Cybersecurity of Smart Grid Systems Dr. Vittal S. Rao Electrical and Computer Engineering Texas Tech University November 8, 2012 NSF-SFS Workshop on Education Initiatives in Cybersecurity for Critical Infrastructure

Out Line of Presentation Smart Grid Systems TTU’s Unique Capabilities TTU Real Time Simulator Security Features of Smart Grid Wide Area Monitoring Using SCADA and PMU Data Multidisciplinary approaches for Cybersecurity Cyber security/ Intrusion Detection Methods Vulnerability of Smart Grid Communication Protocols Conclusions

Benefits of the Smart Grid Near-zero wide-area blackouts and greatly reduced local interruptions. High-quality power for sensitive electronics and complex computer applications. Plug-and-play integration of renewable sources, distributed resources and control systems Options for consumers to manage their electricity use and costs, Smart Homes Improved resilience to attack, natural disasters, and operator errors.

Characteristics of Smart Grid  Enables Active Consumer Participation  Accommodates all Generation and Storage Options  Enables New Products, Services, and Markets  Provides Power Quality for the Digital Economy  Optimize Asset Utilization and Operates Efficiently  Anticipates and Responds to System Disturbances (Self-heals)  Operates Resiliently Against Attack and Natural Disaster

Smart Grid

Essential Functions Integration of ‘Electrical Infrastructure’ with ‘Intelligence Infrastructure’ Smart Sensors, Protective Relays and Control Devices On-Line Equipment Monitoring Communications Infrastructure New Operating Models and Algorithms Real-Time Simulation and Contingency Analysis Improved Operator Visualization Techniques Interconnection Codes and Standards Cyber Security

Integration of Generation and Storage Options Distributed Generation : small, widely dispersed plants Renewables: Wind, Solar, Biomass, etc Maximum Penetration of Renewable Energy Sources with Grid Energy Storage: Giant Batteries and Capacitors Demand Response(DR): Response to peak loads

Smart Grid Systems at Texas Tech Multidisciplinary Research Centers (Wind Science and Engineering, Smart Grid Energy Center) Alstom 1.5MW Commercial Grade Wind Turbine on TTU campus DOE/Sandia Facilities for Testing Wind Farms/ Energy Storage Systems TTU Real Time Simulator sponsored by the National Science Foundation (NSF) Smart Microgrid Test Bed Interdisciplinary research teams for Smart Grid and Cyber Security: ECE, CSc, ME, IE, Mathematics, Business, and Law New BS Degree program in Wind Energy Interdisciplinary Curriculum for Cyber Security

Unique Capabilities Formation of a Team of applied and academic background researchers to address the “Technology for Cyber-Physical Systems”. Accessibility of industrial partners of CCET and PMU manufacturer, National Instruments (NI). TTU is the leader in Wind Sciences and Engineering in the Nation. TTU has established an interdisciplinary PhD program in Wind Energy. Texas Tech in collaboration with Group NIRE has developed a significant facilities related with Smart Microgrid Systems. This system has commercial grade Wind Turbines, Large scale battery storage (proposed), planning to install 4 or 5 PMUs in Southwest Power Pool (SPP) Power System. TTU has received a major research instrumentation (MRI) and Capacity Building grant for Cybersecurity from NSF. TTU is working with Northrop Grumman Corporation, who is the industrial leader for Cyber Security.

Thematic Research Areas Maximum Penetration of Distributed Renewable Energy Sources to Grid Cyber Security of Energy Delivery Systems/ SCADA Control Systems PMU based Wide Area Monitoring and Damping Control Strategies Home Area Networks Hybrid Energy Storage Systems Dynamic Stability of Power Systems Development of Experimental Microgrid Test Bed Optimal Energy Management of Smart Micro grids

TTU Real Time Simulator DFIG Solar Data Inverter Control RTDS Controll er RSCAD Wind Data Campus Wind Turbine Solar Battery Storage Utility Grid Controller GTNET PMU GE N60 & D90 plus SEL-421ABB-REL- 670 D400 Substation Gateway Phasor Data Concentrator Visualization Screen in our lab IEC IEEE C Cyber Security IEC IEEE C37.118

Interoperability Energy Management Systems (EMS) architecture with products from different companies. REF:

PHEV Natural Gas Engine Wind Energy Solar Energy DC/AC Inverter Fuel Cells Battery Storage Ultra Capacitor UTILITY GRID DC/AC Inverter Generator DC/AC Inverter Smart Meter Laboratory Building Priority Loads Micro Grid Control and Energy Management Generator Transformer /CB Distributed Micro Energy Sources Local Loads Distributed Storage Generator Flywheel Storage DFIG Micro Turbine

Cyber Security Today’s grid lacks the robustness needed to withstand attacks by saboteurs or acts of nature. (Supervisory Control and Data Acquisition (SCADA) systems) Today’s grid lacks the information and control capabilities to rapidly recover from manmade or natural events. Advanced cyber security protection systems have to be integrated utilizing cyber security standards to ensure that new smart grid technologies are secure and that existing technologies such as SCADA, protective relaying, and communication systems are retrofitted with methods that provide the same level of advanced cyber security.

