CYBER-PHYSICAL SYSTEM SECURITY IN SMART POWER GRIDS

Ahmadreza Ghaznavi

Researcher at Iran Telecommunication Research Center

PhD Student at Yazd University

ar.ghaznavi@itrc.ac.ir

Fall 2017

Outline…

■CPS Introduction

■CPS Security Issues : a Review

■Smart Grid as a CPS

–Smart Grid Cyber-physical Security

2

CPS INTRODUCTION

3

4

Cyber-Physical Systems or "smart" systems are co-engineered interacting networks of physical and computational components.

NIST

Cyber-physical systems (CPS) are engineered systems that are built from, and depend upon, the seamless integration of computational algorithms and physical components.

NSF

large complex physical systems that are interacting with a considerable number of distributed

computing elements for monitoring, control and management which can exchange information

between them and with human users.

CPSOS

CyPhERS

complex systems that are able to control and coordinate physical and organizational processes on a local and a global scale via the use of information and communication technology.

5

Typical CPS Features

■ Monitor and control physical and organizational or business processes

■ Be a large-scale system with different - and even conflicting - goals spanning different application domains

■ Require integration of different technical disciplines and different application domains

■ Require a high degree of dependability

■ Involve substantial user involvement/interaction

■ Continuously monitor and optimize its own performance

■ Adapt and evolve constantly in response changes in the environment, through real-time (re)configuration, deployment or (de)commissioning

■ Require hierarchical decision systems with a high degree of autonomy on local, regional, national, and global level

■ Be a distributed and interconnected systems of systems

6

7Jin, Wenjing & Liu, Zongchang & Shi, Zhe & Jin, Chao & Lee, Jay. (2017). CPS-enabled worry-free industrial applications. 1-7.

8

9

https://www.researchgate.net/post/What_is_the_difference_between_internet_of_things_and_cyber_physical_systems

CPS and Embedded Systems

■ An embedded system is a self-contained system that incorporates elements of control logic and real world interaction.

■ Unlike a CPS, however, an embedded system is typically confined to a single device, whilst CPSs may encompass many constituent systems and devices.

■ Embedded systems typically have a limited number of tasks to complete, with software and hardware elements designed specifically to achieve those tasks, typically with very limited resources.

■ A CPS itself operates a much larger scale, potentially including many networked embedded systems or other devices and system as well, including human and socio-technical systems.

10

CPS & IoT

11

CPS and the Internet of Things (IoT) have significant overlaps.

The IoT is a vision of the future where many millions of devices are connected

over the internet, allowing them to collect information about the real world

remotely, and share it with other systems and devices.

IoT and CPS share many challenges, but there are some distinctions.

IoT has a strong emphasis on uniquely identifiable and internet-connected

devices and embedded systems.

CPS engineering has a strong emphasis on the relationship between

computation and the physical world (e.g., between complex software and

hardware aspects of a system).

If a business works with IoT, particularly if it includes interacting with the

physical world via with sensors and/or actuators, it can probably be

classed as CPS.

12https://www.linkedin.com/pulse/correlations-among-iot-wsns-m2m-cps-ahmed-eldweik

13https://www.linkedin.com/pulse/correlations-among-iot-wsns-m2m-cps-ahmed-eldweik

14https://www.slideshare.net/vsr0001/4th-industrial-revolution-is-beyond-cyber-physical-systems

15

16http://www.leisenberg.info/2017/06/16/digital-transformation-industry-4-0-and-the-internet-of-things-attempt-of-a-clarification-for-smes/

17

18

19

CPS and Systems of systems

■ CPSs and SoSs also have many shared interests.

■ Many CPSs are comprised of independent constituents, and, like SoSs, CPSs also tackle challenges of coping with dependable emergence, evolution and distribution.

– However, although it is often the case that CPS constituent systems are independent, it's not a defining characteristic for a CPS.

– Likewise, although it's often the case that SoSs do incorporate elements of computation as well as real-world interaction, this is not a defining property of an SoS.

