A framework for cyber security risk modeling and mitigation in smart grid communication and control systems.

Thumbnail Image
Phiri, Lukumba
Journal Title
Journal ISSN
Volume Title
The University of Zambia
The objective of this research was to present a risk analysis methodology for enhancing cyber security and defending the crucial parts of Zambia's electric power grid. By building on the basic concerns of risk assessment and management and using a Design Science Research Methodology (DSRM) as a research methodology, this framework tried to advance the current risk analysis debates on the electric power system. By conducting a review of the literature and providing a stochastic risk-based framework, this thesis stresses the need for a coordinated cybersecurity effort toward developing strategies and actions conducive to defending the nation against attacks on the electric power infrastructure. We used PIPE (Platform-Independent Petri Net Editor) and Great Stochastic Petri Nets (GSPN) to model and analyze the GSPN attack model of the SCADA network. Additionally, it enables the user to animate the model through direct user manipulations or the arbitrary firing of transitions. These instruments' analysis environments include a variety of modules, including steady-state, steady-space, and GSPN analyses. Fifty simulations of the designed GSPN model of the DoS attack were performed using various starting random firings of 100, 300, 500, 700, 1000, and 1200. The transition triggering rates of the Defense Scenario’s firewall, password, and combined SPN models, respectively. The results show that the net probability of being attacked with only a password as an intrusion protection mechanism was 95.59 percent, compared to 95.11 percent for the firewall model, and 78.902 percent for the combined model. This indication demonstrates that given a firewall and a password as a combined intrusion protection mechanism, the probability of being hit by a cyber-attack is relatively high. To enable proactive cybersecurity and threat intelligence sharing for the digitalized power infrastructure, it can be said that there is a need for a general cybersecurity framework. In contrast to previous efforts on AGC cyber physical security, we model AGC false data injection attacks (FDIA) and explore the potential vulnerabilities that could result from ignoring them. First, we showed that the AGC's behavior and, consequently, the control decision, differ if the FDIA is taken into consideration. We demonstrated that the linear AGC models that do not account for FDIA do not offer adequate protection against cyber-physical attacks that work in the nonlinear region of the system. Second, we suggested and put into practice a two-stage strategy based on LSTM to identify and reduce the compromised signals to handle these threats. Its better performance in attack detection with good statistical metrics is confirmed by the examination of the detection model. The mitigation model can also improve the system's behavior and dramatically lower the RMSE of the attacked signals. The results obtained were later compared with findings from other studies such as PRIME (PNNL cybeR physIcal systeMs tEstbed), and edge-based multi-level anomaly detection framework for SCADA networks named EDMAND
Cyber security. , Cyberspace--Security measures. , Smart grid communication. , Cyber Security -- Risks and mitigation.