Cyber Physical Security Analytics for Transactive

Energy Systems

Jiaxing Pi, Minh Nguyen, Sindhu Suresh

1

WSU:

Siemens:

Adam Hahn, Anurag Srivastava, Yue Zhang,

Vignesh Venkata Gopala Krishnan, Kudrat Kaur,

• Introduction

• Transactive Energy and Emerging Challenges

• Cyber Threat for TE

• TESP-based Simulation Environment

• Data Analytics Approaches for Security

• Conclusion

2

Overview

• The significant increase distributed energy resources (PV,

storage, electric vehicles)

•

electricity

• Transactive Energy Systems employ economic and control

mechanisms to dynamically balance the demand and

supply

• Depends on a large number of distributed edge-computing and

consumer controlled Internet of Things.

• IoT systems and the electric grid cyber assets are increasingly

vulnerable to attack.

• New analytical methods are needed to monitor these

.

3

Introduction

TE Infrastructure Overview

4

Distribution

Transmission

Bids/ Demands

LMP

Prices

Bids/Demands

Prosumer

Market

Communication

Agent

Agent

• A baseline model for Transactive Energy has been utilized

to study the effects of cyber threats on TE system.

• Incorporates

Transmission Model

Distribution Model with prosumers, distributed energy

sources

Communication network

Auction houses

• Incorporated using TESP[1], an open source platform

developed by PNNL.

Baseline Model for TE System

[1] https://github.com/pnnl/tesp

Possible Events in Cyber part

Cyber Events

Bad Data

Noise or bad sensors

Malicious Data Attack

False data injection

Man-in-the-middle

Denial-of-Service Data Spoofing Communication

line failure

Packet Loss Huge latency

Cyber Analytics using:

Log data files

Data traffic

IDS data

Threat sharing

Cyber Threats

7

Distribution

Transmission

Bids/ Demands

LMP

Prices

Bids/Demands

Prosumer

Malicious Signals

Market

Communication

Agent

Agent

1) Malware 2) Targeted Intrusion 1) Malware

2) Targeted Intrusion

1) DoS 2) MitM/Tampering 3) Routing Manipulation

8

TESP Test Environment

TESP is a framework designed by PNNL that simulates transactive systems. It includes various software modules and a number of agents in the form of smart houses.

Source: http://tesp.readthedocs.io/en/latest/TESP_DesignDoc.html

Mininet

House

Controller

Attack

TE Agents

Manipulated

Values

7200V/120V

230kV/12.47kV

10 houses for phase A

10 houses for phase B

10 houses for phase C

7200V/120V

7200V/120V

……

……

……

1.3 MW peak

unresponsive load

12.47kV/480V

Large Building

Node

7

The simulated power system includes a 9-bus transmission system and one feeder with transactive components at node 7. The HVAC devices in each house will patriate in the power market.

Source: http://tesp.readthedocs.io/en/latest/TESP_DesignDoc.html

Power System Model

10

Impact of Manipulating the bid price and quantity

Under this scenario, the bid price and quantity signals communicated from the HVAC controller are

manipulated and changed to an arbitrary value. the HVAC temperature setting point gets manipulated

consequently, which impacts the overall system operation.

Generator output

Overall Demand

Local Marginal Price

11

Decision/ control

Data acquisition

Physical signals (V, I, P)

Anomaly classifier (Cyber, Physical)

Metrics

Simulated/ measured data

Cyber signals (data traffic)

Market signals (LMP, bids)

Physical/cyber system

Physical layer

Cyber layer

Market layer

Cyber-Physical Analytics

12

Cyber - Physical Event Cyber Event

Anomaly

Physical Event NO

Physical Event

YES

Normal Operation Status

YES

YES

Cyber Event

NO

NO

YES

YES

YES NO NO NO YES NO

Event Classification

Anomaly Detection via Deep Learning

• Why deep learning?

Feature extraction (local patterns, such as spikes)

from multi-channel time series data

High accuracy with sufficient number of layers

High level generalized features can be used to

detect unknown attacks

Convolutional Neural Network for Anomaly Detection

• Supervised Learning: use normal and outliers to train

• Able to create high level generalized features

• Use generalized features to detect anomalies in the testing data

Deep Autoencoder for Anomaly Detection

• Transactive Energy Systems employ economic and control

mechanisms to dynamically balance the demand and supply.

• Significant increase in DER

• Devices are increasingly vulnerable to cyberattack.

•

operations and detect malicious activity.

• Combination of supervised and unsupervised deep learning

algorithms

• Algorithms must incorporate cyber, physical, and market parameters

16

Conclusion

17