![Page 1: Security of Smart Grids: A Cyber‐Physical Perspecve · Security of Smart Grids: A Cyber‐Physical Perspecve Bruno Sinopoli Assistant Professor Department of ECE Carnegie Mellon](https://reader030.vdocuments.us/reader030/viewer/2022040808/5e4c4628a5e48510d7657638/html5/thumbnails/1.jpg)
Security of Smart Grids: A Cyber‐Physical Perspec:ve �
Bruno Sinopoli Assistant Professor
Department of ECE Carnegie Mellon �
1
TexPoint fonts used in EMF.
CyLab Silicon Valley Briefing March 25, 2011
![Page 2: Security of Smart Grids: A Cyber‐Physical Perspecve · Security of Smart Grids: A Cyber‐Physical Perspecve Bruno Sinopoli Assistant Professor Department of ECE Carnegie Mellon](https://reader030.vdocuments.us/reader030/viewer/2022040808/5e4c4628a5e48510d7657638/html5/thumbnails/2.jpg)
The smart grid
![Page 3: Security of Smart Grids: A Cyber‐Physical Perspecve · Security of Smart Grids: A Cyber‐Physical Perspecve Bruno Sinopoli Assistant Professor Department of ECE Carnegie Mellon](https://reader030.vdocuments.us/reader030/viewer/2022040808/5e4c4628a5e48510d7657638/html5/thumbnails/3.jpg)
From a smart grid to a smarter grid
• Integration of
3
![Page 4: Security of Smart Grids: A Cyber‐Physical Perspecve · Security of Smart Grids: A Cyber‐Physical Perspecve Bruno Sinopoli Assistant Professor Department of ECE Carnegie Mellon](https://reader030.vdocuments.us/reader030/viewer/2022040808/5e4c4628a5e48510d7657638/html5/thumbnails/4.jpg)
Is it a worthwhile effort?
• Pros – Efficiency – Safety – Green – Competitiveness
• Cons – Cost – Complexity – Vulnerability
4
![Page 5: Security of Smart Grids: A Cyber‐Physical Perspecve · Security of Smart Grids: A Cyber‐Physical Perspecve Bruno Sinopoli Assistant Professor Department of ECE Carnegie Mellon](https://reader030.vdocuments.us/reader030/viewer/2022040808/5e4c4628a5e48510d7657638/html5/thumbnails/5.jpg)
What are Cyber‐Physical Systems?
Computing
Control Communication Cyber Physical
![Page 6: Security of Smart Grids: A Cyber‐Physical Perspecve · Security of Smart Grids: A Cyber‐Physical Perspecve Bruno Sinopoli Assistant Professor Department of ECE Carnegie Mellon](https://reader030.vdocuments.us/reader030/viewer/2022040808/5e4c4628a5e48510d7657638/html5/thumbnails/6.jpg)
6
Cyber vs Cyber‐Physical Security
• Key goals of informa;on security: – Confiden;ality: aAacker cannot read data packets. – Integrity: aAacker cannot modify data packets. – Availability: data packets are available for es;ma;on and control purpose.
