An Enhanced Energy Management System Including a Real-Time Load-Redistribution Threat Analysis Tool and Cyber-Physical SCED

Ramin Kaviani , Kory W. Hedman This work has been implemented to fulfill a part of the project: “A Verifiable Framework for Cyber-Physical Attacks and Countermeasures in a Resilient Electric Power Grid” funded by the National Science Foundation (NSF) Award under Grant 1449080.

Abstract

It is possible to launch undetectable load-redistribution (LR) attacks against power systems, even in systems with protection schemes. Therefore, detecting LR attacks in power systems and establishing a corrective action to provide secured operating points are imperative. In this paper, we develop a systematic real-time LR threat analysis (RTLRTA) tool, which can flag LR attacks and identify all affected transmission assets. Since attackers might use random deviations to create LR attacks, we introduce an optimization model to generate random LR attacks. Hence, we can determine accurate thresholds for our detection index and test the tool’s functionality when there are random LR attacks. Additionally, based on an estimation for the actual loads in the post-attack stage, we design a set of physical line flow security constraints (PLFSCs) and add it to the security-constrained economic dispatch (SCED) model. We call the new model cyber-physical SCED (CPSCED), which can appropriately respond to the identified LR attacks and provide secured dispatch points. We generate multiple scenarios of random LR attacks and noise errors for different target lines in the $2383$ -bus Polish test system to validate our proposed methods’ accuracy and functionality in detecting LR attacks and responding to them.

Index Terms:

cyber-attack, false data injection attack (FDIA), load-redistribution (LR) attack detection, post-attack corrective action, power system operation

Nomenclature

Sets and Indices

$G$: Set of all generation units.
$g$: Index for generation unit.
$G(i)$: Set of all generation units at bus $i\in N$ .
$i$: Index for bus.
$K$: Set of all transmission assets.
$K^{T}$: Set of all affected transmission assets by an LR attack; $K^{T}\subset K$ .
$k$: Index for transmission asset.
$N$: Set of all buses.
$\eta^{k}$: A randomly selected set of buses from all sensitive buses with respect to a target asset $k\in K$ .
$\psi$: Set of all buses with load deviations more than $\alpha_{min}^{startpoint}$ $\times$ forecasted loads; $\psi\subset N$ .

Variables

$\mathbf{H^{\prime}_{i}\Delta\theta}$: Load deviation at bus $i\in N$ (MW).
$P_{g}$: Dispatch point of unit $g\in G$ (MW).
$P_{k}$: Active power flow on transmission asset $k\in K$ (MW) considering the loads from SE.
$PLF_{k}$: Active power flow on transmission asset $k\in K^{T}$ (MW) considering the actual loads.
$D_{i}^{a}$: Actual load’s estimation (MW) at bus $i\in N$ .
$P_{inj}^{i}$: Active power injection (MW) to bus $i\in N$ considering the loads from SE.
$P_{inj,i}^{*}$: Active power injection (MW) to bus $i\in N$ considering the actual loads.
$\mathbf{\Delta\theta}$: Vector of Buses’ angle deviation.

Parameters, Vectors and Matrices

$\alpha$: Load shift factor.
$\alpha_{k,min}^{startpoint}$: Minimum load shift factor that causes transmission asset $k\in K$ to have overflow.
$\alpha_{k,min}^{5\%}$: Minimum load shift factor that causes transmission asset $k\in K$ to have $5\%$ overflow.
$c_{g}$: Production cost of unit $g\in G$ .
$\mathbf{H^{{}^{\prime}}}$: $n_{b}\times n_{b}$ dependency matrix between power injection measurements and state variables.
$\mathbf{H_{i}^{{}^{\prime}}}$: $i^{th}$ row of $H^{{}^{\prime}}$ ( $i\in N$ ).
$L_{i}$: The contaminated load (MW) at bus $i\in N$ resulted from SE.
$\mathbf{L^{it}}$: The vector of contaminated loads (MW) resulted from SE at iteration $it$ of the EMS.
$P_{g}^{max}$: Upper limit (MW) on capacity of unit $g\in G$ .
$P_{g}^{min}$: Lower limit (MW) on capacity of unit $g\in G$ .
$P_{k}^{max}$: Continuous thermal rating (MW) of transmission asset $k\in K$ .
$PTDF_{k,i}^{R}$: Power transfer distribution factor for transmission asset $k\in K$ and bus $i\in N$ (injection) with regard to reference bus R (withdrawal).
$\mathbf{D^{it}}$: Vector of forecasted loads (MW) at iteration $it$ of the EMS.
$D_{i}$: Forecasted load (MW) at bus $i\in N$ .
$d$: Number of sensitive buses that are randomly selected to be zero in random LR attacks; $d=|\eta|$ .

I Introduction

Due to the extensive usage of cyber layers to monitor, control, and optimize the real-time operations of power systems, many research studies have addressed the challenges associated with these cyber layers and the risk of cyber-attacks. The research studies concerning cyber-attacks are divided into two parts: 1) implementing and modeling cyber-attacks, and 2) designing protection, detection, and corrective schemes against cyber-attacks.

I-A Implementing Cyber-Attacks

In the literature, one of the popular ways to generate cyber-attacks against power systems is to create a false data injection attack (FDIA). In FDIAs, attackers add malicious data to the actual measurements in such a way that they can bypass the existing residual-based bad data detectors and achieve the desired state estimation (SE)’s output [1]. FDIAs could be created based on different goals, such as overloading a transmission asset [2, 3, 4], changing the actual topology of a system [5], changing locational marginal prices (LMPs) [6, 7], increasing the operational cost/loss of a system [8, 9], causing sequential outages [10], and frequency instability [11, 12]. Likewise, there are different ways to implement FDIAs based on the measurements that should be compromised. For instance, the authors in [5] attempted to falsify the transmission lines status’ information and measurements to perform topology-based FDIAs. In [3], the authors falsified the phase shift commands to launch a transmission asset overloading based FDIA. The authors in [11, 12] falsified the automatic generation control (AGC) signals to attack the systems’ stability. The authors in [13, 14, 15, 16] changed the load and power flow measurements to perform load-redistribution (LR) based FDIAs. This paper focuses on LR attacks, which falsify the load measurements to maximize the physical overflow on a target transmission asset.

