDS attack T
dndd ttt 21 . Consider that the attack occurs at time
a
t. In the figures we only show the dynamics of the first area of the two-area system in the normal
operation and under different attack conditions. In, Figures 4 the graphs (a), (b), (c) and (d) show the
simulation results of the frequency deviation, the power deviation of the generator, the value position
of the turbine and the tie-line power flow, respectively.
Case 1:
The adversary attacks all of the states at sta15 , with the same time-delay pattern. In Figures 4 (a),
(b), (c) and (d), the black lines show normal operation. TDS attack 1(Blue dashes) and 2(Red
dot-dashes) denote time-delay attacks with 4.0,,4.0,4.0 1021 ddd ttt and
6.0,,6.0,6.0 1021 ddd ttt , respectively. It is clear that system moves into the unstable region with
the attacks.
Case 2:
The attack starts at time sta5, and the hacker attacks only one state of the system. In the Figures
5, the graphs (a), (b), (c) and (d), TDS attacks 1 and 2 denote attacks with time-delay of 6.0
1d
t and
1
1d
t, respectively (It means that there is no time-delay attack for other states). In the case of TDS
attack at 3.0
1d
t, the system is disturbed but still stable.
The result of Case 1 and Case 2 results, conclude that the adversary can cause instability to the
system even by attacking one state of the system.
5. Conclusion
This paper considers TDS attacks, a new type of attack on the cyber layer of smart grids that can
sabotage the dynamic performance of power systems. The LFC power system under TDS attacks
modeled using hybrid systems, and the TDS attacks are formulated as switch action “Off/Delay-by-
sensing channels or control inputs. Then the destabilizing action of TDS attacks on power systems
has been studied by using methods from hybrid systems theories. A two-area LFC LTI model has
been simulated to evaluate the effects of TDS attacks. The results show that TDS attacks affect the
dynamic performance of the LFC system and in many cases could destroy the system stability which
can be launched at any time during the operation of the power system. Our future work will focus on
trying to make controllers and communication protocols robust under this type of attack.
00.1 0.2 0.3 0.4 0.5 0.6 0.7
-4
-2
0
0
0.2
0.4
0.6
0.8
Time-delay
Imag
Maximum Eigenvalue
Figure 4-(a) Frequency deviation, K
f
Figure 4-(b) Power deviation of generator, K
g
P
Figure 4-(c) Value position of the turbine, K
tu
P Figure 4-(d) Tie-line power flow, 1
pf
P
0 5 10 15 2 0 25 3 0 35 4 0
-0.1
-0.08
-0.06
-0.04
-0.02
0
0.02
0.04
0.06
0.08
0.1 Normal
TDS 1
TDS2
0 5 10 15 2 0 25 3 0 35 40
-4
-3
-2
-1
0
1
2
3
4
5
Normal
TDS 1
TDS 2
0 5 10 15 2 0 25 3 0 35 40
-6
-4
-2
0
2
4
6
Time
Normal
TDS 1
TDS 2
0 5 10 15 2 0 25 3 0 3 5 40
-0.15
-0.1
-0.05
0
0.05
0.1
0.15
0.2
Time
Normal
TDS 1
TDS 2
Figure 5-(a) Frequency deviation, K
f Figure 5-(b) Power deviation of generator, K
g
P
Figure 5-(c) Value position of the turbine, K
tu
PFigure 5-(d) Tie-line power flow, 1
pf
P
References
[1] Gorman, S. (2009, April 8, 2009). Electricity Grid in U.S. Penetrated By Spies. The Wall Street
Journal, A1.
[2] Greenberg, A. (2008, January 18 2008). Hackers Cut Cities' Power, Forbes.
[3] Meserve, J. (2007, September 26 2007). Sources: Staged cyber attack reveals vulnerability in
power grid. CNN.
[4] News, B. (2000, January 18 2000). Colombia rebels blast power pylons. Retrieved from
http://news.bbc.co.uk/2/hi/americas/607782.stm
[5] Pidd, H. (2012, 31 July 2012 ). India blackouts leave 700 million without power. The Guardian.
