Cybersecurity of Smart Grid Systems Dr. Vittal S. Rao Electrical and Computer Engineering Texas Tech University November 8, 2012 NSF-SFS Workshop on Education Initiatives in Cybersecurity for Critical Infrastructure Out Line of Presentation • • • • • • • • • Smart Grid Systems TTU’s Unique Capabilities TTU Real Time Simulator Security Features of Smart Grid Wide Area Monitoring Using SCADA and PMU Data Multidisciplinary approaches for Cybersecurity Cyber security/ Intrusion Detection Methods Vulnerability of Smart Grid Communication Protocols Conclusions Benefits of the Smart Grid • Near-zero wide-area blackouts and greatly reduced local interruptions. • High-quality power for sensitive electronics and complex computer applications. • Plug-and-play integration of renewable sources, distributed resources and control systems • Options for consumers to manage their electricity use and costs, Smart Homes • Improved resilience to attack, natural disasters, and operator errors. Characteristics of Smart Grid Enables Active Consumer Participation Accommodates all Generation and Storage Options Enables New Products, Services, and Markets Provides Power Quality for the Digital Economy Optimize Asset Utilization and Operates Efficiently Anticipates and Responds to System Disturbances (Self-heals) Operates Resiliently Against Attack and Natural Disaster Smart Grid Essential Functions • Integration of ‘Electrical Infrastructure’ with ‘Intelligence Infrastructure’ • Smart Sensors, Protective Relays and Control Devices • On-Line Equipment Monitoring • Communications Infrastructure • New Operating Models and Algorithms • Real-Time Simulation and Contingency Analysis • Improved Operator Visualization Techniques • Interconnection Codes and Standards • Cyber Security Integration of Generation and Storage Options • Distributed Generation : small, widely dispersed plants • Renewables: Wind, Solar, Biomass, etc • Maximum Penetration of Renewable Energy Sources with Grid • Energy Storage: Giant Batteries and Capacitors • Demand Response(DR): Response to peak loads Smart Grid Systems at Texas Tech • Multidisciplinary Research Centers (Wind Science and Engineering, Smart Grid Energy Center) • Alstom 1.5MW Commercial Grade Wind Turbine on TTU campus • DOE/Sandia Facilities for Testing Wind Farms/ Energy Storage Systems • TTU Real Time Simulator sponsored by the National Science Foundation (NSF) • Smart Microgrid Test Bed • Interdisciplinary research teams for Smart Grid and Cyber Security: ECE, CSc, ME, IE, Mathematics, Business, and Law • New BS Degree program in Wind Energy • Interdisciplinary Curriculum for Cyber Security Unique Capabilities • Formation of a Team of applied and academic background researchers to address the “Technology for Cyber-Physical Systems”. • Accessibility of industrial partners of CCET and PMU manufacturer, National Instruments (NI). • TTU is the leader in Wind Sciences and Engineering in the Nation. TTU has established an interdisciplinary PhD program in Wind Energy. Texas Tech in collaboration with Group NIRE has developed a significant facilities related with Smart Microgrid Systems. This system has commercial grade Wind Turbines, Large scale battery storage (proposed) , planning to install 4 or 5 PMUs in Southwest Power Pool (SPP) Power System. • TTU has received a major research instrumentation (MRI) and Capacity Building grant for Cybersecurity from NSF. TTU is working with Northrop Grumman Corporation, who is the industrial leader for Cyber Security. Thematic Research Areas • Maximum Penetration of Distributed Renewable Energy Sources to Grid • Cyber Security of Energy Delivery Systems/ SCADA Control Systems • PMU based Wide Area Monitoring and Damping Control Strategies • Home Area Networks • Hybrid Energy Storage Systems • Dynamic Stability of Power Systems • Development of Experimental Microgrid Test Bed • Optimal Energy Management of Smart Micro grids TTU Real Time Simulator Phasor Data Concentrator IEEE C37.118 IEC 61850 IEEE C37.118 IEC 61850 D400 Substation Gateway Cyber Security Visualization Screen in our lab Controller GTNET PMU GE N60 & D90 plus SEL-421 ABB-REL670 DFIG Campus Wind Turbine Wind Data Controll er Solar Inverter Control Solar Data RTDS RSCAD Utility Grid Battery Storage Interoperability • Energy Management Systems (EMS) architecture with products from different companies. REF: 1. http://zone.ni.com/devzone/cda/pub/p/id/1238 2. www.multilin.com UTILITY GRID Wind Energy Transformer /CB Laboratory Building DFIG PHEV Smart Meter Solar Energy Micro Grid DC/AC Inverter Natural Gas Engine Priority Loads Generator Fuel Cells DC/AC Inverter Control and Energy Management Local Loads Generator DC/AC Inverter Battery Storage Distributed Micro Energy Sources Generator Flywheel Storage DC/AC Inverter Ultra Capacitor Distributed Storage Micro Turbine Cyber Security • Today’s grid lacks the robustness needed to withstand attacks by saboteurs or acts of nature. (Supervisory Control and Data Acquisition (SCADA) systems) • Today’s grid lacks the information and control capabilities to rapidly recover from manmade or natural events. • Advanced cyber security