1
Cyber Physical Power Systems
Fall 2015
Security
© A. Kwasinski, 2015
2
Cyber-physical power system
Cyber security
Part 1
© A. Kwasinski, 2015
Review from 1st week
3
• To find the power flow along lines we need to calculate:
Pkj  Bkj ( k   j )
• To calculate the above equation we need to solve
Pk    Bkj (k   j ) 
N
j 1
j k
• This is an undetermined system of equations (the matrix is
singular) then, the voltage (magnitude and angle) at a bus (called
slack or swing bus) is set (usually a relative per unit voltage of 1 with
an angle of 0). As a result, the equation for the slack bus replaced
by this set voltage value and the real and reactive power at this bus
are now unknown.
• Other knows and unknowns are:
• In a PQ (load) bus: P and Q are known, voltage is unknown
• In a PV (generator) bus: P and V are known, reactive power
and voltage angle are unknown.
© A. Kwasinski, 2015
Review from 1st week
4
• Operation of a power grid is controlled from a dispatch center.
• Responsible for monitoring power flow and coordinating operations so
demand and generation are match in an economically optimal way. That is,
from a stability perspective demand (plus losses) needs to equal generation but
from an operational perspective, such match needs to be achieve in an
economically optimal way.
Source: Scientific
American
© A. Kwasinski, 2015
Review from 1st week
• Operation and monitoring of electric power grids is usually
performed with a SCADA (supervisory control and data
acquisition) system. At a basic level a SCADA system
includes:
• Remote terminals
• Central processing unit
• Data acquisition (sensing) units
• Telemetry
• Human interfaces (usually computers).
• SCADA systems require communication links but, usually,
these are dedicated links separate from the public
communication networks used by people for their every day
lives.
© A. Kwasinski, 2015
5
Control Architecture
6
• Hierarchical control:
• At the highest level an economical optimization algorithm is run
in order to produce a set point for power generation units.
• Local autonomous controllers at the power generation units use
droop controls that uses the set point inputs produced by the
higher level controller.
• Additional controllers exist at the power transmission and
distribution levels to ensure electric power is delivered according
to the specified power quality parameters.
• The economic dispatch algorithm implies solving power flow
equations and also knowing other information (e.g. market
conditions, prices from each unit, etc.).
• In addition to considering economic profitability, stable system
operation needs to be ensured by the controller. Also power flow and
other constrains exist…… All of these factors affect control decisions
© A. Kwasinski, 2015
Control Architecture
7
• Control decisions require state estimation. I.e. knowing voltages
and angles.
• State estimation, in turn, requires measuring real, reactive powers
or current flows. It also require knowing system parameters (e.g.
lines data).
• Measured data needs to be transmitted to the dispatch center so a
cybernetic infrastructure is needed. This cyber infrastructure
includes sensors and communications infrastructure.
• Additionally, system parameters need to be stored so they can be
accessed and used when running the economic dispatch algorithm.
• Hence, optimal operation requires communication
• Limited operation of a power grid can still be performed without
communications thanks to the droop controllers. However, this
operation will be economically suboptimal and with reduced stability
margins.
© A. Kwasinski, 2015
Communications Architecture
8
• In general, power grids use dedicated networks so intrusive access
is difficult.
• However, some legacy equipment may still use resources from
public communication networks.
© A. Kwasinski, 2015
Communications Architecture
• Smart grids, Internet of things and other increasingly used
technologies (e.g., demand response or electric vehicles), may
motivate increased used of public communication networks or the
Internet as a result of the need for more bandwidth or more access
points.
© A. Kwasinski, 2015
9
Control Architecture
10
• PMUs may be another potential point of entry or a piece of
equipment that can be acted upon directly leading to state
estimation errors.
• Additional entry points:
• Renewable energy sources generation location.
• Smart meters
• Home energy management systems
• Electric vehicles
• Internet of Things equipment (e.g. appliances).
• Supply chain (e.g. firmware in new equipment, memory sticks,
etc.)
• Cyber dependencies create vulnerabilities. Examples of cyber
dependencies include:
• GPS systems
• Weather and other important external data.
© A. Kwasinski, 2015
Control Architecture
• Cyber attacks may directly target:
• State estimation
• Parameter database
• Act directly by sending commands to equipment (e.g. relays
controlling circuit breakers).
• Indirect cyber attacks: those targeting cyber-lifelines directly and
leading to power grids operation disruptions indirectly.
• Type of cyber attacks:
• Reconnaissance
• Denial of Service
• Command injection
• Measurement injection
© A. Kwasinski, 2015
11