communications and security in (smart) power …. communications and security in (smart) power...

2013.08.28.

Communications and Security in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri 1

Communications and Security in (Smart) Power Systems

György DánLaboratory for Communication Networks

School of Electrical EngineeringKTH, Royal Institute of Technology

Stockholm, Sweden

EIT ICTLabs SES Summer SchoolParis, 26 August 2013

1

Who wants to be a millionaire?

The greatest engineering achievement of the 20th century is

– Automobile– Electrification

– Internet– Computers

2

Communications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri

2013.08.28.


Who wants to be a millionaire?

The greatest engineering achievement of the 20th century is

1. Electrification2. Automobile3. Airplane4. Water supply5. Electronics6. Radio and Television7. Agricult. mechanization8. Computers9. Telephone10. Air conditioning and refr.

11. Highways12. Spacecraft13. Internet14. Imaging15. Household appliances16. Health technologies17. Petrochemical techn.18. Laser and fiber optics19. Nuclear techn.20. High perf. materials

National Academy of Engineering (http://www.greatachievements.org/)3


Society is dependent on electricity

4


2013.08.28.


Power systemsdepend on

Communications

5


Society is dependent on electricity

Communications in Power Systems

6


G. Björkman, ABB

2013.08.28.


Intra-substation Communication

Facilitate substation automation– Protection and fault recording– Power quality monitoring (harmonics)– High resolution oscillography (tr. fault)– Instrumentation

Decrease O&M costs– Minimize equipment asset– Configuration and management

Interoperability Standardization…

– Naming and data– Architecture, protocols

7


IEC 61850 Architecture Reference communication model

– Process bus: Data to/from merging units (unicast, multicast) - subscription– Station bus: Control between IEDs for protection,…

Naming, hierarchical device model, data classes– Measurement, status, analog set point– Substation configuration language

Mapping to protocols (MMS over TCP/IP, GOOSE/GSSE/SV over Ethernet)

8


Station bus

Process bus

Fault recorder

Protection relay IED n

Fast/Gb EthernetMerging unit 1

80-256/cycle

10/Fast/Gb Ethernet

PT CTI/O

Merging unit k

PT CTI/O

Clk1 Clk2

RTUBay controller

2013.08.28.


Logical Device ModelStation bus


9

Physical device

Logical device 1 Logical device N

Logical Node 1

Logical Node K

Logical Node 1

Logical Node K

Process bus

Data objects

Data objects

Data objects

Data objects

Data object name example:MMXU1$MX$PhV(phase-to-ground voltage in measurement device 1)

SV

GOOSE/GSSE

Intra-substation Communication Requirements

High availability Data integrity (errors/attacks) Bounded and low delay Low computational complexity and overhead

– Limited computational power

Loss resilience Cheap deployment

– Wireless?


10

2013.08.28.



11


G. Björkman, ABB

Transmission Line Protection– Line current differential (<1 cycle)– Line phase comparison

Characteristics– Moderate bitrate ~ 60kbps– Distance ~ 10-50kms– Low delay (<10ms)

Requirements– Integrity– High availability /Failover

Inter-substation Communication

12


Substation 2

Substation 1

RelayRelay Primary

Hot standby

2013.08.28.



13


G. Björkman, ABB

National Transmission Grid (RTE) Peak demand

– ~89 GW

Yearly production– ~550 TWh

Network stats– ~100.000 km lines– ~2500 substations

National CC 7 Regional CCs

~900km

14


2013.08.28.


Supervisory Control and Data Acquisition(SCADA)

Transmission system operation and management– 1950-…

Pure Data Acquisition andControl System

Energy information system, decision

support based on reliable process information

System with topology and

specific applications e.g. EMS, DMS

- Monitoring and remote control

- Reduce personnel cost

- Secure and stable operation

- Black out prevention- Economical, efficient

and secure operationG. Björkman, ABB15


MonitoringStatus & Analog Retrieval(SAR)Network Model Builder (NMB)Scheduler Function (SF)State Estimation (SE)Network Sensitivity (NS)

AnalysisDispatcher Power Flow (DPF)Security Analysis (SA)Short Circuit Analysis (SCA)

Optimal Power Flow (OPF)Security Constrained Dispatch (SCD)Voltage Stability Analysis (VSA)Thermal Security Analysis (TSA)Available Transmission Capacity (ATC=VSA+TSA)Equipment Outage Scheduler (EOS)

Operations Enhancement

Interlocking with LF & SAStudy Data BaseNetwork Save Cases

Decision Support

Bad Topology Detection (BTD)Network Parameter Update (NPU)Network Modeling Assistant (NMA)

Network Applications

G. Björkman, ABB

16


2013.08.28.


