With sufficient resources, attackers might be able to intrude into multiple substation-level networks of the supervisory control and data acquisition (SCADA) system and send fabricated commands to ...the local field devices. In this paper, cyberattacks against the SCADA system in the substations of the power system are modeled by a modified semi-Markov process (SMP). The optimal allocation of offensive and defensive resources is modeled as a Colonel Blotto game, and the probabilities of successful cyberattacks on 24 substations are calculated. With the optimal allocated resources, the mean time-to-compromise (MTTCs) of cyberattacks on each substation are calculated, and the loss of load probabilities (LOLP) and expected energy not supplied (EENS) are estimated with the IEEE reliability test system 79 (RTS79). When more offensive or less defensive resources are allocated to the targets, the probabilities of breaker trips resulted by the cyber attacks are increased, less MTTCs are needed on each substation and the power system becomes less reliable.
The measurement data collected from the supervisory control and data acquisition (SCADA) system installed in distribution network can reflect the operational state of the network effectively. In this ...study, a random matrix theory-based approach is developed for early anomaly detection and localisation by using the data. For every feeder in the distribution network, a corresponding data matrix is formed. Based on the Marchenko–Pastur law for the empirical spectral analysis of covariance ‘signal+noise’ matrix, the linear eigenvalue statistics are introduced to indicate the anomaly, and the outliers and their corresponding eigenvectors are analysed for locating the anomaly. As for the low observability feeders in the distribution network, an increasing data dimension algorithm is designed for the formulated low-dimensional matrices being more accurately analysed. The developed approach can detect and localise the anomaly at an early stage, and it is robust to random disturbance and measurement error. Cases on Matpower simulation data and real SCADA data corroborate the feasibility of the approach.
The ever increasing size of wind turbines and the move to build them offshore have accelerated the need for optimised maintenance strategies in order to reduce operating costs. Predictive maintenance ...requires detailed information on the condition of turbines. Due to the high costs of dedicated condition monitoring systems based on mainly vibration measurements, the use of data from the turbine supervisory control and data acquisition (SCADA) system is appealing. This review discusses recent research using SCADA data for failure detection and condition monitoring (CM), focussing on approaches which have already proved their ability to detect anomalies in data from real turbines. Approaches are categorised as (i) trending, (ii) clustering, (iii) normal behaviour modelling, (iv) damage modelling and (v) assessment of alarms and expert systems. Potential for future research on the use of SCADA data for advanced turbine CM is discussed.
In Part I of this two-part paper, we introduce several possible methods for integrating wind power, price-responsive demand and other distributed energy resources (DERs). These methods differ with ...respect to information exchange requirements, computational complexity, and physical implementability. A novel look-ahead interactive dispatch that internalizes inter-temporal constraints at the DERs level, and dispatches the results of distributed decisions subject to spatial security constraints, is proposed as a possible effective algorithm. This method requires only the use of today's static security-constrained economic dispatch (SCED) by the system operators. The optimization accounting for inter-temporal constraints, and ramping rates in particular, is done by the DERs while they create their own supply and demand functions. To implement this method, today's supervisory control and data acquisition (SCADA) needs to be transformed into a multi-directional, multi-layered information exchange system.
Given the present geopolitical scenario and global energy crisis, there is a growing demand to cut energy use, particularly in industry. The glass package manufacturing business has been severely hit ...by the rise in energy prices in recent years, and most likely this trend will continue. There is a lack of instruments for effiectively anticipating furnace usage when it comes to managing the infrastructure's energy expenditure in the glass industry, which is the case of the BA Glass Avintes company. Because the furnaces are the key energy expenditure source in the plant, getting a thorough understanding of their energy consumption is an important step towards making educated decisions. The purpose of this study is to undertake a detailed analysis of gas and electricity usage for the three furnaces at the BA Glass Avintes facility using data obtained from PowerStudio SCADA. It was investigated which regression model produced the best accurate results when precisely adjusted to the BA Glass Avintes shop-floor setting. The findings indicate that linear regression models may not be appropriate for this application, however tree-based methods, notably the decision tree model, provide promising outcomes. Furthermore, for increased model performance, the study emphasises the necessity of a bigger training dataset and a shorter prediction interval.