In LR attacks, the attackers falsify the buses’ injection measurement by changing the load measurement at each bus; they avoid falsifying the generation at each bus and injection measurements at zero injection buses (attempt not to increase the detection risk). In [8, 9], the authors attempted to maximize the operations’ costs by designing bi-level LR attack models. In [4, 2], the authors modeled two different bi-level LR attacks to maximize the power flows of critical transmission assets while penalizing the number of resources that attackers can access. In [13], the authors proposed a bi-level mixed-integer linear programming LR attack model to overload multiple transmission assets. In [14, 15], the authors designed LR attacks with incomplete systems’ information by proposing a model to find the best local attacking region.

I-B Countermeasures against Cyber-Attacks

Due to the catastrophic consequences that cyber-attacks could have for power systems, the research community has been pushed to seek a solution and develop countermeasures against cyber-attacks. In power systems, the security actions to stand against cyber-attacks are divided as follows:

I-B1 Protection Schemes

Refer to all actions that are done in pre-attack stages to make systems secure against cyber-attacks. In other words, these actions are designed to prevent attackers from being able to launch cyber-attacks against power systems. The authors in [17, 18, 19, 20, 21, 22, 23] proposed various protection techniques, such as a blockchain-based framework to decentralize the data managing systems, stochastic game theory models to find the optimal way of protecting critical elements, and greedy algorithms to find protection strategies, which minimize the systems’ vulnerabilities.

I-B2 Detection Schemes

Most of the protection techniques are expensive or cause significant disruptions in the systems’ infrastructure. Moreover, the research studies in [21, 24] demonstrated the attackers’ ability to launch cyber-attacks even in systems with one insecure measurement. These facts have pushed the researchers to design and develop static/dynamic based detection mechanisms to continue the process of standing against cyber-attacks [25, 26, 3, 27, 28, 29, 30, 31, 32, 33, 34, 35].

I-B3 Corrective Actions

Even after the attacks are identified, retrieving the affected measurements’ actual value may be impossible for operators. It is then imperative for system operators to take corrective actions to mitigate the attacks’ physical consequences and avoid any severe damage (e.g., cascading outages). In this regard, the studies in [36, 37] addressed some post-attack corrective actions to provide secured operating points.

I-C Our Contributions

This paper’s primary goals are 1) developing a systematic tool for flagging LR attacks in real-time and identifying the affected transmission assets (if exist) and 2) designing a corrective action to respond to the identified attacks and provide secured dispatch points.

For the detection part, we use the security index proposed in [31], the number of proper deviations at sensitive buses (NPDSB), to detect LR attacks, and based on that, develop a real-time load-redistribution threat analysis (RTLRTA) tool. However, we suggest a more accurate way to determine the thresholds for different NPDSB indices associated with different target transmission assets. Our proposed detection mechanism is different from other proposed techniques in the literature in various aspects, like:

•

As opposed to [25, 26], in which the authors developed dynamic-based detection mechanisms, our detection mechanism is a static-based.
•

As opposed to the assumption in [3], our method successfully detects LR attacks assuming that attackers have no limitation for altering state variables. As opposed to the approach in [27], our mechanism does not rely on some secured measurements.
•

As opposed to the proposed techniques in [28, 29], our detection mechanism is modeled based on a linear and convex problem.
•

As opposed to the proposed method in [30], in which the method’s functionality was not evaluated in the presence of normal noise errors, we investigate our detection mechanism’s functionality in the presence of both Gaussian and non-Gaussian noise errors.
•

As opposed to the methods in [32, 33, 34, 35], which were developed based on machine and deep learning, our mechanism perfectly works regardless of the available historical data’s quantity and quality (learning-based methods might be more straightforward and effective, but need a large amount of underlying historical data).

For developing the corrective action, we add a set of physical line flow security constraints (PLFSCs) to the security-constrained economic dispatch (SCED) model and introduce the cyber-physical SCED (CPSCED). The CPSCED model provides secured dispatch points concerning the identified attacks and affected transmission assets from the RTLRTA tool. As opposed to the proposed corrective actions in [36, 37], which were developed based on complicated and time-consuming tri-level optimization problems, our proposed remedial action is swift and straightforward. In brief, our main contributions are:

1.

Improving the accuracy of the threshold proposed in [31] and introducing a new approach to determine thresholds for NPDSB indices.
2.

Introducing and developing the fast RTLRTA tool, with minimal disruptions in the existing EMSs, to detect any possible LR attack and identify all affected transmission assets.
3.

Introducing and designing the straightforward CPSCED model, yet, practically efficient for the real-time operations. The CPSCED does a real-time corrective action that allows operators to remove or mitigate the identified attacks’ physical consequences.
4.

Because all security actions should be addressed in real-time with minimal changes and disruptions in the existing EMSs’ infrastructure, we develop our detection and corrective schemes highly effective, fast, and applicable to real-world practice.

The rest of this paper is organized as follows. Section II presents a brief background regarding the SCED model and LR attacks. Section III introduces the new enhanced EMS, including the RTLRTA tool and the CPSCED. Sections IV and V illustrate the simulation results and concluding remarks, respectively.

II Background

II-A Security-Constrained Economic Dispatch (SCED)

In the real-time operations of power systems, energy is cleared through an economic dispatch model. This section shows a simple base-case SCED model, which considers all the grid’s and units’ physical limitations in the pre-contingency stage (this model does not include reserve requirements and the post-contingency security constraints).

