Charalambos Konstantinou

Li Zhou, Marc Dacier, Charalambos Konstantinou

The Software Bill of Materials (SBOM) is a critical tool for securing the software supply chain (SSC), but its practical utility is undermined by inaccuracies in both its generation and its application in vulnerability scanning. This paper presents a large-scale empirical study on 2,414 open-source repositories to address these issues from a practical standpoint. First, we demonstrate that using lock files with strong package managers enables the generation of accurate and consistent SBOMs, establishing a reliable foundation for security analysis. Using this high-fidelity foundation, however, we expose a more fundamental flaw in practice: downstream vulnerability scanners produce a staggering 92.0\% false positive rate in our case study. We pinpoint the primary cause as the flagging of vulnerabilities within unreachable code. We then demonstrate that function call analysis can effectively prune 61.9\% of these false alarms. Our work validates a practical, two-stage approach for SSC security: first, generate an accurate SBOM using lock files and strong package managers, and second, enrich it with function call analysis to produce actionable, low-noise vulnerability reports that alleviate developers' alert fatigue.

Solon Falas, Markos Asprou, Charalambos Konstantinou et al.

State estimation is the cornerstone of the power system control center since it provides the operating condition of the system in consecutive time intervals. This work investigates the application of physics-informed neural networks (PINNs) for accelerating power systems state estimation in monitoring the operation of power systems. Traditional state estimation techniques often rely on iterative algorithms that can be computationally intensive, particularly for large-scale power systems. In this paper, a novel approach that leverages the inherent physical knowledge of power systems through the integration of PINNs is proposed. By incorporating physical laws as prior knowledge, the proposed method significantly reduces the computational complexity associated with state estimation while maintaining high accuracy. The proposed method achieves up to 11% increase in accuracy, 75% reduction in standard deviation of results, and 30% faster convergence, as demonstrated by comprehensive experiments on the IEEE 14-bus system.

Guang An Ooi, Otavio Bertozzi, Mohd Asim Aftab et al.

Modern power systems with high penetration of inverter-based resources exhibit complex dynamic behaviors that challenge the scalability and generalizability of traditional stability assessment methods. This paper presents a dynamic recurrent adjacency memory network (DRAMN) that combines physics-informed analysis with deep learning for real-time power system stability forecasting. The framework employs sliding-window dynamic mode decomposition to construct time-varying, multi-layer adjacency matrices from phasor measurement unit and sensor data to capture system dynamics such as modal participation factors, coupling strengths, phase relationships, and spectral energy distributions. As opposed to processing spatial and temporal dependencies separately, DRAMN integrates graph convolution operations directly within recurrent gating mechanisms, enabling simultaneous modeling of evolving dynamics and temporal dependencies. Extensive validations on modified IEEE 9-bus, 39-bus, and a multi-terminal HVDC network demonstrate high performance, achieving 99.85%, 99.90%, and 99.69% average accuracies, respectively, surpassing all tested benchmarks, including classical machine learning algorithms and recent graph-based models. The framework identifies optimal combinations of measurements that reduce feature dimensionality by 82% without performance degradation. Correlation analysis between dominant measurements for small-signal and transient stability events validates generalizability across different stability phenomena. DRAMN achieves state-of-the-art accuracy while providing enhanced interpretability for power system operators, making it suitable for real-time deployment in modern control centers.

Aoun Abbas, Zhongda Chu, Charalambos Konstantinou

The large-scale replacement of synchronous machines with inverter-based generation (IBG) introduces critical challenges to both voltage and frequency stability. This work builds on a mixed-integer second-order cone programming (MISOCP) framework that co-optimizes unit commitment (UC) model which embeds frequency-nadir constraints through synthetic inertia (SI) dispatch and an SOC voltage stability boundary for IBG buses. The formulation extends by modeling a STATCOM as a reactive-power decision variable in the same MISOCP model. A modified IEEE 30-bus system is used to assess three scheduling strategies: (i) baseline UC with SI only, (ii) voltage-stability-constrained (VSC) UC with SI, and (iii) the joint UC with SI and reactive power support from IBGs. The impact of incorporating a 30~MVAr STATCOM at a weak grid location near the IBG buses is investigated. Simulation results show that the proposed framework enhances voltage security, maintains frequency-nadir compliance, and reduces operating cost, while STATCOM integration further improves dispatch feasibility under high IBG.

