Professional Documents
Culture Documents
003 Impact Assessment of Credible Contingency and Cyber-Attack On Australian 14-Generator Interconnector Power System
003 Impact Assessment of Credible Contingency and Cyber-Attack On Australian 14-Generator Interconnector Power System
Abstract—This paper analyses the impacts of credible contin- contingency event. All contingencies except credible events
gency and an event of cyber attack on the dynamic performance are referred to non-credible contingency events. Usually, non-
of a real large-scale interconnected power grid. Any credible credible contingencies such as cyber attacks cause unsatisfac-
contingency, for example, short circuit fault or unnatural be-
haviour of protective devices due to cyber intrusion could create tory state within the power system and result load shedding,
catastrophic consequences and even complete blackout to the cascading failure, tripping of motors and generators and mal-
power systems. In order to protect power systems against cyber operation of computers and electronic controls. Immediate
events, it is necessary to analyse the impacts of both faults and control actions are required to maintain the secure operation
cyber attacks on the dynamic behaviour of the power system of the power system.
to identify cyber events from credible contingencies. In this
paper, a simplified model of an Australian 14-generator intercon- The control actions of modern cyber-physical power sys-
nected system is considered as a testbed and MATLAB/Simulink tems (CPS) fully rely on distributed meter measurements and
Simpowersystems Toolbox is used for the analyses. A real-life digital device settings. During power system disturbances,
incident of faults has considered as case study and an event i.e. transmission line faults, the control devices utilize the
of a cyber attack on protection relay function is simulated to measurement data obtained from the Intelligent Electronic
explore the possible similar impacts on the same page. The
systematic analyses of different properties of the system will help Devices (IEDs) and provide action signals to the tripping
to design the detection and counter measure techniques to ensure devices by utilizing user defined control logics. The existing
the system is protected from cyber threats. protection systems are designed to react only with the predeter-
Index Terms—credible contingency, cyber attack, intercon- mined credible contingency events such as faults, but it is not
nected power grid. sufficient enough to defend the non-credible contingencies like
malicious cyber attacks in the grid. Sometimes, the attackers
I. I NTRODUCTION are clever enough to inject malicious switching commands to
A power system is one of the most imperative and complex the circuit breakers and cause simultaneous tripping to the
infrastructures human has ever built. Newer technologies are transmission line. To ensure protection against cyber attacks
being coalesced with the power system to ensure faster, in the power system, it is necessary to develop a robust
economic and reliable operation of the grid. Integration of cyber secured protection system by analyzing the dynamic
automated control devices, interconnected communication net- performance of a real large-scale interconnected power system
works, smart meterings, and advanced energy management during different credible events and cyber attacks.
systems (EMS) added wider monitoring and controlling of the A significant number of research projects have been per-
grid but as aftermath, they have introduced cyber vulnerabili- formed on the stealthiness and detection of False Data In-
ties to the power system. Reports of cyber attacks targeting to jection (FDI) attack in state estimation process of an EMS.
the energy sector are increasing every year and some of them More details of this type of attack constructions and detec-
led the system to complete shutdown, i.e. Ukraine blackout tions are available in [3]. But the detection of these type
2015 [1]. of attacks is limited to only the state estimation process of
The secure operating environment of the power system the power system and unable to ensure the overall security
might be violated by credible or non-credible contingency of the power system. Other type of cyber attacks like replay
events. According to the Australian Energy Market Commis- attack, DoS attack, data integrity attacks are also possible in
sion (AEMC), natural events such as single or double phase power systems. The data acquisition rate in present SCADA
faults in the transmission line, loss of single generator from system is also very slow. (once in every 2s to 10s). But, the
the grid are considered as credible contingencies [2]. In most invention of the Phasor Measurement (PMU) has solved the
cases, secure power systems are designed to withstand single low data rate (120 samples per second). Again, this PMU is
Authorized licensed use limited to: Macquarie University. Downloaded on November 10,2020 at 04:02:28 UTC from IEEE Xplore. Restrictions apply.
5) Remote tripping command injection: This attack is also
an integrity attack especially targeted to the digital
protective devices (CBs) so that the CBs start operat-
ing from an outside source other than the relay trip
command. This type of attack can destroy the rotating
physical components of the grid.
6) False Data injection (FDI) attack: In the FDI attack, the
attacker compromises the valid system measurements
and digital relay configurations to obtain wrong system
states and completely disable the relay function in the
time of emergency.
7) Denial of Service (DoS) attack: This type of attack
overwhelms a system’s communication resources so that
the system becomes unresponsive to service requests. As
a result the control center loses the availability of the
monitored information and fails to decide proper control
actions.