$\displaystyle\max_{{P_{g}}}\quad$	$\displaystyle\sum_{g\in G}c_{g}P_{g},$	(1)
s.t.	$\displaystyle\sum_{g\in G}P_{g}=\sum_{i\in N}L_{i},$	(2)
	$\displaystyle P_{k}=\sum_{i\in N}PTDF_{k,i}^{R}P_{inj}^{i};~{}\forall k\in K,$	(3)
	$\displaystyle P_{inj}^{i}=\sum_{g\in G(i)}P_{g}-L_{i};\;\forall i\in N,$	(4)
	$\displaystyle-P_{k}^{max}\leq P_{k}\leq P_{k}^{max};\;\forall k\in K,$	(5)
	$\displaystyle P_{g}^{min}\leq P_{g}\leq P_{g}^{max};~{}\forall g\in G.$	(6)

The objective function in (1) minimizes the production cost of the power needed to meet the demand. The procurement of enough energy to meet the demand is imposed in (2). The DC approximation of each transmission asset’s active power flow is formulated using the power transfer distribution factors (PTDFs) in (3). The power injected to each bus and transmission network’s limitations are modeled in (4) and (5), respectively. In (6), the generation units’ physical limitations are modeled.

II-B LR Attack

LR attack is a type of FDIAs, in which changing buses’ injection measurement is the attackers’ procedure to achieve their goals. In this paper, due to the direct communication between the generation units’ control room and system operators, the only way to change the buses’ injection measurement is to change the buses’ load measurement. In brief, an LR attack increases the loads at some buses and decreases other buses’ load subject to the attacker’s limitations. The load deviation at each bus should be neither more nor less than a fixed fraction of the forecasted load at that bus. Moreover, the total load in the system has to remain unchanged.

This paper focuses on the LR attacks that are designed to cause an overflow on a target transmission asset. We use the special structure of LR attacks’ core problem, demonstrated in (7)-(9), as the LR attack model throughout this study.

$\displaystyle\max_{{\mathbf{H^{\prime}_{i}\Delta\theta}}}\quad$	$\displaystyle\pm\sum_{i\in N}(\mathbf{H^{\prime}_{i}\Delta\theta})PTDF_{l,i}^{R},$	(7)
s.t.	$\displaystyle-\alpha D_{i}\leq(\mathbf{H^{\prime}_{i}\Delta\theta})\leq\alpha D_{i},$	(8)
	$\displaystyle\sum_{i\in N}(\mathbf{H^{\prime}_{i}\Delta\theta})=0.$	(9)

In this model, ‘ $\pm$ ’ indicates that the load deviations’ directions depend on the target asset’s initial flow direction (might be positive or negative). The deviations’ directions for a target asset with a positive initial flow direction are different from the deviations’ directions associated with a target asset with a negative initial flow direction. The primary decision variable is $\mathbf{H^{\prime}_{i}\Delta\theta}$ , which indicates the net injection deviation at bus $i\in N$ (we used $\mathbf{H^{\prime}_{i}\Delta\theta}$ to emphasize that attackers can change bus angles to get appropriate deviations in loads). The load shift factor is shown by $\alpha$ , and $D_{i}$ denotes the forecasted load at each bus $i\in N$ . The power transfer distribution factor of the target asset $l\in K$ , with respect to the injection at bus $i\in N$ and withdrawal from the reference bus $R$ , is shown by $PTDF_{l,i}^{R}$ .

In this problem, the objective function maximizes the overflow on a target transmission asset. Constraints in (8) limit the attackers from changing the load at each bus more/less than $+$ / $-\alpha$ percent of the forecasted load at that bus (they also impose no change at zero injection buses). Constraint (9) ensures that the system’s net load remains unchanged.

III Modeling and Methodology

In the first part of this section, we go through the process of developing the RTLRTA tool using the NPDSB security index. In the second part, we introduce a way to estimate the actual loads after LR attacks. Then, using the actual loads’ estimation, we design the PLFSCs and go through the process of CPSCED modeling.

III-A The RTLRTA Tool

III-A1 NPDSB

In power systems, KVL and KCL govern the power flows on transmission assets. According to this fact, the only way for attackers who want to change the loads to achieve the maximum overflow on a target transmission asset is to have load deviations with proper directions and magnitudes at buses with the largest PTDFs. Considering this fact, the authors in [31] proposed the NPDSB index, which shows the number of proper deviations at sensitive buses associated with a set of loads and a target asset. Then, if the index’s value related to a set of loads is greater than a threshold, which in [31] was assumed to be half of the total number of sensitive buses, that set of loads is flagged as a malicious set.

This paper propose a more accurate procedure to determine thresholds for NPDSB indices since the proposed threshold in [31] may not be accurate enough to detect all random LR attacks and distinguish them from random noise errors. In other words, there is no unique threshold for all NPDSB indices; instead, there are different thresholds associated with different NPDSB indices.

III-A2 Thresholds for NPDSB Indices Considering Random LR Attacks

In this subsection, we propose a procedure to find more accurate thresholds for NPDSB indices. To do so, at first, we re-design problem (7)-(9) and model problem (10)-(11) to generate random LR attacks.

	$\displaystyle(\ref{Algorithm_3's_Alternative_1})-(\ref{Algorithm_3's_Alternative_3}),$		(10)
	$\displaystyle\mathbf{H^{\prime}_{d}\Delta\theta}=0;~{}\forall d\in\eta^{k}.$		(11)

We add constraint (11) to force the deviations at $d$ randomly selected sensitive buses (concerning the target transmission asset) to be zero.

The threshold values should be determined in a way that they can detect even the weakest random LR attacks. Therefore, we can consider the NPDSB index of the weakest, yet effective, random LR attack against a target transmission asset as the threshold for that asset’s NPDSB index. Due to the inverse relationship between the NPDSB index and $d$ , we can find the thresholds by solving problem (10)-(11) with the largest value of $d$ . We provide more clarifications and detailed information about the process of finding thresholds for the NPDSBs of different transmission assets in section IV.

III-A3 Developing The RTLRTA Tool

Here, we leverage the NPDSB index to develop the RTLRTA tool to detect LR attacks and find all affected transmission assets in real-time. The RTLRTA tool has the same inputs as SE and calculates the NPDSB indices associated with all or only vulnerable assets. Then, the RTLRTA tool compares the resulted NPDSB indices with the pre-determined thresholds to find out whether the current set of loads has been contaminated with malicious data or not.

