Chee-Wooi Ten

Yachen Tang, Chee-Wooi Ten, Kevin P. Schneider

Tampering of metering infrastructure of an electrical distribution system can significantly cause customers' billing discrepancy. The large-scale deployment of smart meters may potentially be tampered by malware by propagating their agents to other IP-based meters. Such a possibility is to pivot through the physical perimeters of a smart meter. While this framework may help utilities to accurately energy consumption information on the regular basis, it is challenging to identify malicious meters when there is a large number of users that are exploited to vulnerability and kWh information being altered. This paper presents a reconfiguration switching scheme based on graph theory incorporating the concept of distributed generators to accelerate the anomaly localization process within an electrical distribution network. First, a data form transformation from a visualized grid topology to a graph with vertices and edges is presented. A conversion from the graph representation to machine recognized matrix representation is then performed. The connection of the grid topology is illustrated as an adjacency or incidence matrix for the following analysis. A switching procedure to change elements in the topological matrix is used to detect and localize the tampered node or cluster. The procedure has to meet the electrical and the temporary closed-loop operational constraints. The customer-level anomaly detection is then performed in accordance with probability derived from smart meter anomalies.

Chee-Wooi Ten, Koji Yamashita, Zhiyuan Yang et al.

The first-ever Ukraine cyberattack on power grid has proven its devastation by hacking into their critical cyber assets. With administrative privileges accessing substation networks/local control centers, one intelligent way of coordinated cyberattacks is to execute a series of disruptive switching executions on multiple substations using compromised supervisory control and data acquisition (SCADA) systems. These actions can cause significant impacts to an interconnected power grid. Unlike the previous power blackouts, such high-impact initiating events can aggravate operating conditions, initiating instability that may lead to system-wide cascading failure. A systemic evaluation of "nightmare" scenarios is highly desirable for asset owners to manage and prioritize the maintenance and investment in protecting their cyberinfrastructure. This survey paper is a conceptual expansion of real-time monitoring, anomaly detection, impact analyses, and mitigation (RAIM) framework that emphasizes on the resulting impacts, both on steady-state and dynamic aspects of power system stability. Hypothetically, we associate the combinatorial analyses of steady state on substations/components outages and dynamics of the sequential switching orders as part of the permutation. The expanded framework includes (1) critical/noncritical combination verification, (2) cascade confirmation, and (3) combination re-evaluation. This paper ends with a discussion of the open issues for metrics and future design pertaining the impact quantification of cyber-related contingencies.