![Page 1: Cyber-Physical System Security of the Power Grid](https://reader030.vdocuments.us/reader030/viewer/2022012423/6177480064c49a6d7a16b432/html5/thumbnails/1.jpg)
Cyber-Physical System Security
of the Power Grid Chen-Ching Liu
American Electric Power Professor
Director, Center for Power and Energy
Virginia Tech
Research Professor
Washington State University
Sponsored by U.S. National Science Foundation and
Science Foundation Ireland, Murdock Charitable Trust, ESIC
Washington State University, State of Washington
IEEE PES Bid Data Webinar Series, July 2019
![Page 2: Cyber-Physical System Security of the Power Grid](https://reader030.vdocuments.us/reader030/viewer/2022012423/6177480064c49a6d7a16b432/html5/thumbnails/2.jpg)
Center for Power & Energy (CPE)
2
• Founded by A. Phadke in 1986
• Original members: A. Phadke; L. Mili; R. Broadwater;
S. Rahman; K. Tam; Y. Liu; and J. DeLaRee
1988: First Phasor Measurement Unit (PMU)
2002: Frequency Monitoring Network (FNET)
2008: A. Phadke and J. Thorp awarded Benjamin Franklin Medal in EE
2013: PMU-only three-phase state estimator in Dominion
Virginia Power
![Page 3: Cyber-Physical System Security of the Power Grid](https://reader030.vdocuments.us/reader030/viewer/2022012423/6177480064c49a6d7a16b432/html5/thumbnails/3.jpg)
PEC Core Faculty
3
Mona GhassemiAssistant Professor
• High voltage and high field
engineering
• High voltage tests and high field
phenomena modeling: GE,
Eversource, Hydro-Quebec,
SaskPower, Manitoba Hydro
Virgilio A. CentenoAssociate Professor
• PMU
• Instrumentation
Jaime De La ReeAssociate Professor &
Assistant Dept. Head
• Protection
• Machines
Vassilis KekatosAssistant Professor
• Optimization and learning
of smart grids
Lamine M. MiliProfessor (NVC)
• Static and dynamic
state estimation
• Robust power system
parameter and dynamic
state estimation w/ PMUs
Saifur RahmanJoseph Loring Professor (VT-ARC)• Energy efficiency and
sensor integration
• DoE BEMOSS
Platform; President of
IEEE PES
Chen-Ching LiuDirector & AEP Professor
• Distribution systems,
cyber security of the grid
• Industry software for
system restoration: EPRI
(Trans.), PNNL (Distr.)
To join Aug 2019
Ali Mehrizi-Sani
Associate Professor
• Microgrid control
• Power converters
• Integration of renewables
• Cyber security
![Page 4: Cyber-Physical System Security of the Power Grid](https://reader030.vdocuments.us/reader030/viewer/2022012423/6177480064c49a6d7a16b432/html5/thumbnails/4.jpg)
Cyber Attack in Ukraine’s Power System
Location of Power Outage
• Attack on Ukraine’s power grid
December 23, 2015.
Malware installation.
Falsify SCADA data injection.
Flood attack on telephone system.
Trip circuit breakers in multiple
substations.
• Results
Over 225,000 customers
experienced power outage.