SCADA Telemetry Data collected

– Real-time measurements (P,Q)– Status information (Breakers,

relays )

Characteristics– 1-10 metering/minute– 500-1000 kms– Large aggregate rates

• 200K I/O• 5K events/sec

– ~1s delivery delay

Requirements– Integrity

• Data corruption

– Availability• Failure, black-out

http://www.OSHA.gov

Substation

Communication Network (WAN)

17


SCADA Telemetry


Substation

L. Vanfretti, KTH18


Data collected– Real-time measurements (P,Q)– Status information (Breakers,

relays )

Characteristics– 1-10 metering/minute– 500-1000 kms– Large aggregate rates

• 200K I/O• 5K events/sec

– ~1s delivery delay

Requirements– Integrity

• Data corruption

– Availability• Failure, black-out

2013.08.28.


SCADA Control

Remote operation of– Circuit breakers– Relays, switches

Characteristics– 500-1000 kms– Low bitrate– <1s delay

Requirements– Integrity, reliability,

correctness• Data corruption

– Availability• Failure, blackout

http://www.OSHA.gov

Substation


19


SCADA Communication Primitives

Reporting– Polling– Unsolicited response


20

Control Select before operate

DNP3, IEEE Std 1815™-2012

2013.08.28.


SCADA Communication Architectures

Various PHY technologies– Serial/PLC/Microwave – OPGW - SDH Ethernet vs. MPLS-TP

Communication availability– Redundant communication channels– Fast failover (in meshed networks)

Multi vs. single service infrastructure– Voice/data/surveillance

Loop

21


Voice

Video

Control

Mesh

Point-to-point

SCADA Communication Protocols

Key design objectives– Efficiency (fixed binary format, compact representations)– Integrity, Availability

Common functionalities (L2-L5)– Addressing (Link)– Addressing (“Object”)– Data structures, encoding– Error checking (CRC16-DNP3)– (Medium access control, prioritization)

22


Loop

Mesh

Point-to-point

2013.08.28.


Evolution of SCADA Protocols

Proprietary– Vendor specific

• Closed

– De-facto standard• Open• Modbus, Profibus, RP-570, …

Standardized– DNP3 (US)– IEC 60870-5 (EME)

Operation over TCP/IP– IEC 60870-5-104, …


23

DN

P3 frame

Networks of Transmission Systems

4+2 synchronous grids ENTSO-E

– 42 TSOs– 34 countries

European Network of Transmission System Operators for Electricity 24


2013.08.28.


Networks of Transmission Systems

4+2 synchronous grids ENTSO-E

– 42 TSOs– 34 countries

European Network of Transmission System Operators for Electricity 25


Inter-Control Center Communication

Purpose– Control center integration– Inter-utility communication– Power plant dispatching– Information to/from DSOs

Exchange of– Measurement data– Control commands– Operational data

Wide area network (WAN)

26


TSO1 TSO2

2013.08.28.


Inter-Control Center Communication Protocol

Exchange of– Measurement data– Control commands– Operational data

Inter-control Center Communication Protocol (ICCP/IEC 60870-6/TASE.2)– Application layer

• Bilateral associations• Data profiles• Data structures, encoding (object models)• Access control• Availability (relaying)

– Transport layer (provided by TCP/IP)• Connectionless/Conn. oriented


27


TSO1 TSO2

ICCP

Example: Italian ICCP Network

22 communication nodes 3 regional, 1 national CC Power generation control centers

IEC 60870-6 Tase.2 (ICCP)Frame Relay

System OperatorRegional CC 1

Communication Node C

ISONational CC

System OperatorRegional CC 3

UCTESwitzerland

ICCP

IEC 60870-5-104RTU

RTU

RTU IEC 60870-5-104

RTU

RTU

RTU

ISORegional CC 1

ISORegional CC 3

Communication Node 1

Communication Node N

H. Mueller, “Outage analysis: Italy,” Network Manager News, News and Information for Users of Network Manager Worldwide, vol. 2, no. 1, pp. 1–3, 2004.Dán et al. “Challenges in power system information security”, IEEE S&P Mag., vol. 10, no. 4, Jul.-Aug. 2012

28


2013.08.28.