One of the RTLRTA tool’s advantages is that it could identify all affected transmission assets. There might be correlations between critical transmission assets in a power system, so a set of malicious load deviations, designed initially to damage a specific transmission asset, may affect other transmission assets. For instance, assume a power system with five vulnerable transmission lines A, B, C, D, and E. For this system, a random LR attack scenario against line C might exist that can affect lines B and E. Likewise, another attack scenario might exist against this line, which can affect lines A and E. Based on this fact, we develop the RTLRTA tool to check the NPDSB indices for all vulnerable transmission assets and finds all affected ones (if any exists). As a result, the RTLRTA tool’s outputs are the affected transmission assets’ ID or index. Therefore, the RTLRTA not only determines whether a system is under an LR attack, but it also identifies the affected transmission assets. The output from this tool is then fed into the CPSCED to activate the corresponding PLFSCs.

Algorithm 1 demonstrates the process of calculating the NPDSB index for each transmission asset ( $\alpha_{k,min}^{startpoint}$ is the smallest load shift factor that causes an overflow on the target transmission asset $k$ ). Moreover, considering the NPDSB indices and their associated thresholds, Algorithm 1 finds the affected assets’ ID (to send them to the CPSCED for PLFSCs activation).

Algorithm 1 Process of finding NPDSB indices and affected transmission assets in RTLRTA

Input: Output from SE.
Output: NPDSB indices and affected assets’ ID.

1:for

it

\leftarrow

EMS iteration do

\Delta L^{it}\leftarrow L^{it}-D^{it}

;

3: for

k\leftarrow K

4: NPDSB_k

\leftarrow 0

;

[H^{\prime}_{i}\Delta\theta]^{k}

\leftarrow

solve problem (7)-(9);

6: for

i\leftarrow N

7: if (

sign[\Delta L_{i}^{it}]=sign[H^{\prime}_{i}\Delta\theta]_{i}^{k}

|\Delta L_{i}^{it}|\geq\alpha_{k,min}^{startpoint}D_{i}~{})

then

8: NPDSB_k

\leftarrow

NPDSB

{}_{k}+1

;

9: end if

10: end for

11: if NPDSB_k

\geq

NPDSB

{}_{threshold}^{k}

then

12: PLFSC_k is activated;

13: end if

14: end for

15:end for

III-B Cyber-Physical SCED (CPSCED)

The rationale behind using the CPSCED is that after noticing an LR attack in the system, it may still be hard to achieve the actual loads. Therefore, considering the fake load measurements, a fast corrective action should be taken to maintain the system’s operation secure. Subsequently, we modify the SCED model by adding the PLFSCs to create the CPSCED model, which provides secured dispatch points and avoids physical overflows or mitigates significant impacts.

Assume an attacker bypasses all protection-based schemes and changes the buses’ load. As a result, the set of insecure dispatch points from the SCED is $P^{*}_{g}$ , which creates physical overflows in the system (considering the actual loads). According to this strategy, we embed two sets of line flow security constraints in the CPSCED. The first one, which already exists in the base-case SCED, imposes the power flows on transmission assets within their ranges (considering the contaminated loads). The second one, the new PLFSC, forces the physical flows on affected transmission assets to be within their boundaries (considering the actual loads). However, because retrieving the actual loads is hard, we propose a method to estimate the actual loads, then we modeled the PLFSC based on this estimation.

To estimate the actual loads, we assume the worst-case LR attack for the affected transmission asset with the largest NPDSB index value and model the actual load at each bus as follow:

D_{i}^{a}=\begin{cases}L_{i}\pm\mathbf{H^{\prime}_{i}\Delta\theta},~{}~{}~{}\text{if}~{}i\in\psi\\ L_{i},~{}~{}~{}~{}~{}~{}~{}~{}~{}~{}~{}~{}~{}~{}\text{if}~{}i\notin\psi\end{cases}

(12)

where negative ( $L_{i}-\mathbf{H^{\prime}_{i}\Delta\theta}$ ) is used for transmission assets with positive initial flow directions and positive ( $L_{i}+\mathbf{H^{\prime}_{i}\Delta\theta}$ ) is used for transmission assets with negative initial flow directions. Additionally, since the attacker might introduce some random deviations, the actual load at each bus $i\in N$ with $\Delta L_{i}$ more than $\alpha^{startpoint}_{k,min}\times D_{i}$ is modeled as $L_{i}\pm\mathbf{H^{\prime}_{i}\Delta\theta}$ ; otherwise, it remains $L_{i}$ .

After estimating the actual loads, we can model the PLFSC, as shown in (14)-(16). Then, by adding the PLFSC to the SCED model, we can design the CPSCED as follow:

	$\displaystyle(\ref{SCED-OBJ})-(\ref{GEN-CAP}),$		(13)
	$\displaystyle PLF_{k}=\sum_{i\in N}SF_{k,i}^{R}P_{inj,i}^{*};~{}\forall k\in K^{T},$		(14)
	$\displaystyle P_{inj,i}^{*}=\sum_{g\in G(i)}P_{g}-D_{i}^{a};~{}\forall i\in N,$		(15)
	$\displaystyle-P_{k}^{max}\leq PLF_{k}\leq P_{k}^{max};~{}\forall k\in K^{T}.$		(16)

where in (14), the actual physical flow is formulated based on the actual injection to each bus, which is modeled in (15). Constraint (16) forces the physical flow of each affected transmission asset to be within its thermal limits.

The proposed enhanced EMS algorithm is designed and shown in Algorithm 2, and the block diagram of the enhanced EMS is shown in Fig. 1.

Algorithm 2 The Enhanced EMS algorithm.

