Real-time Situational Awareness of Risk to EDS To Cyber Attack
This activity aims to develop a methodology that takes cyber-physical dependencies of energy delivery infrastructure into account and assesses the risk of cyber-attack induced cascading failures. This task will be executed in collaboration with other CREDC consortium members and will leverage prior work on cyber-physical models of electrical grid, proposed work on stochastic models for cascading failures, and on analysis of cyber-networks that characterize the difficulty of penetrating them sufficiently to cause an attack. Specifically, in the long-term this task aims to provide real-time situational awareness of threat to the system by characterizing “how far or close” a given grid system is to a cyber-induced cascading failure, and how to mitigate this emergency scenario.
The developed methodology will be validated using realistic cyber-physical models and in available CREDC simulation and emulation test-beds.
Energy delivery networks such as the electric grid infrastructure critically depend on underlying cyber infrastructure that is vulnerable to cyber attacks. The resilience of the electric grid infrastructure depends on the integrity and availability of the underlying cyber infrastructure. However, current assessment techniques force separate analysis of physical and cyber components. Due to the complexity of protection mechanisms and varying load conditions, it is non-trivial to understand the impact or compute the consequences of cyber-attacks on critical components. We need (i) accurate models/analysis to identify contingency sequences that lead to catastrophic failures such as cascades, (ii) analysis algorithms to identify pathways that trigger such contingencies through cyber-attacks, (iii) metrics to describe the difficulty of penetrating the cyber network, (iv) means of combining cyber and EDS risk into a metric that is meaningful to an operator, and (v) the ability to do this analysis in real-time. The goal is to develop technology such that when the cyber network vulnerability becomes available in real-time (through IDS, observation, or vulnerability report), the system can make a real-time assessment of the impact of that vulnerability, issue an alert, and (ideally) suggest redemptive action. This activity will leverage emerging work on cyber-physical modeling and analysis of grid infrastructure to assess proximity to “cyber-induced cascading failures” much like tools that try to estimate the proximity of the current system operating point to the stability margins in electric grid analysis. For instance, the framework developed in this work can be used for what if analysis including assessing the impact and likelihood of NESCOR failure scenarios (e.g., Generic.2 scenario).
How does this research activity address the Roadmap to Achieve Energy Delivery Systems Cybersecurity?
The tools and technologies resulting from this work will address the “Assess and Monitor Risk” area of the roadmap by i) providing a framework for assessing vulnerabilities, prioritizing control measures, and means for justifying costs, and ii) providing decision support for security control deployment.
- Exploring Security Metrics for Electric Grid Networks (2017 Industry Workshop)