Cyber Security of Energy Delivery Systems Assessment and monitoring of risk Development and integration of protective measures Detection of intrusion and implementation of response strategies Enhancement of security methods

Smart Grid Information Networks

Increased Connectivity

Security Features  Integrated Communications  Interoperability standards that include advanced cyber security protection  Transport vehicle that provides the needed operational and condition data to enable self healing  Redundant communication paths making interruption of data flows unlikely  Sensing & Measurement  Remote monitoring that detects potential events anywhere in the grid  Sensors and measuring devices with embedded protection  Events detected in time to respond

Security Features  Advanced Components  Tolerant and resilient grid devices  Rapid response to emergent threats  Fewer critical points of failure  Reduced consequences of failure  Distributed, autonomous resources  Advanced Control Methods  Islanding to isolate vulnerable areas in response to real or expected security events  Automated network “agents” for dynamic reconfiguration and demand management  Self-healing with preventive or corrective actions in real time  Improved Interfaces & Decision Support  Greatly enhanced situational awareness  Recommendations for addressing security threats provided to operators in real time  Advanced real-time modeling and simulation tools with predictive capabilities  Improved operator training and guidance systems aimed at response to security events

R&D Theme Areas for Cybersecurity  Device Level  Cost effective secure architecture for Smart meters  Cryptography and Key management  On processors with strict space/computation limits  System Level  Built to adapt to changing needs in scale and functionality  Able to tolerate and survive malicious attacks of the present and future  Denial of service resiliency  Infrastructure interdependency issues  Legacy System Integration  Compatibility problems  Emerging Research Topics  Synchrophasor Security/ NASPI Net  Anonymization  Infrastructure interdependency issues

Wide Area Monitoriong Analysis of power system performance in different oscillation modes. Intelligent system protection schemes Situational awareness Monitoring of power system harmonics Frequency monitoring Data visualization using the geographical coordinates Black out monitoring and real time grid control center application Post event analysis

Phasor Measurement Units A PMU measures bus voltage (phase or sequence) and all 3-phase line currents on all branches (transmission lines and transformers) emanating from the substation along with the phasor angles

Integration of PMU data

Wide Area Monitoring Using PMUs and PDCs Threats against these devices include:  Denial of service (DoS) attacks  Attacks against open ports and services  Attempt to change device settings  Attempt to inject malicious data  Attempt to place a man-in-the-middle(MITM) between devices. 24

Reference: Salvatore, et al., Presentation on “Security analysis of a commercial synchrophasor device, May, 30-31,2011” 25

Open PDC C is the IEEE standard for PDC, current version issued in Three adapter layer:  Input adapter (C37.118)  Action adapter  Output adapter (32 bit access) 26

Vulnerabilities 1.C vulnerabilities : lack of encryption and source verification (MITM) 2.OpenPDC vulnerabilities: lack of input validation (Malicious Data Injection)  Drop statement injection: destroy all the measurements data for a PMU  Delete statement injection: selectively erase some specific measurements  Alter statement injection: Can be used to smartly swap the names of measurements tables Deceive the monitoring operator Cheat the triangulation used to detect source of dangerous event like blackouts 27

Intrusion Detection There are several reasons that make intrusion detection a necessary part of the entire defense system. First, many traditional systems and applications were developed without security in mind. In other cases, systems and applications were developed to work in a different environment and may become vulnerable when deployed in the current environment. (For example, a system may be perfectly secure when it is isolated but become vulnerable when it is connected to the Internet.) Intrusion detection provides a way to identify and thus allow responses to, attacks against these systems. Second, due to the limitations of information security and software engineering practice, computer systems and applications may have design flaws or bugs that could be used by an intruder to attack the systems or applications. As a result, certain preventive mechanisms (e.g., firewalls) may not be as effective as expected. 28

Intrusion Detection Methods Intrusion detection systems (IDSs) are usually deployed along with other preventive security mechanisms, such as access control and authentication, as a second line of defense that protects information systems.  Anomaly detection: based on normal behavior of a user and any action that significantly deviate from the normal behavior is considered intrusive.  Misuse detection: catches intrusion in terms of the characteristics of known attacks and any action that conforms to the pattern of a known attack is considered intrusive. 29