Wide Area Monitoring Systems

Phasor Measurement Units (PMUs)– Voltage and current phasors, frequency, drift– Improved accuracy– High sampling rate

Potential uses– Assist state estimation– Validation of system models– Dynamic visibility – frequency swings

Requirements– Delay – application dependent…– Rate – application dependent…– Continuous delivery– Synchronization – GPS!!!

'2z

L. Vanfretti, KTH29


PMU Data Communications• Synchrophasor protocol (IEEE C37.118)

– Configuration, data types, encoding– Data synchronization, rate (10/s to f), measurement accuracy– Error checking (CRC)

• Basic primitives– Data on/off, request configuration (ch names, rate, data format)

• Does not specify – Below application layer (e.g., link layer)– Information management architecture

• Hierarchical, Pub-sub

30

Data rate incl. overhead [bytes/sec]

Sampling [1/s] 5 phasors 10 phasors

10 400 600

25 1000 1500

50 2000 3000

Data rate incl. overhead [bytes/sec], 25/s

Digital Analog 5 phasors 10 phasors

0 0 1650 2650

0 2 1850 2850

2 2 1950 2950

C37.118 – Integer phasor data C37.118 – Floating point phasor data


2013.08.28.


Hierarchical PMU Data Aggregation

• Hierarchical aggregation and storage• Open source implementation: OpenPDC• Integration with other data sources

–protective and controllable devices, –weather, traffic, . . .

31L. Vanfretti, KTH http://openpdc.codeplex.com


NASPInet – Conceptual Architecture

http://www.naspi.org32


2013.08.28.


PMU Communication Challenges

• Deterministic delay and throughput– Static routing and fixed rates waste network resources– Dynamic routing and varying rates very restrictive

• Rate controlled priority queuing (RCPQ)

• High rate regime ts<<de

• Multi-domain QoS… 33


Dán et al, “Utility-based PMU data rate allocation under end-to-end delay constraints”, IEEE COMSOC MMTC E-Letter, Nov 2012

Bakken et al, “ Smart Generation and Transmission With Coherent, Real-Time Data,” Proc . of IEEE, 99(6), 2011

Security in Power Systems

34VIKING


2013.08.28.


Security in Power Systems

Challenges– Application requirements– Legacy systems - compatibility– Industry best practices and processes

Approaches– Security by obscurity

• Integration…

– Information security (retrofits)• Cryptography, …

– Operational security• Firewalls, policies,…• Phyiscal access restrictions

– Cyber-physical security

Performance

Cost

Security

35


G. Björkman, ABBDán et al. “Challenges in Power System Information Security”, in IEEE Security&Privacy Mag., vol. 10, no. 4, 2012

Operational Security

Critical Infrastructure Protection (CIP) guidelines– NERC CIP-002-3 through CIP-009-3 - http://www.nerc.com (2009)

Smart grid security guidelines– NIST IR 7628, Guidelines for Smart Grid Cyber Security, vol. 1-3

http://www.nist.gov, Aug. 2010.

G. Björkman, ABB36


2013.08.28.


NIST IR 7628 Reference DiagramCommunications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri

37

Operational Security

Isolation of an “integrated” control system– Firewall

– Diode (air gap)


38

Server proxy

Web/ Enterprise server

Enterprise network

Client proxy

SCADA Master

Control network

Gateway router/ Firewall

ICCP Server

DMZGateway router/ Firewall

ICCP Server

DMZ

Control networkControl network

IPsec tunnel

2013.08.28.


Information Security

Cryptographic security– Confidentiality

• Encryption

– Authentication, integrity• MAC, digital signature

Availability– Path failover, relaying, ...

