Building Cyber Secure Power Systems Using Untrusted Components

  • Building Cyber Secure Power Systems Using Untrusted Components

Overview

Recent decades, IC 61850 compliant substation automation systems SASs are being developed with more advanced features, including remote control, easy auto-configuration, and high-speed real-time communication. However, with the introduction of portals allowing external access, these new features also increase potential cyber security vulnerabilities. In addition, the end-point devices, such as intelligent electronic devices and remote terminal units, usually come from different vendors and cannot be fully trusted. From the design specification stage to the deployment and operational stage, a new device may become an untrusted component at any point.

Untrusted devices may stealthily perform harmful or unauthorised behaviours which could compromise or damage secondary plant systems, and therefore, bring severe impacts to the primary plant and even the entire electrical grid. Therefore, the overall objective of this project is to develop a method for identifying anomaly behaviours of untrusted control devices in SASs, especially for detecting false data injection attacks and messages modification attacks.

Outcomes

Software-based simulation tested, generated datasets, and an effective method to detect anomalies with high accuracy.

 

1) A tested which simulates both the primary plant using MATLAB/Simulink (photos of left) and different IEDs using OpenPLC (photos of right). Library “libiec61850” was used to simulate the process bus communication, including GOOSE and SMV. 2) A total of 31 datasets were generated using this tested, including 1 benign behaviour of normal operation, 14 benign behaviours of emergency operation (when a phase-to-phase fault occurs), and 16 malicious behaviours (injecting malicious messages or modifying original messages to trigger unexpected protection or interfere with necessary protection). 3) A effective anomaly detection method using sequential classification machine learning algorithm (LSTM) and sliding windows algorithms. The method can detect anomalies from all IEDs without the need to collect datasets from all devices.

Key features and advantages

  • The tested is cost-efficient and extendable. It simulates a IC 61850 compliant SASs which is close to real systems.
  • The feature selection and extraction methods during data pre-processing are applicable to identify anomalies for both fault situation and attack scenarios.
  • The proposed method improve the accuracy of detecting such insider attack scenarios by decreasing the false-negative rate from 50% to 5%.
  • The proposed method researches the key hyper-parameters (window size and step size) when applying sliding window algorithms. The suggested window size and step size ensure the detection time is less than 3ms while also keep a high detection accuracy with 99%.

For further detail: Wang, X., Fidge, C., Nourbakhsh, G., Foo, E., Jadidi, Z., & Li, C. (2021). Feature selection for precise anomaly detection in substation automation systems. Paper presented at the Proc. 13th IEEE PES Asia Pacific Power and Energy Engineering Conference, Kerala, India.

Funding

Amount:

Duration:

Partners:

  • Cyber Security Cooperative Research Centre