Shijie Pan, Zaint A. Alexakis, Charalambos Konstantinou

Data centers (DCs) are emerging as large, geographically distributed, controllable loads whose participation in electricity markets can significantly affect grid operation, especially when cloud platforms shift workloads across sites to exploit energy-arbitrage opportunities. This paper analyzes and seeks to mitigate the grid impacts of geographically distributed multi-site DCs under exogenous electricity prices. It develops a detailed job-level scheduling framework for market-driven DCs, formulated as a mixed-integer model that preserves execution logic and captures a unified set of implementable control actions. It also incorporates service-side quality-of-service (QoS) constraints and penalty terms to improve fidelity. Case studies on a modified IEEE 14-bus system, complemented by a more realistic network based on Travis County, Texas, show that purely price-driven scheduling improves economic performance, but also increases voltage-security risk and congestion exposure by inducing localized demand concentration and sharp site-level load variation. To mitigate these effects, this work introduces load-redistribution policies that curb extreme load shifting and support grid operators in managing such conditions.

Solon Falas, Markos Asprou, Charalambos Konstantinou et al.

Modern power systems face significant challenges in state estimation and real-time monitoring, particularly regarding response speed and accuracy under faulty conditions or cyber-attacks. This paper proposes a hybrid approach using physics-informed neural networks (PINNs) to enhance the accuracy and robustness, of power system state estimation. By embedding physical laws into the neural network architecture, PINNs improve estimation accuracy for transmission grid applications under both normal and faulty conditions, while also showing potential in addressing security concerns such as data manipulation attacks. Experimental results show that the proposed approach outperforms traditional machine learning models, achieving up to 83% higher accuracy on unseen subsets of the training dataset and 65% better performance on entirely new, unrelated datasets. Experiments also show that during a data manipulation attack against a critical bus in a system, the PINN can be up to 93% more accurate than an equivalent neural network.

Solon Falas, Markos Asprou, Charalambos Konstantinou et al.

State estimation is a cornerstone of power system control-center operations, and its robust operation is increasingly a cyber-physical security concern as modern grids become more digitalized and communication-intensive. Neural network-based approaches have gained attention as alternatives to conventional model-based state estimation methods. Physics-Informed Neural Networks (PINNs), which embed power-flow consistency into the learning objective, have shown improved accuracy over existing approaches. This work proposes a PINN-based model for Power System State Estimation (PSSE) that protects the estimation process against the stealth-constrained AC False Data Injection Attacks (FDIAs) considered in this study. The model is developed without adversarial training. Instead, a dynamic loss-weighting formulation based on homoscedastic uncertainty learns the relative scaling of supervised data-fit and physics-residual terms during training, reducing sensitivity to manual weight tuning. Robustness is evaluated on the IEEE 118-bus system using representative stealthy-FDIA families including state distortion, load redistribution, line overloading, and residual-constrained stealth corruption. Performance is measured using Mean Absolute Error (MAE) on voltage magnitudes and phase angles. Results demonstrate higher accuracy and stability than existing fixed-weight PINN variants.

Biswarup Mukherjee, Li Zhou, S. Gokul Krishnan et al.

This paper introduces a model for coordinating prosumers with heterogeneous distributed energy resources (DERs), participating in the local energy market (LEM) that interacts with the market-clearing entity. The proposed LEM scheme utilizes a data-driven, model-free reinforcement learning approach based on the multi-agent deep deterministic policy gradient (MADDPG) framework, enabling prosumers to make real-time decisions on whether to buy, sell, or refrain from any action while facilitating efficient coordination for optimal energy trading in a dynamic market. In addition, we investigate a price manipulation strategy using a variational auto encoder-generative adversarial network (VAE-GAN) model, which allows utilities to adjust price signals in a way that induces financial losses for the prosumers. Our results show that under adversarial pricing, heterogeneous prosumer groups, particularly those lacking generation capabilities, incur financial losses. The same outcome holds across LEMs of different sizes. As the market size increases, trading stabilizes and fairness improves through emergent cooperation among agents.

Suman Rath, Ioannis Zografopoulos, Pedro P. Vergara et al.