1:Get the SE’s results;

2:In the RTLRTA tool, find NPDSBs_Threshold for vulnerable transmission assets, considering

\alpha

at most

10\%

;

3:In the RTLRTA tool, flag possible LR attacks and identify all affected transmission assets based on the NPDSBs_Threshold;

4:In the CPSCED, activate PLFSCs corresponding to identified affected assets;

5:Run the CPSCED based on the estimated actual loads (

L^{it}_{i}\pm\mathbf{H^{\prime}_{i}c}

);

6:Get the new dispatch points and find the actual physical flows;

7:If there is overflow, add the corresponding PLFSCs to the CPSCED;

8:Go to step

5

;

Refer to caption — Figure 1: Enhanced EMS including the RTLRTA tool and CPSCED.

At each iteration, the NPDSB indices for all vulnerable assets are calculated. Then, if there are affected assets, the CPSCED is solved with the corresponding activated PLFSCs. Moreover, considering the CPSCED’s dispatch points and the estimated actual loads, other transmission assets’ physical flows are checked. If overloaded transmission assets still exist, the corresponding PLFSCs are activated in CPSCED, and a new set of dispatch points is provided. This process continues until there is no physical overflow in the system.

IV Simulation Results

In this section, we applied the proposed methods to the $2383$ -bus test system[38]. At first, we determined the threshold values for two vulnerable lines $169$ and $251$ (they are vulnerable lines since there is at least one scenario of LR attack for each line with $\alpha$ at most $10\%$ that can make the line physically overloaded). Then, we evaluated the RTLRTA tool’s and CPSCED’s accuracy and functionality for different random LR attacks. At last, we compared the results from the CPSCED with the results from the SCED.

IV-A NPDSB ${}^{169}_{Threshold}$

Here, we determined a threshold for the NPDSB index of transmission line $169$ . To do so, we considered the weakest LR attack that could cause an overflow on this line. Since the largest $d$ is important to find the weakest attack with the lowest NPDSB index, we started to force the deviations at the first $d$ sensitive buses out of all sensitive buses to zero. The sensitive buses are sorted based on their PTDF absolute values from smallest to largest. Throughout this experiment, we increased $d$ manually and solved problem (10)-(11) until we reached a $d$ whose associated attack vector could not cause an overflow on line $169$ . Table I shows the results of solving problem (10)-(11) for three different $d$ s.

As shown in Table I, there is no random LR attack with $\alpha$ at most $10\%$ and $d$ more than $692$ (NPDSB $\leq$ $357$ ) that could cause an overflow on line $169$ . It means that the system operator can use $357$ as NPDSB ${}^{169}_{threshold}$ . We used $350$ for this line, which is even more conservative than $357$ .

TABLE I: The control room flows, physical flows, and NPDSB indices after solving problem (10)-(11) for line

169

with

\alpha=10\%

\alpha^{startpoint}_{169,min}=0.0425

, and three different

d

Line	d	Control room	Physical	NPDSB	Flow limit
Line	d	flow (MW)	flow (MW)	NPDSB	(MW)
169	292	-926.62	-1166.68	667	926.62
	492	-916.35	-1132.68	526
	692	-765.76	-926.65	357

IV-B NPDSB ${}_{Threshold}^{251}$

Following the same procedure in subsection IV-A, we determined a threshold for the NPDSB index of line $251$ .

Table II demonstrates the control room flows, physical flows and NPDSB indices corresponding to three different $d$ s for line $251$ with $\alpha$ and $\alpha^{startpoint}_{251,min}$ equal to $10\%$ and $0.0686$ , respectively. According to Table II, there is no severe random LR attack for line $251$ with $\alpha\leq 10\%$ and $d\geq 685$ (NPDSB $\leq 374$ ). Therefore, $370$ is a valid and conservative enough choice for NPDSB ${}_{threshold}^{251}$ .

TABLE II: The control room flows, physical flows, and NPDSB indices after solving problem (10)-(11) for line

251

with

\alpha=10\%

\alpha^{startpoint}_{251,min}=0.0686

, and three different

d

Line	d	Control room	Physical	NPDSB	Flow limit
Line	d	flow (MW)	flow (MW)	NPDSB	(MW)
251	285	-329.85	-434.58	641	387.34
	485	-355.44	-428.65	504
	685	-317.16	-387.347	374

IV-C Proposed Thresholds and RTLRTA Analysis

IV-C1 NPDSB_threshold Analysis

In this part, we demonstrated the functionality and accuracy of the proposed thresholds. To do so, we generated $2000$ scenarios of random LR attacks (red points) and $3000$ sets of random noise errors (blue points), including $2000$ Gaussian and $1000$ non-Gaussian noise errors. Then, we investigated if the proposed thresholds could detect the attack scenarios and differentiate them from random noise errors. Based on the determined thresholds for lines $169$ and $251$ , every point with an NPDSB index larger than $350$ or $370$ , respectively, was flagged.

TABLE III: The NPDSBs and physical overflows of all vulnerable transmission lines, considering one attack scenarios against lines

169

Line No.	$169$	P ${}_{k}^{max}$ (MW)	$926.62$	Attack Scenario	$d=150$	NPDSB ${}_{52}^{169}$	$614$	Physical Overflow (%)	$21.6$
						NPDSB ${}_{169}^{169}$	$805$		$15.9$
		TNSB	$1168$			NPDSB ${}_{251}^{169}$	$678$		$3.64$
		NPDSB_Threshold	$350$			NPDSB ${}_{264}^{169}$	$332$		$13.18$

To achieve each random attack vector, we solved problem (10)-(11) for different $d$ s, and each time $\alpha$ ( $10\%$ ) was multiplied to a random number between $0.52$ and $1$ , where $0.052$ is the least $\alpha$ that causes $5\%$ overflow on the target line ( $\alpha^{5\%}_{169,min}$ ). We used this $\alpha$ to ensure that constraint (11) does not force many of the physical flows to be less than the target lines’ continuous rating.