Practical considerations– Equipment

• Bump-in-the-wire, Device hardening• Self-attestation, interoperability

– Protocols• Application layer: DNPSec • Session layer: SecureICCP (TLS/SSL)

– Key management

RTU CC

RTU CCBITW BITW

RTU CC

large messagem

H: hashfunction H(m)

digitalsignature(encrypt)

Alice’s private

key K A-

+ KA(H(m))-

encrypted msg digest

KA(H(m))-

encrypted msg digest

large messagem

H: hashfunction

H(m)

digitalsignature(decrypt)

H(m)

Alice’s public

key K A+

equal?

39


Some Cryptographic Primitives

Asymmetric key cryptography (e.g., RSA)– Prime n, private key e, public key d

Symmetric key cryptography (e.g., AES)– Diffie-Hellman to establish symmetric key

• Prime p, Generator g• Private secrets: a,b• Shared secret: gab

Cryptographic hash function H (e.g., SHA-256)– Block of data -> fixed size string– Preimage resistant


40

pgg abba mod)()(

A Bga

gb

nxx de mod)(

2013.08.28.


IPSec tunnel between substation and CC

DNPSec – protocol extension– Application layer only– Provides

• Authentication• Key management (SKC,AKC)

– Security model• Authority/Master/Outstation• Challenge-response protocol

SCADA Communication SecurityCommunications in (Smart) Power Systems, György Dán, http://www.ee.kth.se/~gyuri

41

RTUCCGW GWSubstation

Scada

IEEE Std 1815™-2012

Example: Key management

1 update key per user (and outstation)


42IEEE Std 1815™-2012

2013.08.28.


Normal vs. Aggressive mode

Aggressive mode decreases overhead


43IEEE Std 1815™-2012

Beyond SCADA Security

Devices outside of the security perimeter– Easily compromised– Low BW/computational power– Potentially many devices

Security requirements– Low complexity/overhead– Allow non-trusted intermediaries

• e.g., community-aided data collection

– Perfect forward secrecy


44

2013.08.28.


SELINDA: Light-weight data collection

DH– Single c,e– Can reuse d

Computation– 1 verification– 2/3 DH operations– 1 signature


45Dán et al, ``SELINDA: A Secure, Scalable and Light-Weight Data Collection Protocol for Smart Grids,'‘ in Proc. of IEEE SmartGridComm, Oct. 2013

SELINDA Characteristics

Lightweight for MD– Need not regenerate secret d if c is new

Lightweight for PO Need one c for arbitrary many MDs

Resilient to MD compromise– Cannot compromise c – resists small subgroup attack– Cannot compromise other MDs’ data

Resilient to DC compromise– Cannot eavesdrop collected data– Cannot modify collected data


46

2013.08.28.


Multicast data authentication

Example scenarios– PMU data delivery (NASPI?) – Intra-substation communication (SV, GOOSE)

Challenge– One sender, many receivers, – Lossy network– Low delay

• No buffering• Low complexity


47Wang et al, “Time Valid One-Time Signature for Time-Critical Multicast Data Authentication,” in Proc of IEEE Infocom, 2009

Another Cryptographic Primitive

One Time Signature (OTS)– Hash to Obtain Random Subsets (HORS)

• Private key: (x1,…xN), Public key: (y1=f(x1),…,yN=f(xN))• Signature:

– H(M) split into t substrings, – each substring used as index into the private key list– send t-element list (xi1,…,xit) to receiver

• Verification: – H(M) split into t substrings– each substring used as index into the public key list– verify f(xij)=yij


48Reyzin et al, “Better than BiBa: Short One-time Signatures with Fast Signing and Verifying”, in Proc. of ACISP’02

x y

H(M

) H(M

)

2013.08.28.


