Critical infrastructures are complex physical and cyber-based systems that form the lifeline of modern society, and their reliable and secure operation is of paramount importance to national security and economic vitality. In particular, the cyber system forms the backbone of a nation?s critical infrastructures, thus a major cybersecurity incident could have significant negative impacts on the reliable, efficient, and safe operations of the physical systems that rely upon it. Recent findings, as documented in government reports and literature, indicate the growing threat of cyber-based attacks on our nation?s power grid and other critical infrastructures. The goal of this project is to develop a comprehensive cybersecurity framework and algorithms for securing the electric energy infrastructure, and implement a novel curriculum, which include: (i) developing an integrated risk modeling methodology that models both cyber attacks on the Supervisory Control and Data Acquisition (SCADA) system and the resulting impacts on the performance and stability of the power grid; (ii) developing risk mitigation algorithms, both in cyber and power system domains, to prevent and mitigate cyber attacks on the power grid; (iii) evaluating the risk models and algorithms through a combination of model, simulation, and testbed-based evaluations using realistic system topologies and attack scenarios; (iv) implementing a novel curriculum on cybersecurity of critical infrastructure systems through graduate courses and undergraduate projects. This project?s outcome will have broader impacts in securing our nation?s power grid and other critical infrastructures against cyber attacks, and creating a skilled workforce in this critical area of national need.
Electric power grid is a complex cyber physical system (CPS) that forms the lifeline of modern society, and its reliable and secure operation is of paramount importance to national security and economic vitality. Recent findings, documented in government reports and in the literature, indicate the growing threat of cyber-based attacks in numbers and sophistication on power grid infrastructures. Therefore, cyber security of the power grid — encompassing attack prevention, detection, mitigation, resilience, and attribution — is among the most important R&D priorities today and in the future. RESEARCH: Risk assessment is a fundamental issue in cyber security of power grid as recognized by Government agencies, industry, and cyber security compliance process. Compared to earlier work on this subject, which relied on qualitative assessment of risk that are ad-hoc and subjective, this project was among the first ones that developed a scientific methodology for quantitative risk assessment and mitigation against cyber attacks on power grid. In particular, the methodology integrates the dynamics of the physical system as well as the operations of the cyber-based control system that governs the physical system. This integrated cyber-physical attack-defense modeling makes it possible to quantify the likelihood of malicious cyber events and the resulting consequences (impacts) they could have on the physical system operation in terms of load loss and stability violations. This work opened up new avenues for further research (e.g., investigate beyond (N-1) contingency) and to develop effective countermeasures. This project pioneered the concept of attack-resilient control for the power grid. Traditionally, control algorithms (e.g., AGC: Automatic Generation Control) were designed to achieve fault resiliency and are highly inadequate to deal with malicious cyber attacks that are coordinated and stealth in terms of evading detection and maximizing impacts. This project has established this distinction by showing that intelligent cyber attacks on the operation of AGC can cause frequency oscillations in the grid. This research led to the development of a control-theoretic modeling of CPS security and analyzing system stability under cyber attacks by quantifying the degree to which system can withstand its stability properties. In particular, this research developed a model-based anomaly detection and attack mitigation algorithm for AGC and evaluated its performance under a wide variety attack scenarios (e.g., denial of service and data integrity attacks); the results showed that the algorithm achieves very high detection accuracy (low false positive and false negative). This fundamental contribution has articulated the need for application-level security complementing the infrastructure-level security. CPS Security testbeds play a fundamental role in cyber security R&D, -- especially, in conducting vulnerability analysis, impact studies, attack-defense evaluations, and in the exploration of future advancements including the development robust countermeasures -- as the functionality of both the cyber and physical infrastructures can be implemented/emulated/simulated within a controlled environment. This project has pioneered the development of a realistic cyber-physical security testbed for the smart grid through a layered abstraction that includes control information/control, communication, and physical layers. The testbed provides a platform for integrating real-world automation systems, communication protocols, and security technologies together with real-time simulation/emulation capabilities (RTDS and Opal-RT) to conduct realistic vulnerability/exposure analysis, impact analysis, and attack-defense studies, and to develop robust countermeasures. Several vulnerabilities were discovered in an industry-grade Supervisory Control and Data Acquisition (SCADA) system and the same were responsibly disclosed to the vendor. Two of these vulnerabilities were subsequently published in DHS ICS CERT. In addition, attack-defense evaluations modeling wide-area protection system were conducted using the testbed. EDUCATION: Three Ph.D. students have been trained in the interdisciplinary area of cyber security of power grid for their dissertation work. These students have acquired synergistic skills in both cyber security and power systems. One of these students graduated in spring 2013 and joined a DHS national laboratory, another student is expected to graduate in spring 2014 and plan to join a DOE national laboratory. In addition, several undergraduate students (12-15 students) were trained in CPS security testbed development and evaluations through REU and senior capstone design projects. This project resulted in developing a new course on Cyber Security for Smart Grid at Iowa State University and the course was taught twice during the course of this project; the students have used the testbed for laboratory experiments and term project involving CPS security. OUTREACH ACTIVITIES: The PI engaged in various outreach and professional activities on the subject of cyber security for electric power grid. This includes: (1) organizing panel sessions at IEEE PES General Meeting (three instances) and chairing a cyber security task force. (2) delivering industry short course on this subject (two instances), (3) delivering lecture at Cyber Security Summer Camp for middle school students (once instance), and (4) providing awareness and exposure to the field of cyber security of critical infrastructures to prospective students, school students, and visitors through running experiments on the CPS security testbed (10+ instances).