– Etc.. • Key goal of CPS security:
– Guaranteeing reliable system opera;on
• Cyber security is a tool not a goal
![Page 7: Security of Smart Grids: A Cyber‐Physical Perspecve · Security of Smart Grids: A Cyber‐Physical Perspecve Bruno Sinopoli Assistant Professor Department of ECE Carnegie Mellon](https://reader030.vdocuments.us/reader030/viewer/2022040808/5e4c4628a5e48510d7657638/html5/thumbnails/7.jpg)
Goal/Scope of the attack in CPS • Disrupt operations, e.g. destabilize the
system (e.g. Stuxnet) • Reduce system’s performance • Financial gain • Context
– Cyber warfare – Commercial advantage – Criminal intent
7
![Page 8: Security of Smart Grids: A Cyber‐Physical Perspecve · Security of Smart Grids: A Cyber‐Physical Perspecve Bruno Sinopoli Assistant Professor Department of ECE Carnegie Mellon](https://reader030.vdocuments.us/reader030/viewer/2022040808/5e4c4628a5e48510d7657638/html5/thumbnails/8.jpg)
Types of CPS Attacks/ Remediation
• Attacks – Cyber range of attacks – Physical Attacks – Insider attacks
• Remediation – Detection/isolation – Guarantee continuity of operation – Graceful degradation – Service restoration
8
![Page 9: Security of Smart Grids: A Cyber‐Physical Perspecve · Security of Smart Grids: A Cyber‐Physical Perspecve Bruno Sinopoli Assistant Professor Department of ECE Carnegie Mellon](https://reader030.vdocuments.us/reader030/viewer/2022040808/5e4c4628a5e48510d7657638/html5/thumbnails/9.jpg)
Today’s talk: provide some insights via case studies
• System definition – Focus on control systems
• Attacks on sensors – Analysis of Sensor Replay attacks – Analysis of Integrity attacks on sensors
• Examples • Conclusion
9
![Page 10: Security of Smart Grids: A Cyber‐Physical Perspecve · Security of Smart Grids: A Cyber‐Physical Perspecve Bruno Sinopoli Assistant Professor Department of ECE Carnegie Mellon](https://reader030.vdocuments.us/reader030/viewer/2022040808/5e4c4628a5e48510d7657638/html5/thumbnails/10.jpg)
System model�
• We model the underlying physical system as a linear ;me‐invariant system:
• Sensors are used to monitor the system:
• Each element in represents the reading of a certain sensor at ;me . �
10
xk+1 = Axk + wk
yk = Cxk + vk
yk
k
![Page 11: Security of Smart Grids: A Cyber‐Physical Perspecve · Security of Smart Grids: A Cyber‐Physical Perspecve Bruno Sinopoli Assistant Professor Department of ECE Carnegie Mellon](https://reader030.vdocuments.us/reader030/viewer/2022040808/5e4c4628a5e48510d7657638/html5/thumbnails/11.jpg)
Illustra:ve Example�
• We consider a vehicle moving along the - axis.
• Two sensors are used to measure position and velocity respectively.
11
x
xk+1 = xk + wk,1,
xk+1 = xk + xk + wk,2
yk,1 = xk + vk,1,
yk,2 = xk + vk,2.
x
![Page 12: Security of Smart Grids: A Cyber‐Physical Perspecve · Security of Smart Grids: A Cyber‐Physical Perspecve Bruno Sinopoli Assistant Professor Department of ECE Carnegie Mellon](https://reader030.vdocuments.us/reader030/viewer/2022040808/5e4c4628a5e48510d7657638/html5/thumbnails/12.jpg)
12
Kalman Filter and LQG controller
![Page 13: Security of Smart Grids: A Cyber‐Physical Perspecve · Security of Smart Grids: A Cyber‐Physical Perspecve Bruno Sinopoli Assistant Professor Department of ECE Carnegie Mellon](https://reader030.vdocuments.us/reader030/viewer/2022040808/5e4c4628a5e48510d7657638/html5/thumbnails/13.jpg)
Failure Detector �
• A failure detector is used to detect abnormality in the system, which triggers an alarm based on the following condi;on:
where
and the func;on is con;nuous.
13
gk > threshold
gk = g(yk, xk, . . . , yk!T , xk!T ),
g
![Page 14: Security of Smart Grids: A Cyber‐Physical Perspecve · Security of Smart Grids: A Cyber‐Physical Perspecve Bruno Sinopoli Assistant Professor Department of ECE Carnegie Mellon](https://reader030.vdocuments.us/reader030/viewer/2022040808/5e4c4628a5e48510d7657638/html5/thumbnails/14.jpg)
Failure Detector �
• For example, for a chi‐square detector takes the following form:
where
and is the covariance of .
14
gk
zk = yk ! CAxk!1,
P zk
gk = zTk P!1zk
![Page 15: Security of Smart Grids: A Cyber‐Physical Perspecve · Security of Smart Grids: A Cyber‐Physical Perspecve Bruno Sinopoli Assistant Professor Department of ECE Carnegie Mellon](https://reader030.vdocuments.us/reader030/viewer/2022040808/5e4c4628a5e48510d7657638/html5/thumbnails/15.jpg)
15
Replay AJack Model (Allerton conf. ‘09)
• The aAacker can – Record and modify the sensors’ readings – Inject malicious control input
• Replay AAack – Record sufficient number of without adding control inputs.
– Inject malicious control input to the system and replay the previous . . We denote the replayed measurements to be .