[6] Vijayan, J. (2010, July 26, 2010). Stuxnet renews power grid security concerns. Computer world.
[7] Byres, E., & Lowe, J. (2004). The Myths and Facts behind Cyber Security Risks for Industrial
Control Systems. Paper presented at the VDE Kongress, Berlin, Germany.
0 5 10 15 2 0 25 3 0 35 4 0
-0.03
-0.02
-0.01
0
0.01
0.02
0.03
0.04
0.05
Time
Normal operation
TDS 1
TDS 2
TDS 4
0 5 10 15 2 0 25 3 0 3 5 40
-1.5
-1
-0.5
0
0.5
1
1.5
Time
Normal operation
TDS 1
TDS 2
TDS 3
0 5 10 15 2 0 25 3 0 35 4 0
-1.5
-1
-0.5
0
0.5
1
1.5
Time
Normal operation
TDS 1
TDS 2
TDS 3
0 5 10 15 2 0 25 3 0 3 5 40
-0.05
0
0.05
0.1
0.15
0.2
Time
Normal operation
TDS 1
TDS 2
TDS 3
[8] Amin, S., Cardenas, A. A., & Sastry, S. S. (2009). Safe and Secure Networked Control Systems
under Denial-of-Service Attacks. Paper presented at the Proceedings of the 12th International
Conference on Hybrid Systems: Computation and Control, San Francisco, CA.
[9] Cardenas, A. A., Amin, S., & Sastry, S. (2008). Research challenges for the security of control
systems. Paper presented at the Proceedings of the 3rd conference on Hot topics in security, San
Jose, CA.
[10]Liu, S., Liu, X. P., & Saddik, A. E. (2013). Denial-of-Service (dos) attacks on load frequency
control in smart grids. Paper presented at the Innovative Smart Grid Technologies (ISGT), 2013
IEEE PES.
[11]Liu, Y., Ning, P., & Reiter, M. K. (2009). False data injection attacks against state estimation in
electric power grids. Paper presented at the 16th ACM conference on Computer and
communications security, ser. CCS 09, New York, NY, USA.
[12]Hui Song, Sencun Zhu, Guohong Cao, Attack-resilient time synchronization for wireless sensor
networks, Ad Hoc Networks, Volume 5, Issue 1, January 2007, Pages 112-125, ISSN 1570-8705.
[13]Teixeira, A., Amin, S., Sandberg, H., Johansson, K. H., & Sastry, S. S. (2010, 15-17 Dec. 2010).
Cyber security analysis of state estimators in electric power systems. Paper presented at the
Decision and Control (CDC), 2010 49th IEEE Conference on.
[14]Mo, Y., & Sinopoli, B. (2010, April 2010). False data injection attacks in control systems. Paper
presented at the 1st Workshop on Secure Control Systems, Stockholm, Sweden.
[15]Kosut, O., Liyan, J., Thomas, R. J., & Lang, T. (2011). Malicious Data Attacks on the Smart
Grid. Smart Grid, IEEE Transactions on, 2(4), 645-658. doi: 10.1109/tsg.2011.2163807
[16]Esfahani, P. M., Vrakopoulou, M., Margellos, K., Lygeros, J., & Andersson, G. (2010). A robust
policy for automatic generation control cyber attack in two area power network. Paper presented
at the Decision and Control (CDC), 2010 49th IEEE Conference on.
[17]Mohajerin Esfahani, P., Vrakopoulou, M., Margellos, K., Lygeros, J., & Andersson, G. (2010).
Cyber attack in a two-area power system: Impact identification using reachability. Paper
presented at the American Control Conference (ACC), 2010.
[18]Sargolzaei, A., Yen, K. K., Noei, S., & Ramezanpour, H. (2013). Assessment of He's homotopy
perturbation method for optimal control of linear time-delay systems. Applied Mathematical
Sciences, 7(8), 349-361.
[19]Golub, G. H. and C. F. Van Loan, Matrix Computations, Johns Hopkins University Press,
Baltimore, 1989, pp. 557-558.
