Security Gaps due to Coupling of Energy Delivery Sub-systems
Summary Statement
This activity focuses on the following issues:
- Natural gas is now the largest source of fuel for electricity generation (according to PJM). The gas network operation is also becoming more reliant on automation and therefore communication. Hence, cyber-attacks become a possibility, the repercussions of which could propagate to the electric grid, which relies heavily on natural gas. For example, SDG&E is rushing to complete a large battery storage project in record time, to avoid potential blackouts as a result of accidental or malicious disruption of service in the Alison Canyon gas storage facility. We will first mathematically model the dependency between these two sub-systems and then identify the security threats arising due to this coupling that may originate from cyber-attacks, and propose preventive/restorative actions. The tool/technology we envision is a protocol for communicating information to EMS and DMS that can trigger remedial actions. This tool would be equipped with an advanced intrusion detection system that comprises of three sub-components: 1) intra-domain intrusion detection for power grid, 2) intra-domain intrusion detection for natural gas grid, and 3) inter-domain intrusion detection that binds the intrusion detection in the gas and electric domain together. The structure of the proposed comprehensive intrusion detection system is illustrated in Fig. 1.
- Distributed Energy Resources (DERs) integration, especially at the distribution level, including Electric Vehicles (EVs), storage, and renewable energy resources, requires the power grid to interact with a set of new equipment remotely. Often the deployments are managed, monitored and controlled by third parties, while the Utilities are merely metering the power injection from the different sites though dedicated communication networks that allow them to monitor and switch components to manage their response. Electric vehicle charging stations, for instance can be sensitive to the electricity pricing or other signals provided by the EDS. Unstable behavior may arise for the coupled EDS and infrastructure networks. The NESCOR Scenario DER.8 [7] describes an EV charging station that fails to stop fast a charging request from the grid operator, because it fails to receive the control commands. Our results show how such an action can lead to instability in the electrical system. Another example of a threat in this sector can be caused by manipulating the charging/discharging converter as non-linear load in the grid to create harmonics that can potentially put the grid in resonance or cause disruptive power quality issues at the distribution level. These actions would be made possible by tampering and reprogramming with malware the micro-controllers that are used to switch and monitor the charging process. Our aim is to develop models and protocols to share information and prevent such unstable behavior, while searching for a social optimum strategy. Having identified this instability, we will expand to consider the threat it poses to the electrical system if charging stations are not adequately monitored and controlled.
Like the gas network, distributed solar deployments as well as solar plants typically occupy a wide geographical footprint. Hence, they have to rely on communications for their automation. Increasingly, researchers are considering algorithms to regulate the voltage, track the maximum power point, and perform other monitoring and control functions via inverters in these solar farms. The backbone communication infrastructure is often not owned or managed by the utilities. Therefore, attackers can exploit vulnerabilities that exist in these networks to disrupt the normal operation of the power grid.
Another inverter-related example of such interruptions is to manipulate On-Load Tap Changers (OLTCs) to put the inverters at the coupling point of DERs with the grid out of the allowed voltage-time zone recommended in the voltage-ride through best practices[1] . OLTCs are controlled by SCADA relays or microcontrollers, which can be vulnerable to cyber attacks. Additionally, the DER paradigm relies heavily on predictive methods. Weather forecasting plays a large role in predicting renewable energy generation. The network of sensors deployed by weather forecasters, therefore has a growing impact on the power grid’s operations. This opens up myriad new targets for an attacker, by spoofing the system that provides the weather forecast to the grid operator.
- Some data collection (for the Independent Systems Operators (ISO) or Utilities) is done over networks from third party companies (AT&T and Verizon). Therefore, disruption to this communication infrastructure could impede data collection for an ISO, resulting in a degraded knowledge of system state. The longer such blindness to the system state persists, the more likely it is that a poor operations choice will be made, resulting in failures. Note that the distinction here from the attacks targeting the SCADA network is that this communication infrastructure is managed by an entity outside the power system operation boundary. This entity, the communication provider, was initially developed with another objective, and is now employed under a specific agreement between two entities (the work we propose focuses on the impact to EDS resulting in loss of access to communication services; models of attacks on the communication network are out of scope.)
-
With the current trend in research toward security of energy delivery systems, there is a need for validation of the methods aiming to simulate potential cyber-attacks on the grid andpropose solutions. Our goal here is to provide the user with an open-source software that allows the co-simulation of the power and scada network, and enables the user to simulate cyber-attacks and implement cyber-physical intrusion detection mechanism. The development of these co-simulation capabilities will leverage funding from another multi-disciplinary project aimed a designing an open-software platform called Resilient Infrastructure Simulation Environment (RISE) (see Fig. 2), with a user-friendly interface that helps scenario planning and contingency analysis and that relies on OpenDSS software underneath to compute the grid state. The scope of RISE is broader than EDS and it is applied to simulate events in interdependent infrastructures across temporal and spatial domains. For instance, currently RISE has the capability of simulating the interdependency between power and water distribution systems, but lacks the ability to simulate SCADA controllers and SCADA events in either of the infrastructures and this is where our synergistic contrinution lies. Focusing on the SCADA for the electric power system, we will endow the environment with a capability that other researchers may extend to other infrastructures.While not planned for next year, our intention is to extend the simulation capabilities to the gas network as well. As mentioned before, the platform is interactive and can be used not only for research and demonstration purposes but also for training and education of people in various EDS industry sectors. It also allows to study the impact of cyber-attacks staged on the grid onto other infrastructures (e.g. water distribution networks, as shown in Fig. 2).
Energy Delivery System (EDS) Gap Analysis
Energy delivery systems have multiple large-scale sub-systems, including natural gas feeds to generators, communication networks, and electrical vehicle charging stations. Considering the interdependency of these sub-systems, one can exploit the security holes in one to cause physical damage to the other. The management of these sub-systems is rarely done in coordination, which means that detecting such attacks is more challenging. Focusing on the electrical grid, we aim to address vulnerabilities that can arise as a result of attacks on the EDS sub-systems and propose remedial actions.
Reference the research activity fact sheet (PDF) for an extended gap analysis and bibliography.
How does this research activity address the Roadmap to Achieve Energy Delivery Systems Cybersecurity?
This activity is tied to the roadmap objective of “Assessing and Monitoring Risk” and “Developing and Implement New Protective Measures to Reduce Risk” accounting for the complex interactions between power generation and transmission, oil and gas suppliers, renewable power generation deployments and end uses that are also coupled through wide-area interconnections (e.g. electric vehicle charging stations coupled with travel patterns on transportation systems).
More Information
Research Posters:
- Security Gaps due to Coupling of Energy Delivery Sub Systems (2020 Industry Workshop)
- Modeling Secure Coupled Infrastructure Operations (2017 Industry Workshop)
- Modeling Instabilities in Infrastructures Coupled with the Grid (2016 Industry Workshop)
-
Industry Collaborators
- Privately managed solar farm in southwest region of the United States
- Currently seeking additional collaborators with power utilities that own multiple types of generation/distribution infrastructures. Contact Anna Scaglione for more details.