Source: Google map
![Page 5: Cyber-Physical System Security of the Power Grid](https://reader030.vdocuments.us/reader030/viewer/2022012423/6177480064c49a6d7a16b432/html5/thumbnails/5.jpg)
Information and
Communication
Technology
Power
Grid
Power Grid with ICT
![Page 6: Cyber-Physical System Security of the Power Grid](https://reader030.vdocuments.us/reader030/viewer/2022012423/6177480064c49a6d7a16b432/html5/thumbnails/6.jpg)
Critical Cyber Assets
Critical Cyber Assets in Power infrastructure
Energy Management System (EMS) in Control Center
Distribution Management System (DMS)
Process Control System (Power Plants)
Substation Automation System (SAS)
![Page 7: Cyber-Physical System Security of the Power Grid](https://reader030.vdocuments.us/reader030/viewer/2022012423/6177480064c49a6d7a16b432/html5/thumbnails/7.jpg)
Evolved through generations
Monolithic
Distributed
Networked
Evolution of SCADA Systems
![Page 8: Cyber-Physical System Security of the Power Grid](https://reader030.vdocuments.us/reader030/viewer/2022012423/6177480064c49a6d7a16b432/html5/thumbnails/8.jpg)
Escalating Cyber Security Factors
Adoption of standardized technologies with known
vulnerabilities
Connectivity of control systems to other networks
Constraints on use of existing security technologies and
practices
Insecure remote connections
Widespread availability of technical information about control
systems
![Page 9: Cyber-Physical System Security of the Power Grid](https://reader030.vdocuments.us/reader030/viewer/2022012423/6177480064c49a6d7a16b432/html5/thumbnails/9.jpg)
Intrusion Tools
War Dialing
Scanning
Traffic Sniffing
Password Cracking
Stuxnet
Ukraine
![Page 10: Cyber-Physical System Security of the Power Grid](https://reader030.vdocuments.us/reader030/viewer/2022012423/6177480064c49a6d7a16b432/html5/thumbnails/10.jpg)
Supervisory Control And Data Acquisition
(SCADA)
Electric PowerNatural Gas Pipelines,
Process Control Systems Transportation
Sectors
Transmission, Distribution,
Substation Network
Monitoring) Wind Farms
Gas Pipeline, Chemical,
Oil and Gas, Power
Plants
Roadway, Rail System,
Space and Air Traffic
Example
Protocols
ICCP / DNP3i / Modbus over
TCP/IP / IEC870-5-101/104 /
IEC 61850
Fieldbus or Profibus
Cellular Digital Packet Data
Network and Global
Positioning System
Framework
Data Polling Acquisition &
Control / Automation Are
Configured for Interlocking
and Protection Scheme
Automation by
Programmable Logic
Controller (PLC)
Ensuring Associated Tasks
with Given Function,
Satisfying System
Performance in Centre
Input
Variables
Voltage, Current, Frequency,
Time, Active Power, Reactive
Power, Apparent Power
Temperature, Pressure,
Time, etc.
Traffic and Roadway
Sensors, Visual Closed
Circuit Television Sensors,
Voice Communication,
Probe Vehicle and Database
Services, Global Positioning
System
Control
VariablesSwitching Devices Valve, Pump
Controls of Roadway
Access and Intersection
Devices
Application
Energy Management System
() / Distribution Management
System (DMS) / Substation
Automation System (SAS)
Generation Management
System (GMS), Resource
Planning System (ERP)
Adaptive Traffic Control
System, Incident Detection
and Location System, and
Predictive Traffic Modelling
System
![Page 11: Cyber-Physical System Security of the Power Grid](https://reader030.vdocuments.us/reader030/viewer/2022012423/6177480064c49a6d7a16b432/html5/thumbnails/11.jpg)
Cyber Systems in Power Infrastructure
Vendor
Personnel or
Site Engineers
Primary Control
Center Network
Substation Network
`
Application
Servers
SCADA
Servers
Database
Servers
` `
Modem
Data
Concentrator
User
Interfaces Dispatcher
Training
Simulators
User
Interfaces
Hackers
Router
Firewall
Firewall
Firewall
ModemApplication
Servers
SCADA
Servers
Database
Servers
`
`
User
Interfaces
Dispatcher
Training
Simulators
FirewallSecondary
Control Center
Network Frame Relay Network /
Radiowave / Dedicated Line
Modem
Corporate WAN
Remote Access Network
through Dial-up, VPN,
or Wireless
... ...
...
... ...
...
...
... ... ... ... ... ...