... A TDS attack is made by inserting time delays into communication channels of NCSs [11]. Since NCSs are time-sensitive and require updated measurement signals, a TDS can be highly destructive [11,12]. ...
... A TDS attack is made by inserting time delays into communication channels of NCSs [11]. Since NCSs are time-sensitive and require updated measurement signals, a TDS can be highly destructive [11,12]. Time delays can occur purposefully or inherently in a wide range of engineering systems [12][13][14]. ...
... Even though it has been shown in the literature that TDS attacks can cause instability in NCSs [11], only a few studies have focused on detecting TDS attacks in real time, and none have investigated the compensation of TDS attacks by designing a secure controller. A neural network (NN) approach was developed in [16] as a tool for estimating a time delay in industrial communication systems with nonlinear dynamics, but the stability of this controller has not been investigated. ...
Full-text available
Article
Networked control systems (NCSs) are designed to control and monitor large-scale and complex systems remotely. The communication connectivity in an NCS allows agents to quickly communicate with each other to respond to abrupt changes in the system quickly, thus reducing complexity and increasing efficiency. Despite all these advantages, NCSs are vulnerable to cyberattacks. Injecting cyberattacks, such as a time-delay switch (TDS) attack, into communication channels has the potential to make NCSs inefficient or even unstable. This paper presents a Lyapunov-based approach to detecting and estimating TDS attacks in real time. A secure control strategy is designed to mitigate the effects of TDS attacks in real time. The stability of the secure control system is investigated using the Lyapunov theory. The proposed TDS attack estimator’s performance and secure control strategy are evaluated in simulations and a hardware-in-the-loop environment.
... Compared with the above attacks, the time delay attack (TDA) [11] is arguably more challenging to deal with. The TDA simply delays (maliciously) data packets in transmission. ...
... CPS anomaly detection is an active area of research [33], [34]. Much previous work addresses the monitoring of control centers, without emphasizing related communication channels, which can be comparatively easier to exploit [11]. Machine learning-based methods have been recently applied for the anomaly detection with promising results. ...
Full-text available
Article
Control and communication technologies are key building blocks of cyber-physical systems (CPSes) that can improve the efficiency of the physical processes. However, they also make a CPS vulnerable to cyberattacks that can cause disruptions or even severe damage. This article focuses on one particular type of CPS cyberattack, namely the time delay attack (TDA), which exploits vulnerabilities in the communication channels to cause potentially serious harm to the system. Much work proposed for TDA detection is tested offline only and under strong assumptions. In order to construct a practical solution to deal with real-world scenarios, we propose a deep learning-based method to detect and characterize TDA. Specifically, we design a hierarchical long short-term memory model to process raw data streams from relevant CPS sensors online and continually monitor embedded signals in the data to detect and characterize the attack. Moreover, various strategies of interpreting the outputs of the model are proposed, which allow the user to tune the performance based on different objectives. We evaluate our model on two representative types of CPS, namely power plant control system (PPCS) and automatic generation control (AGC).Code and dataset can be found at: https://github.com/prakharg24/tda For TDA detection, our solution achieves an accuracy of 92% in PPCS, compared with 81% by random forests (RFs) and 72% by k-nearest neighbours (kNNs). For AGC, our solution achieves 98% accuracy, compared with 74% by RFs and 71% by kNNs. It also reduces the mean absolute error in the delay value characterization from about six to two seconds in the PPCS, and from about three seconds to half a second in the AGC, with about 3x to 4x shorter reaction latency in both systems.
... In [32,37], the authors introduce the puppet attack, where a vulnerability in the Advanced Metering Infrastructure (AMI) dynamic source routing protocol is exploited, causing the network bandwidth to become exhausted. In [43], the Time-Delay-Switch (TDS) attack is proposed, where attackers introduce time delays into control loops to cause general instability of the smart grid system. The Time Synchronization Attack (TSA) [40] targets the integrity of the GPS information of Phasor Measurement Units (PMUs) of various smart grid applications, including transmission line fault detection, voltage stability monitoring, and event locationing. ...