■ If a business works with systems of systems, particularly if it includes interacting with the real world via sensors and/or actuators, it can be probably classed as CPS.

20

21https://pages.nist.gov/cpspwg/

A SoS is an integration of a finite

number of constituent systems which

are independent and operable, and

which are networked together for a

period of time to achieve a certain

higher goal

Systems of Systems Engineering: principle and applications. Jamshidi, M., ed., CRC Press, 2009

• Large, often spatially distributed

physical systems with complex

dynamics

• Distributed control, supervision and

management

• Partial autonomy of the subsystems

• Dynamic reconfiguration of the

overall system on different time-

scales

• Continuous evolution of the overall

system during its operation

• Possibility of emerging behaviors.

Cyber-physical Systems of Systems

22

In 2017, NSF is working closely with multiple

agencies of the federal government, including:• The U.S. Department of homeland security (DHS)

• Science and technology directorate (S&T);

• The U.S. Department of transportation (DOT)

• Federal highway administration (FHWA), and through

FHWA,

• The U.S. DOT intelligent transportation systems (ITS)

• Joint program office (JPO);

• The national aeronautics and space administration (NASA)

aeronautics research mission directorate (ARMD);

• Several national institutes of health

• the U.S. Department of agriculture-national institute of food

and agriculture (USDA-NIFA, hereafter referred to as NIFA).

Key goals are to identify basic CPS research directions that are common across multiple application domains, along with opportunities for accelerated transition to practice.

23

24

25

CPS Courses content example

26

27

CPS Security Courses content example

28

Cyber Security for Embedded Controls in Cyber Physical Systems

Paper Submission Deadline – Jan 15th 2018

Security of Cyber-physical Systems and Industrial Control Systems and Networks

Submission Deadline Friday, 29 September 2017

29

1st IEEE International Conference on Industrial Cyber-Physical

Systems (ICPS-2018)

Saint-Petersburg, RUSSIA, May 15-18, 2018

30

4th ACM Cyber-Physical System Security Workshop (CPSS 2018)

Submissions Due: Jan 20, 2018 (GMT) Incheon, Korea

31

Call for Papers

32

Special Issue: Cyber-Physical Systems in Smart Grids: Security and Operation

Submission deadline: Feb 28 2017

33

Journal of Modern Power Systems and Clean Energy

Special Section on Cyber-Physical Power Systems (CPPS)

Paper Submission Deadline: Nov. 30, 2017

■ Cyber-Physical European Roadmap & Strategy

34

Project Deliverables

WP6 - Agenda and Recommendations

D6.1+2 - Integrated CPS Research Agenda and Recommendations for Action

WP5 - Status and Potential

D5.1 - CPS: State of the Art

D5.2 - CPS: Significance, Challenges and Opportunities - Appendix

WP4 - Technologies

D4.2 - CPS Technologies

D4.1 - CPS Methods and Techniques

WP3 - Markets

D3.2 - Market and innovation potential of CPS

D3.1 - Structured CPS market model

WP2 - Characterization of the CPS domain

D2.2 - Structuring of CPS Domain: Characteristics, trends, challenges and opportunities associated with CPSD2.1 - Characteristics, capabilities, potential applications of Cyber-Physical Systems: a preliminary analysis

http://cyphers.eu/project/deliverables

• Projects :

SCUBA

TTTech

DESTECS

2PARMA

WIBRATE

EMBOCON

https://ec.europa.eu/digital-single-market/en/policies/cyber-physical-systems

35

D2.4 State-of-the-Art and Future Challenges in Cyber-Physical Systems of Systems (2016)

36https://www.dhs.gov/science-and-technology/csd-cpssec

• Rapidly develop cyber security

technical guidance for critical

infrastructure sectors facing CPS and

IoT challenges

• Conduct this effort in collaboration with

key government, infrastructure and

industry partners

• Transition guidance in a sustainable

way so security is an integral part of

CPS and IoT designs

• When appropriate, produce reference

implementations and risk-assessment

tools to promote the inclusion of

security in CPS and IoT devices.