Embedded controllers, sensors, actuators, advanced metering infrastructure, etc. are cornerstone components of cyber-physical energy systems such as microgrids (MGs). Harnessing their monitoring and control functionalities, sophisticated schemes enhancing MG stability can be deployed. However, the deployment of `smart' assets increases the threat surface. Power systems possess mechanisms capable of detecting abnormal operations. Furthermore, the lack of sophistication in attack strategies can render them detectable since they blindly violate power system semantics. On the other hand, the recent increase of process-aware rootkits that can attain persistence and compromise operations in undetectable ways requires special attention. In this work, we investigate the steps followed by stealthy rootkits at the process level of control systems pre- and post-compromise. We investigate the rootkits' precompromise stage involving the deployment to multiple system locations and aggregation of system-specific information to build a neural network-based virtual data-driven model (VDDM) of the system. Then, during the weaponization phase, we demonstrate how the VDDM measurement predictions are paramount, first to orchestrate crippling attacks from multiple system standpoints, maximizing the impact, and second, impede detection blinding system operator situational awareness.

Subhash Lakshminarayana, Juan Ospina, Charalambos Konstantinou

The COVID-19 pandemic has impacted our society by forcing shutdowns and shifting the way people interacted worldwide. In relation to the impacts on the electric grid, it created a significant decrease in energy demands across the globe. Recent studies have shown that the low demand conditions caused by COVID-19 lockdowns combined with large renewable generation have resulted in extremely low-inertia grid conditions. In this work, we examine how an attacker could exploit these {scenarios} to cause unsafe grid operating conditions by executing load-altering attacks (LAAs) targeted at compromising hundreds of thousands of IoT-connected high-wattage loads in low-inertia power systems. Our study focuses on analyzing the impact of the COVID-19 mitigation measures on U.S. regional transmission operators (RTOs), formulating a plausible and realistic least-effort LAA targeted at transmission systems with low-inertia conditions, and evaluating the probability of these large-scale LAAs. Theoretical and simulation results are presented based on the WSCC 9-bus {and IEEE 118-bus} test systems. Results demonstrate how adversaries could provoke major frequency disturbances by targeting vulnerable load buses in low-inertia systems and offer insights into how the temporal fluctuations of renewable energy sources, considering generation scheduling, impact the grid's vulnerability to LAAs.

Arpan Bhattacharjee, Shahriar Badsha, Md Tamjid Hossain et al.

Cyber-physical systems (CPS) data privacy protection during sharing, aggregating, and publishing is a challenging problem. Several privacy protection mechanisms have been developed in the literature to protect sensitive data from adversarial analysis and eliminate the risk of re-identifying the original properties of shared data. However, most of the existing solutions have drawbacks, such as (i) lack of a proper vulnerability characterization model to accurately identify where privacy is needed, (ii) ignoring data providers privacy preference, (iii) using uniform privacy protection which may create inadequate privacy for some provider while overprotecting others, and (iv) lack of a comprehensive privacy quantification model assuring data privacy-preservation. To address these issues, we propose a personalized privacy preference framework by characterizing and quantifying the CPS vulnerabilities as well as ensuring privacy. First, we introduce a Standard Vulnerability Profiling Library (SVPL) by arranging the nodes of an energy-CPS from maximum to minimum vulnerable based on their privacy loss. Based on this model, we present our personalized privacy framework (PDP) in which Laplace noise is added based on the individual node's selected privacy preferences. Finally, combining these two proposed methods, we demonstrate that our privacy characterization and quantification model can attain better privacy preservation by eliminating the trade-off between privacy, utility, and risk of losing information.

Mostafa Mohammadpourfard, Istemihan Genc, Subhash Lakshminarayana et al.

