[PDF] Power Systems Cybersecurity: Methods, Concepts, and Best Practices Hassan Haes Alhelou, Nikos Hatziargyriou, Zhao Yang Dong

In order to enhance overall stability and security in wide-area cyber-physical power systems and defend against cyberattacks, new resilient operation, control, and protection methods are required. The cyberattack-resilient control methods improve overall cybersecurity and stability in normal and abnormal operating conditions. By contrast, cyberattack-resilient protection schemes are important to keep the secure operation of a system under the most severe contingencies and cyberattacks. The main subjects covered in the book are: 1) proposing new tolerant and cyberattack-resilient control and protection methods against cyberattacks for future power systems, 2) suggesting new methods for cyberattack detection and cybersecurity assessment, and 3) focusing on practical issues in modern power systems. Table of contents : Preface Contents About the Editors A Comprehensive Review on Cyber-Attack Detection and Control of Microgrid Systems 1 Introduction 2 Various Kinds of Cyber-Attacks and the Importance of Studying Cyber Security 2.1 Cyber Attack Models 2.2 Why is Studying Cybersecurity Important? 3 Various Cyber-Security Schemes 3.1 Signal-Based Methods 3.2 Model-Based Methods 3.3 Data-Based Methods 4 Resilient Control Design Approach 5 Future Direction 6 Conclusion References Cyber Vulnerabilities of Modern Power Systems 1 Introduction 2 Architectures of Smart Grids 2.1 Communication Requirement for Modern Power System Architectures 2.2 Communication Protocols 3 Cyber Vulnerabilities of Modern Power System 3.1 Man-in-the-Middle Attack 3.2 Denial-of-Service-Attack 3.3 False Data Injection Attack 3.4 Network Failures 3.5 Case Study 4 Conclusion References Cyber-Physical Security in Smart Power Systems from a Resilience Perspective: Concepts and Possible Solutions 1 Introduction and Background 1.1 The Necessity of Smart Power System 1.2 Smart Grid Definition 1.3 Benefits and Challenges of Smart Grids 1.4 Cyber-Physical Security in Smart Power Systems 2 Concepts of Cyber-Attacks and Physical Threats in Power Systems 3 Measuring the Resilience of Power Systems 4 Possible Solutions to Improve the Cyber-Physical Resilience of Power Systems 5 Conclusion References Cybersecurity Challenges in Microgrids: Inverter-Based Resources and Electric Vehicles 1 Introduction 2 Cyber-Physical Microgrid Structure 3 Cyber Vulnerabilities and Potential Attack Points 4 Detection and Mitigation Approaches 5 Conclusion References Improving Cybersecurity Situational Awareness in Smart Grid Environments 1 Introduction 2 System Model 3 Possible Security Threats 3.1 Man-in-the-Middle (MitM) Attacks 3.2 False Data Injection Attacks (FDIAs) 3.3 Load Altering Attacks (LAAs) 4 Prov-IoT-MG: Evidence for Security Awareness and Opportunities 4.1 Prov-IoT-MG Structure 4.2 Security Metadata Opportunities 5 Risk Assessment with Situational Awareness 5.1 Man-in-the-Middle Attacks 5.2 False Data Injection Attacks 5.3 Load Altering Attacks 6 Discussion 7 Conclusion and Future Work References Hybrid Physics-Based and Data-Driven Mitigation Strategy for Automatic Generation Control Under Cyber Attack 1 Introduction 1.1 Cyber Attacks Against Advanced Metering Infrastructure 1.2 Communication System-Oriented Cyber Attacks 1.3 Power System Application-Oriented Cyber Attacks 2 Automatic Generation Control Under False Data Injection Attacks 2.1 Automatic Generation Control Based on Detailed Multi-machine Classical Model 2.2 Power Imbalance-Oriented False Data Injection Attacks 3 Hybrid Physics-Based and Data-Driven Mitigation Strategy 3.1 Physics Analysis of Compensation-Based Mitigation Strategy 3.2 Causal Relationship Between AGC Variables of Interest 3.3 Regression-Based Estimation and Compensation-Based Mitigation Strategy 4 Case Studies 4.1 Input Data Analysis 4.2 Regression Method Analysis 4.3 Compensation-Based Mitigation Analysis 5 Conclusions References Data-Driven Cyber-Resilient Control of Wide Area Power Systems 1 Introduction 1.1 Cyber-Resilient Control 1.2 Cyber-Resilient Control of Power Systems 2 Data-Driven Control 2.1 Data-Driven Cyber-Resilient Automatic Generation Control of Power Systems 3 DDCRC Design and Stability Analysis 4 Simulation 5 Conclusion References Cyberattack-Resilient Control in Multi-area Power Generation 1 Introduction 2 Off-Line Tolerant Control Gains Seeking Method 2.1 Modeling of Multi-area Power Generation System 2.2 Distributed Automatic Generation Controller Design Under DoS Attacks 2.3 Off-Line Tolerant Control Gains Seeking 3 On-Line Cyberattack Detection Mechanism 3.1 Two Typical Cyberattack Detection Mechanisms 3.2 Implementation of Credibility-Based AGC Under Cyber Attacks 4 Validations of the Cyberattack-Resilient AGC 4.1 System Structure and Parameters 4.2 Validations of the First Security