37

CPS Public Working Group

CPS PWG Cyber-Physical Systems (CPS) Framework Release 1.0

https://pages.nist.gov/cpspwg/

CPS SECURITYICS and Smart Grid

38

39

40

IT and OT Convergence

Extends IOT in

Industry

(IIOT) (CPS)

41

https://www.fourquadrant.com/wp-content/uploads/2016/11/gartnet_hype_cycle_IoT.gif

42

https://www.gartner.com/smarterwithgartner/7-technologies-underpin-the-hype-cycle-for-the-internet-of-things-2016/

43https://www.itworldcanada.com/article/gartners-top-cybersecurity-macro-trends-for-2017/388025

44

OTITMuch more of

security knowledge

and practice and also

motives to breach

OT security

Challen

gin

g??? Cybersecurity had

not been the matterNot preparedness

1. Trust and privacy

2. Security(Confidenti

ality / Integrity / Availability)

1. Trust and privacy

2. Safety

3. Security(Availability/

Integrity/ Confidentiality)

Physical security

Cyber security

Cyber-Physical security

Cyber security

+

1. Use of COTS

2. Remote access

3. Productivity

4. Business alignment5. ……

IT and OT Differences

https://www.novotek.com/en/solutions/cyber-security-for-production-and-process-networks/vast-differences-between-it-and-ot-cyber-security

IT OT

Dynamic Deterministic

Data is king Process is king

Gateways are everywhere Fewer gateways

Confidentiality is priority 1 Control is priority 1

Throughput matters Throughput is secondary

Patch Tuesdays Patch ….decades!

ICS and OT are used interchangeably because ICS is the enabler

for operational technology systems used in industrial applications.

ICS in CI and Security Breach Domino Impact!!!

Corporate Security – Head of Information Security-G.Caroti

https://www.slideshare.net/CommunityProtectionForum/it-vs-ot-ics-cyber-security-in-tsos

ICSs are heart of critical interdependent infrastructures and every security incident can result in a disaster threatening lives.

ICS in CI and Security Breach Domino Impact!!!

Interdependencies:

• Physical

• Geographical

• Cyber• Logic

https://www.enisa.europa.eu/publications/ics-scada-dependencies

Communication network dependencies for

ICS/SCADA Systems-Enisa -2017

Automation Hierarchical Purdue Model

Industrial control system (ICS) is a general term that encompasses several types of control systems and associated instrumentation used in industrial production technology

• supervisory control and data acquisition

(SCADA) systems,

• distributed control systems (DCS),

• process control systems (PCS),

• process control domains (PCN),

• programmable logic controller and programmable

automation controller systems (PLC/PAC), and

• Building automation and control systems (BACS).

• remote terminal units(RTU)

• Intelligent Electronic Device (IED)

ICSs Zones and functionalities

https://www.sans.org/reading-room/whitepapers/ICS/secure-architecture-industrial-control-systems-36327

Secure Architecture for Industrial Control Systems

ICSs Vertical Communications

https://www.enisa.europa.eu/publications/ics-scada-dependencies

Communication network dependencies for ICS/SCADA Systems-Enisa -2017

ICSs Horizontal Communications

https://www.enisa.europa.eu/publications/ics-scada-dependencies

Communication network dependencies for ICS/SCADA Systems-Enisa -2017

Security Breach: How?

Communications protocols

Physical and OT Elements/process

Cyber and IT Elements/Functions

Humans

Weakness/Vulnerability(physical/logical/combined)

Impacts?Risks?

CPS Security based on IoT layer Model

53

a new architecture has been updated, as in Wu et al. (2010) which comes with five

layers: business, application, processing, transmission and perception. Cyber physical systems security: Analysis, challenges and solutions, 2017

54Cyber physical systems security: Analysis, challenges and solutions, 2017

55

CPS Security Framework

Ashibani, Yosef, and Qusay H. Mahmoud. "Cyber physical systems security: Analysis, challenges and solutions." Computers & Security 68 (2017): 81-97.

