INSE 6640: Smart Grids and Control System

Security

Lecture 10 - Cyber-Attacks against State Estimation in Smart

Grid
Prof. Walter Lucia

Fall 2020
Fall 2020 1 / 55
Outline

1 Securing Smart Grids: Goal and Threats

2 Traditional IT Security & CPS

3 Adversary Models vs Defender Model

4 3D Modeling of Attacks in Networked CPS

5 Stealthy Attack Against State Estimation in Smart Grids

Fall 2020 2 / 55
Securing Smart Grids: Goal and Threats

Fall 2020 3 / 55
Securing CPS (1/2)

• Devices embedding a physical component, communication

capabilities and computational power are referred as
Cyber-Physical Systems (CPS).
• Smart Grids are an example of CPS. We can abstract CPS as
Networked Control Systems subject to cyber-attacks on the
communication channels

Fall 2020 4 / 55
Securing CPS (2/2)

• The Controller must be capable of ensuring that the operational

goals are met regardless of the presence of malicious parties
attacking the cyber infrastructure
Fall 2020 5 / 55
Traditional IT Security & CPS

Fall 2020 6 / 55
Traditional IT Security & CPS (1/4)

• Information Security is the practice of preventing unauthorized

access, use, disclosure, disruption, modification, inspection,
recording or destruction of information.
• Traditionally, Information security’s primary focus is the balanced
protection of the confidentiality, integrity and availability of
data (also known as the CIA1 triad)

1
*M. Bishop, Computer Security, Art and Science, Addison-Wesley, 2013
Fall 2020 7 / 55
Traditional IT Security & CPS (2/4)
• Confidentiality refers to the ability to keep information secret
from unauthorized users. A lack of confidentiality results in
disclosure of information.
• Confidentiality in CPS must prevent an adversary from inferring
information/data related to the physical/controller system (Plant
Model/ Controller algorithm) by eavesdropping on the
communication channels between the sensors and the controller,
and between the controller and the actuator.

Fall 2020 8 / 55
Traditional IT Security & CPS (3/4)

• Integrity refers to the trustworthiness of data or resources. A lack

of integrity results in deception: when an authorized party
receives false data and believes it to be true.
• Integrity in CPS can be viewed as the ability to maintain the
operational goals by preventing, detecting, or surviving deception
attacks in the information sent and received by the sensors, the
controllers, and the actuators.

Fall 2020 9 / 55
Traditional IT Security & CPS (4/4)
• Availability refers to the ability of a system/data of being
accessible and usable upon demand. Lack of availability results in
denial of service (DoS).
• Availability in CPS is therefore the capability of maintaining the
operational goals by preventing or surviving DoS attacks to the
information transmitted by the sensors and controller
• The strong real-time requirement of many CPS introduces new
challenges.
• A minor DoS event for an enterprise networks might be a major
event for CPS, i.e. producing irreparable damages to the system
and entities around it

Fall 2020 10 / 55
Defender Model

Fall 2020 11 / 55
Defender Model: Controller+Detector
• The defender is represented by the Controller module (Controller
Logic + State Estimator) plus an anomaly Detector module2 ;
• Separation of roles:
• The Detector implements an anomaly detection algorithm (policy)
to understand if a cyber attacks is affecting the communication
channels
• The Controller implement a logic capable of ensuring that the plant
can meet the operational goals (stability, tracking of a reference,
etc)

2
this is the basic setup, other architectures can be considered
Fall 2020 12 / 55
Available Information in a Feedback Control System

The sets of information describing the feedback control scheme:

P, F, D
• P =information set describing the Plant behavior
• F =information set describing the Controller policy
• D =information set describing the Detector rules

Fall 2020 13 / 55
Adversary Models

Fall 2020 14 / 55
Attacker’s Objective

• The attacker goal is to steer the plant state within the region or
unacceptable performance/danger.
• The attacker wants to remain undetected (stealthy)