We generated the Gaussian noise errors’ vectors from a Gaussian distribution with $\mu=0$ and $\sigma=\alpha L/3.1$ in such a way that the deviation at each bus was limited to $\alpha$ percent of the forecasted load at that bus in either direction. There was no change at zero injection buses, and the system’s net load change was small. Moreover, we extracted the Cauchy noise errors’ vectors from a Cauchy distribution with location $x_{0}=0$ and scale $\gamma=\alpha L/3.1$ . All Cauchy noise errors were created and subjected to the same three constraints applied to the Gaussian noise errors’ creation process.

As illustrated in Fig. 2 and Fig. 3, the proposed thresholds worked perfectly and accurately. They successfully differentiated all random attack scenarios from noise errors for both lines. According to the results, some attack scenarios for both lines had insufficient energy to cause an overflow on the target line (red points above the lines related to continuous thermal ratings). It is because some of the $d$ randomly selected buses with zero deviations were among the most sensitive buses, which reduced the attack’s energy. Although these scenarios were not successful in causing an overflow on the target line, our proposed method flagged them as a malicious movement since their NPDSB indices were larger than the pre-determined thresholds. We generated these scenarios (attack with no damage) to show our method’s capability, while this may not be the case in reality.

TABLE IV: Active and binding PLFSCs in the CPSCED, objective values of the SCED and CPSCED, and the physical flows when different scenarios of LR attacks (

d=150

and

d=400

) contaminated the loads by targeting both transmission lines

169

and

251

Line No.

Case No.

Activated

PLFSC

(index)

Binding

PLFSC

(index)

SCED

Cost (M$)

CPSCED

Cost (M$)

Target Line Physical

Flow after

SCED (MW)

Target Line Physical

Flow after

CPSCED (MW)

169

1

d=150

52-169-264

52

1.79

1.83

-1011.7

-699.1

2

d=400

52-169-251-264

52-264

1.78

1.82

-1039.4

-749.5

251

1

d=150

52-169-251-264

52-264

1.77

1.81

-409.1

-261

2

d=400

52-169-264

52-264

1.78

1.82

-383.9

-42.3

IV-C2 The RTLRTA Tool Analysis

In this part, we evaluated the functionality of the RTLRTA tool. To do so, we ran Algorithm 1 when there was an LR attack scenario against target line $169$ . Hence, we generated a random LR attack against line $169$ by solving problem (10)-(11). We tested whether the RTLRTA tool can find all affected transmission assets or not. We calculated the NPDSB indices associated with the generated attack vector for other vulnerable transmission assets and compared each NPDSB index with its associated threshold to see if the transmission line was affected. Likewise, we added the malicious deviations related to this attack vector to the loads and provided the overflows’ percentages on vulnerable transmission lines, which confirms the decision made by the RTLRTA tool. As shown in Table III, we calculated the NPDSB indices for all four vulnerable transmission lines, which resulted in $614$ , $805$ , $678$ , and $332$ for lines $52$ , $169$ , $251$ , and $264$ , respectively. Based on the thresholds, all NPDSB indices indicated a malicious movement and notified the system operator that the current loads were maliciously contaminated. Moreover, the overflows’ percentages illustrate that this random attack, which was created to target line $169$ , caused overflows on other vulnerable lines. As mentioned before, in this case, we took line $169$ as the primary target to estimate the actual loads since the overflow on this line ( $21.6\%$ ) is more significant than overflows on other vulnerable lines, which are $15.9\%$ , $3.64\%$ , and $13.18\%$ for lines $52$ , $251$ , and $264$ , respectively.

Algorithm 1 is fast enough to add to the existing EMSs; it was coded in JAVA and took about $50$ milliseconds to run for each line on an Intel(R) Xeon(R) CPU with 48 GB of RAM. Likewise, since this problem’s nature makes each run of the RTLRTA tool for each asset independent from the others, we can parallelize the RTLRTA tool’s running processes.

IV-D CPSCED Analysis

In this section, we evaluated the CPSCED’s ability to provide secured dispatch points in the presence of LR attacks. To do so, we created different random LR attacks against transmission lines $169$ and $251$ , and for each case, in the RTLRTA, we found the list of assets whose associated PLFSCs have to be activated in the CPSCED. Finally, we compared the operation costs of the SCED and CPSCED in the presence of LR attacks. The proposed CPSCED has one more set of constraints than the SCED, which means that its result could be equal or worse from the economic point of view. In other words, if any of the added PLFSCs binds, the CPSCED results in a higher operating cost than the operation cost of the SCED.

Table IV shows two different attack scenarios ( $d=150$ and $d=400$ ) for each target transmission line ( $169$ and $251$ ). As shown, there were binding PLFSCs for all four scenarios, which justifies that the CPSCED resulted in higher operating costs than the SCED. This is the cost of making the system secure against identified LR attacks. For instance, for case $1$ against line $169$ , the PLFSC associated with line $52$ was the binding constraint out of the three activated PLFSCs, and resulted in higher operating cost in the CPSCED ( $\$$ $1.83M$ ) than the SCED ( $\$$ $1.79M$ ). As another example, consider the second case for line $251$ , where the generated random attack was not successful in causing an overflow on this line. Still, it was successful on other lines ( $52$ , $169$ , and $264$ ). The physical flow on line $251$ confirms the RTLRTA tool’s decision, which did not activate this line’s PLFSC in the CPSCED. This attack scenario caused overflows on the other three vulnerable lines ( $52$ , $169$ , and $264$ ), and the RTLRTA successfully activated those PLFSCs in the CPSCED. Moreover, only two of these activated PLFSCs ( $52$ and $264$ ) were binding in the CPSCED, which resulted in a higher operating cost in the CPSCED ( $\$$ $1.82M$ ) than the SECD ( $\$$ $1.78M$ ).

Considering the SCED’s dispatch points in Table IV, all the target lines’ actual physical flows were more than their thermal ratings (except for the second scenario against line $251$ , in which we had other overloaded lines). On the other hand, considering the CPSCED dispatch points, there is no overflow in the system (neither on the target line nor on other vulnerable lines).