TV-HORS: Multicast data authentication

Time-valid OTS: truncated signature– Less overhead – Easier to find collision– Limit validity of key

Hash chain to update keys– xi=Hi(x0)

Combined: TV-HORS


49Wang et al, “Time Valid One-Time Signature for Time-Critical

Multicast Data Authentication,” in Proc of IEEE Infocom, 2009

xP xP-1 x1 x0

Cyber-Physical Security Cyber Security

– Infrastructure elements subject to attack

– Infrastructure elements can be protected

Physical security– Secure operation– Efficient operation

Example– Tamper with SCADA telemetry– Mislead SCADA state estimator– Affect OPF and generation

„Stealth” false data injections6

s1 s2

s3

s4

s5 scc

s7

Communication link Communication switching equipment

RTU

Substation with tamper-proof authentications i

Substation with non tamper-proof authentications iSubstations i

Substation with protections i

Transmission line Control Center

RTU with tamper-proof authentication Bump in the wire (BITW)

50


Vuković et al., “Network-layer Protection Schemes against Stealth Attacks on State Estimators in Power Systems”, in Proc. of IEEE SmartGridComm, Oct. 2011Vuković et al., ``Network-aware Mitigation of Data Integrity Attacks on Power System State Estimation,‘’ in IEEE Journal on Selected Areas in Communications (JSAC), vol. 30, no. 6, July 2012

2013.08.28.


z1• Steady-state power model

•Estimation of phase angles (i, vector ) based on (z)– Weighted Least Squares (WLS) estimation– Gauss-Newton algorithm

Model-based State EstimationX12

z2

51

X13


Bad Data Detector (BDD)

Measurement residual

Hypothesis testing H0: Random measurement noise Various methods

test (Normal distribution) Maximum normalized residual

BDD alarm

)ˆ()(ˆ: xhexhzzr

2State

estimatorBad Data Detector

Contingency Analysis

Optimal Power Flow

x

z=h(x)+e zzr ˆx̂

zx ˆ,ˆ

Operator1u 2u

u

Alarm

52

'2z


2013.08.28.


Naïve Attack on the State Estimator

State estimator

Bad Data Detector


Optimal Power Flow

za=h(x)+a+e aaa zzr ˆax̂

aa zx ˆ,ˆ

Operator1u 2u

u

+

Attackera

Alarm!

x

53

z=h(x)+e


Stealth Attack on the State Estimator

State estimator

Bad Data Detector


Optimal Power Flow

za=h(x)+a+e zzr ˆcx ˆ

azcx ˆ,ˆ

Operator1u 2u

u

+

Attackera=Hc

Noalarm…

x

54Y. Liu, P. Ning, and M. Reiter, “False data injection attacks against state estimation in electric power grids,” in Proc. ACM CCS, 2009, pp. 21–32.

0

)(

xx

xhH

z=h(x)+e


2013.08.28.


• WLS phase angle (i) estimation( vector )

• Linear approximation

• Bad data detection (BDD)

zzKaKzazKzzrazz

aKHcKaHHca

aa

a

ˆ)(

)(

SE Stealth Attacks

0

)(

xx

xhH

KzzRHHRHHxHz TT 111 )(ˆˆ

55


Kzzr

Experiment: „Stealthy” vs „Naive” Attack

• SCADA/EMS system• Complete state estimator (active and reactive power)• Attacked data written in SCADA database

Bad data detected & removed

Target bias

(MW)

Estimated value (MW)

# BDD Alarms

0 -14.8 0

50 36.2 0

100 86.7 0

150 137.5 0

200 Non convergent

-

Transmission line nom. rat.: 260 MVA

56


Teixeira et al., „A Cyber Security Study of a SCADA Energy Management System: Stealthy Deception Attacks on the State Estimator”, in Proc. of IFAC World Congress, Aug. 2011

2013.08.28.


Stealth Attack Cost and Impact Metrics

• Effort to perform an attack– Number of measurements

• “Least effort” k

– Number of infrastructure elements• Communication links/channels• Network equipment

• Impact of compromise– Number of stealth attacks 57


IEC 60870-5/PSTN

4

1

2

3

IEC 60870-5/OPGW

4

1

2

3

Illustration - IEEE 118 Bus Network

Topology– Star– Mesh

Baseline scenario– Single path routing– Shortest path

58


2013.08.28.


Measurement Attack CostStar vs. OPGW Topology

Num

ber o

f mea

sure

men

ts

Attack cost (m)

59


Vuković et al., “Network-layer Protection Schemes against Stealth Attacks on State Estimators in Power Systems”, in Proc. of IEEE SmartGridComm, Oct. 2011Vuković et al., ``Network-aware Mitigation of Data Integrity Attacks on Power System State Estimation,‘’ in IEEE Journal on Selected Areas in Communications (JSAC), vol. 30, no. 6, July 2012

Substation Attack Impact

„Stealth” attack against 40% of the measurements60


2013.08.28.


