Embed Size (px)
DESCRIPTION
On Security Indices for State Estimators in Power Networks. Henrik Sandberg, André Teixeira, and Karl Henrik Johansson Automatic Control Lab, ACCESS Linnaeus Center Royal Institute of Technology, Stockholm, Sweden. VIKING. First Workshop on Secure Control Systems April 12 th , 2010. - PowerPoint PPT Presentation
Citation preview
On Security Indices for State Estimators in Power Networks
Henrik Sandberg, André Teixeira, and Karl Henrik Johansson
Automatic Control Lab, ACCESS Linnaeus CenterRoyal Institute of Technology, Stockholm, Sweden
First Workshop on Secure Control SystemsApril 12th, 2010
Northeast U.S. Blackout of 2003• August 14th, 2003: 55 million people affected• One plant in Ohio offline during peak hour )
Cascading failure ) Over 100 plants shut down• Software bug in state estimator stalled alarm systems
for over an hour• Incorrect state estimate can have serious
consequences
SCADA Systems and False-Data Deception Attacks
• SCADA/EMS systems used to monitor and control power networks
• Sampling frequency ¼ 1/min• Redundant power flow and
voltage measurements (zi)
• State estimator used to obtain accurate state information at all times, and to identify faulty equipment.
(SCADA/EMS = Supervisory Control and Data Acquisition/Energy Management Systems)
Attacker Model and Bad Data Detection in Control Center
• Intelligent attacker can find attacks a that do not trigger alarms in the Bad-Data Detector (BDD) [Liu et al., 2009]
• But can we measure how difficult it is to perform such attacks?
• Steady-state models:
• WLS-Estimates of bus phase angles i (in vector ):
• Linear approximation:
Power Network and Estimator Models
Bad-Data Detection and Undetectable Attacks
• The “hat matrix” K:
• Bad-Data Detection triggers on anomalies in the residual
• False-data deception attacks [Liu et al., 2009]:
• The attacker has a lot of freedom in the choice of attack vector a! Which a are more likely to be applied?
• Measures of “least-effort attacks” on measurement zk
• Large indices k and k ) It requires a large coordinated attack involving many sensors and large elements in a to attack zk ( i|ai|¸ k|ak|)
• More generally:
The New Security Indices k and k
Example of the Index k
• Attack vectors corresponding to k:
• Compare with the hat matrix:
IEEE 14-bus Network
IEEE 14-bus Network (cont’d)
• Hat-matrix-based heuristics (•) misleading when it comes to judging sparsity of attacks (k)
• Heuristic OK to estimate size of elements in a (k)
(ο) k upper bound(•) rk
1:=#{|Kik /Kkk|¸0.33}
(ο) k (•)
IEEE 14-bus Attack Vectors (z16)
Conclusions• Security of state estimators has not been much
studied before• Two security indices (k,k) introduced here
• Can be used to locate measurements that are relatively easy to attack
• The hat matrix K can be misleading with respect to security of measurements
• Efficient computation of k? How to re-design system to maximize the indices?
References
•
•
•
4-Bus Example
• Hat matrix:
• Many non-zero elements in rows ) Large measurement redundancy (except z4)
• z1, z2, z3, z5 have lots of redundancy. But are they all hard to attack? No!
Attack Synthesis for Measurement zk
• When p=2, the columns of scaled hat matrix (R=I) gives the solution [Teixeira et al., 2010]:
• This study: Sparse attacks a more likely, since they involve fewer sensors. Study p=0 and p=1
Some Possible Extensions
• Increase risk of detection with
• Multiple attack goals
• Sensitivity matrix S=I-K• Lagrange multipliers and location of encryption
devices?