Full-text available
Article
The convergence of Information Technologies and Operational Technology systems in industrial networks presents many challenges related to availability, integrity, and confidentiality. In this paper, we evaluate the various cybersecurity risks in industrial control systems and how they may affect these areas of concern, with a particular focus on energy-sector Operational Technology systems. There are multiple threats and countermeasures that Operational Technology and Information Technology systems share. Since Information Technology cybersecurity is a relatively mature field, this paper emphasizes on threats with particular applicability to Operational Technology and their respective countermeasures. We identify regulations, standards, frameworks and typical system architectures associated with this domain. We review relevant challenges, threats, and countermeasures, as well as critical differences in priorities between Information and Operational Technology cybersecurity efforts and implications. These results are then examined against the recommended National Institute of Standards and Technology framework for gap analysis to provide a complete approach to energy sector cybersecurity. We provide analysis of countermeasure implementation to align with the continuous functions recommended for a sound cybersecurity framework.
... 2 [12,27]. To cope with TDAs, some resilient LFC schemes, which can estimate the TDAs in real time and overcome its effects were proposed in [28,29]. ...
Article
Load frequency control (LFC) of modern power systems tends to employ open communication networks to transmit measurement/control signals, which makes the LFC scheme more vulnerable to random time delays and time delay attacks. In this paper, a resilient and active time-delay-compensation-based LFC scheme is proposed to compensate the random time delays and time delay attacks. At first, a state observer is employed to estimate the state of the LFC system. Then a networked predictive control method is used to predict the control signals of the system at the future moments. Next, an evaluation and compensation scheme for random time delays and time delay attacks is constructed in the actuator side of the LFC scheme based on the updating period of the actuator and the timestamp technique. Due to the stochastic characteristics of the random time delays or TDAs, the stability condition of the proposed scheme is developed with the aid of the mean square stability theory. Moreover, a dual-loop open communication is employed in the proposed scheme to improve the reliability and resilience. At last, simulation and experiment tests are undertaken to demonstrate the effectiveness of the proposed scheme.
... However, by exploiting the flaws of the communication protocol and hardware interface, the signals transmitted through the communication network could be delayed and tampered with. As for TDA, Sargolzaei et al. [8] proposed to delay the control commands sent to the generation units to deviate the frequency of a twoarea power system. They proved that the system would be unstable after TDA when the system parameters satisfy some conditions and the time delay lasted for an infinity of time. ...
Article
With the widespread adoption of Internet-of-Things (IoT) technologies, cyber-physical systems (CPSs) are facing threats from cyberattacks due to the vulnerabilities exposed in IoT devices. In this paper, we analyze the feasibility of a coordinated attack named TD-FDIA on CPS by synchronizing the time-delay attack (TDA) and false data injection attack (FDIA). It seems that the coordinated attack is more powerful than either one. But the analysis of its stealthiness and effectiveness is challenging. In the context of the networked control system, we first propose a general formulation for the impact of TD-FDIA on the system's stability. Then, we analyze whether the combination of TDA and FDIA can destabilize the system and remain stealthy or not with different setups when the controller is with and without an observer, and the communication protocol between the controller and actuator is UDP and TCP, respectively. The conditions required to make TD-FDIA stealthy are given in some cases. Finally, we conduct extensive experiments to evaluate the impact of TDA, FDIA, and TD-FDIA on the system's stability with two different CPS scenarios.
... TDAs are considered a major threat to CPES due to their potential capability of disturbing the stability of islanded MGs, or even the overall power grid, by simply delaying measurements or control commands transmitted and received from sensing and control devices (e.g., smart meters, PMUs, etc.). Due to the importance of TDAs, existing literature aims to understand the complications such attacks could cause to CPES operations [32], [184], [185]. For instance, in [185], the authors present an analysis of different TDA concepts (e.g., TDA margins, boundaries, surfaces, etc.) regarding effective conditions for TDA disruptions against grid stability. ...