Functions of IDS Monitoring users and system activity Auditing system configuration for vulnerabilities and misconfigurations Assessing the integrity of critical system and data files Recognizing known attack patterns in system activity. Identifying abnormal activity through statistical analysis Managing audit trails and highlighting user violation of policy or normal activity Correcting system configuration errors Installing and operating traps to record information about intruders 30

Intrusion Detection Methods Anomaly detection:  Statistical models (Discrete Wavelet Transform)  Machine learning and data mining techniques  Specification-based methods  Information-theoretic measures Misuse detection:  Rule-based language  Abstraction-based intrusion detection  State transition analysis tool kit  Colored Petri automata 31

Statistical Decision Theory in Intrusion Detection By Saed Alajlouni

SCADA Systems SCADA systems, What are they? 11/07/2012 S. Alajlouni. "Cyber-Security of Critical Infrastructure" 33

Intro-Efforts for securing SCADA systems IT perspective: “Obscurity Principle”. Control Engineering perspective:“reliability”. Very few researchers have investigated how malicious attacks affect the estimation and control algorithms, and ultimately, how attacks affect the physical world 11/07/2012 S. Alajlouni. "Cyber-Security of Critical Infrastructure" 34

Interdisciplinary research Infrastructural Systems Control Theory Statistics- Statistical Inference, sequential detection theory Physical Modeling of Systems Model Linearization, Order-Reduction approximation, and Estimation

Statistical Decision Theory: Main Idea A receiver is reading an input signal that is corrupted by some additive noise Depending on the application, the receiver has to make a decision whether the received signal is high or low (Binary applications), or whether the data is malicious or true. The decision rule is based on minimizing a risk function (average cost). S. Alajlouni. "Cyber-Security of Critical Infrastructure"

Binary Bayesian hypothesis testing H 0 =N~(0,σ 2 ) H 1 =m+N~(0,σ 2 ) P 0 +P 1 =1 (Probabilities are given a priori) Bayes rule example: P(D 1,H 0 )=P(decide H 1 ∣ given H 0 is true)xP 0 =P F xP 0 S. Alajlouni. "Cyber-Security of Critical Infrastructure"

Decision rule Decision Risk= C 00 P(D 0,H 0 )+ C 11 P(D 1,H 1 )+ C 10 P(D 1,H 0 )+ C 01 P(D 0,H 1 ) Minimization of the risk function yields the receiver’s optimal decision rule 11/07/2012 S. Alajlouni. "Cyber-Security of Critical Infrastructure" 38

Composite Hypothesis Testing If the parameters defining probability density functions of the expected hypothesis are unknown, then the hypothesis testing problem is called composite. In some cases the unknown parameters does not appear in the decision rule equation, so a decision can still be made. If the decision rule depends on the unknown parameters, then the parameters must be estimated before a decision can be made Parameters are usually estimated using maximum likelihood estimation. 11/07/2012 S. Alajlouni. "Cyber-Security of Critical Infrastructure" 39

Sequential detection In a sequence of data samples, one of the following decisions must be made after each sample: Decide H 1 Decide H 0 Not enough information If Decisions H 0 or H 1 are made, the hypothesis testing procedure stops. Otherwise, an additional sample is taken. 11/07/2012 S. Alajlouni. "Cyber-Security of Critical Infrastructure" 40

Hardware Cyber Security Threats against hardware security: – Physical tampering – Side channel attacks – Data injection – Man in the middle attacks How to protect hardware: – Secure Startup – Configuration hopping – Masking power consumption 41

Secure Startup Use of module separate from normal device operations Module uses hardware ID and TCM for security TCM checks hardware ID and sends encrypted packet out, is returned and checked before system is allowed to fully operate [1] 42 [1] A security embedded system base on TCM and FPGA

Configuration Hopping Several processors in system assigned to individual tasks At random intervals processor configuration changes Creates narrower window for hacking [2] 43 Processor 1 Processor 2 Processor 3 Data In Data Out

Side Channel Attacks Types of SCA: – Simple Power Analysis – Differential Power Analysis Masking – Current Equalizing – Current Randomization Current Equalizer States [3] 44

Conclusions TTU has significant infrastructural and research capabilities in Cyber-Physical Systems Multidisciplinary approaches to address cybersecurity of critical infrastructural systems. We are very enthusiastic to develop “ Smart Micro Grid System” with embedded Cyber Security capabilities.