Modeling Security Risk to and Resiliency of EDS Using Software-Defined Networks and Robust Networked Control Systems

Activity Leads: 
Industry Collaborators: 
  • Accenture Technology Labs
  • MidAmerican Energy
Summary Statement: 

We will formally model risk assessment and network diversity to assess the resiliency of EDS against zero-day attacks. The risk assessment model will quantify the impact of the various attack paths on EDS. We will also propose an EDS network-diversity metric based on the configurations and policies of various resources. The security metric will be computed for different network configurations and policies and will consider the similarity and dissimilarity of network resources and account for minimum impact to maximum impact attacks. The metric will be useful for evaluating the impact of different classes of cyber attacks. The risk assessment and network diversity model will be implemented within an OpenFlow controller. The OpenFlow controller will monitor networking resources in EDS networks. In case of an attack, the architecture will rely heavily on the risk assessment model to select a resilient mitigation approach, taking into account resiliency requirements of the cyber physical system. The risk assessment model will classify attacks in terms of how severely they will impact the cyber physical system’s operation. The model will also quantify the security posture of the cyber physical network at any given time.

We propose to address FDI detection problem in SDN-enabled EDS based on a multi-agent system and develop a quarantine service with SDN technology to achieve autonomous attack containment during such an attack. We will logically partition the SDN-enabled EDS into multiple sub-systems, each comprising a substation and other substations directly connected to it through network of SDN switches. Software-based agents in each substation will communicate with each other. The agents facilitate exchange of meter measurements among substations that are included in each subsystem. Each agent can perform local state estimation for its sub-system. In the absence of FDI attacks, state estimation results at each sub-system are identical to state estimation results for the whole grid. However, in the presence of FDI attacks, compromised measurements can evade bad data detectiontechniques during state estimation for the whole grid. State estimation performed at each sub-system is used to analyze the compromised measurements and identify disparities. Risk scores will be computed to quantify the impact of a FDI attack. We will develop the quarantine service that will take into account the risk scores and network configurations to isolate the impacted portions of the power grid and ensure operational of the power grid with minimal impact.

Energy Delivery System (EDS) Gap Analysis: 

We will develop security risk assessment capability within a SDN controller to compute risk scores for both known and zero day attacks in EDS. The availability of risk scores will result in the SDN controller choosing mitigation policies, in response to attack or failure, which balance between security risk and operation cost. We will also develop diversity modeling using distributed SDN controllers to mitigate against attacks on the SDN control plane. We will develop a quarantine service with SDN technology to achieve autonomous attack containment during FDI attack.

Reference the research activity fact sheet (PDF) for an extended gap analysis and bibliography.

How does this research activity address the Roadmap to Achieve Energy Delivery Systems Cybersecurity?
This activity falls under “Assess and Monitor Risk” and “Develop and Implement New Protective Measures to Reduce Risk”. There is a need to understand and quantify cybersecurity risk EDS. In our activity, we develop risk assessment models to quantify cyber threats in smart grid. The deployment of the risk assessment models in SDN switches will facilitate continuous monitoring of risk and selection of network configurations to mitigate risk. The ability to detect and quarantine false data injection attacks provides mechanisms to reduce the risk from threats which compromise the integrity of measurements in the smart grid.

Status of Activity: 
Active