Fall 2020 15 / 55
Attacker’s available information

• P̂ =information available on the Plant P

• F̂ =information available on the Controller C
• D̂ =information available on the Detector D

The hat symbol ˆ· denotes that the attacker might have a complete or
partial understanding of the sets P, F, D
Fall 2020 16 / 55
Attacker Policy

The attack actions ak depend on the available model knowledge (K),

and available disclosure (Υu , Υy ) and disruptive (B) resources
• An attacker has disclosure resources on a channel when he/she
can violate the confidentiality property.
• An attacker has disruptive resources on a channel when he/she
can violate the integrity or availability properties

Fall 2020 17 / 55
3D Modeling of Attacks in Networked CPS

Fall 2020 18 / 55
Attack Space: 3D modeling (1/3)

Fall 2020 19 / 55
Attack Space: 3D modeling (2/3)

Fall 2020 20 / 55
Attack Space: 3D modeling (3/3)

Fall 2020 21 / 55
Stealthy Attacks in CPS

• A cyber-attack against CPS is said stealthy if it is capable of

reducing the closed-loop plant performance while remaining
undetected

Fall 2020 22 / 55
Examples of Attacks against CPS

Fall 2020 23 / 55
Denial-of-Service Attack (DoS)

Attack policy ak
• Prevent the actuator and/or sensor data from reaching their
respective destinations and producing an absence of data.

3D Modeling
• Model knowledge: ?
• Disclosure Resources: ?
• Disruption Resources: ?
Fall 2020 24 / 55
Denial-of-Service Attack (DoS)

Attack policy ak
• Prevent the actuator and/or sensor data from reaching their
respective destinations and producing an absence of data.

3D Modeling
• Model knowledge: No needed
• Disclosure Resources: Not Needed
• Disruption Resources: Needed on the channel where the DoS
attack is performed
Fall 2020 25 / 55
Denial-of-Service Attack (DoS) - Performance

Attack Performance
• Trivially not a stealthy attack. However, DoS attacks may be
misdiagnosed as a poor network condition.
• A DoS attack impact the closed-loop system by affecting the
estimator task and ultimately the control system performance.

Fall 2020 26 / 55
Replay Attack on the Sensor Measurements

Replay Attack - Phase 1 record Replay Attack - Phase 2 replay

PHASE 1 PHASE 2

Attack policy
• Phase I: Eavesdropping (Recording)

 ak = 0   
0 0 uk
 lk = lk−1 ∪
0 Υy yk

• Phase II: Replay:

ũk = uk + ua , ỹk = yk−τ

Fall 2020 27 / 55
Replay Attack on the Sensor Measurements

Replay Attack - Phase 1 record Replay Attack - Phase 2 replay

PHASE 1 PHASE 2

3D Modeling
• Model knowledge: ?
• Disclosure Resources:?
• Disruption Resources: ?

Fall 2020 28 / 55
Replay Attack on the Sensor Measurements

Replay Attack - Phase 1 record Replay Attack - Phase 2 replay

PHASE 1 PHASE 2

3D Modeling
• Model knowledge: No needed
• Disclosure Resources: On the measurement channel
• Disruption Resources: Needed on both channels

Fall 2020 29 / 55
Replay Attack - Performance

M
I

6 6

Attack Performance
• It is usually employed in steady-state conditions otherwise it is
easy to detect
• If the attacker has access to all channels, a replay attack can be
stealthy. Advanced active detection strategies are needed to
prevent stealthiness (next class, we will study the watermarking
solution in [Mo, 2009])
Fall 2020 30 / 55
Covert Attack

Covert Attack

Attack policy
Design an FDI attack on both communication channels such that the
effect of the attack on the input signal is canceled in the measurement
channel.