Breaker
Breaker
Breaker
Breaker
Breaker Breaker Breaker Breaker Breaker Breaker
BreakerBreaker
Breaker
Transformer Transformer
Busbar
BusbarBusbar
Transmission lineTransmission line
Feeder Feeder Feeder Feeder Feeder Feeder
Modem
Other Corporate
Intranets
![Page 12: Cyber-Physical System Security of the Power Grid](https://reader030.vdocuments.us/reader030/viewer/2022012423/6177480064c49a6d7a16b432/html5/thumbnails/12.jpg)
System Vulnerability
A system is defined as the wide area interconnected, IP-
based computer communication networks linking the
control center and substations-level networks
System vulnerability is the maximum vulnerability level
over a set of scenarios represented by I
)(max IVVS
![Page 13: Cyber-Physical System Security of the Power Grid](https://reader030.vdocuments.us/reader030/viewer/2022012423/6177480064c49a6d7a16b432/html5/thumbnails/13.jpg)
Scenario Vulnerability
An intrusion scenario consists of the steps taken by an
attempted attack from a substation-level network
Substation-level networks in a power system
substation automation systems
power plant control systems
distribution operating centers
Scenario vulnerability is defined by
where K is the number of intrusion scenarios to be evaluated
KiViViVIV ,,,)( 21
![Page 14: Cyber-Physical System Security of the Power Grid](https://reader030.vdocuments.us/reader030/viewer/2022012423/6177480064c49a6d7a16b432/html5/thumbnails/14.jpg)
Access Point Vulnerability
Access point provides the port services to establish a connection for an intruder to
penetrate SCADA computer systems
Vulnerability of a scenario i, V(i), through an access point is evaluated to determine
its potential damage
Scenario vulnerability - weighted sum of the potential damages over the set S.
Sj
jjiV
where is the steady state probability that a SCADA system is attacked through aspecific access point j, which is linked to the SCADA system. The damage factor, ,represents the level of damage on a power system when a substation is removed
jj
![Page 15: Cyber-Physical System Security of the Power Grid](https://reader030.vdocuments.us/reader030/viewer/2022012423/6177480064c49a6d7a16b432/html5/thumbnails/15.jpg)
Firewall Model
Firewall model
Denial or access of each rule
Malicious packets traveling
through policy rule j on each
firewall i is taken into account.
fp
ji
fp
jifp
jiN
fp
,
,
,
fr
i
fr
ifr
iN
fp
denotes the
frequency of
malicious packets
through the
firewall rule
total record of
firewall rule j.
probability of malicious
packets traveling
through a firewall rule
the number of
rejected packets
denotes the
total number
of packets in
the firewall
logs
probability of the
packets being
rejected
...Deny
Rule 1
Rule 2
Rule
n
Malicious packets
passed through Firewall
A (terminal 2)
Intrusion Attempts (terminal 1)
fr
ip fp
ip 1,fp
ip 2,
fp
nip ,
f
i
n
i
f
if
i
![Page 16: Cyber-Physical System Security of the Power Grid](https://reader030.vdocuments.us/reader030/viewer/2022012423/6177480064c49a6d7a16b432/html5/thumbnails/16.jpg)
Construction of Cyber-Net Based on
Substation with Load and Generator
![Page 17: Cyber-Physical System Security of the Power Grid](https://reader030.vdocuments.us/reader030/viewer/2022012423/6177480064c49a6d7a16b432/html5/thumbnails/17.jpg)
Impact Factor Evaluation
Impact factor for the attack upon a SCADA system is
Loss of load (LOL) is quantified for a disconnected substation
To determine the value of L, one starts with the value of L=1 at the
substation and gradually increases the loading level of the entire system
without the substation that has been attacked.