Smart grid's objective is to enable electricity and information to flow two-way while providing effective, robust, computerized, and decentralized energy delivery. This necessitates the use of state estimation-based techniques and real-time analysis to ensure that effective controls are deployed properly. However, the reliance on communication technologies makes such systems susceptible to sophisticated data integrity attacks imposing serious threats to the overall reliability of smart grid. To detect such attacks, advanced and efficient anomaly detection solutions are needed. In this paper, a two-stage deep learning-based framework is carefully designed by embedding power system's characteristics enabling precise attack detection and localization. First, we encode temporal correlations of the multivariate power system time-series measurements as 2D images using image-based representation approaches such as Gramian Angular Field (GAF) and Recurrence Plot (RP) to obtain the latent data characteristics. These images are then utilized to build a highly reliable and resilient deep Convolutional Neural Network (CNN)-based multi-label classifier capable of learning both low and high level characteristics in the images to detect and discover the exact attack locations without leveraging any prior statistical assumptions. The proposed method is evaluated on the IEEE 57-bus system using real-world load data. Also, a comparative study is carried out. Numerical results indicate that the proposed multi-class cyber-intrusion detection framework outperforms the current conventional and deep learning-based attack detection methods.

Charalambos Konstantinou, George Stergiopoulos, Masood Parvania et al.

Cyber-physical systems (CPS) incorporate the complex and large-scale engineered systems behind critical infrastructure operations, such as water distribution networks, energy delivery systems, healthcare services, manufacturing systems, and transportation networks. Industrial CPS in particular need to simultaneously satisfy requirements of available, secure, safe and reliable system operation against diverse threats, in an adaptive and sustainable way. These adverse events can be of accidental or malicious nature and may include natural disasters, hardware or software faults, cyberattacks, or even infrastructure design and implementation faults. They may drastically affect the results of CPS algorithms and mechanisms, and subsequently the operations of industrial control systems (ICS) deployed in those critical infrastructures. Such a demanding combination of properties and threats calls for resilience-enhancement methodologies and techniques, working in real-time operation. However, the analysis of CPS resilience is a difficult task as it involves evaluation of various interdependent layers with heterogeneous computing equipment, physical components, network technologies, and data analytics. In this paper, we apply the principles of chaos engineering (CE) to industrial CPS, in order to demonstrate the benefits of such practices on system resilience. The systemic uncertainty of adverse events can be tamed by applying runtime CE-based analyses to CPS in production, in order to predict environment changes and thus apply mitigation measures limiting the range and severity of the event, and minimizing its blast radius.

Christos Xenofontos, Ioannis Zografopoulos, Charalambos Konstantinou et al.

Internet of Things (IoT) devices are becoming ubiquitous in our lives, with applications spanning from the consumer domain to commercial and industrial systems. The steep growth and vast adoption of IoT devices reinforce the importance of sound and robust cybersecurity practices during the device development life-cycles. IoT-related vulnerabilities, if successfully exploited can affect, not only the device itself, but also the application field in which the IoT device operates. Evidently, identifying and addressing every single vulnerability is an arduous, if not impossible, task. Attack taxonomies can assist in classifying attacks and their corresponding vulnerabilities. Security countermeasures and best practices can then be leveraged to mitigate threats and vulnerabilities before they emerge into catastrophic attacks and ensure overall secure IoT operation. Therefore, in this paper, we provide an attack taxonomy which takes into consideration the different layers of IoT stack, i.e., device, infrastructure, communication, and service, and each layer's designated characteristics which can be exploited by adversaries. Furthermore, using nine real-world cybersecurity incidents, that had targeted IoT devices deployed in the consumer, commercial, and industrial sectors, we describe the IoT-related vulnerabilities, exploitation procedures, attacks, impacts, and potential mitigation mechanisms and protection strategies. These (and many other) incidents highlight the underlying security concerns of IoT systems and demonstrate the potential attack impacts of such connected ecosystems, while the proposed taxonomy provides a systematic procedure to categorize attacks based on the affected layer and corresponding impact.

Xiaorui Liu, Yaodan Hu, Charalambos Konstantinou et al.

The reliable operation of power grid is supported by energy management systems (EMS) that provide monitoring and control functionalities. Contingency analysis is a critical application of EMS to evaluate the impacts of outages and prepare for system failures. However, false data injection attacks (FDIAs) have demonstrated the possibility of compromising sensor measurements and falsifying the estimated power system states. As a result, FDIAs may mislead system operations and other EMS applications including contingency analysis and optimal power flow. In this paper, we assess the effect of FDIAs and demonstrate that such attacks can affect the resulted number of contingencies. In order to mitigate the FDIA impact, we propose CHIMERA, a hybrid attack-resilient state estimation approach that integrates model-based and data-driven methods. CHIMERA combines the physical grid information with a Long Short Term Memory (LSTM)-based deep learning model by considering a static loss of weighted least square errors and a dynamic loss of the difference between the temporal variations of the actual and the estimated active power. Our simulation experiments based on the load data from New York state demonstrate that CHIMERA can effectively mitigate 91.74% of the cases in which FDIAs can maliciously modify the contingencies.