Full-text available
Article
Cyber-physical systems (CPS) are interconnected architectures that employ analog and digital components as well as communication and computational resources for their operation and interaction with the physical environment. CPS constitute the backbone of enterprise (e.g., smart cities), industrial (e.g., smart manufacturing), and critical infrastructure (e.g., energy systems). Thus, their vital importance, interoperability, and plurality of computing devices make them prominent targets for malicious attacks aiming to disrupt their operations. Attacks targeting cyber-physical energy systems (CPES), given their mission-critical nature within the power grid infrastructure, can lead to disastrous consequences. The security of CPES can be enhanced by leveraging testbed capabilities in order to replicate and understand power systems operating conditions, discover vulnerabilities, develop security countermeasures, and evaluate grid operation under fault-induced or maliciously constructed scenarios. Adequately modeling and reproducing the behavior of CPS could be a challenging task. In this paper, we provide a comprehensive overview of the CPS security landscape with an emphasis on CPES. Specifically, we demonstrate a threat modeling methodology to accurately represent the CPS elements, their interdependencies, as well as the possible attack entry points and system vulnerabilities. Leveraging the threat model formulation, we present a CPS framework designed to delineate the hardware, software, and modeling resources required to simulate the CPS and construct high-fidelity models that can be used to evaluate the system’s performance under adverse scenarios. The system performance is assessed using scenario-specific metrics, while risk assessment enables the system vulnerability prioritization factoring the impact on the system operation. The overarching framework for modeling, simulating, assessing, and mitigating attacks in a CPS is illustrated using four representative attack scenarios targeting CPES. The key objective of this paper is to demonstrate a step-by-step process that can be used to enact in-depth cybersecurity analyses, thus leading to more resilient and secure CPS.
... TDAs are considered a major threat to CPES due to their potential capability of disturbing the stability of islanded MGs, or even the overall power grid, by simply delaying measurements or control commands transmitted and received from sensing and control devices (e.g., smart meters, PMUs, etc.). Due to the importance of TDAs, existing literature aims to understand the complications such attacks could cause to CPES operations [32], [182], [183] . For instance, in [183], the authors present an analysis of different TDA concepts (e.g., TDA margins, boundaries, surfaces, etc.) regarding effective conditions for TDA disruptions against grid stability. ...
Full-text available
Preprint
Cyber-physical systems (CPS) are interconnected architectures that employ analog, digital, and communication resources for their interaction with the physical environment. CPS are the backbone of enterprise, industrial, and critical infrastructure. Thus, their vital importance, makes them prominent targets for malicious attacks aiming to disrupt their operations. Attacks targeting cyber-physical energy systems (CPES), given their mission-critical nature, can have disastrous consequences. The security of CPES can be enhanced leveraging testbed capabilities to replicate power systems operation, discover vulnerabilities, develop security countermeasures, and evaluate grid operation under fault-induced or maliciously constructed scenarios. In this paper, we provide a comprehensive overview of the CPS security landscape with emphasis on CPES. Specifically, we demonstrate a threat modeling methodology to accurately represent the CPS elements, their interdependencies, as well as the possible attack entry points and system vulnerabilities. Leveraging the threat model formulation, we present a CPS framework designed to delineate the hardware, software, and modeling resources required to simulate the CPS and construct high-fidelity models which can be used to evaluate the system's performance under adverse scenarios. The system performance is assessed using scenario-specific metrics, while risk assessment enables the system vulnerability prioritization factoring the impact on the system operation. The overarching framework for modeling, simulating, assessing, and mitigating attacks in a CPS is illustrated using four representative attack scenarios targeting CPES. The key objective of this paper is to demonstrate a step-by-step process that can be used to enact in-depth cybersecurity analyses, thus leading to more resilient and secure CPS.
