Abstract Smart grid heavily relies on Information and
Communications Technology (ICT) to manage the energy usage. The concept of smart grid implies the use of smart devices, such as smart meters or Remote Terminal Units (RTUs), that require extensive information to optimize the power grid. As the communication network is based on TCP/IP and Ethernet technology, new cyber vulnerabilities are introduced that can be exploited by malicious attackers. Cyber security has become a serious concern due to various intrusion incidents. Cyber attacks can make a significant impact on the grid, which will involve not only steady-state but also dynamic behaviors. A cyber-power system approach has been established that explicitly models the interaction between ICT and the power system. New technologies are under development to enhance the ICT vulnerability assessment and evaluate the impact of cyber attacks on system operation. This paper presents the cyber security issues in a smart grid environment and cyber attack/mitigation scenarios using a testbed at University College Dublin (UCD).
Index Terms Cyber security of SCADA systems, smart grid, cyberphysical system. I. CYBER-PHYSICAL POWER SYSTEM SECURITY mart grid is deployed at both distribution and transmission levels. Smart meters allow the exchange of extensive energy and pricing information between customers and energy suppliers and enable remote controls. Distributed generation is integrated in this environment with varying capabilities for frequency and voltage control. A smart Supervisory Control And Data Acquisition (SCADA) system incorporating advanced Remore Terminal Units (RTUs) and Intelligent Electronic Devices (IEDs) can enhance system operation and control and improve its ability to revier from a major failure. The power grid is combined with smart controllers, communication protocols and open computer networks for monitoring, control and operation. ICT layer resides on top of the electric grid and is a significant part of a large and complex cyberphysical system. Smart grid can enable control of smart appliances, integration of distributed generations, intelligent and efficient transmission systems and energy management over wide areas. The power and cyber systems are becoming more and more interdependent. Interactions are needed between Energy Management Systems (EMSs) and electricity markets and between energy suppliers and industrial/home customers. Smart communication devices adopt TCP/IP and Ethernet based technologies for higher speed at reduced costs; however, it is known that they are susceptible to IP based attacks, e.g.,
This research is sponsored by Science Foundation Ireland (SFI) at University College Dublin (UCD) through a Principal Investigator Award. A. Stefanov is with University College Dublin, Ireland (alexandru.stefanov@ucdconnect.ie). C. C. Liu is with Washington State University, Pullman, and UCD, Ireland (liu@ucd.ie). routing attack, IP spoofing or TCP SYN. The security of SCADA systems relies on firewalls to prevent cyber intrusions, but firewalls generally do not detect intrusions using a trusted party or insider connection. In the substation communication network there are remote access points for maintenance purposes and need to be highly secured to prevent unauthorized access. Standard communication protocols used in EMS/SCADA system are not entirely secure; data contents can be modified in case of man-in-the- middle attack. ICT networks can be attacked, not only by direct intrusions, but also by infecting the machines with viruses, worms and Trojan horses and launching Denial of Service (DoS) attacks. The impact of unauthorized access, configuration change and controls manipulation on systems operation can be severe and will involve steady state and dynamic behaviors. New solutions must be developed and implemented to enable the smart grid to assess sources of vulnerabilities, detect cyber attacks, and disconnect the intruders. Research is on-going in the areas of Intrusion Detection Systems (IDS), smart firewalls, and vulnerability assessment to enhance the security of the cyberpower grids [1] [3]. Cyber security of power grids, especially in the smart grid framework, is emerging as a sensitive and critical issue, due to intrusion incidents. In March 2007, US Department of Energys Idaho National Laboratory produced a real evidence of targeted cyber attack within the Aurora project. A previous classified video was made and publicized in September 2007 to demonstrate the vulnerabilities of the cyberpower system. Coordinated simultaneous attacks on multiple power plants with the objective of damaging a large number of generators are serious threats to national security [4]. An evidence of DoS cyber attack is represented by the Stuxnet worm that is targeting the SCADA system of industrial facilities. It searches