Ioannis Zografopoulos, Charalambos Konstantinou, Nektarios Georgios Tsoutsos et al.

In this paper, we examine the impact of cyberattacks in an integrated transmission and distribution (T&D) power grid model with distributed energy resource (DER) integration. We adopt the OCTAVE Allegro methodology to identify critical system assets, enumerate potential threats, analyze, and prioritize risks for threat scenarios. Based on the analysis, attack strategies and exploitation scenarios are identified which could lead to system compromise. Specifically, we investigate the impact of data integrity attacks in inverted-based solar PV controllers, control signal blocking attacks in protective switches and breakers, and coordinated monitoring and switching time-delay attacks.

Charalambos Konstantinou

The concept of smart cities is driven by the need to enhance citizens' quality of life. It is estimated that 70% of the world population will live in urban areas by 2050. The electric grid is the energy backbone of smart city deployments. An electric energy system immune to adverse events, both cyber and physical risks, and able to support the integration of renewable sources will drive a transformational development approach for future smart cities. This article describes how the future electric energy system with 100% electricity supply from renewable energy sources requires the "birth of security and resiliency" incorporated with its ecosystem.

Ioannis Zografopoulos, Juan Ospina, XiaoRui Liu et al.

Cyber-physical systems (CPS) are interconnected architectures that employ analog, digital, and communication resources for their interaction with the physical environment. CPS are the backbone of enterprise, industrial, and critical infrastructure. Thus, their vital importance makes them prominent targets for malicious attacks aiming to disrupt their operations. Attacks targeting cyber-physical energy systems (CPES), given their mission-critical nature, can have disastrous consequences. The security of CPES can be enhanced leveraging testbed capabilities to replicate power system operations, discover vulnerabilities, develop security countermeasures, and evaluate grid operation under fault-induced or maliciously constructed scenarios. In this paper, we provide a comprehensive overview of the CPS security landscape with emphasis on CPES. Specifically, we demonstrate a threat modeling methodology to accurately represent the CPS elements, their interdependencies, as well as the possible attack entry points and system vulnerabilities. Leveraging the threat model formulation, we present a CPS framework designed to delineate the hardware, software, and modeling resources required to simulate the CPS and construct high-fidelity models which can be used to evaluate the system's performance under adverse scenarios. The system performance is assessed using scenario-specific metrics, while risk assessment enables system vulnerability prioritization factoring the impact on the system operation. The overarching framework for modeling, simulating, assessing, and mitigating attacks in a CPS is illustrated using four representative attack scenarios targeting CPES. The key objective of this paper is to demonstrate a step-by-step process that can be used to enact in-depth cybersecurity analyses, thus leading to more resilient and secure CPS.

Juan Ospina, XiaoRui Liu, Charalambos Konstantinou et al.

The electric power grid is a complex cyberphysical energy system (CPES) in which information and communication technologies (ICT) are integrated into the operations and services of the power grid infrastructure. The growing number of Internet-of-things (IoT) high-wattage appliances, such as air conditioners and electric vehicles, being connected to the power grid, together with the high dependence of ICT and control interfaces, make CPES vulnerable to high-impact, low-probability load-changing cyberattacks. Moreover, the side-effects of the COVID-19 pandemic demonstrate a modification of electricity consumption patterns with utilities experiencing significant net-load and peak reductions. These unusual sustained low load demand conditions could be leveraged by adversaries to cause frequency instabilities in CPES by compromising hundreds of thousands of IoT-connected high-wattage loads. This paper presents a feasibility study of the impacts of load-changing attacks on CPES during the low loading conditions caused by the lockdown measures implemented during the COVID-19 pandemic. The load demand reductions caused by the lockdown measures are analyzed using dynamic mode decomposition (DMD), focusing on the March-to-July 2020 period and the New York region as the most impacted time period and location in terms of load reduction due to the lockdowns being in full execution. Our feasibility study evaluates load-changing attack scenarios using real load consumption data from the New York Independent System Operator (NYISO) and shows that an attacker with sufficient knowledge and resources could be capable of producing frequency stability problems, with frequency excursions going up to 60.5 Hz and 63.4 Hz, when no mitigation measures are taken.