Fall 2020 31 / 55
Covert Attack - Example

Covert Attack

P is described by the following model: yk = 2uk

1 The controller sends uk = 3 to obtain ŷk = 6 (expected output)

2 The attacker injects uak = 25. Therefore ũk = 3 + 25 = 28
3 The real output of the system is yk = 28 ∗ 2 = 56 (real output).
4 The attack to hide his/her attack properly corrupts yk exploiting the
model of the plant. It performs the following action
ỹk = yk − |{z}
2 ∗ 25
|{z} =6
|{z}
real output model attack on u

5 The controller receives ỹk ≡ ŷk

Fall 2020 32 / 55
Covert Attack

Covert Attack

3D Modeling
• Model knowledge: Complete knowledge of P
• Disclosure Resources:
• If the plant has a linear behavior: no disclosure resources are
needed
• If the plant has a nonlinear behavior, then disclosure resources on
the actuation channel are needed
• Disruption Resources: Needed on both channels
Fall 2020 33 / 55
Covert Attack - Performance

Covert Attack

Attack Performance
• A covert attack is a perfect stealthy attack that cannot be detected
by any detector located in the control center [Smith, 2011].
• Specific detection mechanisms have been developed to detect
such attacks. Next class, we will see the Moving Target idea
developed in [Weerakkody, 2015].

Fall 2020 34 / 55
Attack Overview in the 3D Attack Space

Fall 2020 35 / 55
Stealthy Attack Against State Estimation in Smart Grid

Fall 2020 36 / 55
Smart Grid: Power Transmission System

Fall 2020 37 / 55
Power System State

• According to the state of the system, the Smart Grid can be in one
of the following situations:
1 Normal
2 Emergency
3 Restorative
• Normal: all the loads in the system can be supplied power by the
existing generators without violating any operating constraints
• Emergency: violation of some of the operating constraints while
the power system continues to supply power to all the loads.We
must bring the system back to normal using corrective actions!
• Restorative: Correction actions are being applied to
stabilize/eliminate limit violations, e.g. disconnecting loads,
disconnecting lines, energy re-balance

Fall 2020 38 / 55
The Scenario: Power Transmission System and
Networked Control

• Good state estimation x̂ is needed to manage the power network

• Wrong estimation → wrong control action u(t)
Fall 2020 39 / 55
Plant Model: DC Power flow model

• The AC power flow model (P) is described by a set of nonlinear

equation
• However, for state estimation purpose a linearized approximation
power flow model, namely DC power flow model, is used
Fall 2020 40 / 55
Plant Model - DC power flow model

• Let us denote with x the state of the system and with y the
available measurements, i.e.
x = [x1 , x2 , . . . , xn ]T , y = [y1 , y2 , . . . , ym ]T , n, m ∈ Z + , xi , yi ∈ R
• The linearized static power flow equation (Plant Model) has the
following structure
y = Cx + e

C is the grid topology and e models measurement errors

(Gaussian distributed) Fall 2020 41 / 55
State Estimation Goal

y = Cx + e

• Estimation Problem: How can we find the best fit x for a given y?
• We have to solve a system with n unknown and m equations,
where n 6= m

Fall 2020 42 / 55
Bad Data Detector (1/3)

Model: y = Cx + e
Least square state estimation:

x̂ = (C T C)−1 C T y

• If we have faulty sensors, some of the data y received might not

be correct. How can we detect bad data?
• Once we get a state estimation x̂, we can build the so-called
measurement residual r:
r = y − C x̂

Notice that if the estimation is perfect x ≡ x̂ then r ≡ 0. In we

have measurements noise, we can claim good estimation if r ≤ τ
with τ a threshold
Fall 2020 43 / 55
Bad Data Detector (2/3)

• Given a threshold τ, and by considering any norm, e.g. L2 − norm

we can claim
• No bad data if:
||y − C x̂|| ≤ τ
• Bad data if:
||y − C x̂|| > τ

Fall 2020 44 / 55
Bad Data Detector (3/3)

||y − C x̂|| > τ

• Now the question is: If we can detect faulty sensors, can we also
detect cyber attacks producing False Data Injection?