• When replay begins, there is no informa;on from the systems to the controller. As a result, the controller cannot guarantee any close‐loop control performance. The only chance is to detect the replay.
yk
yk
yk
y!k
![Page 16: Security of Smart Grids: A Cyber‐Physical Perspecve · Security of Smart Grids: A Cyber‐Physical Perspecve Bruno Sinopoli Assistant Professor Department of ECE Carnegie Mellon](https://reader030.vdocuments.us/reader030/viewer/2022040808/5e4c4628a5e48510d7657638/html5/thumbnails/16.jpg)
Our Abstract
16
![Page 17: Security of Smart Grids: A Cyber‐Physical Perspecve · Security of Smart Grids: A Cyber‐Physical Perspecve Bruno Sinopoli Assistant Professor Department of ECE Carnegie Mellon](https://reader030.vdocuments.us/reader030/viewer/2022040808/5e4c4628a5e48510d7657638/html5/thumbnails/17.jpg)
16 months later…
17
![Page 18: Security of Smart Grids: A Cyber‐Physical Perspecve · Security of Smart Grids: A Cyber‐Physical Perspecve Bruno Sinopoli Assistant Professor Department of ECE Carnegie Mellon](https://reader030.vdocuments.us/reader030/viewer/2022040808/5e4c4628a5e48510d7657638/html5/thumbnails/18.jpg)
18
System Diagram
![Page 19: Security of Smart Grids: A Cyber‐Physical Perspecve · Security of Smart Grids: A Cyber‐Physical Perspecve Bruno Sinopoli Assistant Professor Department of ECE Carnegie Mellon](https://reader030.vdocuments.us/reader030/viewer/2022040808/5e4c4628a5e48510d7657638/html5/thumbnails/19.jpg)
19
Simula:on • Suppose the aAacker records from ;me –T and replay
begins at ;me 0.
• For some systems, the Chi2 detector cannot dis;nguish system under replay and system without replay.
![Page 20: Security of Smart Grids: A Cyber‐Physical Perspecve · Security of Smart Grids: A Cyber‐Physical Perspecve Bruno Sinopoli Assistant Professor Department of ECE Carnegie Mellon](https://reader030.vdocuments.us/reader030/viewer/2022040808/5e4c4628a5e48510d7657638/html5/thumbnails/20.jpg)
20
Detec:on of Replay AJack �
• Manipula;ng equa;ons:
• If converges to 0 very fast, then there is no way to dis;nguish the compromised system and healthy system. Ak
![Page 21: Security of Smart Grids: A Cyber‐Physical Perspecve · Security of Smart Grids: A Cyber‐Physical Perspecve Bruno Sinopoli Assistant Professor Department of ECE Carnegie Mellon](https://reader030.vdocuments.us/reader030/viewer/2022040808/5e4c4628a5e48510d7657638/html5/thumbnails/21.jpg)
21
Counter Measure
• Replay is feasible because the op;mal es;mator and controller are determinis;c
• If we add random control input to the system: – If the system responds to this input, then there is no replay
– If not, then there is a replay – Random control inputs act like ;me stamps – Cost: The controller is not op;mal any more
![Page 22: Security of Smart Grids: A Cyber‐Physical Perspecve · Security of Smart Grids: A Cyber‐Physical Perspecve Bruno Sinopoli Assistant Professor Department of ECE Carnegie Mellon](https://reader030.vdocuments.us/reader030/viewer/2022040808/5e4c4628a5e48510d7657638/html5/thumbnails/22.jpg)
22
Counter Measure
• Let control input to be
where is the op;mal control input, is an i.i.d. Gaussian random control input with zero mean and covariance of . can be seen as an authen;ca;on signal
• The increase in control cost is given by
uk = u!k + !uk,
u!k !uk
Q
trace!(U + BT SB)Q
"
!uk
![Page 23: Security of Smart Grids: A Cyber‐Physical Perspecve · Security of Smart Grids: A Cyber‐Physical Perspecve Bruno Sinopoli Assistant Professor Department of ECE Carnegie Mellon](https://reader030.vdocuments.us/reader030/viewer/2022040808/5e4c4628a5e48510d7657638/html5/thumbnails/23.jpg)
23
Counter Measure
• Innova;on with random input:
![Page 24: Security of Smart Grids: A Cyber‐Physical Perspecve · Security of Smart Grids: A Cyber‐Physical Perspecve Bruno Sinopoli Assistant Professor Department of ECE Carnegie Mellon](https://reader030.vdocuments.us/reader030/viewer/2022040808/5e4c4628a5e48510d7657638/html5/thumbnails/24.jpg)
24
New System Diagram
![Page 25: Security of Smart Grids: A Cyber‐Physical Perspecve · Security of Smart Grids: A Cyber‐Physical Perspecve Bruno Sinopoli Assistant Professor Department of ECE Carnegie Mellon](https://reader030.vdocuments.us/reader030/viewer/2022040808/5e4c4628a5e48510d7657638/html5/thumbnails/25.jpg)
25
Simula:on Result
• One dimensional system, single sensor:
• Parameters: – R = 0.1, Q = 1 – W = U =1
– Detector window size 5, false alarm rate 5%
xk+1 = xk + uk + wk,
yk = xk + vk.