Protection against „Stealth” Attacks

Calculate the effort needed for attack Increase the effort needed for attack

– Maximize attack cost for budget

– Make attacks impossible• What infrastructure elements should be protected?

1

61

: ( )arg max min

M

MMkkC P

Dán et al, “Stealth Attacks and Protection Schemes for State Estimators in Power Systems,” in Proc. of IEEE SmartGridComm, Oct. 2010


Protection: Maximizing attack cost

Multi-path routing Authentication (tamper-proof)

o Decreases by 50%

o for most measurements

sISsmax

2m o mm ,1

62

o Dominating set to mitigate attacks (<< n) !!!


2013.08.28.


Multi-area State-Estimation

63

Vuković et al. `` On the Security of Distributed Power System State Estimation under Targeted Attacks,‘’ ACM Symposium on Applied Computing, Mar. 2013Vuković et al., ``Detection and Localization of Targeted Attacks on Fully Distributed Power System State Estimation,'‘ in Proc. of IEEE SmartGridComm, Oct. 2013,


• Interconnected systems- No central authority

• Distributed state estimation- Protect sensitive data- Fully distributed- Inter CC communication

• ICCP over TCP/IP

• Data integrity attack- Compromise CC - Manipulate data to disturb

estimation• Avoid or delay convergence

Multi-area State-Estimation

64


TSO3 TSO4

Wide area network

TSO2TSO1

• Interconnected systems- No central authority

• Distributed state estimation- Protect sensitive data- Fully distributed- Inter CC communication

• ICCP over TCP/IP

• Data integrity attack- Compromise CC - Manipulate data to disturb

estimation• Avoid or delay convergence


Vuković et al. `` On the Security of Distributed Power System State Estimation under Targeted Attacks,‘’ ACM Symposium on Applied Computing, Mar. 2013Vuković et al., ``Detection and Localization of Targeted Attacks on Fully Distributed Power System State Estimation,'‘ in Proc. of IEEE SmartGridComm, Oct. 2013,

2013.08.28.


Distributed State Estimation

State estimator

Bad Data Detector


Optimal Power Flow

z=h(x1,x2)+e

zzr ˆ

x̂

zx ˆ,ˆ

Operator 1

x1

State estimator

Bad Data Detector


Optimal Power Flow

zzr ˆ

x̂

zx ˆ,ˆ

Operator 2

x2

z=h(x1,x2)+

e

x12x21

)(kx65


Periodic exchange of border state variables Distributed algorithm for convergence to consistent state estimate

– Various algorithms available

Iterative algorithm

Border Bus Phase Angle Attack

Iteration under attack

Attacker chooses δa,2 to maximize – Under constraint on ||δa,2||

First singular vector attack (model/state-aware)

– δa=u1 (First singular vector of A) Attacker needs information

– H matrix and system state – Power flow measurements – direction ()

CC1 CC2x1,b + δa,1

ak

bTkkTkkk HWHHWHxx )(1)(1)(1)()()( ][~

x2,b

x1,b

x2,b + δa,2

A

||~|| )(kx

)(kx

1Au1Au

)(~ kx

)()()()()1( ~ kkkkk xxxxx

66


2013.08.28.


DSE Attack Impact: Convergence Time

67

IEEE 118 bus system 6 regions Attacker compromises different areas FSV attack strategy

• Attack strategy crucial• Field measurement data

important for powerful attack (FSV+MEAS)


Attack Detection and Localization

Mean Squared Disagreement– Iteration k

Belief of Attack Location

Common belief of Attack location– Random walk based consensus– Left eigenvector of belief matrix


68

||

2/)()(',

2

2

)(,'

)(',)(

', krr

krr

krrk

rr x

xxd

)1(',

)(',

)(',

~)1(

~ krr

krr

krr ddd

)('

)(',

)(',)(

', ~~

rNr

krr

krrk

rr dd

B

)()()( kkk B

Vuković et al, ``Detection and Localization of Targeted Attacks on Fully Distributed Power System State Estimation,'‘ in Proc. of IEEE SmartGridComm, Oct. 2013

2013.08.28.