for a specific type of Programmable Logic Controller (PLC), reprograms parts of its code, waits for certain condition and then it takes control. Even though Stuxnet initially targeted nuclear facilities, it can be adapted to attack different types of power plants or control centers [5]. Reports of coordinated and targeted cyber attacks can be found in McAfees white paper on Global energy cyber attacks: Night Dragon, February 2011. Although there are no report on physical damage, the Night Dragon attacks penetrated the corporate network and showed that the energy sector can be vulnerable [6]. II. CYBER SECURITY TESTBED ARCHITECTURE As illustrated in Figure 1, the UCD cyberpower system testbed comprises 2 control centers and 2 substations. At the control center level there are two operator consoles and a Dispatcher Training Simulator (DTS) for training purposes. Alexandru Stefanov, Student Member, IEEE, Chen-Ching Liu, Fellow, IEEE CyberPower System Security in a Smart Grid Environment S 978-1-4577-2159-5/12/$31.00 2011 IEEE 2 Control center A is able to exchange certain information with control center B by using the Inter-Control Center Communications Protocol (ICCP). Proper configuration of bilateral tables is required in order to define which data each control center is allowed to access. At the substation level, there are 2 user interfaces, one for each control room, that supervise 2 physical Intelligent Electronic Devices (IEDs), in an on-line environment using IEC 61850 protocols. The power grid is modeled using an industrial grade simulation software that allows steady state and dynamics analysis. It is able to exchange real time data with the user interface at substation A through Object Linking and Embedding for Process Control (OPC) communication. An OPC server is mapping the data points between the user interface and power system simulator, which acts as two clients. The Distributed Network Protocol (DNP) over TCP/IP allows measurements and controls to be exchanged between control centers and substations. By running on-line power flow or time domain simulations, measurements and circuit breaker status are sent to the control center operators. Each substation has a remote access point. Attackers can also intrude into substation networks through these access points. The UCD testbed provides a realistic model of the cyber power grid and allows monitoring of interactions between ICT and the power system. Multiple attacks can be translated into wide area multiple contingencies that demonstrate severe consequences on the system operating condition. III. SIMULATION SCENARIO A test power grid is shown in Figure 2. Three hydroelectric power plants, with reduced capacity of 150 MW each and equipped with governors and automatic voltage regulators, supply 6 loads with their characteristics represented by a polynomial model. The 6 transmission lines are rated at 110 kV. For each element of the grid, external measurement points have been defined and data is sent during the simulation via the SCADA system to control centers. System operators monitor and control the grid in real-time and dynamics can be analyzed as well. This simulation (hypothetical) scenario is concerned with a successful intrusion into the SCADA network. Attackers exploit the vulnerabilities of the power companys extranet web servers, used for maintenance purposes, to have remote command execution capabilities. By uploading specific hacking tools, they access the companys intranet. Usernames and passwords can be exposed by manipulation of the environment. Critical process control machines can be targeted by using the malware. The intruder gains access into substation 4 Local Area Network (LAN) and then to Local Operating Network (LON) to control the IEDs. The attack triggers 2 circuit breakers to open, which disconnects 2 transmission lines. As a result, power plant 4 is disconnected and is assumed to be unavailable for some time. The one-line diagram of the grid shown on the operators console of the SCADA system (Figure 3) indicates that 3 system elements have been lost simultaneously and the system faces an N 3 contingency that may lead to cascading events.
Fig. 2. Four-bus demo power grid. Vendor Personnel or Site engineer Dial-up, VPN or Wireless Attackers DNP 3.0 User interface SCADA network Substation A User interface Dispatcher training simulator Control center A OPC server ICCP SCADA : Supervisory Control and Data Acquisition ICCP : Inter-Control Center Communications Protocol DNP : Distributed Network Protocol OPC : OLE for Process Control VPN : Virtual Private Network IED : Intelligent Electronic Device Control center B Substation B University College Dublin testbed Power system OPC client Power system simulation User interface User interface IED IED
Fig. 3. Control center one-line display by SCADA after cyber attack.