Stop when power flow fails to converge (System is considered unstable)
1
L
Total
LOL
P
P
![Page 18: Cyber-Physical System Security of the Power Grid](https://reader030.vdocuments.us/reader030/viewer/2022012423/6177480064c49a6d7a16b432/html5/thumbnails/18.jpg)
Modeling Integrated Cyber-Power System
• Methodology for CPS modeling of power systems
– Develop the ICT model of SCADA system
– Integrate power grid model with ICT model for SCADA and grid control hierarchy
– Dynamics of a power grid and its data infrastructure are combined
• CPS tool used for assessment of SCADA communication performance
– Plan SCADA and ICT systems for power grids
• CPS tool used for cyber security assessment in co-simulation environment
– Model cyber attacks and assess CPS security
• Simulate cyber attacks at the cyber system layer
• Perform impact analysis at the power system layer
• Compute impact indices and attack efficiencies to disrupt power grid operation
![Page 19: Cyber-Physical System Security of the Power Grid](https://reader030.vdocuments.us/reader030/viewer/2022012423/6177480064c49a6d7a16b432/html5/thumbnails/19.jpg)
Cyber-Physical System Model
Substation Level at
Cyber System Layer
Power System Layer
Transmission Operator Layer
Control Center Level at
Cyber System Layer
16 kVU
0t 1t 2t 1kt kt mt sect
t
G5
G4
G1 G2 G31 2 3
4
5
678
9
10
11
1213
14 15
U1616
IED 1 IED i
RTU
Server
LAN
Engineering
Workstation
Station
HMIs WEB HMIRouter
Firewall
Server
Substation m ICT model
IED 1 IED i
RTU
Server
LAN
Engineering
Workstation
Station
HMIs WEB HMIRouter
Firewall
Server
Substation m+1 ICT model
IED 1 IED i
RTU
Server
LAN
Engineering
Workstation
Station
HMIs WEB HMIRouter
Firewall
Server
Substation n ICT model
System
Servers
Application
Servers HMIsSynchronization
System
RTU
Servers
CC
Servers
TO
Servers
Routers
Firewalls
Control Center Hot-Standby ICT model
System
Servers
Application
Servers HMIsSynchronization
System
RTU
Servers
CC
Servers
TO
Servers
Routers
Firewalls
Control Center k ICT model
System
Servers
Application
ServersHMIs Synchronization
System
RTU
Servers
CC
ServersCC
Hot-Standby
Servers
Routers
Firewalls
Router
Router
HistoriansMarket System
ServersHMIs
Market
Web Servers
Communication
Servers Firewall
Cyber Security Applications
Dual LAN
Dual LAN
Dual LAN
Dual LAN
IED 1 IED i
RTU
Server
LAN
Engineering
Workstation
Station
HMIs WEB HMIRouter
Firewall
Server
Substation 1 ICT model
![Page 20: Cyber-Physical System Security of the Power Grid](https://reader030.vdocuments.us/reader030/viewer/2022012423/6177480064c49a6d7a16b432/html5/thumbnails/20.jpg)
Intrusion into a Substation Network
Vendor
Personnel or
Site Engineers
Primary Control
Center Network
Substation Network
`
Application
Servers
SCADA
Servers
Database
Servers
` `
Modem
Data
Concentrator
User
Interfaces Dispatcher
Training
Simulators
User
Interfaces
Hackers
Router
Firewall
Firewall
Firewall
ModemApplication
Servers
SCADA
Servers
Database
Servers
`
`
User
Interfaces
Dispatcher
Training
Simulators
FirewallSecondary
Control Center
Network Frame Relay Network /
Radiowave / Dedicated Line
Modem
Corporate WAN
Remote Access Network
through Dial-up, VPN,
or Wireless
... ...
...
... ...
...
...
... ... ... ... ... ...