Cloud Computing for Power Systems

Cost Savings Elastic/Scalable/On-demand resources

– Improved Reliability/Performance• N-x criterion -> large number of high-fidelity

simulations/analysis;

New open market for data analytics Security

– Dedicated talent, wider view etc.

Dán et al, ``Cloud Computing for the Power Grid: From Service Composition to Assured Clouds,'‘ in Proc. of USENIX HotCloud'13, Jun. 2013


69

Power System Operations & Time Scales

Real-Time Operations (msec – 10s of minutes) Examples:– Protection (msec)– Frequency Governors (sec)– Automatic Generation Control (AGC) (seconds)– State Estimation and Contingency Analysis (minutes)– Economic Dispatch (~15 minutes)

Operation Planning Examples:– Load Forecasting – days (short term) to years (long term)– Unit Commitment (day ahead markets)– Maintenance Planning (weeks - year)– Generation and Transmission Planning ( up to 25 years)

70

2013.08.28.


Power Applications in the Cloud: Today

Cloud computing already present– Meter Data Management Services– Demand Response Solutions

• e.g., Honeywell’s Akuacom, GE’s Grid IQ, AutoGrid

CIGRE working group “outsourcing managed security services using cloud Technologies”

Characteristics:– Internet centered non-critical applications / customer facing– SaaS with a community deployment model


71

Power Applications in the Cloud: Future Markets?

– e.g., Locational Marginal Pricing– Optimal power flow with congestion constraints and uncertain load

Operational Planning?– e.g., renewable energy source integration– High-fidelity simulations with varying weather, load and system parameters

Operations?– e.g., contingency analysis or pre-screening for CA– undertaken every few minutes but computational load may vary based on

system state

Data storage?– e.g., phasor measurement unit data – typically not retrieved often


72

2013.08.28.


Cloud Computing for Power Operations: Concerns

Real-time Computations– Variable performance

Reliability / Fault Tolerance– Clouds are best effort

Regulation / Compliance– NERC CIP

Security– No hard guarantees; increased exposure


73

Cloud Security Concerns

Confidentiality– Measured data (leveraged for market advantage)– System information (leveraged for attacks)

Integrity– Computations and data

Availability– Computations and data

Compliance


74

2013.08.28.


Cloud as Black-box: Assured Service Composition

What properties can be achieved at what cost?

Approaches to Confidentiality – Computing on homomorphically encrypted data

• Expensive, not very practical– Problem transformation

• Linear transformation of OPF (Borden et al, Allerton’12) • Perturbation of CA (Vukovic et al, SmartGridComm ’13)

– Problem splitting• Chunk the problem and compute in different clouds

Approaches to Integrity– Multiple independent executions– Verification using low-fidelity/approximate executions


75

Assured Cloud Computing

Improved Isolation – e.g., HyperSafe (Oakland ’10), self service clouds

(CCS ‘12), NoHype (CCS ‘11)

Fault-tolerant infrastructure– e.g., ISIS2 or GridCloud

Multi-tenant support in hardware


76

2013.08.28.


Benefits, Risks, Challenges

Are cost savings enough to motivate utilities to look into or adopt (public or community) clouds?– At what point ($ savings) might a utility consider using cloud - $5, 10,

15 or 20 M/year?

Are security and reliability provided by clouds today sufficient to meet power utility requirements?– What properties/guarantees are needed?

• Perfect isolation vs. Weak isolation?• Best effort vs. Real-time?

Can sufficient level of availability be guaranteed? How should regulations be changed to enable the secure use

of cloud infrastructures?


77Dán et al, ``Cloud Computing for the Power Grid: From Service Composition to Assured Clouds,'‘ in Proc. of USENIX HotCloud'13, Jun. 2013

Summary Diverse application requirements

– Delay, throughput, availability, integrity, confidentiality

Diverse protocols/technologies Increasing focus on security


78

Dán et al. “Challenges in Power System Information Security”, in IEEE Security&Privacy Mag., vol. 10, no. 4, 2012

Performance

Cost

Security

2013.08.28.