![Page 26: Security of Smart Grids: A Cyber‐Physical Perspecve · Security of Smart Grids: A Cyber‐Physical Perspecve Bruno Sinopoli Assistant Professor Department of ECE Carnegie Mellon](https://reader030.vdocuments.us/reader030/viewer/2022040808/5e4c4628a5e48510d7657638/html5/thumbnails/26.jpg)
26 Detec;on Rate of Different Random Signal Strength
10 11 12 13 14 15 16 17 18 19 200
0.05
0.1
0.15
0.2
0.25
0.3
0.35
0.4
Time(k)
De
tec
tio
n R
ate
![Page 27: Security of Smart Grids: A Cyber‐Physical Perspecve · Security of Smart Grids: A Cyber‐Physical Perspecve Bruno Sinopoli Assistant Professor Department of ECE Carnegie Mellon](https://reader030.vdocuments.us/reader030/viewer/2022040808/5e4c4628a5e48510d7657638/html5/thumbnails/27.jpg)
Chemical Plant (A + C → D)
Objectives: Maintain production rate by controlling valves Minimize operating cost (function of purge loss of A and C)
Restrictions:
![Page 28: Security of Smart Grids: A Cyber‐Physical Perspecve · Security of Smart Grids: A Cyber‐Physical Perspecve Bruno Sinopoli Assistant Professor Department of ECE Carnegie Mellon](https://reader030.vdocuments.us/reader030/viewer/2022040808/5e4c4628a5e48510d7657638/html5/thumbnails/28.jpg)
Regular vs. Secure controller
Time for detection = 25 ms
![Page 29: Security of Smart Grids: A Cyber‐Physical Perspecve · Security of Smart Grids: A Cyber‐Physical Perspecve Bruno Sinopoli Assistant Professor Department of ECE Carnegie Mellon](https://reader030.vdocuments.us/reader030/viewer/2022040808/5e4c4628a5e48510d7657638/html5/thumbnails/29.jpg)
Integrity AJack strategy�
• The aAacker has full knowledge of the system’s model.
• The aAacker can change the readings of a subset of sensors.
• The goals of the aAacker are: – To affect the system’s opera;ons; – Not being detected.
29
y!k = Cx!
k + vk + !yak
![Page 30: Security of Smart Grids: A Cyber‐Physical Perspecve · Security of Smart Grids: A Cyber‐Physical Perspecve Bruno Sinopoli Assistant Professor Department of ECE Carnegie Mellon](https://reader030.vdocuments.us/reader030/viewer/2022040808/5e4c4628a5e48510d7657638/html5/thumbnails/30.jpg)
Ques:ons�
• Can the aAacker successfully destabilize the system?�
• If not what is the extent of the perturba;on that the aAacker can inflict to the system?
30
![Page 31: Security of Smart Grids: A Cyber‐Physical Perspecve · Security of Smart Grids: A Cyber‐Physical Perspecve Bruno Sinopoli Assistant Professor Department of ECE Carnegie Mellon](https://reader030.vdocuments.us/reader030/viewer/2022040808/5e4c4628a5e48510d7657638/html5/thumbnails/31.jpg)
Integrity AJack Model
• An aAack sequence is defined as an infinite sequence of the aAacker’s input
• The innova;on is defined as
• An aAack sequence is call feasible if the following condi;ons hold from ;me 0 to ;me T:
31
Yya0 , ya
1 , . . .
zk = yk ! CAxk, z!k = y!
k ! CAx!k
Y (T, !)
12(z!k ! zk)TP"1(z!k ! zk)T " !
