Cross-Space Conduction Assessment Method of Network Attack Risk under the Strong Coupling Characteristics of Electric Power Cyber Physics

Qiu, Shenjian; Fei, Jiaxuan; Wang, Jian

doi:https://doi.org/10.1049/2023/9006166

IET Information Security

On this page

Abstract Introduction System Model Conclusions Data Availability Conflicts of Interest Acknowledgments References Copyright Related Articles

Research Article | Open Access

Volume 2023 | Article ID 9006166 | https://doi.org/10.1049/2023/9006166

Cross-Space Conduction Assessment Method of Network Attack Risk under the Strong Coupling Characteristics of Electric Power Cyber Physics

Shenjian Qiu,^1,2Jiaxuan Fei,²and Jian Wang¹

Academic Editor: Leandros Maglaras

Received14 Jun 2023

Revised18 Aug 2023

Accepted23 Aug 2023

Published25 Oct 2023

Abstract

With the deep integration and wide application of advanced digital sensing, Internet of Things technology, and energy technology in power systems. Power information systems and physical systems are gradually being coupled and developed into power cyber–physical systems (CPS). A number of blackouts in recent years have shown that cyberspace cyber attacks on CPS can lead to the intensification and rapid spread of faults in the physical space of the power grid, and even system collapse. Aiming at the difficulty of analyzing the evolution of cyber–physical cross-space impacts of cyber-attacks, this paper proposes a cross-domain propagation impact assessment method that considers cyber–physical coupling risks caused by attacks. First, according to the multiple coupling relationship between the power system information space and physical space, the monitoring function model and the control function model are established. Second, under the effect of high-concealment attack, analyze the impact of the risk caused by its failure after it is transmitted to the physical space with different propagation probabilities. Finally, the experimental verification was carried out using the IEEE RTS79 standard test system. The simulation results show that the proposed method can comprehensively consider the cyber–physical energy supply coupling relationship, the risk propagation probability, and the operating characteristics of the information system, and effectively quantify and evaluate the impact of information space network attacks on the physical space entity power grid. It further reveals the objective law that information space risks can evolve and spread across domains under the condition of strong coupling of information physics.

1. Introduction

Building a new power system that adapts to large-scale and high-proportion new energy is an important development direction of the future energy and power strategy. Under the new power system environment, great changes have taken place in the power structure, power grid form, business model, and technical foundation, and the interaction between information flow and energy flow has become more frequent, increasing the risk of cascading failures leading to blackouts. Literature by Liu et al. [1] proposes that the power physical system and its information space control system together constitute a typical cyber–physical system (CPS). Taking the energy management system (EMS) as an example, it covers wide-area information real-time perception (RTU/PMU), information Transmission (power carrier/optical network and various protocol forms), information processing (bad data identification/state estimation), information decision-making (power flow analysis/safety analysis/optimization calculation), closed-loop control (automatic generation control/automatic voltage control) etc., from space. It covers thousands of kilometers, covers milliseconds to hours in terms of time, and takes into account various requirements such as safety, quality, and economy in terms of goals. It can be said that the normal operation of the modern power system depends on a reliable information system (cyber system) all the time [34].

Documents by Cunningham et al. [2], Zhang et al. [3], Xin et al. [4], Xu et al. [5], Tang et al. [6], and Liu et al. [7] point out that the deep integration of information system and grid physical system have comprehensively improved the observability, description, and controllability of the grid, but at the same time it has also aggravated the risk of cross-space propagation of faults and expanded the scale of accidents, “12·23 Ukrainian Blackout” and “3.7 Venezuelan Blackout” and other information space network attacks show that the current CPS is facing more and more serious security threats. These blackouts indicate that the information system has failed or been attacked, which will not only affect the information system, but also interfere with the safe and stable operation of the physical system. Therefore, the industry has also launched a series of research on the construction of cyber attack models for power cyber–physical fusion systems. For example, literature [8–12] studied false data injection attack (FDIA), denial of service (DOS) attack, resonance attack, hybrid attack, and other models, respectively. In particular, FDIAs, due to the hidden nature of the attacks, and the existing bad data verification mechanism, it is difficult to effectively detect such attacks, so researchers have focused on them. For example, Lu et al. [9] considered potential dynamic behaviors such as attack location and attack range, respectively, and proposed a three-stage dynamic FDIA (DFDIA) model based on the cyber–physical power system alternating current grid model. Literature by Liu et al. [10] introduces Stealth FDIA and analyzes how cyber attacks can bypass (bad data detector). Literature by Wu et al. [13] and Hao et al. [14] also studied other variants of the FDIA model from different perspectives, such as general FDIA, sparse FDIA etc. A large number of studies have shown that cyber attacks will have a direct impact on the safe operation of the power grid.