protection systems have to be integrated utilizing cyber security standards to ensure that new smart grid technologies are secure and that existing technologies such as SCADA, protective relaying, and communication systems are retrofitted with methods that provide the same level of advanced cyber security. Cyber Security of Energy Delivery Systems • Assessment and monitoring of risk • Development and integration of protective measures • Detection of intrusion and implementation of response strategies • Enhancement of security methods Smart Grid Information Networks Increased Connectivity Security Features Integrated Communications Interoperability standards that include advanced cyber security protection Transport vehicle that provides the needed operational and condition data to enable self healing Redundant communication paths making interruption of data flows unlikely Sensing & Measurement Remote monitoring that detects potential events anywhere in the grid Sensors and measuring devices with embedded protection Events detected in time to respond Security Features Advanced Components Tolerant and resilient grid devices Rapid response to emergent threats Fewer critical points of failure Reduced consequences of failure Distributed, autonomous resources Advanced Control Methods Islanding to isolate vulnerable areas in response to real or expected security events Automated network “agents” for dynamic reconfiguration and demand management Self-healing with preventive or corrective actions in real time Improved Interfaces & Decision Support Greatly enhanced situational awareness Recommendations for addressing security threats provided to operators in real time Advanced real-time modeling and simulation tools with predictive capabilities Improved operator training and guidance systems aimed at response to security events R&D Theme Areas for Cybersecurity Device Level Cost effective secure architecture for Smart meters Cryptography and Key management On processors with strict space/computation limits System Level Built to adapt to changing needs in scale and functionality Able to tolerate and survive malicious attacks of the present and future Denial of service resiliency Infrastructure interdependency issues Legacy System Integration Compatibility problems Emerging Research Topics Synchrophasor Security/ NASPI Net Anonymization Infrastructure interdependency issues Wide Area Monitoriong • Analysis of power system performance in different oscillation modes. • Intelligent system protection schemes • Situational awareness • Monitoring of power system harmonics • Frequency monitoring • Data visualization using the geographical coordinates • Black out monitoring and real time grid control center application • Post event analysis Phasor Measurement Units A PMU measures bus voltage (phase or sequence) and all 3-phase line currents on all branches (transmission lines and transformers) emanating from the substation along with the phasor angles Integration of PMU data Wide Area Monitoring Using PMUs and PDCs Threats against these devices include: Denial of service (DoS) attacks Attacks against open ports and services Attempt to change device settings Attempt to inject malicious data Attempt to place a man-in-the-middle(MITM) between devices. 24 Reference: Salvatore, et al., Presentation on “Security analysis of a commercial synchrophasor device, May, 30-31,2011” 25 Open PDC • C37.118 is the IEEE standard for PDC, current version issued in 2005. • Three adapter layer: Input adapter (C37.118) Action adapter Output adapter (32 bit access) 26 Vulnerabilities 1. C37.118 vulnerabilities : lack of encryption and source verification (MITM) 2. OpenPDC vulnerabilities: lack of input validation (Malicious Data Injection) Drop statement injection: destroy all the measurements data for a PMU Delete statement injection: selectively erase some specific measurements Alter statement injection: Can be used to smartly swap the names of measurements tables Deceive the monitoring operator Cheat the triangulation used to detect source of dangerous event like blackouts 27 Intrusion Detection • There are several reasons that make intrusion detection a necessary part of the entire defense system. • First, many traditional systems and applications were developed without security in mind. In other cases, systems and applications were developed to work in a different environment and may become vulnerable when deployed in the current environment. (For example, a system may be perfectly secure when it is isolated but become vulnerable when it is connected to the Internet.) Intrusion detection provides a way to identify and thus allow responses to, attacks against these systems. • Second, due to the limitations of information security and software engineering practice, computer systems and applications may have design flaws or bugs that could be used by an intruder to attack the systems or applications. As a result, certain preventive mechanisms (e.g., firewalls) may not be as effective as expected. 