Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
M. FASCHANG1// [email protected] // C. SEITL1// [email protected] // F. KUPZOG1// [email protected] // D. UMSONST2// [email protected] // B. KANG3// [email protected] // 1 AIT Austrian Institute of Technology GmbH, Center for Energy, Electric Energy Systems, Tech Base Vienna, Austria. 2 KTH Royal Institute of Technology, Stockholm, Sweden 3 Queen‘s University Belfast, Northern Ireland, UK SPARKS MULTI-STAGE CYBER-ATTACK AND COUNTERMEASURE DEMONSTRATION ABSTRACT – Remotely operated Smart Grid components such as photovoltaic (PV) and battery inverters, electric vehicle (EV) supply equipment, or wind generators introduce new vulnerabilities that could be exploited by attackers. One such attack scenario has recently been presented in the AIT SmartEST laboratory as described below. Through a man-in-the-middle attack to the 61850 communication, a set of simulated and one real PV inverter are forced into unstable situation and start oscillating. By a follow-up attack, the inverters disconnect due to a maliciously created overvoltage situation. A centralized SCADA intrusion detection system (IDS) and decentralized implemented resilient controllers (RC) – developed in the SPARKS project (https://project-sparks.eu) – are able to successfully counteract the demonstrated attacks. ATTACK SCENARIO Central COUNTERMEASURES IDS Low voltage distribution grid central controller distributed PV systems 61850 based Q(U) set-points PV System RC RC PV System Attacker‘s goals violation of supply system limits destabilisation of supply system Communication Devices in the field Man-in-the-middle (MITM) attack on plain 61850 MMS packets sniffing voltage measurements modifying Q(U) set-points RC PV System LABORATORY PHIL SET-UP Communication System Simulator (NRL Core) SCADA | WAN | Field 61850 Stack C IDS Att. Laboratory Domain Lab link middleware Simulation Domain Smart Low Voltage Grid Controller RC RC PV PV 61850 Stack Distribution Grid Simulator (DIgSILENT PowerFactory) RC - Rule 1 Resilient Controller (RC) rule-based local (at PV site) decision making RC Rule 1 „Voltage Prediction“ estimation of set-points effects by Thevenin equivalent & local droop law RC Rule 2 „Critical Gain“ assessment of droop law‘s gain limitation of effective gain k to kcrit Reactive Power 𝑄0 Intrusion Detection System (IDS) monitoring traffic in application layer Muliti-attribute Detection white/balcklist, known signatures state-full analysis and anomaly detection Alerts to Resilient Controller additional information for better RC reactions RC - Rule 2 Voltage 𝑉0 k ≤ kcrit to avoid oscillation Laboratory set-up Power-hardware-in-the-loop (PHIL) integration of PV inverter in distribution grid simulation Man-in-the-middle attacker integration in TCP/IP communication system simulation IDS and RC implementation Real/physical entities 2.5 kVA single phase PV inverter (SunSpec) PV Inverter Power Amp. IEC61850/SunSpec gateway IEC61499-impl. Smart Low Voltage Grid controller Spitzenberger & Spies power amplifier local load and line impedance G SCADA … Supervisory Control & Data Akquisition WAN … Wide Area Network PV … Photovoltaic Inverter IDS … Intrusion Detection System RC … Resilient Controller Simulated entities small rural distribution grid (20 households, 13 PV) TCP/IP communication grid (SCADA ↔ WAN ↔ Field) DEMONSTRATION OF CYBER-ATTACKS AND COUNTERMEASURES Attacker changes set-points to modify the inverters‘ characteristics Attack 1: infinite gain Q(U) Attack 2: flipped Q(U) curve Q(U) characteristics Reactive Power 𝑄0 Measured effects typical attack 1 attack 2 𝑉0 Voltage Before first attack regular Q(U) characteristic deadband at Unom ± 4% Voltage supporting Q(U) Set Curve 1,00 Nominal Reactive Power Attacks Measured Curve 0,67 0,33 0,00 -0,33 -0,67 -1,00 0,9 0,95 1 1,05 Nominal Grid Voltage 1,1 Intrusion Detection System 232,0 0,25 231,4 0,00 230,8 -0,25 230,2 -0,50 229,6 -0,75 229,0 -1,00 228,4 0 5 CONCLUSION Centralized (IDS) and decentralized (RC) countermeasures able to protect the attacked system Best protection through combined RC+IDS approach and resilient fall-back Encryption of remote commands crucial as basic cyber-attack prevention Trade-off between configuration freedom and protection of field devices Nominal Power Active Power 10 15 20 Time (sec) 25 30 Reactive Power 35 Grid Voltage 1,0 253,0 0,8 252,6 0,6 252,2 0,4 251,8 0,2 251,4 0,0 251,0 -1 0 1 2 3 Time (sec) m!unow - mlunow EU FP7 Programme Contract No. 608224 4 Grid Voltage (V) 0,50 -5 After second MITM-attack inverter with malicous Q(U) characteristic: flipped curve no more Q(U) voltage support further increase of high voltage voltage limit violation autom. inverter disconnection Grid Voltage 5 6 Grid Votlage (V) After first MITM-attack inverters with malicous Q(U) characteristic: infinite gain unstable, oscillating behaviour ΔQ oscillation 0.75 p.u. ΔU oscillation ~2.0 Vpp Nominal Reactive Power Reactive Power