CPS Model

56

(1) communication,

(2) computation and control(3) monitoring and manipulation.

• Each one of these capabilities has different security

implications that may result from the interactions of the

component’s parts and their capabilities.

• Thus, we propose to view any CPS from three aspects:

cyber, cyber-physical, and physical.

57

CPS Model

58

Vulnerabilities Categories (800-82 rev.2)

Vulnerabilities Categories

Policy and Procedure.

Architecture and Design

Configuration and

Maintenance

Physical

Software Development

Communication and Network

59

60

Secure Cyber-Physical Systems: Current Trends,

Tools and Open Research ProblemsAnupam Chattopadhyay 2017

CPS SECURITY VULNERABILITIES

■ a vulnerability appears in:

– cyber, cyber-physical, and physical vulnerabilities.

■ the causes of existing vulnerabilities in general CPS:

– Isolation assumption : “security by obscurity”

– Increased connectivity :

■ In fact, most ICS attacks have been internal until 2001; after that most of the attacks originate from external (Internet-based) sources.

■ ICS and smart grids are connected to control centers which are connected to the Internet or some business-related networks

– Heterogeneity:

■ COTS, third party, and proprietary components are integrated to build a CPS application.

■ Multi-vendor products integration

■ the internal details of the integrated, heterogeneous components are unknown, and thus they may produce unexpected behavior when they are deployed

61

Vulnerabilities Categories (800-82 rev.2)

Policy and Procedure.

• Inadequate security policy for the ICS

• No formal ICS security training and awareness program

• Absent or deficient ICS equipment implementation guidelines

• Lack of administrative mechanisms for security policy enforcement

• Inadequate review of the effectiveness of the ICS security controls

• No ICS-specific contingency plan

• Lack of configuration management policy

• Lack of adequate access control policy

• Lack of adequate authentication policy

• Inadequate incident detection and response plan and procedures

• Lack of redundancy for critical components

Architecture and Design

• Inadequate incorporation of security into architecture and design

• Insecure architecture allowed to evolve

• No security perimeter defined

• Control networks used for non-control traffic

• Control network services not within the control network

• Inadequate collection of event data history

Configuration and Maintenance

• Hardware, firmware, and software not under

configuration management

• OS and vendor software patches may not be developed until significantly after security vulnerabilities are found

• OS and application security patches are not maintained or vendor declines to patch vulnerability

• Inadequate testing of security changes

• Poor remote access controls

• Poor configurations are used

• Critical configurations are not stored or backed up

• Data unprotected on portable device

• Passwords generation, use, and protection not in accord with policy

• Inadequate access controls applied

• Improper data linking

• Malware protection not installed or up to date

• Malware protection implemented without sufficient testing

• Denial of service (DoS)

• Intrusion detection/prevention software not installed

• Logs not maintained

Vulnerabilities Categories (800-82 rev.2)

Physical

• Unauthorized personnel have physical access to equipment

• Radio frequency, electromagnetic pulse (EMP), static discharge, brownouts and voltage spikes

• Lack of backup power

• Loss of environmental control

• Unsecured physical ports

Software Development

• Improper Data Validation

• Installed security capabilities not enabled by default

• Inadequate authentication, privileges, and access control in software

Communication and Network

• Data flow controls not employed

• Firewalls nonexistent or improperly configured

• Inadequate firewall and router logs

• Standard, well-documented communication protocols are used in plain text

• Authentication of users, data or devices is substandard or nonexistent

• Use of unsecure industry-wide ICS protocols

• Lack of integrity checking for communications

• Inadequate authentication between wireless clients and access points

• Inadequate data protection between wireless clients and access points

64Cyber-Physical Systems Security – A Survey, Abdulmalik Humayed, Jingqiang Lin, Fengjun Li, and Bo Luo

Top 30 Identified in ICS-CERT Assessments 2016 Fiscal Year

REF. ICS-CERT Annual

Assessment Report FY 2016

(based on the NIST 800-53)