Literature on Standards Ralph Mackiewicz, “Overview of IEC 61850 and Benefits”, IEEE PES Transmission and Distribution

Conference and Exhibition, May 2006 North American Synchrophasor Initiative (NASPI), http://www.naspi.org NERC CIP, http://www.nerc.com NIST, NIST IR 7628, Guidelines for Smart Grid Cyber Security, vol. 1-3, http://www.nist.gov A DNP3 protocol primer, http://www.dnp.org IEC 60870-5 standard on “Telecontrol equipment and systems” Inter Control center Communication Protocol (ICCP/IEC 60870-6/TASE.2) IEEE Std. 1815-2012 “IEEE Standard for Electric Power Systems Communications -- Distributed

Network Protocol (DNP3)” IEEE Std. C37.118-2005 “IEEE Std for Synchrophasors for Power Systems”


79

Literature beyond Standards H. Mueller, “Outage analysis: Italy,” Network Manager News, News and Information for Users of Network Manager Worldwide, vol. 2, no. 1,

pp. 1–3, 2004. O. Vuković, K-C. Sou, G. Dán, H. Sandberg, “Network-layer Protection Schemes against Stealth Attacks on State Estimators in Power

Systems”, in Proc. of IEEE SmartGridComm, Oct. 2011 O. Vuković, K-C. Sou, G. Dán, H. Sandberg, ``Network-aware Mitigation of Data Integrity Attacks on Power System State Estimation,‘’ in IEEE

Journal on Selected Areas in Communications (JSAC), vol. 30, no. 6, Jul. 2012 G. Dán, H. Sandberg, G. Björkmann, M. Ekstedt, “Challenges in Power System Information Security”, in IEEE Security and Privacy Magazine,

vol. 10, no. 4, 2012 G. Dán, R.B. Bobba, G. Gross, R.H. Campbell, ``Cloud Computing for the Power Grid: From Service Composition to Assured Clouds,'‘ in Proc. of

USENIX HotCloud'13, Jun. 2013 O. Vuković, G. Dán, ``Detection and Localization of Targeted Attacks on Fully Distributed Power System State Estimation,'‘ in Proc. of IEEE

SmartGridComm, Oct. 2013, O. Vuković, G. Dán,`` On the Security of Distributed Power System State Estimation under Targeted Attacks,‘’ ACM Symposium on Applied

Computing (SAC), Mar. 2013 O. Vuković, G. Dán, R.B. Bobba, ``Confidentiality-preserving Obfuscation for Cloud-based Power System Contingency Analysis,'' in Proc. of

IEEE SmartGridComm, Oct. 2013 G. Dán, K-S. Lui, R. Tabassum, Q. Zhu, K. Nahrstedt, “SELINDA: A Secure, Scalable and Light-Weight Data Collection Protocol for Smart Grids,'‘

in Proc. of IEEE SmartGridComm, Oct. 2013 K. Maheshwari, M. Lim, L. Wang, K. Birman, and R. van Renesse, “Toward a reliable, secure and fault tolerant smart grid state estimation in

the cloud,” IEEE PES Innovative Smart Grid Technologies, 2013. A. R. Borden, D. K. Molzahn, P. Ramanathan, and B. C. Lesieutre,“Confidentiality-preserving optimal power flow for cloud computing,” in

Allerton Control Conference, 2012 Reyzin , Reyzin, “Better than BiBa: Short One-time Signatures with Fast Signing and Verifying”, in Proc. of ACISP’02 A. Teixeira, G. Dán, H. Sandberg, K.H. Johansson, “A Cyber Security Study of a SCADA Energy Management System: Stealthy Deception

Attacks on the State Estimator”, in Proc. of IFAC World Congress, Aug. 2011 Q. Wang , H. Kurana, Y. Huang, K. Nahrstedt, “Time Valid One-Time Signature for Time-Critical Multicast Data Authentication,” in Proc of IEEE

Infocom, 2009


80

2013.08.28.


Communications and Security in (Smart) Power Systems

György DánLaboratory for Communication Networks

School of Electrical EngineeringKTH, Royal Institute of Technology

Stockholm, Sweden

EIT ICTLabs SES Summer SchoolParis, 26 August 2013

81

communications and security in (smart) power …. communications and security in (smart) power...

Documents