Toward Attack-Resilient PMU Data Analytics

Summary Statement

We aim to fill this gap by developing and validating real time PMU data correction and adversarial machine learning techniques that leverage the physical grid model as well as the sparse characteristic of spoofed PMUs. We will collaborate with Schweitzer Engineering Laboratories (SEL), Inc. to validate the developed techniques in practical environment and develop, test, and verify applications that can be integrated with SEL’s Horizon libraries, SEL’s RTAC libraries to support wide area monitoring and control using PMU data. At the end of the project, we will publish the application such that the technique can be used by SEL RTAC users in real life grid operations. The detailed steps to completion are as follows:

 

Task 1: Development of Scalable Real-Time PMU Data Correction Algorithm: Based upon our prior work, we will develop a sparse PMU data correction approach for mitigating GPS spoofing attacks that can meet the computation, memory, and latency constraints of real time PMU data analytics.

Task 2: Development of Adversarial Machine Learning Techniques: We will develop an adversarial machine learning approach to best mitigate the impact of spoofing attacks on existing data analysis functionalities of SEL Horizon libraries (e.g., modal analysis) and SEL SynchroWave software (e.g., disturbance detection) by leveraging the special structure of data falsification by spoofing attacks.  

Task 3: Development of Visualization Techniques: We will develop visualization techniques to visualize results of PMU data correction and adversarial machine learning so that users of these techniques can gain understanding of attack behaviors.

Task 4: Testbed Evaluation, Verification, and Publication: We will collaborate with our industry partners at SEL to verify the developed techniques rigorously and develop, test, and verify applications that can be combined with existing SEL Horizon libraries seamlessly to support data correction and adversarial machine learning functionalities. 

Energy Delivery System (EDS) Gap Analysis

Among many data sources in power system, PMUs (phasor measurement units) stand out as the most popular data sources because they provide high-frequency, high-resolution, direct measurements of bus voltage phasors in real time. While PMU data are being used or expected to be used in many analytics for power system in the near future, it is not yet clear how we can ensure trustworthiness of real time PMU data stream. PMU data can be potentially falsified under several cybersecurity failure scenarios of Wide Area Monitoring, Protection, and Control (WAMPAC) described in the NESCOR report[1]: “ PMU data can be compromised under the WAMPAC 2, 4, and 12 scenarios.” One major concern in employing PMU data is that PMUs are subject to data falsification attacks that can be launched at a physical signal layer, e.g., spoofing or jamming GPS signals. Such attacks launched at a signal level can bypass typical security measures in IT/OT networks. There is a critical need to develop an effective countermeasure that can mitigate the impact of spoofing attacks on PMU data analytics decisions in real time, without incurring much overhead.  

More Information

We completed the implementation of our data correction algorithm as an SEL RTAC library (Datacorrector). The total library package contains two parts. The first part is a python script that is used to preprocess the network information. The input to the python script can be easily generated using readily available PSS/E or MATPOWER case files. The python script preprocesses the network information and generates several .csv files that are required in the RTAC data correction library. The second part is a RTAC library of our algorithm. We compiled all the RTAC classes, functions, and global variable lists as a single library in RTAC implementation. The RTAC library captures the incoming PMU measurements and provides three outputs. The three outputs are GPS spoof corrected measurement, estimated angle biases, and a Boolean variable to indicate the presence of an attack. Users can also configure the RTAC to passthrough the uncorrected measurement for comparison. The library is developed on an SEL-3555 RTAC.  The RTAC firmware version is R145 and the software version is 1.33.149.12000.

 

We tested the library by using a real-time simulation of the IEEE RTS-96 test case on the Oregon State University power system testbed. An Opal RT real time simulator was used to emulate real time power grid operation in the presence of a GPS spoofing attack. An SEL-3555 RTAC received spoofed PMU measurements from the real time simulator, used the data correction RTAC library to correct the measurements in real time, and continuously forwarded the corrected measurements and other library outputs to a server hosting SEL Synchrowave. The test system consists of 73 buses and 120 branches. Out of 73 buses, we placed PMUs in 21 buses. We assumed that all the branches associated with these PMU buses are measured. During the preprocessing step the python script algorithm separated the network into two zones. The first zone consists of 14 PMU buses and the second zone consists of 7 PMU buses. The PMU measurements are generated with four PMU phase angles spoofed (Two PMUs per zone). The spoofing attack that we consider is a ramping attack. GPS spoofing ramp is set to 1 degree/second and GPS spoofing is limited to +/- 20 degrees.  The data rate of the incoming PMU measurement is 60 samples per second. The RTAC library applied data correction for incoming PMU measurements for each zone sequentially. The average run time of RTAC is 5 ms when there is no spoofing attack. When there is a spoofing attack RTAC library enters into the data correction algorithm and the average run time is around 12 ms.

 

The power system and data correction algorithm is visualized on SEL Synchrowave Operations software. Data from all 21 PMUs, including the uncorrected phasors, corrected phasors, estimated angle bias, and spoofing attack indicator are sent to Synchrowave over standard synchrophasor communication protocol IEEE C37.118. To enhance user awareness, a one-line diagram was created to display the status of the system and locations of the spoofing attack. The signal monitor was used to generate alarm states from the spoofing attack Boolean received from the RTAC.

 

 

The system was tested under various attack scenarios. The system performed as expected, keeping the phase angles tightly coupled and alerting the user to the problem and elevating the alarm status. With the data correction system offline, the attacked phase angles drift away from the rest of the system.

 

We also completed most of the sections in the user manual of our data correction library. The user manual document contains full details about the OSU test bed setup and the RTAC library implementations. We also included the full detail of our test bed experiment with the RTS-96 test case. As the final deliverables, we are planning to provide all the necessary files in our RTAC implementation as a public Github repository (link: https://github.com/dilanspsenaratne/DataCorrector) with GNU General Public License version 3.0 (GPL v3.0). The repository will contain the RTAC library implementation, the source codes, the manual, and the Synchrowave configuration files for visualization.