Candidate: Amir Ameli
Title: Application-based measures for developing cyber-resilient control and protection schemes in power networks
Date: June 6, 2019
Time: 2:00 PM
Place: EIT 3142
Supervisor(s): El-Saadany, Ehab - El-Shatshat, Ramadan A.
Electric power systems are a part of the most-crucial infrastructure on which societies depend. In order to operate efficiently and reliably, the physical layer in large electric power networks is coupled with a cyber system of information and communication technologies, which includes compound devices and schemes, such as SCADA systems and IEDs. These communication-base schemes and components are mainly a part of protection and control systems, which are known as the backbones of power networks, since the former detects abnormal conditions and returns the system to its normal state by initiating a quick corrective action, and the latter preserves the integrity of the system and stabilizes it following physical disturbances. This dissertation concentrates on the cyber-security of protection and control systems in power networks by unveiling a vulnerable protective relay, i.e., the LCDR, and a susceptible controller, i.e., the AGC system, and proposing application-based measures for making them resilient against cyber threats.
LCDRs are a group of protective relays that are highly dependent on communication systems, since they require time-synchronized remote measurements from all terminals of the line they are protecting. In AC systems, this type of relay is widely used for protecting major transmission lines, particularly higher voltage ones carrying giga-watts of power. On the other hand, due to the limitations of other protection schemes, LCDRs has been identified as a reliable protection for medium-voltage lines in DC systems. Therefore, the cyber-security of LCDRs is of great importance. On this basis, this dissertation first shows the problem in both AC and DC systems and reveals the consequences and destructiveness of cyber-attacks against LCDRs through case studies. Then, it presents three solutions to address his problem, two for AC networks and one for DC grids. For AC systems, this dissertation presents two methods, one that can be used for SV-based LCDRs, and another one that works for both SV-based and phasor-based relays. Both methods are initiated after LCDRs pickup, to confirm the occurrence of faults and differentiate them from cyber-attacks. To detect attacks, the first method compares the estimated and locally-measured voltages at LCDR's local terminal during faults for both PS and NS. To estimate the local voltage for each sequence, the proposed technique uses an UIO, the state-space model of the faulty line, and remote and local measurements, all associated with that sequence. The difference between the measured and estimated local voltages for each sequence remains close to zero during real internal faults because, in this condition, the state-space model based on which the UIO operates correctly represents the line. Nevertheless, the state-space model mismatch during attacks leads to a large difference between measured and estimated values in both sequences.
The second proposed method for an AC LCDR detects attacks by comparing the calculated and locally-measured superimposed voltages in each sequence after the relay picks up. A large difference between the calculated and measured superimposed voltages in any sequence reveals that the remote current measurements are not authentic. Given that local measurements cannot be manipulated by cyber-attacks, any difference between the calculated and measured superimposed voltages is due to the inauthenticity of remote current measurements.
The proposed method for DC LCDRs is comprised of POCs installed in series with each converter. During faults, the resultant RLC circuit causes the POCs to resonate and generate a damped sinusoidal component with a specific frequency. However, this specific frequency is not generated during cyber-attacks or other events. Thus, LCDRs' pickup without detecting this specific frequency denotes a cyber-attack. Given that the frequency extraction process is carried out locally by each LCDR, the proposed approach cannot be targeted by cyber-attacks.
On the other hand, an AGC system, which is the secondary controller of the LFC system, is a communication-dependent vulnerable controller that maintains tie-lines' power at their scheduled values and regulates grid frequency by adjusting the set-points of a power plant's governors. This dissertation proves the destructiveness of cyber-attacks against AGC systems by proposing a SHA that disrupts the normal operation of the AGC system quickly and undetectably. Afterwards, two methods are proposed for detecting and identifying intrusions against AGC systems and making them attack-resilient. Both methods work without requiring load data in the system, in contrast to other methods presented in the literature. To detect attacks, the first method estimates the LFC system's states using a UIO, and calculates the UIO's RF, defined as the difference between the estimated and measured states. In normal conditions, the estimated and measured values for LFC states are ideally the same. Therefore, an increase in the UIO's RF over a predefined threshold signifies an attack. This method also identifies attacks, i.e., determines which system parameter(s) is (are) targeted, by designing a number of identification UIOs.
The general idea behind the second proposed method for detecting and identifying attacks against AGC systems is similar to the first one; yet, the second one takes into account the effect of noise as well. Therefore, instead of a UIO, the second method utilizes a SUIE for estimating the states of the LFC system and minimizing the effect of noise on the estimated states. Similarly, increasing the SUIE's RF over a predefined threshold indicates the occurrence of an attack.