C. Relay Functionality
In the modern power system protective functionality, the
PMU measurement data are collected and processed in the
Phasor Data Concentrator (PDC), then send it to the relay for
taking operational decisions. The transmission line currents
could vary from zero to a very high level depending on the
operational situations. In the normal operation period, currents
vary from zero to the rated value. At the initial stage of
the faults and overloading situations currents remain in the
warning zone. But, if the fault is not cleared in time, the
fault current grows and crosses the threshold limit. Different
Fig. 1: Simplified Model of SE Australian Power System
threshold limits for protective relay operation could be math-
ematically defined as:
IHigh ,
I T H ≤ IR
1) Short circuit faults: Short circuit faults are common
IR = IW arning , IN ≤ IR < IT H
contingencies of power systems. Single line to ground
IN ormal , 0 ≤ IR < IN
(SLG), double line to ground (DLG) and three phase
to ground (LLLG) faults are occurred when a short In this paper, a single-phase over-current relay is designed
circuit in the line appears due to natural disasters like which operates if the phase current exceeds the predetermined
lightening. Voltages and currents change abruptly during current threshold setting i.e. IT H . The threshold limit is taken
faults and unstabilize the system if not removed on time. 200% of the rated current which complied with the practical
2) Integrity attack: The false command injection attack is range of the relay setting (50% to 200%) [13]. If the current
a form of integrity attack where an attacker alter the IW arning stays longer than certain limit the relay will also
control logics of a digital relay or change the relay trip the CB.
settings so that the protective devices operate wrongly.
3) Man-in-the-middle attack: In this case, an attacker acts III. S IMULATION R ESULTS
as a middleman between two parties for example, the In order to analyze the system dynamic performance during
information log and the actuating devices. Then two credible events and cyber attacks, the simplified model of
parties believe that they are communicating each other SE Australian power system model is designed in MAT-
but in reality their communication is controlled by the LAB/Simulink by utilizing SimPowerSystems toolbox. First,
attacker. symmetrical and asymmetrical faults are applied in the QN
4) Replay attack: The attacker gains access to the commu- interconnectors and the system dynamic performances are
nication network and store the system parameters such evaluated. Secondly, a random switching attack which alters
as voltages, currents, sequence components etc. during the CBs’ tripping command frequently is applied in the QN
disturbances. While initiating an attack, the attacker interconnectors. The switching time period of the malicious
simply replays those previously occurred disturbance tripping injection is chosen as 1 s. Two types of switching
data to deceive the operator for initiating unnecessary attacks are illustrated. One attack is targeted to the single
control actions. phase circuit breaker and another attack is targeted to the three
Authorized licensed use limited to: Macquarie University. Downloaded on November 10,2020 at 04:02:28 UTC from IEEE Xplore. Restrictions apply.
phase circuit breaker. Ideal relay operation is considered for
the tripping of the circuit breakers during abnormal behaviors
of the system dynamics.
(a) (b)
(a) (b)
(c) (d)
Fig. 2: System Response: (a) Different phase currents in relay,
(b) Overall system frequency, (c) Active power flow in QNI,
and (d) Active power flow in VSAI during single phase fault (c) (d)
in phase A of QNI.
Authorized licensed use limited to: Macquarie University. Downloaded on November 10,2020 at 04:02:28 UTC from IEEE Xplore. Restrictions apply.
the phase currents fluctuated at intolerable oscillation rate. events. Relay currents, overall system frequency and power
The overall system frequency oscillates more than 0.2% and flows in the interconnectors are considered as key parameters
decreases gradually (figure 4b). The power flow in the VSA to analyze the dynamic performance of the system. Ideal
Interconnectors changes from 300 MW to 720 MW (figure over-current relays are considered as protective devices. The
4d), whereas the steady state power flow limit is 500 MW. As research outcomes demonstrate the severity of cyber attacks in
random switching signals are injected to the circuit breakers, the power grid than the credible contingencies. The dynamic
the system will experience abnormal harmonics in the system. behavior of the system parameters also show distinct patterns
for credible events and cyber attacks.