Breaker
Breaker
Breaker
Breaker
Breaker Breaker Breaker Breaker Breaker Breaker
BreakerBreaker
Breaker
Transformer Transformer
Busbar
BusbarBusbar
Transmission lineTransmission line
Feeder Feeder Feeder Feeder Feeder Feeder
Modem
Other Corporate
Intranets
![Page 21: Cyber-Physical System Security of the Power Grid](https://reader030.vdocuments.us/reader030/viewer/2022012423/6177480064c49a6d7a16b432/html5/thumbnails/21.jpg)
Potential Threats in a Substation
Based on IEC 61850
IED Relay PMU
Merging Unit
User-interface
GPSStation
Level
Bay
Level
Process
Level
Compromise user-interface
Gain access to bay level
devices
Modify GOOSE
message
Generate fabricated
analog values
Change device
settings
CT and VT
Circuit Breaker
Actuator
![Page 22: Cyber-Physical System Security of the Power Grid](https://reader030.vdocuments.us/reader030/viewer/2022012423/6177480064c49a6d7a16b432/html5/thumbnails/22.jpg)
Anomaly Detection at Substations
![Page 23: Cyber-Physical System Security of the Power Grid](https://reader030.vdocuments.us/reader030/viewer/2022012423/6177480064c49a6d7a16b432/html5/thumbnails/23.jpg)
Integrated Anomaly Detection System
![Page 24: Cyber-Physical System Security of the Power Grid](https://reader030.vdocuments.us/reader030/viewer/2022012423/6177480064c49a6d7a16b432/html5/thumbnails/24.jpg)
Host-Based Anomaly Detection
Host-based anomaly indicators
ψ^a (intrusion attempt on user interface or IED)
ψ^cf (change of the file system)
ψ^cs (change of IED critical settings)
ψ^o (change of status of breakers or transformer taps)
ψ^m (measurement difference)
Detection of temporal anomalies is performed by comparing consecutive row
vectors representing a sequence of time instants
If a discrepancy exists between two different periods (rows, 10 seconds), the
anomaly index is a number between 0 and 1
A value of 0 implies no discrepancy whereas 1 indicates the maximal discrepancy
![Page 25: Cyber-Physical System Security of the Power Grid](https://reader030.vdocuments.us/reader030/viewer/2022012423/6177480064c49a6d7a16b432/html5/thumbnails/25.jpg)
Consequence of GOOSE Based Attack
![Page 26: Cyber-Physical System Security of the Power Grid](https://reader030.vdocuments.us/reader030/viewer/2022012423/6177480064c49a6d7a16b432/html5/thumbnails/26.jpg)
System Integration
![Page 27: Cyber-Physical System Security of the Power Grid](https://reader030.vdocuments.us/reader030/viewer/2022012423/6177480064c49a6d7a16b432/html5/thumbnails/27.jpg)
IEEE 39 Bus System
Normal status
![Page 28: Cyber-Physical System Security of the Power Grid](https://reader030.vdocuments.us/reader030/viewer/2022012423/6177480064c49a6d7a16b432/html5/thumbnails/28.jpg)
Sequential attacks – Sub # 6 → 12 → 15 → 28 → 36 → 33 → 34
![Page 29: Cyber-Physical System Security of the Power Grid](https://reader030.vdocuments.us/reader030/viewer/2022012423/6177480064c49a6d7a16b432/html5/thumbnails/29.jpg)
Sequential attacks – Sub # 6 → 12 → 15 → 28 → 36 → 33 → 34
![Page 30: Cyber-Physical System Security of the Power Grid](https://reader030.vdocuments.us/reader030/viewer/2022012423/6177480064c49a6d7a16b432/html5/thumbnails/30.jpg)
Sequential attacks – Sub # 6 → 12 → 15 → 28 → 36 → 33 → 34
![Page 31: Cyber-Physical System Security of the Power Grid](https://reader030.vdocuments.us/reader030/viewer/2022012423/6177480064c49a6d7a16b432/html5/thumbnails/31.jpg)
Sequential attacks – Sub # 6 → 12 → 15 → 28 → 36 → 33 → 34
![Page 32: Cyber-Physical System Security of the Power Grid](https://reader030.vdocuments.us/reader030/viewer/2022012423/6177480064c49a6d7a16b432/html5/thumbnails/32.jpg)
Sequential attacks – Sub # 6 → 12 → 15 → 28 → 36 → 33 → 34