Chapter
Networked control systems (NCS) have been used widely in many practical fields. The communication connection in NCS allows agents to communicate with each other quickly, which can quickly respond to abrupt changes in the system. NCS depend on computers and multi-purpose networks for operation, rendering them vulnerable to attacks, especially cyber attacks. This paper focuses on time delay switch (TDS) attacks. A method based on Lyapunov theory is proposed to detect and estimate TDS attack in real time, so as to detect the unstable impact of TDS attack and recover from it. Simulation results illustrate the effectiveness of the proposed TDS attack estimator and security control strategy.KeywordsNetworked control systemsAdaptive control designTime-delay switch attackLuenberger observer
Article
As a promising technology to integrate renewable energy and enable decentralized energy management, microgrid (MG) offers an appealing network architecture due to its potential economic, environmental, and technical benefits. However, with the increasing deployment of intelligent devices and the growing network interconnectivity, communication channels and controllers for MGs become more vulnerable to emerging cyber threats. Two types of attacks are considered in this paper, including the data integrity attacks on the system status feedback and time-delay attacks which may disrupt the control of the MGs and lead to adverse consequences. A modified model predictive control (MPC) scheme is proposed for the secondary frequency control of MGs based on the online status switching method and generalized cross correlation (GCC) estimation to detect the real system status and time delay injected to the control system. The Euclidean metric is used in the online status switching method to obtain the real system states. Meanwhile, the GCC based delay estimation is developed to detect and track the time delay posed by attacks in the real-time operation. Case studies under different scenarios of the attacks are conducted, and the simulation results verify the effectiveness of the proposed MPC scheme under the cyberattacks.
Full-text available
Conference Paper
While open communication infrastructures are embedded into smart grids to support vast amounts of data exchange, it makes smart grids vulnerable to cyber attacks. In this paper, we investigate the effects of Denial-of-Service (DoS) attacks on load frequency control (LFC) of smart grids. In contrast with existing works, we consider the problem that how DoS attacks affect the dynamic performance of a power system. The state space model of power systems under DoS attacks is formulated as a switched system. By applying switched system theories, the existence of DoS attacks that make the dynamics of a power system unstable is proved. A two-area power system is used to conduct case studies. The dynamic performance of the power system, such as convergence and steady-state errors, is compared under different DoS attack scenarios. It is shown that the dynamic performance of the power system is affected strongly if the adversaries launch DoS attacks before the dynamics of the power system converge.
Full-text available
Article
This paper presents new results on the applications of reachability methods and computational tools to a two-area power system in the case of a cyber attack. In the VIKING research project a novel concept to assess the vulnerabilities introduced by the interaction between the IT infrastructure and power systems is proposed. Here we develop a new framework and define a systematic methodology, based on reachability, for identifying the impact that an intrusion might have in the Automatic Generation Control loop, which regulates the frequency and the power exchange between the controlled areas. The numerical results reveal the weaknesses of the system and indicate possible policies that an attacker could use to disturb it.
Full-text available
Article
Process control and SCADA systems, with their reliance on proprietary networks and hardware, have long been considered immune to the network attacks that have wreaked so much havoc on corporate information systems. Unfortunately, new research indicates this complacency is misplaced - the move to open standards such as Ethernet, TCP/IP and web technologies is letting hackers take advantage of the control industry's ignorance. This paper summarizes the incident information collected in the BCIT Industrial Security Incident Database (ISID), describes a number of events that directly impacted process control systems and identifies the lessons that can be learned from these security events.
Full-text available
Article
This paper analyzes the effects of false data injec-tion attacks on Control System. We assume that the system, equipped with a Kalman filter and LQG con-troller, is used to monitor and control a discrete linear time invariant Gaussian system. We further assume that the system is equipped with a failure detector. An at-tacker wishes to destabilize the system by compromising a subset of sensors and sending corrupted readings to the state estimator. In order to inject fake sensor mea-surements without being detected the attacker needs to carefully design its inputs to fool the failure detector, since abnormal sensor measurements usually trigger an alarm from the failure detector. We will provide a nec-essary and sufficient condition under which the attacker could destabilize the system while successfully bypass-ing the failure detector. A design method for the de-fender to improve the resilience of the CPS against such kind of false data injection attacks is also provided.