![Page 32: Security of Smart Grids: A Cyber‐Physical Perspecve · Security of Smart Grids: A Cyber‐Physical Perspecve Bruno Sinopoli Assistant Professor Department of ECE Carnegie Mellon](https://reader030.vdocuments.us/reader030/viewer/2022040808/5e4c4628a5e48510d7657638/html5/thumbnails/32.jpg)
Reachable Set
• Define es;ma;on error as:
• Define the bias introduced by the aAacker as:
• The reachable region is defined as:
• The reachable region is defined as:
32
k
!ek = e!k ! ek.
Rk = {x ! Rn : x = !ek(Y), and Y is (k, 1) feasible}.
R =!!
k=1
Rk.
ek = xk ! xk, e!k = x!
k ! x!k
![Page 33: Security of Smart Grids: A Cyber‐Physical Perspecve · Security of Smart Grids: A Cyber‐Physical Perspecve Bruno Sinopoli Assistant Professor Department of ECE Carnegie Mellon](https://reader030.vdocuments.us/reader030/viewer/2022040808/5e4c4628a5e48510d7657638/html5/thumbnails/33.jpg)
Which sensors should I aJack/protect?�
• To check the resilience of control system, one can find all the unstable eigenvector of A and compute Cv.
• If Cv is sparse, then the aAacker only need to compromise a few sensors to launch an aAack along the direc;on v.
• To improve the resilience, the defender could add redundant sensors to measure every unstable mode.
33
The reachable region R is unbounded if and only if A has an unstable eigen-value and the corresponding eigenvector v satisfies:
1. Cv ! span(!).
2. v is reachable for dynamic system "ek+1 = (A"KCA)"ek "K!yak+1.
![Page 34: Security of Smart Grids: A Cyber‐Physical Perspecve · Security of Smart Grids: A Cyber‐Physical Perspecve Bruno Sinopoli Assistant Professor Department of ECE Carnegie Mellon](https://reader030.vdocuments.us/reader030/viewer/2022040808/5e4c4628a5e48510d7657638/html5/thumbnails/34.jpg)
Resilient systems allow only a finite reachable set �
• In general compu;ng the reachable set is very hard, since the number of inequali;es needed to describe the set quickly explodes.
• As a result, we use ellipsoids to approximate the reachable region.
34
![Page 35: Security of Smart Grids: A Cyber‐Physical Perspecve · Security of Smart Grids: A Cyber‐Physical Perspecve Bruno Sinopoli Assistant Professor Department of ECE Carnegie Mellon](https://reader030.vdocuments.us/reader030/viewer/2022040808/5e4c4628a5e48510d7657638/html5/thumbnails/35.jpg)
Illustra:ve Example�
• We consider a car moving along the - axis.
• Two sensors are used to measure position and velocity respectively.
• We assume that . 35
x
Q = R = I2
xk+1 = xk + wk,1,
xk+1 = xk + xk + wk,2
yk,1 = xk + vk,1,
yk,2 = xk + vk,2.
![Page 36: Security of Smart Grids: A Cyber‐Physical Perspecve · Security of Smart Grids: A Cyber‐Physical Perspecve Bruno Sinopoli Assistant Professor Department of ECE Carnegie Mellon](https://reader030.vdocuments.us/reader030/viewer/2022040808/5e4c4628a5e48510d7657638/html5/thumbnails/36.jpg)
Posi:on sensor is compromised
36
![Page 37: Security of Smart Grids: A Cyber‐Physical Perspecve · Security of Smart Grids: A Cyber‐Physical Perspecve Bruno Sinopoli Assistant Professor Department of ECE Carnegie Mellon](https://reader030.vdocuments.us/reader030/viewer/2022040808/5e4c4628a5e48510d7657638/html5/thumbnails/37.jpg)
Simula:on Result: Compromising the Posi:on Sensor�
37
![Page 38: Security of Smart Grids: A Cyber‐Physical Perspecve · Security of Smart Grids: A Cyber‐Physical Perspecve Bruno Sinopoli Assistant Professor Department of ECE Carnegie Mellon](https://reader030.vdocuments.us/reader030/viewer/2022040808/5e4c4628a5e48510d7657638/html5/thumbnails/38.jpg)
Velocity Sensor is compromised�
38
![Page 39: Security of Smart Grids: A Cyber‐Physical Perspecve · Security of Smart Grids: A Cyber‐Physical Perspecve Bruno Sinopoli Assistant Professor Department of ECE Carnegie Mellon](https://reader030.vdocuments.us/reader030/viewer/2022040808/5e4c4628a5e48510d7657638/html5/thumbnails/39.jpg)
An applica:on: Electricity Market pricing�
• The price of electricity is determined by the state es;ma;on , i.e. genera;on, power flow over transmission and load of the power grid.
