Cyber Security of Power Distribution Systems by Detecting Differences Between Real-time Micro-Synchrophasor Measurements and Cyber-Reported SCADA

The power distribution grid, like many cyber physical systems, was developed with careful consideration for safe operation. However, a number of features of the power system make it particularly vulnerable to cyber attacks via IP networks. “IT security” approaches to dealing with malware and other cyber attacks via a network include traditional intrusion detection systems, firewalls, encryption, etc… These techniques can help, but as we’ve observed in a previous project, traditional IT security techniques tend to leave a gap in safety and protection when applied to cyber-physical devices because they do not consider physical information known about the cyber-physical device they are protecting. Not only does this leave a gap in protection, but it ignores valuable information that could be used to better protect the cyber-physical device.

The goal of this is to design and implement a measurement network, which can detect and report the resultant impact of cyber security attacks on the distribution system network. The cyber-attacks against the distribution grid that we primarily focus on are ones that (1) modify the distribution grid operation and causing it to behave in individually or collectively disruptive or damaging ways; (2) mask communication from substation components in the distribution grid, through cyber denial-of-service attack, and prevent awareness of the actual operational function; and (3) mask communication to substation components in the distribution grid, through cyber denial of service attack, causing misbehaving components to fail to receive instructions to restore safe operation. The detection and reporting will be within short time frame, at present not communicable or measured on the distribution system, allowing operators to perform remedial action.

To do this, this project uses micro phasor measurement units to capture information about the physical state of the power distribution grid and combines this with SCADA command monitoring in real time. The project will build models of safe and unsafe states of the distribution grid so that certain classes cyber attacks can potentially be detected by their physical effects on the power distribution grid alone. The result will be a system that provides an independent, integrated picture of the distribution grid’s physical state, which will be difficult for a cyber-attacker to subvert using data-spoofing techniques.

See the detection algorithms in action via our graphical front-end at the LBNL Power Data Portal.

Source code for the LBNL Stream-Processing Architecture for Real-time Cyber-physical Security (SPARCS) is available at GitHub.

This project is supported by the U.S. Department of Energy’s Cybersecurity for Energy Delivery Systems (CEDS) program.

Principal Investigators:

Sean Peisert (PI; LBNL)
Ciaran Roberts (Co-PI; LBNL)
Anna Scaglione (Co-PI; ASU)

Senior Personnel

Reinhard Gentz (LBNL)

Students

Mahdi Jamei (ASU)

Industry Partners:

EnerNex (Erich Gunther (previously), Aaron Snyder, Bob Zavadil, Dave Mueller, Jens Schoene)
EPRI (Galen Rasche, Jens Boemer)
Power Standards Laboratory (Alex McEachern)
Corelight (née Broala)
OSIsoft (John Matranga)
Riverside Public Utilities
Southern Company

Project Alumni:

Chuck McParland (Former Co-PI; LBNL → RTISYS / LBNL Affiliate)
Emma Stewart (Former Co-PI; LBNL → LLNL)

Press regarding this project:

Electric grid protection through low-cost sensors, machine learning — September 21, 2018

Cyber Defense Tool Is an Early Warning System for Grid Attacks — March 27, 2018

Combination of Old and New Yields Novel Power Grid Cybersecurity Tool — March 7 2018

Publications resulting from this project:

Mahdi Jamei, Anna Scaglione, and Sean Peisert, “Cyber-Physical Relaying Reliability Enhancement through Hybrid Network Intrusion Detection Systems,” Proceedings of the 2018 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm), Allborg, Denmark, October 29–31, 2018.

Ciaran Roberts, Anna Scaglione and Sean Peisert, “A Holistic Approach to Distribution Grid Intrusion Detection Systems,” EnergyCentral, July 18, 2018

Mahdi Jamei, Anna Scaglione, Ciaran Roberts, Emma Stewart, Sean Peisert, Chuck McParland, and Alex McEachern, “Anomaly Detection Using μPMU Measurements in Distribution Grids,” IEEE Transactions on Power Systems, 33(4):3611–3623, July 2018.

Mahdi Jamei, Anna Scaglione, Ciaran Roberts, Alex McEachern, Emma Stewart, Sean Peisert, and Chuck McParland, “Online Thevenin Parameter Tracking Using Synchrophasor Data,” Proceedings of the 2017 IEEE Power Engineering Society (PES) General Meeting (GM), Chicago, IL, July 16–20, 2017

Reinhard Gentz, Wireless Sensor Data Transport, Aggregation and Security, Ph.D. Dissertation, Arizona State University, July 2017.

Mahdi Jamei, Anna Scaglione, Ciaran Roberts, Emma Stewart, Sean Peisert, Chuck McParland, and Alex McEachern, “Automated Anomaly Detection in Distribution Grids Using µPMU Measurements,” Proceedings of the 50th Hawaii International Conference on System Sciences (HICSS), Electric Energy Systems Track, Resilient Networks Minitrack, Waikoloa, HI, Jan. 4–7, 2017.

Mahdi Jamei, Emma Stewart, Sean Peisert, Anna Scaglione, Chuck McParland, Ciaran Roberts, and Alex McEachern, “Micro Synchrophasor-Based Intrusion Detection in Automated Distribution Systems: Towards Critical Infrastructure Security,” IEEE Internet Computing,” Sept./Oct. 2016. [CDL]

More information is available on other Berkeley Lab R&D projects focusing on cybersecurity in general, as well as specifically on cybersecurity for energy delivery systems.