The impact of the attack is analyzed by computer simulations of system dynamics. As a result, the attack has made a severe impact on the system condition. Since a generator is disconnected, the remaining 2 power plants are generating at full capacity to serve the load, but there is not enough generation and frequency is falling below 48 Hz, as shown in Figure 4.
Fig. 4. Frequency after cyber attack.
In order to implement a mitigation strategy, the cyber attack must be stopped and the intruder disconnected. This is achieved by collaboration between the IDS and firewall, both present in the substation 4 ICT network. The IDS finds the anomalies and sends disconnect control commands to the firewall, which will block the intruders connection. To mitigate the effects of the attack, emergency control actions must be taken to steer the system to a normal operating condition. In this scenario the mitigation actions are computed with Optimal Power Flow (OPF) with an objective function that minimizes load shedding.
Fig. 5. Frequency after mitigation.
The OPF results show that loads 1 and 4 must be shed by 80% and 70%, respectively. Figure 5 illustrates that frequency has a sharp decline when the generator is disconnected, by the time it reaches 49.5Hz the mitigation strategy is implemented, loads are shed and transmission lines 14b and 43 are reconnected. All bus voltages settle at acceptable values (Figure 6) and the system returns to a stable operating point.
Fig. 6. Bus voltages after mitigation.
Simultaneous cyber events on multiple locations can be translated into multiple contingencies that could trigger wide spread outages. The smart grid environment requests intelligent reconfiguration strategies to support operators decision. IV. ACKNOWLEDGEMENT This research is sponsored by Science Foundation Ireland (SFI) through a Principal Investigator Award. We also acknowledge the support for collaboration from US National Science Foundation. V. REFERENCES [1] J. Yan, C. C. Liu, and M. Govindarasu, Cyber Intrusion of Wind Farm SCADA System and Its Impact Analysis, IEEE PES Power Systems Conference and Exposition, Mar. 20-23, 2011, Phoenix, USA. [2] S. S. Wu, C. C. Liu, A. Shosha, and P. Gladyshev, Cyber Security and Information Protection in a Smart Grid Environment, IFAC Congress, Invited Session on Emerging EMS Features and Functions Needed for the Future Control Center in the Smart Grid Environment, Milan, Aug. 28 Sept. 2, 2011. [3] A. F. Shosha, P. Gladyshev, S. S. Wu, and C. C. Liu, Detecting Cyber Intrusions in SCADA Networks Using Multi-Agent Collaboration, Int Symp Intelligent System Application to Power Systems (ISAP), Crete, 2011. [4] J. Bumgarner, Computers as Weapons of War, IO Journal, vol. 2, no. 2, pp. 4 8, May 2010. [5] T. M. Chen, and S. Abu-Nimeh, Lessons from Stuxnet, IEEE Computer Society, vol. 44, no. 4, pp. 91 93, Apr. 2011. [6] McAfee Labs, Global Energy Cyberattacks: Night Dragon, Feb. 2011. Available at: http://www.mcafee.com/us/resources/white-papers/wp- global-energy-cyberattacks-night-dragon.pdf VI. BIOGRAPHIES Alexandru Stefanov received his BSEE and MSEE degrees from Politehnica University of Bucharest, Romania, in 2009 and 2011, respectively. He is currently pursuing his Ph.D. in School of Electrical, Electronic and Mechanical Engineering at University College Dublin, Ireland. His research interests include cyber security in EMS/SCADA systems, impact analysis and power systems mitigation strategies. Chen-Ching Liu (F94) received his Ph.D. degree from the University of California, Berkeley. He is presently Boeing Distinguished Professor at Washington State University and Professor of Power Systems at the University College Dublin, Ireland. He was Palmer Chair Professor of Electrical Engineering at Iowa State University and a Professor of Electrical Engineering at the University of Washington. Dr. Liu received an IEEE Third Millennium Medal in 2000 and the IEEE Power and Energy Society Outstanding Power Engineering Educator Award in 2004. Professor Liu is a Fellow of the IEEE.