• If an aAacker was able to compromise some sensors, then it could introduce a bias in the state es;ma;on accordingly.
• Eventually, over a finite ;me‐horizon, the aAacker will affect the pricing to his advantage and make a profit. �
39
![Page 40: Security of Smart Grids: A Cyber‐Physical Perspecve · Security of Smart Grids: A Cyber‐Physical Perspecve Bruno Sinopoli Assistant Professor Department of ECE Carnegie Mellon](https://reader030.vdocuments.us/reader030/viewer/2022040808/5e4c4628a5e48510d7657638/html5/thumbnails/40.jpg)
Day‐Ahead Forward Market and Virtual Bidding�
• The Regional Transmission Organiza;on (RTO) computes the nodal price based on the predicted load.
• The price is published usually 36 hours before actual opera;on.
• A market par;cipant could buy/sell virtual power at loca;on j in the day‐ahead market, and is obliged to sell/buy the same amount of power at the same loca;on in the real ;me market. �
40
![Page 41: Security of Smart Grids: A Cyber‐Physical Perspecve · Security of Smart Grids: A Cyber‐Physical Perspecve Bruno Sinopoli Assistant Professor Department of ECE Carnegie Mellon](https://reader030.vdocuments.us/reader030/viewer/2022040808/5e4c4628a5e48510d7657638/html5/thumbnails/41.jpg)
Ex‐Post Market (Real Time Market)�
• A transmission line is posi;vely congested if . It is nega;vely congested if .
• In the real market, the RTO tries to solve the following minimiza;on problem: �
41
Fl > Fmaxl
Fl < Fminl
minimize!Pgi
I!
i=1
Ci!Pgi
subject toI!
i=1
!Pgi = 0
!Pgmini ! !Pgi ! !Pgmax
i "i = 1, ..., I
!Fl ! 0 "l # cl+
!Fl $ 0 "l # cl!,
![Page 42: Security of Smart Grids: A Cyber‐Physical Perspecve · Security of Smart Grids: A Cyber‐Physical Perspecve Bruno Sinopoli Assistant Professor Department of ECE Carnegie Mellon](https://reader030.vdocuments.us/reader030/viewer/2022040808/5e4c4628a5e48510d7657638/html5/thumbnails/42.jpg)
Ex‐Post Market (Real‐Time Market)�
• The Lagrangian of the above minimiza;on problem is defined as �
42
L =I!
i=1
Ci(!Pgi + P g(i))! !I!
i=1
!Pgi
+I!
i=1
µi,max(!Pgi !!Pgmaxi )
+I!
i=1
µi,min(!Pgmini !!Pgi)
+!
l!cl+
"l!Fl +!
l!cl!
#l(!!Fl).
![Page 43: Security of Smart Grids: A Cyber‐Physical Perspecve · Security of Smart Grids: A Cyber‐Physical Perspecve Bruno Sinopoli Assistant Professor Department of ECE Carnegie Mellon](https://reader030.vdocuments.us/reader030/viewer/2022040808/5e4c4628a5e48510d7657638/html5/thumbnails/43.jpg)
Ex‐Post Market (Real Time Market)�
• The nodal price at point j is given by
43
!j = ! +L!
l=1
("l ! #l)$Fl
$Ldj.
![Page 44: Security of Smart Grids: A Cyber‐Physical Perspecve · Security of Smart Grids: A Cyber‐Physical Perspecve Bruno Sinopoli Assistant Professor Department of ECE Carnegie Mellon](https://reader030.vdocuments.us/reader030/viewer/2022040808/5e4c4628a5e48510d7657638/html5/thumbnails/44.jpg)
Profitability
• The nodal loca;onal marginal price (LMP) difference is caused by conges;ons in the transmission line.