With the accelerated construction of the Energy Internet, a large number of uncontrolled terminals are widely connected, and the business of transmission, transformation, and distribution is open and interactive. The exposure of the power system to attacks has increased sharply. At the same time, smart terminals with edge computing capabilities have been vigorously promoted and applied, under the complex and open physical environment, information space terminals are extremely vulnerable to cyber attacks, and the impact can be quickly transmitted to physical space through information-physical coupling. A lot of research has been carried out in this field. Literature by Buldyrev et al. [15] and Li et al. [16] studied the propagation and evolution law of cascading faults across cyber–physical space based on the seepage theory, and established a cyber–physical risk transfer model. Literature by Falahati et al. [17] and Liang et al. [18] started from the information system function. The direct and indirect effects of the information system on the physical space operating system have been studied, and the possibility of affecting the physical space operating system when the information space system suffers from the cyber attacks or failures has been verified. Literature by Gao et al. [19] has studied information space at the level of information space. When the network is damaged or attacked, the line is disconnected, the measurement and control information is distorted, and the dispatch center cannot correctly perceive the topology of the power grid to make wrong decisions, resulting in the expansion of cascading faults in the physical space system. Literature by Shin et al. [20] studied the information space system under the DOS attack. Communication congestion leads to the problem of cascading faults spreading in the power grid, but there is no effective quantification of the impact on the physical space. Literature by Zhang et al. [21] and Costilla-Enriquez and Weng [22] studied the damage to the information space system that caused the dispatch center to be unable to obtain the status information of isolated scattered nodes, due to the lack of physical space system impact assessment, so it is difficult to effectively solve the problem of reasonable optimal scheduling of physical space system operation. It is comprehensively shown that the existing research has verified that the information space system suffers from cyber attacks, and its impact will cause cascading failures on the physical power grid [19, 21, 22], but the quantitative analysis and evaluation methods for the impact domain of the physical power grid are still lacking. There is no in-depth and detailed study, such as the quantitative evaluation of the impact of cascading failures on the physical space entity power grid under the “monitoring,” “control,” and functions of the information space system under high-concealment attacks.

Starting from the monitoring and control functions of the two core elements in the information space of the power cyber–physical fusion system, this paper studies the impact of the failure of key information core nodes on the physical space operation system after it suffers from a network attack with high-concealment characteristics, and propose a method for evaluating the consequences of cyber–physical coupling risk cross-domain propagation considering the attack. First, analyze the transfer and conversion relationship between information flow and energy flow in the power cyber–physical fusion system, and use the multiple coupling characteristics between the power system information space and physical space to establish a monitoring function model and a control function model. Second, establish a high-concealment attack model to analyze the influence of “monitoring” and “control” functions on the propagation of cascading faults in physical space after cross-domain evolution at different risk propagation rates after the “monitoring” and “control” functions are attacked and failed Finally, the IEEE RTS79 standard test system was used to carry out experimental verification, and the simulation results. It shows that the proposed method can comprehensively consider the cyber–physical power supply coupling relationship, the risk propagation rate and the operating characteristics of the information system, effectively quantify the impact of information space network attacks on the physical space entity power grid, and further reveal the information under the condition of cyber–physical strong coupling. It is an objective law that spatial risks can evolve and spread across domains.

This paper starts with the failure of the monitoring and control functions of the two core elements in the information space of the power cyber–physical fusion system caused by the network attacks. Quantitatively analyze the impact of risk cross-space transmission on the physical space operation system of the power cyber–physical fusion system. It intuitively reveals the objective law that information space risk can evolve and spread across domains under the condition of strong coupling of information physics. The proposed method for assessing the consequences of cross-domain propagation of cyber–physical coupling risks further expands the research content of existing work. The main contributions of this paper include three aspects:(1)Relying on the actual business scenario, the transfer and conversion relationship between information flow and energy flow in the power cyber–physical fusion system is analyzed in detail. And using the multiple coupling characteristics between the power system information space and the physical space, the monitoring function model and the control function model are established.(2)Based on the understanding of the characteristics of a given covert attack, an attack model is established. After the “monitoring” and “control” functions are attacked and failed, the influence of the risk on the cascading failures in the physical space after the cross-domain transmission and evolution of the risk with different propagation probabilities is analyzed.(3)Using the IEEE standard test system to carry out experimental simulations, it is verified that the method can comprehensively consider the cyber–physical energy supply coupling relationship and the risk propagation probability to effectively quantify the impact of information space network attacks on the physical space entity power grids.