2) Random Switching Attack in Three Phase Breaker: In Though only one type of cyber attacks is considered in this
this section, it is considered that the attacker is able to inject paper, there are unbounded number of possible cyber attacks
malicious tripping signals to the three phase circuit breaker. in the power system. The future scope will extend the work to
From the figure 5a to 5d, it is clear that the situation is worst analyze the harmonics of the fault current as a parameter to
among all the situations described in the earlier sections. The detect the event of cyber attack and distinguish it from credible
phase currents are fluctuating from zero to 4000 ampere, the contingency events, and to some extent determine the possible
system frequency lost its synchronism and the power flows are counter measures.
very inconsistent in the interconnectors. Immediate detection
R EFERENCES
and mitigation actions are required for these type of system
contingencies to protect the power system from complete [1] G. Liang, S. R. Weller, J. Zhao, F. Luo, and Z. Y. Dong, “The 2015
Ukraine Blackout: Implications for False Data Injection Attacks,” IEEE
blackout. Transactions on Power Systems, vol. 32, no. 4, pp. 3317–3318, 2017.
[2] AEMC. [Online]. Available: https://www.aemc.gov.au/energy-
system/electricity/electricity-system/security
[3] G. Liang, J. Zhao, F. Luo, S. R. Weller, and Z. Y. Dong, “A Review
of False Data Injection Attacks Against Modern Power Systems,” IEEE
Transactions on Smart Grid, vol. 8, no. 4, pp. 1630–1638, 2017.
[4] T. Morris, S. Pan, J. Lewis, J. Moorhead, N. Younan, R. King,
M. Freund, and V. Madani, “Cybersecurity risk testing of substation
phasor measurement units and phasor data concentrators,” Proceedings
of the Seventh Annual Workshop on Cyber Security and Information
(a) (b) Intelligence Research - CSIIRW ’11, no. October, p. 1, 2011.
[5] U. Adhikari, T. Morris, and S. Pan, “WAMS Cyber-Physical Test
Bed for Power System, Cybersecurity Study, and Data Mining,” IEEE
Transactions on Smart Grid, vol. 8, no. 6, pp. 2744–2753, 2017.
[6] U. Adhikari, T. H. Morris, and S. Pan, “Applying hoeffding adaptive
trees for real-time cyber-power event and intrusion classification,” IEEE
Transactions on Smart Grid, vol. 9, no. 5, pp. 4049–4060, Sept 2018.
[7] S. Pan, T. Morris, and U. Adhikari, “Developing a hybrid intrusion de-
(c) (d) tection system using data mining for power systems,” IEEE Transactions
on Smart Grid, vol. 6, no. 6, pp. 3104–3113, Nov 2015.
[8] M. S. Rahman, H. R. Pota, and M. J. Hossain, “Cyber vulnerabilities
on agent-based smart grid protection system,” IEEE Power and Energy
Society General Meeting, vol. 2014-Octob, no. October, 2014.
[9] M. S. Rahman, M. A. Mahmud, A. M. T. Oo, and H. R. Pota,
“Multi-Agent Approach for Enhancing Security of Protection Schemes
in Cyber-Physical Energy Systems,” IEEE Transactions on Industrial
Informatics, vol. 13, no. 2, pp. 436–447, 2017.
(e) [10] A. F. Taha, J. Qi, J. Wang, and J. H. Panchal, “Risk mitigation for
dynamic state estimation against cyber attacks and unknown inputs,”
Fig. 5: System Response: (a) Different phase currents in relay, IEEE Transactions on Smart Grid, vol. 9, no. 2, pp. 886–899, 2018.
(b) Overall system frequency, (c) Active power flow in QNI, [11] AEMO, “Preliminary Report- Quensland and South Australia
system separation on 25th August 2018,” no. September. [Online].
(d) Active power flow in VSAI, and (e) Random switching Available: https://www.aemo.com.au/Electricity/National-Electricity-
attack signals generated by the attacker during random three Market-NEM/Market-notices-and-events/Power-System-Operating-
phase switching attack in QN Interconnectors. Incident-Reports
[12] M. Gibbard and D. Vowles, “Simplified 14-Generator Model of the SE
Australian Power System,” (The University of Adelaide), pp. 1–45, 2010.
[13] M. S. Almas, R. Leelaruji, and L. Vanfretti, “Over-current relay model
IV. C ONCLUSION implementation for real time simulation amp;amp; hardware-in-the-loop
(hil) validation,” in IECON 2012 - 38th Annual Conference on IEEE
The dynamic performance of a real large-scale inerconnec- Industrial Electronics Society, Oct 2012, pp. 4789–4796.
tor system is simulated and analyzed for credible contingency
events and cyber attacks on a simplified model of Australian
14-Generator Interconnected Power System. Two physical
events, single phase to ground faults and three phase faults
are considered as credible contingency events and random
malicious tripping command injection in single phase and
three phase circuit breaker are considered as cyber attack
Authorized licensed use limited to: Macquarie University. Downloaded on November 10,2020 at 04:02:28 UTC from IEEE Xplore. Restrictions apply.