• Given two node and , depending on the power distribu;on matrix, we could classify the transmission lines into three categories:
• If no line in ( ) is posi;vely(nega;vely) congested, then the price at will be greater than the price at .
j1 j2
L!, L0, L+.
j1L!L+
j2
![Page 45: Security of Smart Grids: A Cyber‐Physical Perspecve · Security of Smart Grids: A Cyber‐Physical Perspecve Bruno Sinopoli Assistant Professor Department of ECE Carnegie Mellon](https://reader030.vdocuments.us/reader030/viewer/2022040808/5e4c4628a5e48510d7657638/html5/thumbnails/45.jpg)
Profitability
• The aAacker first buy/sell at the day ahead market at loca;on and , units of virtual power, with price . Assume that
• In the Ex‐post market, sell/buy at the same loca;on, with price .
• Manipula;ng the state es;ma;on to ensure:
• The total profit is
!DA1 < !DA
2 .
!1 > !2.
!(!DA
2 ! !DA1 ) + (!1 ! !2)
"" p.
!DA1 , !DA
2
j1 j2 p
!1, !2
![Page 46: Security of Smart Grids: A Cyber‐Physical Perspecve · Security of Smart Grids: A Cyber‐Physical Perspecve Bruno Sinopoli Assistant Professor Department of ECE Carnegie Mellon](https://reader030.vdocuments.us/reader030/viewer/2022040808/5e4c4628a5e48510d7657638/html5/thumbnails/46.jpg)
Attacker’s strategy
46
![Page 47: Security of Smart Grids: A Cyber‐Physical Perspecve · Security of Smart Grids: A Cyber‐Physical Perspecve Bruno Sinopoli Assistant Professor Department of ECE Carnegie Mellon](https://reader030.vdocuments.us/reader030/viewer/2022040808/5e4c4628a5e48510d7657638/html5/thumbnails/47.jpg)
Profitability Gaithersburg ($/MWh) Pittsburgh ($/MWh)
Day Ahead Market Buy at 25 Sell at 30 Ex-Post Market without the Attack
Sell at 20 Buy at 26
Ex-Post Market under the Attack
Sell at 24 Buy at 23
• Without the attack, the attacker could lose 1$/MWh. • With the attack, the attacker gains 6 $/MWh.
![Page 48: Security of Smart Grids: A Cyber‐Physical Perspecve · Security of Smart Grids: A Cyber‐Physical Perspecve Bruno Sinopoli Assistant Professor Department of ECE Carnegie Mellon](https://reader030.vdocuments.us/reader030/viewer/2022040808/5e4c4628a5e48510d7657638/html5/thumbnails/48.jpg)
Conclusion
• Security of cyber‐physical systems is of paramount importance
• Security needs to be integrated with system theory/knowledge
• A science of security for CPS systems needs to be developed
• Small aAacks that run “under the radar” can have serious consequences
48
![Page 49: Security of Smart Grids: A Cyber‐Physical Perspecve · Security of Smart Grids: A Cyber‐Physical Perspecve Bruno Sinopoli Assistant Professor Department of ECE Carnegie Mellon](https://reader030.vdocuments.us/reader030/viewer/2022040808/5e4c4628a5e48510d7657638/html5/thumbnails/49.jpg)
Thank You!�
49
![Page 50: Security of Smart Grids: A Cyber‐Physical Perspecve · Security of Smart Grids: A Cyber‐Physical Perspecve Bruno Sinopoli Assistant Professor Department of ECE Carnegie Mellon](https://reader030.vdocuments.us/reader030/viewer/2022040808/5e4c4628a5e48510d7657638/html5/thumbnails/50.jpg)
Simulation Result�
50
![Page 51: Security of Smart Grids: A Cyber‐Physical Perspecve · Security of Smart Grids: A Cyber‐Physical Perspecve Bruno Sinopoli Assistant Professor Department of ECE Carnegie Mellon](https://reader030.vdocuments.us/reader030/viewer/2022040808/5e4c4628a5e48510d7657638/html5/thumbnails/51.jpg)
Simulation Result�
51
![Page 52: Security of Smart Grids: A Cyber‐Physical Perspecve · Security of Smart Grids: A Cyber‐Physical Perspecve Bruno Sinopoli Assistant Professor Department of ECE Carnegie Mellon](https://reader030.vdocuments.us/reader030/viewer/2022040808/5e4c4628a5e48510d7657638/html5/thumbnails/52.jpg)
Simulation Result�
52