Layer 4.3 Validations of the Second Security Layer 5 Summary References Cyber-Security of Protection System in Power Grids?Part 1: Vulnerabilities and Counter-Measures 1 Introduction 2 Substations 2.1 Substation Automation 2.2 Vulnerabilities of Substation Automation Systems 3 CAP Schemes 3.1 Commonly Used Communication Media in Power Systems 3.2 Types of CAP Schemes 3.3 Line Current Differential Relay (LCDR) 3.4 Phase Comparison Scheme 3.5 Vulnerabilities of CAP Schemes to Cyber-Attacks 4 WAP Schemes 4.1 Vulnerabilities of WAP Schemes 5 Taxonomy of Cyber-Attacks Against Protection Systems 5.1 Attacks Against the Protection System 6 Cyber-Attack Detection and Prevention for Power System Protection Applications 6.1 Preventing Cyber-Attacks 6.2 Intrusion Detection Systems (IDSs) for Protection Applications 7 Conclusion References Cyber-Security of Protection System in Power Grids?Part 2: Case Studies on Securing Line Current Differential Relays 1 Introduction 2 Working Principle of LCDRs 2.1 FDIAs and TSAs Against LCDRs 3 Detecting Cyber-Attacks Against LCDRs Using an ML-Based IDS 3.1 Synthetic Data Generation for Training the MLP Model 3.2 Selecting Optimal Features 3.3 Training the MLP Model 3.4 Performance Evaluation 4 Detecting Cyber-Attacks Against LCDRs Using an Anomaly-Based IDS 4.1 Transmission Lines Models for Faulty Lines 4.2 State Estimation Using UIOs 4.3 FDIA Diagnosis Using UIOs 4.4 Performance Evaluation 5 Conclusion References Semi-supervised Deep Learning-Driven Anomaly Detection Schemes for Cyber-Attack Detection in Smart Grids 1 Introduction 1.1 Contribution 2 Related Work 3 Methodology 3.1 Deep Recurrent Autoencoder 3.2 The Hybrid GAN-GRU Deep Learning Method 3.3 Semi-supervised Anomaly Detection Methods 3.4 The Proposed Deep-Learning-Driven Anomaly Detection Framework 4 Results and Discussion 4.1 Data Description 5 Conclusion References Vertical Approach Anomaly Detection Using Local Outlier Factor 1 Introduction 2 Learning Systems in Anomaly Detection 3 Literature Review 4 Local Outlier Factor for Anomaly Detection 5 Methodology 6 Results, Discussion and Conclusion References A Modular Infrastructure for the Validation of Cyberattack Detection Systems 1 Introduction 2 Related Work 3 The Framework 3.1 The Attacker 3.2 Attacks 3.3 Integration of Detection Models 4 Probabilistic Graphical Models 4.1 DBN Definition and Inference 4.2 Representing Attack Paths Timing 4.3 A DBN for the MITM Attack 5 Experiments 5.1 No Monitoring 5.2 Two Attack Steps 5.3 Attack Processes and Unrelated Suspicious Activities 5.4 A Whole Attack Process 5.5 Slower Attacks 6 Conclusions and Future Directions References A Novel Self-learning Cybersecurity System for Smart Grids 1 Introduction 2 Related Work 3 System Architecture 3.1 Cybersecurity Platform 3.2 VA Module 3.3 Cyberattack Detection Module 4 Compared Methods and Attack Cases 4.1 SDAE 4.2 KNN 4.3 RF 4.4 LR 4.5 Attack Use Cases in Smart Grid Ecosystems 5 Results 5.1 Initial Results 5.2 Modbus Protocol New Threats 5.3 Improvement of Model Effectiveness Regarding MQTT Protocol 5.4 Performance Comparison of the System with the SPARK Framework 6 Discussion 7 Conclusion References Cyber-Resilience Enhancement Framework in Smart Grids 1 Nomenclature 2 Introduction 3 Literature Review 4 FRANS Architecture 4.1 Cyberattack Detection Engine 4.2 EDAE 4.3 MAS 5 System Evaluation 5.1 Evaluation Details 5.2 Evaluation of Cyberattack Detection Engine 5.3 Evaluation of Network Path Re-allocation 6 Discussion 7 Conclusion References SOAR4DER: Security Orchestration, Automation, and Response for Distributed Energy Resources 1 Introduction 2 Experimental Testbed and Methodology 2.1 SOAR Playbook 1: Reconnaissance 2.2 SOAR Playbook 2: Denial-of-Service 2.3 SOAR Playbook 3: Insider Threat 2.4 SOAR Playbook 4: Modbus Malicious Writes or Fuzzing 2.5 SOAR Playbook 5: Brute Force Attacks 2.6 SOAR Playbook 6: Machine-in-the-Middle 3 Discussion 4 Conclusion References A Study on Cyber-Physical System Architecture for Smart Grids and Its Cyber Vulnerability 1 Introduction 1.1 Issues in SG?s 2 CPS Architecture 3 CPS in Smart Grids 3.1 Smart Grid Cyber Physical System 3.2 Function of SG-CPS 4 Modeling and Stability Analysis of Integrated Cps 4.1 Cyber-Attack System Modeling and Analysis 5 Conclusion 5.1 Future Scope References A Study on Cybersecurity Standards for Power Systems 1 Introduction 2 Background 2.1 Power System 2.2 Power System Automation (PSA) 2.3 Network Architecture in Power System 2.4 Cybersecurity in Power System 3 Cybersecurity Standards for Power System 3.1 IEEE1686 3.2 IEEE37.240 3.3 IS16335 3.4 IEC62351 3.5 ISO/IEC27001 3.6 ISO/IEC27019 3.7 ISA/IEC62443 3.8 ISO/IEC20243 3.9 ISO28000 3.10 NERC-CIP 3.11 NIST SP 800-82 3.12 IEEEC37.118 and IEEEC37.118.1 3.13 Other Cybersecurity Standards 4 Implementation Guidelines and Certification as per Standards 5 Summary References