SCADA Vulnerabilities • Non-existent monitoring process

• Deficient traffic content understanding

• Staff inexperienced in cybersecurity related topics

• Operating System Vulnerabilities

• Slow / lack of updates

• Remote Processor operations

• SCADA Software basic and modest security features

• Inappropriate applications installed on critical SCADA host

computers

• Lack of knowledge regarding the devices

• Authentication weaknesses

• Unauthenticated PLC / RTU network connections (Vendor

purchasing to embed security features)

• Remote access supervision

• Interconnection management (SCADA network and the business

network)

• Wireless connections

• Available public information

• The wrong belief that SCADA systems have the benefit of security

through obscurity

• The wrong belief that SCADA systems are isolated• Physical security

https://www.enisa.europa.eu/publications/ics-scada-dependencies

Communication network dependencies for ICS/SCADA Systems-Enisa -2017

The State of SCADA/HMI Vulnerabilities

Stuxnet Attack on an Iranian Nuclear Plant

• the likely state-sponsored worm did so by targeting the Siemens WinCC engineering software, which provides

HMI-like functionality• Reports state that as many as one-fifth of Iran’s centrifuges were damaged by Stuxnet

The Ukrainian Power Grid Attack

• the attacker was able to connect via VPN and used remote access solutions to disable systems via the HMI.

The HMI represents the main hub for managing the critical infrastructure.

68

Analysis of the Cyber Attack on the Ukrainian Power Grid

March 18, 2016

69

1. Identify all connections to SCADA networks

2. Disconnect unnecessary connections to the SCADA network

3. Evaluate and strengthen the security of any remaining connections to the SCADA network

4. Harden SCADA networks by removing or disabling unnecessary services

5. Do not rely on proprietary protocols to protect your system

6. Implement the security features provided by device and system vendors

7. Establish strong controls over any medium that is used as a backdoor into the SCADA network

8. Implement internal and external intrusion detection systems and establish 24-hour-a-day incident monitoring

9. Perform technical audits of SCADA devices and networks, and any other connected networks, to identify security concerns

10. Conduct physical security surveys and assess all remote sites connected to the SCADA network to evaluate their security

11. Establish SCADA “Red Teams” to identify and evaluate possible attack scenarios

12. Clearly define cyber security roles, responsibilities, and authorities for managers, system administrators, and users

13. Document network architecture and identify systems that serve critical functions or contain sensitive information that require additional

levels of protection

14. Establish a rigorous, ongoing risk management process

15. Establish a network protection strategy based on the principle of defense-in-depth

16. Clearly identify cyber security requirements

17. Establish effective configuration management processes

18. Conduct routine self-assessments

19. Establish system backups and disaster recovery plans

20. Senior organizational leadership should establish expectations for cyber security performance and hold individuals accountable for their

performance

21. Establish policies and conduct training to minimize the likelihood that organizational personnel will inadvertently disclose sensitive

information regarding SCADA system design, operations, or security controls

REAL-WORLD CPS ATTACKS ■ In general, publicly known attacks are rare

■ attacks that have been realized by experimentation or in real life are considered.

■ CPS attacks maps into six-dimensional description:

– attacked object (Influenced Element),

– the resulting changes on the attacked object from the attack (Influence),

– indirectly affected components (Affected Element),

– changes on the CPS application (Impact),

– how the attack took place (Method),

– preceding attacks needed to make an attack successful (Precondition)

70

71

Threats Sources

Bot-network operators

Criminal groups

Foreign intelligence

services

Hackers

Insiders

Phishers/

Spammers

Spyware /malware authors

Terrorists

Threats sources

72

ADVERSIAL ACCIDENTAL

Environmental STRUCTURAL

Threat Types

- Individual

- Outsider

- Insider

- Trusted Insider

- Privileged Insider

- Group

- Ad hoc

- Established

- Organization

- Competitor

- Supplier

- Partner

- Customer

- Nation-State

- User

- Privileged User/Administrator

- Information Technology (IT)