V Conclusion Remarks

In the first part of this paper, we leveraged the NPDSB index to develop a real-time detection tool, which could be used in real-world practice with minimal disruptions and changes in the existing EMSs’ infrastructure. We made the RTLRTA tool in such a way that it could detect possible random LR attacks. To do so, first, we modeled the optimization problem (10)-(11) to generate random LR attacks. Next, we determined the NPDSB index’s threshold for each vulnerable asset so that it can flag even the weakest random LR attack against that asset. Finally, we created $2000$ scenarios of random LR attacks and $3000$ Gaussian and non-Gaussian sets of noise errors to evaluate the determined thresholds and RTLRTA tool’s accuracy and functionality. The determined thresholds worked perfectly, so the RTLRTA tool successfully detected all attack scenarios, differentiated them from all noise errors, and found all affected transmission assets.

Second, we proposed an approach to estimate the actual loads, in the post-attack stage, based on which we designed the PLFSCs. Then, we added the set of PLFSCs to the SCED problem to create the CPSCED model as a corrective action to respond to the identified LR attacks. The CPSCED gets the affected transmission assets’ ID from the RTLRTA tool and activates the associated PLFSCs to provide secured dispatch points. We investigated the CPSCED’s functionality and compared its results with the SCED’s results for different LR attack scenarios. The CPSCED successfully provided secured dispatch points, with no violation, for all attack scenarios, while the dispatch points from the SCED caused flow violations. Therefore, the higher operating cost of the CPSCED comparing to the SCED is the cost of making the system secure against undetectable LR attacks, which the SCED is incapable of doing that.