Fall 2020 45 / 55
Bad Data Detector (3/3)

||y − C x̂|| > τ

• Now the question is: If we can detect faulty sensors, can we also
detect cyber-attacks producing False Data Injections?
• Before 2011, the answer was believed to be yes. But after
[Liu, 2011] the answer is not always!!!

Fall 2020 46 / 55
Design of a Stealthy Attack against State Estimation

Fall 2020 47 / 55
Attacker Model

• Attack policy: Inject a bias in the power measurements without

generating alarm
• Model knowledge: DC power flow model
• Disclosure resources: No
• Disruptive resources: Measurement channels where the bias
signal must be injected
Fall 2020 48 / 55
FDI Attack

• The vector of observed measurements may contain malicious

data according to the following formula:

ya = y + a

where y is the vector of original (correct) measurements and a is

the attack vector
• If ai 6= 0 then the i − th meter measurement has been
compromised

Fall 2020 49 / 55
Attack Impact on the State Estimation (1/2)

• Let x̂ be the state estimated using the original (without attacks)

measurements y
• Let x̂bad be the state estimate of x using the malicious
measurement ya = y + a
• We can represent
x̂bad = x̂ + d
where d 6= 0 is the estimation error produced by the attacker FDI
injection a

Fall 2020 50 / 55
Attack Impact on the State Estimation (2/2)

• Proposition: If the measurement vector y (with no attack) passes

the bad data detector rule ||y − C x̂|| ≤ τ then a malicious
measurement ya can pass the bad data detection if “a” is a linear
combination of the columns of C, i.e. a = Cd.
• Proof:
• y can pass the detection ⇒ ||y − C x̂|| ≤ τ
• If we consider the attack vector a, we have that

||ya − C x̂bad || = ||y + a − C(x̂ + d)|| = ||y + a − C x̂ − Cd||

= ||y − C x̂ + a − Cd||

• Therefore, if a = Cd then a − Cd = 0 and the attack cannot be

distinguished from y, i.e.

||ya − C x̂bad || ≡ ||y − C x̂|| ≤ τ

Fall 2020 51 / 55
Stealthy False Data Injection

Steps:
1 The attacker decides the bias d to cause on the state estimation,
i.e.
x̂bad = x̂ + d
2 The attacker computes and injects the following vector into the
measurements
a = Cd
ya = y + a
The attack above bypasses the bad data detector, i.e.

||y − C x̂|| ≤ τ

while changing the result of state estimation. Therefore this attack is,
by definition, stealthy

Fall 2020 52 / 55
Thank you!

Fall 2020 53 / 55
References I

Y. Liu, P. Ning and M.K Reiter

Generalized False Data Injection Attacks Against State Estimation In Electic
Power Grids
ACM Transactions on Information and System Security 14(1), 2011.

D. Kundur
Cyber Security of Smart Grid
Class: Cyber-Physical Security of the Smart Grid

H. Tebianian, B. Jeyasurya
Dynamic state estimation in power systems: Modeling, and challenges
Electric Power Systems Research, 2015.

A. Teixeira, I. Shames, H. Sandberg, K. H. Johansson

A secure control framework for resource-limited adversaries
Automatica, 135–148, 2015.

Fall 2020 54 / 55
References II

S. R. Smith
A decoupled feedback structure for covertly appropriating networked control
systems
IFAC Proceedings, 44.1, 90–95, 2011.

Y. Mo, B. Sinopoli
Secure control against replay attacks
IEEE Allerton Conference, pp. 911–918, 2009.

A. Teixeira, I. Shames, H. Sandberg, K. H. Johansson

Revealing stealthy attacks in control systems
IEEE Allerton Conference, 1806–1813, 2012.
Weerakkody, Sean, and Bruno Sinopoli
Detecting integrity attacks on control systems using a moving target approach
IEEE 54th Annual Conference on Decision and Control (CDC), 2015.

Fall 2020 55 / 55