![Page 33: Cyber-Physical System Security of the Power Grid](https://reader030.vdocuments.us/reader030/viewer/2022012423/6177480064c49a6d7a16b432/html5/thumbnails/33.jpg)
Sequential attacks – Sub # 6 → 12 → 15 → 28 → 36 → 33 → 34
![Page 34: Cyber-Physical System Security of the Power Grid](https://reader030.vdocuments.us/reader030/viewer/2022012423/6177480064c49a6d7a16b432/html5/thumbnails/34.jpg)
Sequential attacks – Sub # 6 → 12 → 15 → 28 → 36 → 33 → 34
![Page 35: Cyber-Physical System Security of the Power Grid](https://reader030.vdocuments.us/reader030/viewer/2022012423/6177480064c49a6d7a16b432/html5/thumbnails/35.jpg)
IEEE 39 Bus System (DIgSILENT)
Without ADS - Blackout
1. Bus 6
2. Bus 12
3. Bus 15
4. Bus 28
5. Bus 36
6. Bus 337. Bus 34
Gen 10
Gen 2
Gen 1
Gen 6
Gen 3
Gen 9
![Page 36: Cyber-Physical System Security of the Power Grid](https://reader030.vdocuments.us/reader030/viewer/2022012423/6177480064c49a6d7a16b432/html5/thumbnails/36.jpg)
Sequential attacks with ADS
![Page 37: Cyber-Physical System Security of the Power Grid](https://reader030.vdocuments.us/reader030/viewer/2022012423/6177480064c49a6d7a16b432/html5/thumbnails/37.jpg)
HMI
![Page 38: Cyber-Physical System Security of the Power Grid](https://reader030.vdocuments.us/reader030/viewer/2022012423/6177480064c49a6d7a16b432/html5/thumbnails/38.jpg)
HMI
Anomaly Detection
System
![Page 39: Cyber-Physical System Security of the Power Grid](https://reader030.vdocuments.us/reader030/viewer/2022012423/6177480064c49a6d7a16b432/html5/thumbnails/39.jpg)
IEEE 39 Bus System (DIgSILENT)
With ADS - Normal
![Page 40: Cyber-Physical System Security of the Power Grid](https://reader030.vdocuments.us/reader030/viewer/2022012423/6177480064c49a6d7a16b432/html5/thumbnails/40.jpg)
40
Coordinated Cyber Attack
City 1
City 2
City 4
City 3
1
2
3
4
Cascading Event
![Page 41: Cyber-Physical System Security of the Power Grid](https://reader030.vdocuments.us/reader030/viewer/2022012423/6177480064c49a6d7a16b432/html5/thumbnails/41.jpg)
GUI of CCADS
41
User defined threshold valueCompromised substations
Similarity index
![Page 42: Cyber-Physical System Security of the Power Grid](https://reader030.vdocuments.us/reader030/viewer/2022012423/6177480064c49a6d7a16b432/html5/thumbnails/42.jpg)
Simulation of Power System
42
G8: Electrical Frequency in Hz
G5: Electrical Frequency in Hz
G2: Electrical Frequency in Hz
Bus 28 : Voltage, Magnitude in p.u.
Bus 11 : Voltage, Magnitude in p.u.
Bus 16 : Voltage, Magnitude in p.u.
20.00 40.00 60.00 80.000.0040.00
50.00
60.00
70.00
80.00
90.00
0.00 20.00 40.00 60.00 80.00
100.00
100.00
[s]
[s]0.20
0.40
0.60
0.80
1.00
1.20
![Page 43: Cyber-Physical System Security of the Power Grid](https://reader030.vdocuments.us/reader030/viewer/2022012423/6177480064c49a6d7a16b432/html5/thumbnails/43.jpg)
Intrusion Detection System
43
![Page 44: Cyber-Physical System Security of the Power Grid](https://reader030.vdocuments.us/reader030/viewer/2022012423/6177480064c49a6d7a16b432/html5/thumbnails/44.jpg)
PV Smart Inverter Cyber Physical
System Simulation Environment
Cyber system:
DER
communication
networkQueue based cyber
system model is
developed by using
MATLAB Simulink
Physical
system:
IEEE 13 Test
FeedersDIgSILENT PowerFactory
real time power system
simulator
Connection: OPC server with
embedded OPC clients in
both physical system and
cyber system
Level 1: Distribution Control Center
DMS server
Firewall/
Routers
LAN
HMIs
Application
servers
Database
servers
DMS: Distribution Management System
HMIs: Human Machine Interfaces
IDS: Intrusion Detection System
Modbus,DMP3
GPS
IDSs
Level 2: Facilities DER energy management system
GFEMS
servers
... ... ...