References

[1] Y. Liu, P. Ning, and M. K. Reiter, “False data injection attacks against state estimation in electric power grids,” ACM Transactions on Information and System Security (TISSEC), vol. 14, no. 1, p. 13, 2011.
[2] J. Liang, L. Sankar, and O. Kosut, “Vulnerability analysis and consequences of false data injection attack on power system state estimation,” IEEE Transactions on Power Systems, vol. 31, no. 5, pp. 3864–3872, 2016.
[3] S. Chakrabarty and B. Sikdar, “Detection of malicious command injection attacks on phase shifter control in power systems,” IEEE Transactions on Power Systems, 2020.
[4] Z. Chu, J. Zhang, O. Kosut, and L. Sankar, “Evaluating power system vulnerability to false data injection attacks via scalable optimization,” in 2016 IEEE International Conference on Smart Grid Communications (SmartGridComm), 2016, pp. 260–265.
[5] J. Zhang and L. Sankar, “Physical system consequences of unobservable state-and-topology cyber-physical attacks,” IEEE Transactions on Smart Grid, vol. 7, no. 4, 2016.
[6] L. Xie, Y. Mo, and B. Sinopoli, “Integrity data attacks in power market operations,” IEEE Transactions on Smart Grid, vol. 2, no. 4, pp. 659–666, 2011.
[7] A. Tajer, “False data injection attacks in electricity markets by limited adversaries: Stochastic robustness,” IEEE Transactions on Smart Grid, vol. 10, no. 1, pp. 128–138, Jan 2019.
[8] Y. Yuan, Z. Li, and K. Ren, “Modeling load redistribution attacks in power systems,” IEEE Transactions on Smart Grid, vol. 2, no. 2, pp. 382–390, 2011.
[9] X. Liu, Z. Li, Z. Shuai, and Y. Wen, “Cyber attacks against the economic operation of power systems: A fast solution,” IEEE Transactions on Smart Grid, vol. 8, no. 2, pp. 1023–1025, 2016.
[10] L. Che, X. Liu, Z. Li, and Y. Wen, “False data injection attacks induced sequential outages in power systems,” IEEE Transactions on Power Systems, vol. 34, no. 2, pp. 1513–1523, 2018.
[11] A. Ameli, A. Hooshyar, E. F. El-Saadany, and A. M. Youssef, “Attack detection and identification for automatic generation control systems,” IEEE Transactions on Power Systems, vol. 33, no. 5, pp. 4760–4774, 2018.
[12] T. Huang, B. Satchidanandan, P. Kumar, and L. Xie, “An online detection framework for cyber attacks on automatic generation control,” IEEE Transactions on Power Systems, vol. 33, no. 6, pp. 6816–6827, 2018.
[13] Y. Tan, Y. Li, Y. Cao, and M. Shahidehpour, “Cyber-attack on overloading multiple lines: A bilevel mixed-integer linear programming model,” IEEE Transactions on Smart Grid, vol. 9, no. 2, pp. 1534–1536, 2017.
[14] X. Liu and Z. Li, “Local load redistribution attacks in power systems with incomplete network information,” IEEE Transactions on Smart Grid, vol. 5, no. 4, pp. 1665–1676, 2014.
[15] X. Liu, Z. Bao, D. Lu, and Z. Li, “Modeling of local false data injection attacks with reduced network information,” IEEE Transactions on Smart Grid, vol. 6, no. 4, pp. 1686–1696, 2015.
[16] R. Kaviani and K. W. Hedman, “Identifying an exploitable structure for the core problem of load-redistribution attack problems,” in 2019 North American Power Symposium (NAPS). IEEE, 2019, pp. 1–6.
[17] Q. Yang, L. Jiang, W. Hao, B. Zhou, P. Yang, and Z. Lv, “Pmu placement in electric transmission networks for reliable state estimation against false data injection attacks,” IEEE Internet of Things Journal, vol. 4, no. 6, pp. 1978–1986, 2017.
[18] R. Deng, G. Xiao, and R. Lu, “Defending against false data injection attacks on power system state estimation,” IEEE Transactions on Industrial Informatics, vol. 13, no. 1, pp. 198–207, 2017.
[19] G. Liang, S. R. Weller, F. Luo, J. Zhao, and Z. Y. Dong, “Distributed blockchain-based data protection framework for modern power systems against cyber attacks,” IEEE Transactions on Smart Grid, vol. 10, no. 3, pp. 3162–3173, 2018.
[20] S. Amini, F. Pasqualetti, and H. Mohsenian-Rad, “Dynamic load altering attacks against power system stability: Attack models and protection schemes,” IEEE Transactions on Smart Grid, vol. 9, no. 4, pp. 2862–2872, 2016.
[21] T. Sreeram and S. Krishna, “Managing false data injection attacks during contingency of secured meters,” IEEE Transactions on Smart Grid, vol. 10, no. 6, pp. 6945–6953, 2019.
[22] L. Wei, A. I. Sarwat, W. Saad, and S. Biswas, “Stochastic games for power grid protection against coordinated cyber-physical attacks,” IEEE Transactions on Smart Grid, vol. 9, no. 2, pp. 684–694, 2016.
[23] Y. Liu, S. Gao, J. Shi, X. Wei, Z. Han, and T. Huang, “Pre-overload-graph-based vulnerable correlation identification under load redistribution attacks,” IEEE Transactions on Smart Grid, 2020.
[24] D. Deka, R. Baldick, and S. Vishwanath, “Jamming aided generalized data attacks: Exposing vulnerabilities in secure estimation,” in 2016 49th Hawaii International Conference on System Sciences (HICSS), 2016, pp. 2556–2565.
[25] K. Pan, P. Palensky, and P. M. Esfahani, “From static to dynamic anomaly detection with application to power system cyber security,” IEEE Transactions on Power Systems, vol. 35, no. 2, pp. 1584–1596, 2019.
[26] Y. Chakhchoukh, H. Lei, and B. K. Johnson, “Diagnosis of outliers and cyber attacks in dynamic pmu-based power state estimation,” IEEE Transactions on Power Systems, vol. 35, no. 2, pp. 1188–1197, 2019.
[27] J. Zhao, G. Zhang, and R. A. Jabr, “Robust detection of cyber attacks on state estimators using phasor measurements,” IEEE Transactions on Power Systems, vol. 32, no. 3, pp. 2468–2470, 2016.
[28] P. Gao, M. Wang, J. H. Chow, S. G. Ghiocel, B. Fardanesh, G. Stefopoulos, and M. P. Razanousky, “Identification of successive “unobservable” cyber data attacks in power systems through matrix decomposition,” IEEE Transactions on Signal Processing, vol. 64, no. 21, pp. 5557–5570, 2016.
[29] L. Liu, M. Esmalifalak, Q. Ding, V. A. Emesih, and Z. Han, “Detecting false data injection attacks on power grid by sparse optimization,” IEEE Transactions on Smart Grid, vol. 5, no. 2, pp. 612–621, 2014.
[30] S. Pal, B. Sikdar, and J. H. Chow, “Classification and detection of pmu data manipulation attacks using transmission line parameters,” IEEE Transactions on Smart Grid, vol. 9, no. 5, pp. 5057–5066, 2017.
[31] R. Kaviani and K. W. Hedman, “A detection mechanism against load-redistribution attacks in smart grids,” IEEE Transactions on Smart Grid, pp. 1–1, 2020.
[32] M. Esmalifalak, L. Liu, N. Nguyen, R. Zheng, and Z. Han, “Detecting stealthy false data injection using machine learning in smart grid,” IEEE Systems Journal, vol. 11, no. 3, pp. 1644–1652, 2017.
[33] M. Ozay, I. Esnaola, F. T. Y. Vural, S. R. Kulkarni, and H. V. Poor, “Machine learning methods for attack detection in the smart grid,” IEEE Transactions on Neural Networks and Learning Systems, vol. 27, no. 8, pp. 1773–1786, 2016.
[34] S. A. Foroutan and F. R. Salmasi, “Detection of false data injection attacks against state estimation in smart grids based on a mixture gaussian distribution learning method,” IET Cyber-Physical Systems: Theory & Applications, vol. 2, no. 4, pp. 161–171, 2017.
[35] Y. Zhang, J. Wang, and B. Chen, “Detecting false data injection attacks in smart grids: A semi-supervised deep learning approach,” IEEE Transactions on Smart Grid, 2020.
[36] L. Che, X. Liu, and Z. Li, “Mitigating false data attacks induced overloads using a corrective dispatch scheme,” IEEE Transactions on Smart Grid, 2018.
[37] H. Shayan and T. Amraee, “Network constrained unit commitment under cyber attacks driven overloads,” IEEE Transactions on Smart Grid, vol. 10, no. 6, pp. 6449–6460, 2019.
[38] R. D. Zimmerman, C. E. Murillo-Sánchez, and R. J. Thomas, “Matpower: Steady-state operations, planning, and analysis tools for power systems research and education,” IEEE Transactions on power systems, vol. 26, no. 1, pp. 12–19, 2011.

An Enhanced Energy Management System Including a Real-Time Load-Redistribution Threat Analysis Tool and Cyber-Physical SCED

Abstract

Index Terms:

Nomenclature

I Introduction

I-A Implementing Cyber-Attacks

I-B Countermeasures against Cyber-Attacks

I-B1 Protection Schemes

I-B2 Detection Schemes

I-B3 Corrective Actions

I-C Our Contributions

II Background

II-A Security-Constrained Economic Dispatch (SCED)

II-B LR Attack

III Modeling and Methodology

III-A The RTLRTA Tool

III-A1 NPDSB

III-A2 Thresholds for NPDSB Indices Considering Random LR Attacks

III-A3 Developing The RTLRTA Tool

III-B Cyber-Physical SCED (CPSCED)

IV Simulation Results

IV-A NPDSBT​h​r​e​s​h​o​l​d169{}^{169}_{Threshold}

IV-B NPDSB251T​h​r​e​s​h​o​l​d{}_{Threshold}^{251}

IV-C Proposed Thresholds and RTLRTA Analysis

IV-C1 NPDSBthreshold Analysis

IV-C2 The RTLRTA Tool Analysis

IV-D CPSCED Analysis

V Conclusion Remarks

References

IV-A NPDSB ${}^{169}_{Threshold}$

IV-B NPDSB ${}_{Threshold}^{251}$

IV-C1 NPDSB_threshold Analysis