Abstract
In this chapter, we develop a vision to address challenges in securing the smart grid. Despite recent innovations, grid security remains a critical issue. The infrastructure is highly vulnerable due to its large scale, connectivity, and heterogeneity. Moreover, attacks on cyber-physical systems and the grid have been realized, most notably the attack on the Ukraine power system in 2015. While techniques in cyber security are useful, their implementation is not sufficient to secure the smart grid. Consequently, we advocate for research in cyber-physical system security, an interdisciplinary field which combines tools from both cyber security and system theory. Within this field, we argue that engineers need to develop a framework of accountability comprised of three main research thrusts: (1) the detection of attacks, (2) the attribution of attacks to particular malicious components and devices on the grid, and (3) the resilient design of systems and algorithms to ensure acceptable performance in the presence of malicious behavior. To close, we discuss the need for a unifying language and set of tools to address these problems, as we consider additional research in compositional security.
Keywords
- Smart Grid
- CPS Security
- Ukrainian Power Grid
- SCADA System
- Supervisory Control And Data Acquisition (SCADA)
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Analysis of the cyber attack on the Ukrainian power grid (2016)
R.B. Bobba, K.M. Rogers, Q. Wang, H. Khurana, K. Nahrstedt, T.J. Overbye, Detecting false data injection attacks on DC state estimation, in First Workshop on Secure Control Systems, CPSWEEK (2010)
T. Chen, Stuxnet, the real start of cyber warfare? [editor’s note]. IEEE Netw. 24(6), 2–3 (2010)
A. Datta, S. Kar, B. Sinopoli, S. Weerakkody, Accountability in cyber-physical systems, in Science of Security for Cyber-Physical Systems Workshop (SOSCYPS) (IEEE, 2016), pp. 1–3
D.E. Denning, A lattice model of secure information flow. Commun. ACM 19(5), 236–243 (1976)
H. Fawzi, P. Tabuada, S. Diggavi, Secure estimation and control for cyber-physical systems under adversarial attacks. IEEE Trans. Auto. Control 59(6), 1454–1467 (2014)
D.P. Fidler, Was stuxnet an act of war? decoding a cyberattack. IEEE Secur. Priv. 9(4), 56–59 (2011)
P.M. Frank, Fault diagnosis in dynamic systems using analytical and knowledge-based redundancy: a survey and some new results. Automatica 26(3), 459–474 (1990)
J.A. Goguen, J. Meseguer, Security policies and security models, in 1982 IEEE Symposium on Security and Privacy (IEEE, 1982), pp. 11–20
G. Hug, J.A. Giampapa, Vulnerability assessment of AC state estimation with respect to false data injection cyber-attacks. IEEE Trans. Smart Grid 3(3), 1362–1370 (2012)
H. Khurana, M. Hadley, N. Lu, D.A. Frincke, Smart-grid security issues. IEEE Secur. Priv. 8(1) (2010)
O. Kosut, L. Jia, R.J. Thomas, L. Tong, Malicious data attacks on the smart grid. IEEE Trans. Smart Grid 2(4), 645–658 (2011)
R. Langner, Stuxnet: dissecting a cyberwarfare weapon. IEEE Secur. Priv. 9(3), 49–51 (2011)
Y. Liu, P. Ning, M.K. Reiter, False data injection attacks against state estimation in electric power grids. ACM Trans. Inf. Syst. Secur. (TISSEC) 14(1), 13 (2011)
L. Ljung, System identification (Wiley Online Library, 1999)
W. Lucia, B. Sinopoli, G. Franze, Networked constrained cyber-physical systems subject to malicious attacks: a resilient set-theoretic control approach (2016). arXiv:1603.07984
P. McDaniel, S. McLaughlin, Security and privacy challenges in the smart grid. IEEE Secur. Priv. 7(3) (2009)
Y. Mo, E. Garone, A. Casavola, B. Sinopoli, False data injection attacks against state estimation in wireless sensor networks, in 49th IEEE Conference on Decision and Control (CDC) (IEEE, 2010), pp. 5967–5972
Y. Mo, T.H.J. Kim, K. Brancik, D. Dickinson, H. Lee, A. Perrig, B. Sinopoli, Cyber-physical security of a smart grid infrastructure. Proc. IEEE 100(1), 195–209 (2012)
Y. Mo, B. Sinopoli, Secure control against replay attacks, in 47th Annual Allerton Conference on Communication, Control, and Computing (Allerton) (IEEE, 2009), pp. 911–918
Y. Mo, S. Weerakkody, B. Sinopoli, Physical authentication of control systems: designing watermarked control inputs to detect counterfeit sensor outputs. IEEE Control Syst. Mag. 35(1), 93–109 (2015)
A. Mpitziopoulos, D. Gavalas, C. Konstantopoulos, G. Pantziou, A survey on jamming attacks and countermeasures in WSNs. IEEE Commun. Surv. Tutor. 11(4) (2009)
F. Pasqualetti, F. Dörfler, F. Bullo, Attack detection and identification in cyber-physical systems. IEEE Trans. Autom. Control 58(11), 2715–2729 (2013)
T. Peng, C. Leckie, K. Ramamohanarao, Survey of network-based defense mechanisms countering the DoS and DDoS problems. ACM Comput. Surv. (CSUR) 39(1), 3 (2007)
