A Cyber Security Study of a SCADA Energy Management System: Stealthy Deception Attacks on the State Estimator

TL;DR

This paper investigates the cyber security vulnerabilities of SCADA energy management systems' state estimators, demonstrating how stealthy deception attacks can bypass detection and proposing ways to improve their resilience.

Contribution

It introduces a framework to model stealthy deception attacks on power network state estimators and evaluates their impact using realistic experiments on a SCADA EMS software.

Findings

Stealthy attacks can bypass bad data detection schemes.

Resilience of state estimators can be improved with better security measures.

Experimental results demonstrate attack impact on a real power network model.

Abstract

The electrical power network is a critical infrastructure in today's society, so its safe and reliable operation is of major concern. State estimators are commonly used in power networks, for example, to detect faulty equipment and to optimally route power flows. The estimators are often located in control centers, to which large numbers of measurements are sent over unencrypted communication channels. Therefore cyber security for state estimators becomes an important issue. In this paper we analyze the cyber security of state estimators in supervisory control and data acquisition (SCADA) for energy management systems (EMS) operating the power network. Current EMS state estimation algorithms have bad data detection (BDD) schemes to detect outliers in the measurement data. Such schemes are based on high measurement redundancy. Although these methods may detect a set of basic cyber attacks, they may fail in the presence of an intelligent attacker. We explore the latter by considering scenarios where stealthy deception attacks are performed by sending false information to the control center. We begin by presenting a recent framework that characterizes the attack as an optimization problem with the objective specified through a security metric and constraints corresponding to the attack cost. The framework is used to conduct realistic experiments on a state-of-the-art SCADA EMS software for a power network example with 14 substations, 27 buses, and 40 branches. The results indicate how state estimators for power networks can be made more resilient to cyber security attacks.