Solon Falas, Charalambos Konstantinou, Maria K. Michael

Physics-informed neural networks (PINNs) is an emerging category of neural networks which can be trained to solve supervised learning tasks while taking into consideration given laws of physics described by general nonlinear partial differential equations. PINNs demonstrate promising characteristics such as performance and accuracy using minimal amount of data for training, utilized to accurately represent the physical properties of a system's dynamic environment. In this work, we employ the emerging paradigm of PINNs to demonstrate their potential in enhancing the security of intelligent cyberphysical systems. In particular, we present a proof-of-concept scenario using the use case of water distribution networks, which involves an attack on a controller in charge of regulating a liquid pump through liquid flow sensor measurements. PINNs are used to mitigate the effects of the attack while demonstrating the applicability and challenges of the approach.

Abraham Peedikayil Kuruvila, Ioannis Zografopoulos, Kanad Basu et al.

The electric grid modernization effort relies on the extensive deployment of microgrid (MG) systems. MGs integrate renewable resources and energy storage systems, allowing to generate economic and zero-carbon footprint electricity, deliver sustainable energy to communities using local energy resources, and enhance grid resilience. MGs as cyberphysical systems include interconnected devices that measure, control, and actuate energy resources and loads. For optimal operation, cyberphysical MGs regulate the onsite energy generation through support functions enabled by smart inverters. Smart inverters, being consumer electronic firmware-based devices, are susceptible to increasing security threats. If inverters are maliciously controlled, they can significantly disrupt MG operation and electricity delivery as well as impact the grid stability. In this paper, we demonstrate the impact of denial-of-service (DoS) as well as controller and setpoint modification attacks on a simulated MG system. Furthermore, we employ custom-built hardware performance counters (HPCs) as design-for-security (DfS) primitives to detect malicious firmware modifications on MG inverters. The proposed HPCs measure periodically the order of various instruction types within the MG inverter's firmware code. Our experiments illustrate that the firmware modifications are successfully identified by our custom-built HPCs utilizing various machine learning-based classifiers.

Ioannis Zografopoulos, Juan Ospina, Charalambos Konstantinou

Electric energy systems are undergoing significant changes to improve system reliability and accommodate increasing power demands. The penetration of distributed energy resources (DERs) including roof-top solar panels, energy storage, electric vehicles, etc., enables the on-site generation of economically dispatchable power curtailing operational costs. The effective control of DERs requires communication between utilities and DER system operators. The communication protocols employed for DER management and control lack sophisticated cybersecurity features and can compromise power systems secure operation if malicious control commands are issued to DERs. To overcome authentication-related protocol issues, we present a bolt-on security extension that can be implemented on Distributed Network Protocol v3 (DNP3). We port an authentication framework, DERauth, into DNP3, and utilize real-time measurements from a simulated DER battery energy storage system to enhance communication security. We evaluate our framework in a testbed setup using DNP3 master and outstation devices performing secure authentication by leveraging the entropy of DERs.

Olugbenga Moses Anubi, Charalambos Konstantinou, Carlos A. Wong et al.

In this paper, we present the concept of boosting the resiliency of optimization-based observers for cyber-physical systems (CPS) using auxiliary sources of information. Due to the tight coupling of physics, communication and computation, a malicious agent can exploit multiple inherent vulnerabilities in order to inject stealthy signals into the measurement process. The problem setting considers the scenario in which an attacker strategically corrupts portions of the data in order to force wrong state estimates which could have catastrophic consequences. The goal of the proposed observer is to compute the true states in-spite of the adversarial corruption. In the formulation, we use a measurement prior distribution generated by the auxiliary model to refine the feasible region of a traditional compressive sensing-based regression problem. A constrained optimization-based observer is developed using l1-minimization scheme. Numerical experiments show that the solution of the resulting problem recovers the true states of the system. The developed algorithm is evaluated through a numerical simulation example of the IEEE 14-bus system.