- Equipment

- Storage

- Processing

- Communications

- Display

- Sensor

- Controller

- Environmental Controls

- Temperature/Humidity

Controls

- Power Supply

- Software

- Operating System

- Networking

- General-Purpose Application

- Mission-Specific Application

- Natural or man-made

- Fire

- Flood/Tsunami

- Windstorm/Tornado

- Hurricane

- Earthquake

- Bombing

- Overrun

- Unusual Natural Event (e.g.,

sunspots)

- Infrastructure Failure/Outage

- Telecommunications

- Electrical Power

Source: NIST 800-82 rev.2 Appendix C

SANS Study 2017 : Threats Vectors

SANS: Securing Industrial Control Systems—2017

18% in 2016

35% in 2017This is also an indication of the

movement toward (IIoT)

73

https://www.enisa.europa.eu/publications/ics-scada-dependencies

Communication network dependencies for ICS/SCADA Systems-Enisa -2017

ENISA Study: SCADA Threats

74

THREAT LANDSCAPE FOR INDUSTRIAL AUTOMATION SYSTEMS IN THE SECOND HALF OF 2016 (Kaspersky Lab ICS CERT)

76

August 2016

77

78ICS-CERT 2016 Fiscal Year Report

ICS-CERT Annual Vulnerability Coordination Report 46% in 2015

79

80

Influenced ElementInfluence Affected Element

Cyber-Physical Systems Security – A Survey, Abdulmalik Humayed, 2017

81Cyber-Physical Systems Security – A Survey, Abdulmalik Humayed, 2017

SMART GRIDCombined Cyber-Physical Security

82

83A Survey on Smart Grid Cyber-Physical System Testbeds

Mehmet H. Cintuglu, 2017

84

Smart grid

AMI

Microgrid

Energy Internet

• Future Renewable Electric Energy Delivery and Management (FREEDM)

TRANSMISSION GRID

Some of the most important CPSs in smart grids

85

AMI

86

87

88

Electric power transmission system

89

Internet of Things-aided Smart Grid: Technologies, Architectures, Applications, Prototypes,

and Future Research DirectionsYasir Saleem, Student Member, IEEE, Noel Crespi, Senior Member, IEEE, Mubashir Husain Rehmani, SeniorMember, IEEE, and Rebecca Copeland

Smart grid (SG) architecture

90

Cyber-Physical Electrical Energy Systems: Challenges and Issues, Xingyu Shi,

2015

91

Beyond Smart Grid—A Cyber–Physical–Social System in Energy

Future

YUSHENG XUE, State Grid Electric Power Research Institute,

Nanjing, China, XINGHUO YU, RMIT University, Melbourne, Vic.

3001, Australia

92

Internet of Things-aided Smart Grid: Technologies, Architectures, Applications, Prototypes,

and Future Research DirectionsYasir Saleem, Student Member, IEEE, Noel Crespi, Senior Member, IEEE, Mubashir Husain Rehmani, SeniorMember, IEEE, and Rebecca Copeland

93

SG from a CPS viewpoint

Smart Grids: A Cyber–Physical Systems Perspective

By Xinghuo Yu, 2016

94

CLASSIC MODELS OF SECURITY: Bell-La Padula model (BLP)

pro

hib

ited in

form

ation flo

ws

• Military model

• An actor can read down in security levels or write up

in security levels to other actors or to objects,

essentially forming a security lattice.

• The BLP model allows for an actor to lower their

security level to be able to communicate with an actor

or object at a lower level.

• The actor that has lowered its security level must be

trusted not to divulge higher level information to the

lower security

level.

• Using BLP it becomes difficult to arrange a System

Control Center but A valuable configuration of a

modern electric utility

95

• It is more important to protect the control

system from the business than the

business from the control system.

• BLP also requires that all other control

systems are in the same security level,

otherwise they cannot share information.

A reasonable assignment of security in the SCADA system under the Bell-La Padula model.