SMCU SMCU SMCU SMCU
Utility WAN
Level 3: DER systems
LAN/WAN: Local/Wide area network
GFEMS: Generating Facility Energy Management Systems
SMCU: Smart inverter control unit
OPC
Server
State,
Control
Variables
IEEE 13 Test Feeders
OPC
Client
State,
Control
Variables
OPC
Client
State,
Control
Variables
![Page 45: Cyber-Physical System Security of the Power Grid](https://reader030.vdocuments.us/reader030/viewer/2022012423/6177480064c49a6d7a16b432/html5/thumbnails/45.jpg)
Flooding Attack
Targeting on Smart Inverters on IEEE 13-Node Feeder
Under voltage event: synchronized machine connected to
feeder 633 is tripped
Unknown Connection
Multiple Connections
/Reconnections
Flooding attack with dummy
packets
Inaccessibility of smart inverters
Disconnection between
distribution control center and SMCU
Heavy network traffic
Anomaly Events Sequence
Attack route sets from Dictionary
Edit Manipulations of Anomaly Event Sequence
𝐸𝐷𝑚𝑖𝑛 𝐴𝑇𝑆𝑖𝑛𝑑
a→b→c→d→e→f𝑃1𝑎: a→b→d→e→f
𝑃1𝑏: a→c→d→e→f
Delete “c” Delete “b”
1 (min)1 (min)
0.833>0.7(threshold 𝑉𝑡ℎ )
Flooding attack is detected by IDS!
Normal condition Under
flooding attack
![Page 46: Cyber-Physical System Security of the Power Grid](https://reader030.vdocuments.us/reader030/viewer/2022012423/6177480064c49a6d7a16b432/html5/thumbnails/46.jpg)
Further Information
[1] C. W. Ten, C. C. Liu, and M. Govindarasu, “Vulnerability Assessment of Cybersecurity for SCADA Systems,”
IEEE Trans. Power Systems, Nov. 2008, pp. 1836-1846.
[2] C. W. Ten, J. Hong, and C. C. Liu, “Anomaly Detection for Cybersecurity of the Substations,” IEEE Trans.
Smart Grid, Dec 2011.
[3] C. C. Liu, A. Stefanov, J. Hong, and P. Panciatici, “Intruders in the Grid,” IEEE Power and Energy Magazine,
Jan/Feb 2012.
[4] C. C. Liu, A. Stefanov, J. Hong, "Cyber Vulnerability and Mitigation Studies Using a SCADA Testbed,“ IEEE
Power and Energy Magazine, Jan. 2012.
[5] J. Hong, C. C. Liu, and M. Govindarasu, "Integrated Anomaly Detection for Cyber Security of the
Substations," IEEE Trans. Smart Grid, July 2014.
[6] A. Stefanov, C. C. Liu, and M. Govindarasu, "Modeling and Vulnerability Assessment of Integrated Cyber-
Power Systems," Int. Transactions on Electrical Energy Systems, Vol. 25, No. 3, March 2015.
[7] J. Xie, C. C. Liu, M. Sforna, M. Bilek, and R. Hamza, "On Line Physical Security Monitoring of Power
Substations, Int. Trans. Electrical Energy Systems, June 2016.
[8] C. C. Sun, A. Hahn, and C. C. Liu, “Cyber Security of a Power Grid: State-of-the-Art,” Int. J. Electrical
and Power and Energy Systems, pp. 45-56, 2018.
[9] Y. Chen, J. Hong, and C. C. Liu, "Modeling of Intrusion and Defense for Assessment of Cyber Security at
Power Substations," IEEE Trans. Smart Grid, July 2018.
[10] J. Hong and C. C. Liu, "Intelligent Electronic Devices with Collaborative Intrusion Detection Systems," IEEE
Trans. Smart Grid, Jan 2019.
[11] C. C. Sun, R. Zhu, and C. C. Liu, “Cyber Attack and Defense for Smart Inverters in a Distribution
System,” CIGRE Symposium, Study Committee D2, Helsinki, Finland, June 2019.
[12] S. K. Khaitan, J. D. McCalley, and C. C. Liu (Co-Editors), Cyber Physical Systems Approach to Smart
Electric Power Grid, Springer, 2015.