Jim Stright, Peter Cheetham, Charalambos Konstantinou

Modern smart grids offer several types of digital control and monitoring of electric power transmission and distribution that enable greater efficiency and integrative functionality than traditional power grids. These benefits, however, introduce greater complexity and greatly disrupt and expand the threat landscape. The number of vulnerabilities is increasing as grid-connected devices proliferate. The potential costs to society of these vulnerabilities are difficult to determine, as are their likelihoods of successful exploitation. In this article, we present a method for comparing the net economic benefits and costs of the various cyber-functionalities associated with smart grids from the perspective of cyberattack vulnerabilities and defending against them. The economic considerations of cyber defense spending suggest the existence of optimal levels of expenditures, which might vary among digital functionalities. We illustrate hypothetical case studies on how digital functionalities can be assessed and compared with respect to the costs of defending them from cyberattacks.

Ali Sayghe, Yaodan Hu, Ioannis Zografopoulos et al.

Over the last decade, the number of cyberattacks targeting power systems and causing physical and economic damages has increased rapidly. Among them, False Data Injection Attacks (FDIAs) is a class of cyberattacks against power grid monitoring systems. Adversaries can successfully perform FDIAs in order to manipulate the power system State Estimation (SE) by compromising sensors or modifying system data. SE is an essential process performed by the Energy Management System (EMS) towards estimating unknown state variables based on system redundant measurements and network topology. SE routines include Bad Data Detection (BDD) algorithms to eliminate errors from the acquired measurements, e.g., in case of sensor failures. FDIAs can bypass BDD modules to inject malicious data vectors into a subset of measurements without being detected, and thus manipulate the results of the SE process. In order to overcome the limitations of traditional residual-based BDD approaches, data-driven solutions based on machine learning algorithms have been widely adopted for detecting malicious manipulation of sensor data due to their fast execution times and accurate results. This paper provides a comprehensive review of the most up-to-date machine learning methods for detecting FDIAs against power system SE algorithms.

Solon Falas, Charalambos Konstantinou, Maria K. Michael

Firmware refers to device read-only resident code which includes microcode and macro-instruction -level routines. For Internet-of-Things (IoT) devices without an operating system, firmware includes all the necessary instructions on how such embedded systems operate and communicate. Thus, firmware updates are an essential part of device functionality. They provide the ability to patch vulnerabilities, address operational issues, and improve device reliability and performance during the lifetime of the system. This process, however, is often exploited by attackers in order to inject malicious firmware code into the embedded device. In this paper, we present a framework for secure firmware updates on embedded systems. The approach is based on hardware primitives and cryptographic modules, and it can be deployed in environments where communication channels might be insecure. The implementation of the framework is flexible as it can be adapted in regards to the IoT device's available hardware resources and constraints. Our security analysis shows that our framework is resilient to a variety of attack vectors. The experimental setup demonstrates the feasibility of the approach. By implementing a variety of test cases on FPGA, we demonstrate the adaptability and performance of the framework. Experiments indicate that the update procedure for a 1183kB firmware image could be achieved, in a secure manner, under 1.73 seconds.

Ioannis Zografopoulos, Charalambos Konstantinou

Over the past decades, power systems have experienced drastic transformations in order to address the growth in energy demand, reduce carbon emissions, and enhance power quality and energy efficiency. This shift to the smart grid concept involves, among others, the utilization of distributed energy resources (DERs) such as rooftop solar panels and storage systems, contributing towards grid decentralization while improving control over power generation. In order to seamlessly integrate DERs into power systems, embedded devices are used to support the communication and control functions of DERs. As a result, vulnerabilities of such components can be ported to the industrial environment. Insecure control networks and protocols further exacerbate the problem. Towards reducing the attack surface, we present an authentication scheme for DERs, DERauth, which leverages the inherent entropy of the DER battery energy storage system (BESS) as a root-of-trust. The DER authentication is achieved using a challenge-reply mechanism that relies on the corresponding DER's BESS state-of-charge (SoC) and voltage measurements. A dynamically updating process ensures that the BESS state is up-to-date. We evaluate our proof-of-concept in a prototype development that uses lithium-ion (li-ion) batteries for the BESS. The robustness of our design is assessed against modeling attacks performed by neural networks.

Charalambos Konstantinou

This paper surveys the latest on Smart Grid security. It focuses on the deep understanding of the risk in terms of threats, vulnerabilities and consequences that arise from cyber-attacks.