Supervisory control and data acquisition (SCADA) systems are widely used for industrial control of critical infrastructures, such as power plants and manufacturing systems. There is abundant evidence ...of SCADA systems being subject to cyberattacks. With increasing interest in industrial digitization, the cybersecurity of SCADA systems is poised to be even more important. Equipment faults and cyberattacks can manifest themselves in a similar fashion, i.e., they can exhibit similar signatures. This article focuses on methods that are capable of distinguishing equipment faults from bona fide cyberattacks. Especially, we consider a relatively sophisticated form of cyberattack known as the "replay attack" (RA). We derive mathematical formalisms that distinguish the RA from several classes of equipment faults and verify our methodology through an extensive numerical study. Note to Practitioners -This article is motivated by the problem of detecting replay cyberattacks in industrial control systems and differentiating it from equipment faults. Existing approaches mainly focus on the detection aspect but usually ignore the importance of differentiation. We an ensembled statistical process monitoring approach based on five statistical metrics. The statistical metrics are derived based on a theoretical analysis that shows the data characteristics under each system anomaly, including replay attack (RA), controller fault, and plant fault. We mathematically prove that the signatures generated by the derived metrics can be used to differentiate an RA from the equipment faults. We conduct a sensitivity analysis of the detection delay of our method regarding the magnitude of the cyberattack. Physical experiments on a rotating machinery setup show that the proposed approach applies to some simple real-world settings. In future research, we will address the scalability issue of our method as well as more generalized nonlinear system settings.
Supervisory Control and Data Acquisition (SCADA) systems are a core part of industrial systems, such as smart grid power and water distribution systems. In recent years, such systems become highly ...vulnerable to cyber attacks. The design of efficient and accurate data-driven anomaly detection models become an important topic of interest relating to the development of SCADA-specific Intrusion Detection Systems (IDSs) to counter cyber attacks. This paper proposes two novel techniques: (i) an automatic identification of consistent and inconsistent states of SCADA data for any given system, and (ii) an automatic extraction of proximity detection rules from identified states. During the identification phase, the density factor for the k-nearest neighbours of an observation is adapted to compute its inconsistency score. Then, an optimal inconsistency threshold is calculated to separate inconsistent from consistent observations. During the extraction phase, the well-known fixed-width clustering technique is extended to extract proximity-detection rules, which forms a small and most-representative data set for both inconsistent and consistent behaviours in the training data set. Extensive experiments were carried out both on real as well as simulated data sets, and we show that the proposed techniques provide significant accuracy and efficiency in detecting cyber attacks, compared to three well-known anomaly detection approaches.
Intrusion detection in real-time systems is a problem without a profound solution. In supervisory control and data acquisition (SCADA) systems the absence of a defence mechanism that can cope with ...different types of intrusions is of great importance. False positive alarms or mistakes regarding the origin of the intrusion mean severe costs for the system. An integrated one-class support vector machine (OCSVM) mechanism that is distributed in a SCADA network is presented, as a part of an intrusion detection system, providing accurate information about the origin and the time of an intrusion. The module reads the network traffic, splits traffic according to the source of the packets and creates a cluster of OCSVM models. These trained models run in parallel and can accurately and fast recognise different types of attacks.
The increased interconnectivity and complexity of supervisory control and data acquisition (SCADA) systems in power system networks has exposed the systems to a multitude of potential ...vulnerabilities. In this paper, we present a novel approach for a next-generation SCADA-specific intrusion detection system (IDS). The proposed system analyzes multiple attributes in order to provide a comprehensive solution that is able to mitigate varied cyber-attack threats. The multiattribute IDS comprises a heterogeneous white list and behavior-based concept in order to make SCADA cybersystems more secure. This paper also proposes a multilayer cyber-security framework based on IDS for protecting SCADA cybersecurity in smart grids without compromising the availability of normal data. In addition, this paper presents a SCADA-specific cybersecurity testbed to investigate simulated attacks, which has been used in this paper to validate the proposed approach.
Vulnerability assessment is a requirement of NERC's cybersecurity standards for electric power systems. The purpose is to study the impact of a cyber attack on supervisory control and data ...acquisition (SCADA) systems. Compliance of the requirement to meet the standard has become increasingly challenging as the system becomes more dispersed in wide areas. Interdependencies between computer communication system and the physical infrastructure also become more complex as information technologies are further integrated into devices and networks. This paper proposes a vulnerability assessment framework to systematically evaluate the vulnerabilities of SCADA systems at three levels: system , scenarios , and access points . The proposed method is based on cyber systems embedded with the firewall and password models, the primary mode of protection in the power industry today. The impact of a potential electronic intrusion is evaluated by its potential loss of load in the power system. This capability is enabled by integration of a logic-based simulation method and a module for the power flow computation. The IEEE 30-bus system is used to evaluate the impact of attacks launched from outside or from within the substation networks. Countermeasures are identified for improvement of the cybersecurity.