28 Intrusion Detection Methods Intrusion detection systems (IDSs) are usually deployed along with other preventive security mechanisms, such as access control and authentication, as a second line of defense that protects information systems. Anomaly detection: based on normal behavior of a user and any action that significantly deviate from the normal behavior is considered intrusive. Misuse detection: catches intrusion in terms of the characteristics of known attacks and any action that conforms to the pattern of a known attack is considered intrusive. 29 Functions of IDS • Monitoring users and system activity • Auditing system configuration for vulnerabilities and misconfigurations • Assessing the integrity of critical system and data files • Recognizing known attack patterns in system activity. • Identifying abnormal activity through statistical analysis • Managing audit trails and highlighting user violation of policy or normal activity • Correcting system configuration errors • Installing and operating traps to record information about intruders 30 Intrusion Detection Methods Anomaly detection: Statistical models (Discrete Wavelet Transform) Machine learning and data mining techniques Specification-based methods Information-theoretic measures Misuse detection: Rule-based language Abstraction-based intrusion detection State transition analysis tool kit Colored Petri automata 31 Statistical Decision Theory in Intrusion Detection By Saed Alajlouni SCADA Systems • SCADA systems, What are they? 11/07/2012 S. Alajlouni. "Cyber-Security of Critical Infrastructure" 33 Intro-Efforts for securing SCADA systems • IT perspective: “Obscurity Principle”. • Control Engineering perspective:“reliability” . • Very few researchers have investigated how malicious attacks affect the estimation and control algorithms, and ultimately, how attacks affect the physical world 11/07/2012 S. Alajlouni. "Cyber-Security of Critical Infrastructure" 34 Interdisciplinary research Control Theory Model Linearization, Order-Reduction approximation, and Estimation Infrastructural Systems Physical Modeling of Systems StatisticsStatistical Inference, sequential detection theory Statistical Decision Theory: Main Idea • A receiver is reading an input signal that is corrupted by some additive noise • Depending on the application, the receiver has to make a decision whether the received signal is high or low (Binary applications), or whether the data is malicious or true. • The decision rule is based on minimizing a risk function (average cost). S. Alajlouni. "Cyber-Security of Critical Infrastructure" Binary Bayesian hypothesis testing • • • • • • H0=N~(0,σ2) H1=m+N~(0,σ2) P0+P1=1 (Probabilities are given a priori) Bayes rule example: P(D1,H0)=P(decide H1 ∣ given H0 is true)xP0 =PFxP0 S. Alajlouni. "Cyber-Security of Critical Infrastructure" Decision rule • Decision Risk= C00P(D0,H0)+ C11P(D1,H1)+ C10P(D1,H0)+ C01P(D0,H1) • Minimization of the risk function yields the receiver’s optimal decision rule 11/07/2012 S. Alajlouni. "Cyber-Security of Critical Infrastructure" 38 Composite Hypothesis Testing • If the parameters defining probability density functions of the expected hypothesis are unknown, then the hypothesis testing problem is called composite. • In some cases the unknown parameters does not appear in the decision rule equation, so a decision can still be made. • If the decision rule depends on the unknown parameters, then the parameters must be estimated before a decision can be made • Parameters are usually estimated using maximum likelihood estimation. 11/07/2012 S. Alajlouni. "Cyber-Security of Critical Infrastructure" 39 Sequential detection • In a sequence of data samples, one of the following decisions must be made after each sample: • Decide H1 • Decide H0 • Not enough information • If Decisions H0 or H1 are made, the hypothesis testing procedure stops. Otherwise, an additional sample is taken. 11/07/2012 S. Alajlouni. "Cyber-Security of Critical Infrastructure" 40 Hardware Cyber Security • Threats against hardware security: – Physical tampering – Side channel attacks – Data injection – Man in the middle attacks • How to protect hardware: – Secure Startup – Configuration hopping – Masking power consumption 41 Secure Startup • Use of module separate from normal device operations • Module uses hardware ID and TCM for security • TCM checks hardware ID and sends encrypted packet out, is returned and checked before system is allowed to fully operate [1] [1] A security embedded system base on TCM and FPGA 42 Configuration Hopping • Several processors in system assigned to individual tasks • At random intervals processor configuration changes • Creates narrower window for hacking [2] Data In Processor 1 Processor 2 Processor 3 Data Out 43 Side Channel Attacks • Types of SCA: – Simple Power Analysis – Differential Power Analysis • Masking – Current Equalizing – Current Randomization Current Equalizer States [3] 44 Conclusions • TTU has significant infrastructural and research capabilities in Cyber-Physical Systems • Multidisciplinary approaches to address cybersecurity of critical infrastructural systems. • We are very enthusiastic to develop “ Smart Micro Grid System” with embedded Cyber Security capabilities.