Cyber-Physical Attack-Resilient Wide-Area Monitoring, Protection, and Control for the Power Grid

Abstract

Cybersecurity and resiliency of wide-area monitoring, protection, and control (WAMPAC) applications is critically important to ensure secure, reliable, and economical operation of the bulk power system. WAMPAC relies heavily on the security of measurements and control commands transmitted over wide-area communication networks for real-time operational, protection, and control functions. The current “N–1” security criterion for grid operation is inadequate to address malicious cyber events; therefore, it is important to fundamentally redesign WAMPAC and to enhance energy management system applications to make them attack resilient. In this paper, we present three key contributions to enhance the cybersecurity and resiliency of WAMPAC. First, we describe an end-to-end attack-resilient cyber–physical security framework for WAMPAC applications encompassing the entire security life cycle including risk assessment, attack prevention, attack detection, attack mitigation, and attack resilience. Second, we describe a defense-in-depth architecture that incorporates attack resilience at both the infrastructure layer and the application layer by leveraging domain-specific security approaches at the WAMPAC application layer in addition to traditional cybersecurity measures at the information technology infrastructure layer. Third, we discuss several attack-resilient algorithms for WAMPAC that leverage measurement design and cyber–physical system model-based anomaly detection and mitigation along with illustrative case studies. We believe that the research issues and solutions identified in this paper will open up several avenues for research in this area. In particular, the proposed framework, architectural concepts, and attack-resilient algorithms would serve as essential building blocks to transform the “fault-resilient” grid of today into an “attack-resilient” grid of the future.