T. Pultarova, Cyber security-Ukraine grid hack is wake-up call for network operators [news briefing]. Eng. Technol. 11(1), 12–13 (2016)
S.R. Rajagopalan, L. Sankar, S. Mohajer, H.V. Poor, Smart meter privacy: a utility-privacy framework, in 2011 IEEE International Conference on Smart Grid Communications (SmartGridComm) (IEEE, 2011), pp. 190–195
H. Sandberg, A. Teixeira, K.H. Johansson, On security indices for state estimators in power networks, in First Workshop on Secure Control Systems, CPSWEEK (2010)
B. Satchidanandan, P. Kumar, Dynamic watermarking: active defense of networked cyber-physical systems. Proc. IEEE 105(2), 219–240 (2017)
E. Shi, A. Perrig, Designing secure sensor networks. IEEE Wirel. Commun. 11(6), 38–43 (2004)
Y. Shoukry, A. Puggelli, P. Nuzzo, A.L. Sangiovanni-Vincentelli, S.A. Seshia, P. Tabuada, Sound and complete state estimation for linear dynamical systems under sensor attacks using satisfiability modulo theory solving, in American Control Conference (ACC), 2015 (IEEE, 2015), pp. 3818–3823
J. Slay, M. Miller, Lessons learned from the Maroochy water breach, in International Conference on Critical Infrastructure Protection (Springer, 2007), pp. 73–82
G. Smith, On the foundations of quantitative information flow, in International Conference on Foundations of Software Science and Computational Structures (Springer, 2009), pp. 288–302
R.S. Smith, Covert misappropriation of networked control systems: presenting a feedback structure. IEEE Control. Syst. Mag. 35(1), 82–92 (2015)
R. Tan, V. Badrinath Krishna, D.K. Yau, Z. Kalbarczyk, Impact of integrity attacks on real-time pricing in smart grids, in Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security (ACM, 2013), pp. 439–450
A. Teixeira, D. Pérez, H. Sandberg, K.H. Johansson, Attack models and scenarios for networked control systems, in Proceedings of the 1st international conference on High Confidence Networked Systems (ACM, 2012), pp. 55–64
A. Teixeira, I. Shames, H. Sandberg, K.H. Johansson, Revealing stealthy attacks in control systems, in 50th Annual Allerton Conference on Communication, Control, and Computing (Allerton) (IEEE, 2012), pp. 1806–1813
D. Volpano, C. Irvine, G. Smith, A sound type system for secure flow analysis. J. Comput. Sec. 4(2–3), 167–187 (1996)
S. Weerakkody, X. Liu, S.H. Son, B. Sinopoli, A graph-theoretic characterization of perfect attackability for secure design of distributed control systems. IEEE Trans. Control Netw. Syst. 4(1), 60–70 (2017)
S. Weerakkody, Y. Mo, B. Sinopoli, Detecting integrity attacks on control systems using robust physical watermarking, in 53rd Annual Conference on Decision and Control (CDC) (IEEE, 2014), pp. 3757–3764
S. Weerakkody, B. Sinopoli, Detecting integrity attacks on control systems using a moving target approach, in 54th Annual Conference on Decision and Control (CDC) (IEEE, 2015), pp. 5820–5826
S. Weerakkody, B. Sinopoli, A moving target approach for identifying malicious sensors in control systems, in 54th Annual Allerton Conference on Communication, Control, and Computing (IEEE, 2016), pp. 1149–1156. https://arxiv.org/pdf/1609.09043.pdf
S. Weerakkody, B. Sinopoli, S. Kar, A. Datta, Information flow for security in control systems, in 55th Conference on Decision and Control (CDC) (IEEE, 2016), pp. 5065–5072
J. Weimer, S. Kar, K.H. Johansson, Distributed detection and isolation of topology attacks in power networks, in Proceedings of the 1st International Conference on High Confidence Networked Systems (ACM, 2012), pp. 65–72
A.S. Willsky, A survey of design methods for failure detection in dynamic systems. Automatica 12(6), 601–611 (1976)
D. Wu, C. Zhou, Fault-tolerant and scalable key management for smart grid. IEEE Trans. Smart Grid 2(2), 375–381 (2011)
L. Xie, Y. Mo, B. Sinopoli, False data injection attacks in electricity markets, in First IEEE International Conference on Smart Grid Communications (SmartGridComm) (IEEE, 2010), pp. 226–231
Y. Yuan, Y. Mo, Security in cyber-physical systems: controller design against known-plaintext attack, in 54th IEEE Conference on Decision and Control (IEEE, 2015), pp. 5814–5819
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Weerakkody, S., Sinopoli, B. (2019). Challenges and Opportunities: Cyber-Physical Security in the Smart Grid. In: Stoustrup, J., Annaswamy, A., Chakrabortty, A., Qu, Z. (eds) Smart Grid Control. Power Electronics and Power Systems. Springer, Cham. https://doi.org/10.1007/978-3-319-98310-3_16
Download citation
DOI: https://doi.org/10.1007/978-3-319-98310-3_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-98309-7
Online ISBN: 978-3-319-98310-3
eBook Packages: EnergyEnergy (R0)