1 / 16

On Security Indices for State Estimators in Power Networks

On Security Indices for State Estimators in Power Networks. Henrik Sandberg, André Teixeira, and Karl Henrik Johansson Automatic Control Lab, ACCESS Linnaeus Center Royal Institute of Technology, Stockholm, Sweden. VIKING. First Workshop on Secure Control Systems April 12 th , 2010.

cedric
Télécharger la présentation

On Security Indices for State Estimators in Power Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. On Security Indices for State Estimators in Power Networks Henrik Sandberg, André Teixeira, and Karl Henrik Johansson Automatic Control Lab, ACCESS Linnaeus Center Royal Institute of Technology, Stockholm, Sweden VIKING First Workshop on Secure Control Systems April 12th, 2010

  2. Northeast U.S. Blackout of 2003 • August 14th, 2003: 55 million people affected • One plant in Ohio offline during peak hour ) Cascading failure ) Over 100 plants shut down • Software bug in state estimator stalled alarm systems for over an hour • Incorrect state estimate can have serious consequences

  3. SCADA Systems and False-Data Deception Attacks • SCADA/EMS systems used to monitor and control power networks • Sampling frequency ¼ 1/min • Redundant power flow and voltage measurements (zi) • State estimator used to obtain accurate state information at all times, and to identify faulty equipment. (SCADA/EMS = Supervisory Control and Data Acquisition/Energy Management Systems)

  4. Attacker Model and Bad Data Detection in Control Center Intelligent attacker can find attacks a that do not trigger alarms in the Bad-Data Detector (BDD) [Liu et al., 2009] But can we measure how difficult it is to perform such attacks?

  5. Steady-state models: WLS-Estimates of bus phase angles i (in vector ): Linear approximation: Power Network and Estimator Models

  6. Bad-Data Detection and Undetectable Attacks The “hat matrix” K: Bad-Data Detection triggers on anomalies in the residual False-data deception attacks [Liu et al., 2009]: The attacker has a lot of freedom in the choice of attack vector a! Which a are more likely to be applied?

  7. Measures of “least-effort attacks” on measurement zk Large indices k and k) It requires a large coordinated attack involving many sensors and large elements in a to attack zk ( i|ai|¸k|ak|) More generally: The New Security Indices k and k

  8. Example of the Index k Attack vectors corresponding to k: Compare with the hat matrix:

  9. IEEE 14-bus Network

  10. IEEE 14-bus Network (cont’d) Hat-matrix-based heuristics (•) misleading when it comes to judging sparsity of attacks (k) Heuristic OK to estimate size of elements in a (k) (ο) k upper bound (•) rk1:=#{|Kik /Kkk|¸0.33} (ο) k (•)

  11. IEEE 14-bus Attack Vectors (z16)

  12. Conclusions Security of state estimators has not been much studied before Two security indices (k,k) introduced here Can be used to locate measurements that are relatively easy to attack The hat matrix K can be misleading with respect to security of measurements Efficient computation of k? How to re-design system to maximize the indices?

  13. References

  14. 4-Bus Example Hat matrix: Many non-zero elements in rows ) Large measurement redundancy (except z4) z1, z2, z3, z5 have lots of redundancy. But are they all hard to attack? No!

  15. Attack Synthesis for Measurement zk When p=2, the columns of scaled hat matrix (R=I) gives the solution [Teixeira et al., 2010]: This study: Sparse attacks a more likely, since they involve fewer sensors. Study p=0 and p=1

  16. Some Possible Extensions Increase risk of detection with  Multiple attack goals Sensitivity matrix S=I-K Lagrange multipliers and location of encryption devices?

More Related