Full-text available
Conference Paper
We consider the problem of security constrained optimal control for discrete-time, linear dynamical systems in which control and measurement packets are transmitted over a communication network. The packets may be jammed or compromised by a malicious adversary. For a class of denial-of-service (DoS) attack models, the goal is to find an (optimal) causal feedback controller that minimizes a given objective function subject to safety and power constraints. We present a semi-definite programming based solution for solving this problem. Our analysis also presents insights on the effect of attack models on solution of the optimal control problem.
Article
This paper renders an optimal regulator for a system with state time-delay and quadratic performance index. First, by means of Maximum Principle and necessary optimal conditions, a continues-time two-point boundary-value problem (TPBVP) including both time-delay and time-advance is derived. Then, using Homotopy Perturbation Method (HPM), the obtained TPBVP is transformed into a sequence of linear time-invariant TPBVP without any time-delay or timeadvance. Solving the resulted linear TPBVP sequence in a recursive manner, concludes that the optimal control law in the form of rapid convergent series. At the end, an iterative algorithm with low complexity in computation and fast convergence rate is proposed to achieve an accurate enough suboptimal control law. It's worth noting that simulation based on application of a harmonic oscillator is conducted to demonstrate efficiency of this method.
Article
Malicious attacks against power systems are investigated, in which an adversary controls a set of meters and is able to alter the measurements from those meters. Two regimes of attacks are considered. The strong attack regime is where the adversary attacks a sufficient number of meters so that the network state becomes unobservable by the control center. For attacks in this regime, the smallest set of attacked meters capable of causing network unobservability is characterized using a graph theoretic approach. By casting the problem as one of minimizing a supermodular graph functional, the problem of identifying the smallest set of vulnerable meters is shown to have polynomial complexity. For the weak attack regime where the adversary controls only a small number of meters, the problem is examined from a decision theoretic perspective for both the control center and the adversary. For the control center, a generalized likelihood ratio detector is proposed that incorporates historical data. For the adversary, the trade-off between maximizing estimation error at the control center and minimizing detection probability of the launched attack is examined. An optimal attack based on minimum energy leakage is proposed.
Article
The existing time synchronization schemes in sensor networks were not designed with security in mind, thus leaving them vulnerable to security attacks. In this paper, we first identify various attacks that are effective to several representative time synchronization schemes, and then focus on a specific type of attack called delay attack, which cannot be addressed by cryptographic techniques. Next we propose two approaches to detect and accommodate the delay attack. Our first approach uses the generalized extreme studentized deviate (GESD) algorithm to detect multiple outliers introduced by the compromised nodes; our second approach uses a threshold derived using a time transformation technique to filter out the outliers. Finally we show the effectiveness of these two schemes through extensive simulations.
Conference Paper
A power grid is a complex system connecting electric power generators to consumers through power transmission and distribution networks across a large geographical area. System monitoring is necessary to ensure the reliable operation of power grids, and state estimation is used in system monitoring to best estimate the power grid state through analysis of meter measurements and power system models. Various techniques have been developed to detect and identify bad measurements, including interacting bad measurements introduced by arbitrary, nonrandom causes. At first glance, it seems that these techniques can also defeat malicious measurements injected by attackers. In this article, we expose an unknown vulnerability of existing bad measurement detection algorithms by presenting and analyzing a new class of attacks, called false data injection attacks , against state estimation in electric power grids. Under the assumption that the attacker can access the current power system configuration information and manipulate the measurements of meters at physically protected locations such as substations, such attacks can introduce arbitrary errors into certain state variables without being detected by existing algorithms. Moreover, we look at two scenarios, where the attacker is either constrained to specific meters or limited in the resources required to compromise meters. We show that the attacker can systematically and efficiently construct attack vectors in both scenarios to change the results of state estimation in arbitrary ways. We also extend these attacks to generalized false data injection attacks , which can further increase the impact by exploiting measurement errors typically tolerated in state estimation. We demonstrate the success of these attacks through simulation using IEEE test systems, and also discuss the practicality of these attacks and the real-world constraints that limit their effectiveness.