96

CLASSIC MODELS OF SECURITY: Biba mode

• Commercial model

• A high integrity level can write down to a

low integrity level, but it cannot read from the

lower integrity level.

• In an electric power system, if the control has

higher integrity than the business processes, it

is free to write information to the business, but

cannot accept commands from it without

lowering its integrity level to that of

the business.

• Actual utility operation fairly well for

centrally-administered AMI and Transmission

system

A reasonable assignment of security in the SCADA system under the BIBA model.

• The integrity of the control system is

higher than that of the business

network.

• All other control systems are in the

same security level, otherwise they

cannot share information

97

SECURITY PARTITIONS IN THE SMART GRID

Can Security models support DSM and AMI in smart grid?

A duality present in electric power systems, and in cyber-physical systems, in general.

In reality, some of CIA are bidirectional

The Stuxnet attack was able to succeed because there was only one information and control path

In a metering environment, spoofed meter readings could appear perfectly normal to the control system, but be

incorrect (such as overreporting or underreporting electric load)

Additional information is needed to locate such attacks such as using the physics of

the system to inject high-frequency signals into an electric grid to detect faulty nodes

by finding a mismatch between expected and measured impedances.

All readings that the System Control Center received were consistent with any possible

correct operating mode of the centrifuges—the attack was nondeducibly secure

Left partition

z is nondeducible from the point of view of the right partition

98

Multiple security domain nondeducibiity model (MSDND)

The ability of an attacker or defender to observe if a system state is true or false

Overlapping security domains with SD(A), SD(B), SD(C) as individual

houses, SD Support as the shared power infrastructure, and SD

Governance that oversees all the houses, but not inside the houses.

A modern neighborhood in which information and power is

shared and displayed via an electronic Leader Board.

99

Noninterference Model

If we think about a System Control Center in the left

partition and an observer in the right partition, for such

a system to be noninterference secure requires that no

actions in the left partition ever cause something to

be observed in the right partition.

100

Threat assessments of power systems

• Vulnerability assessment of a power system is, in many ways, easier than that of a purely cyber system, if

cyber-physical security is consider together, rather than as a separate cyber overlay of security

The integrity of a cyber-physical power system has a rather basic measure, keep providing service.

voltage stability or available transfer capacity metrics

• spoofed readings from power line flows can disrupt information flow and go undetected

• a false data injection attack can make intelligent modifications to the measurements delivered to a

SCADA system and fool state estimation

• A topology attack can falsify switch and breaker signals to trick the bad data detection algorithm

into working with the wrong physical topology

101

Traditional Assessment CPES Future Assessment

• At transmission layer

• Based on SCADA and PMUs

• Sensitive to valid measurements,

communications and

computations

• At Distribution layer

• Based on IEDs

• Intrusion detection and monitoring

correlation and validation

• Contingency analysis after identifying

risk scenarios

• Control implementation at transmission

layer as an escalation procedureA Review of Cyber-Physical Energy System Security AssessmentRasmussen, Theis Bo; Yang, Guangya; Nielsen, Arne Hejde; Dong, Zhaoyang

Published i

102

103

104

105

106

107

108

109

110

111

A Cyber-Physical Resilience Metric for Smart Grids

Friedberg, I., McLaughlin, K., & Smith, P. (2017).

112

113

114

115

116

117A Survey on Smart Grid Cyber-Physical System Testbeds

Mehmet H. Cintuglu, 2017

CPPS Research in Smart Grids

118

119

Internet of Things-aided Smart Grid: Technologies, Architectures, Applications, Prototypes,

and Future Research DirectionsYasir Saleem, Student Member, IEEE, Noel Crespi, Senior Member, IEEE, Mubashir Husain Rehmani, SeniorMember, IEEE, and Rebecca Copeland

120

Ahmadreza Ghaznavi

Researcher at Iran Telecommunication Research Center

PhD Student at Yazd University

ar.ghaznavi@itrc.ac.ir

Fall 2017