2. System Model

2.1. Cyber–Physical Coupling Interaction Model

In order to quantitatively analyze the impact of the risk transmission across space on the physical space operation system after the power information space system is attacked by a network, it is necessary to carry out a unified information-physical coupling modeling on the physical system and the information system. Then, on the basis of the mathematical model, quantitative analysis and evaluation are carried out on the influence of the “monitoring” and “control” functions of the information space system on the physical space when the network attack fails. The power cyber–physical fusion system is a typical interdependent network [20], and its system model is . Vp represents the power physical space node; Ep is the transmission line set; Vc represents the power information space node; Ec is the communication link set between nodes. Ubiquitous awareness capabilities of intelligent measurement and control terminals based on power cyber–physical fusion system, edge computing technology and advanced communication network. The power physics system and the information system are deeply integrated and intertwined, and the transmission and conversion relationship between information flow and energy flow can be described by the following three interactive links by Cunningham et al. [2], forming a closed-loop control structure of “acquisition-local decision-central coordination-control,” as shown in Figure 1.

The energy flow is used to comprehensively express the action mechanism of the discrete control quantity on the continuous electrical quantity of the physical space system. Without considering the transient process, the energy flow model can be expressed by Equation (1) as follows:

In the formula: N is a discrete time stamp, representing the Nth control period, indicates the difference in of the steady–state control effect between the control variable of node i and the target control variable.

The information flow is information space nodes that integrate global information and edge information. Based on the principle of ensuring the real-time stability and optimal operation of the physical space power system, local decision-making is made to obtain the information control variable vector . This process can be described by Equation (2) as follows:

In the formula, is the general expression of the restrictive conditions in decision-making. For different control requirements, the specific expression of the decision function F is different. F is the information decision function, is the global information quantity, z is the information measurement variable, and y is the information control variable.

In the power information physical fusion system, there are four transmission and interaction links between information flow and energy flow. The first link is the conversion of energy flow to information flow, which corresponds to the data collection and information transmission process of sensors and intelligent collection terminals. It is used to express the perception of the information space on the operating state of the physical space system, so as to obtain the electrical operation data directly measured by the physical space system voltage, current, active power, and reactive power, as well as the state quantity data such as switch state and switching state, as shown in Equation (3):

In the formula: is the information measurement variable of node i in the Nth control cycle; represents the perception ability of node i’s information layer to the physical layer.

The second link is the in situ analysis and processing of information flow. Based on the Equation (3), the energy flow to information flow conversion model shows that the information measurement information is numerical data in a discrete state, and these measurement information will be analyzed by the information nodes in the information space, preprocessed, and uploaded to the master station side for control center. These information nodes, such as smart terminals, serve as on-site control centers to realize the aggregation and uploading of full collection and perception data and on-site analysis and processing, the local decision-making control model is shown in Equation (4):

In the formula, is the decision function of the local control center.

The third link is the global analysis and processing of information flow. When the local decision-making center node of the information space uses the edge computing capability to process and analyze the measurement information, it uploads it to the dispatching automation and power distribution automation control systems of the global control center on the main station side, and then integrates the edge node data analysis to optimize decision, the process can be expressed by Equation (5):

In the formula, is the global information volume and is the decision function of the regional center.

The fourth link is the transformation of information flow into energy flow. The global control center executes optimal decision-making for physical space nodes, such as power output adjustment, switch displacement, and other control strategies or instructions. At this time, the discrete information flow in the information space will be directly converted into the continuous energy flow of the physical space entity grid operation system. The information control variables directly act on the physical side actuators to execute control commands through cyber–physical coupling, and the transformation process from information flow to energy flow can be described by Equation (6):

In the formula, is the control coefficient of the physical space system, indicating the control ability of the information node i on the physical space operation system. In actual operation, the power information space system measures the state of the physical power grid operation system, and the measurement result is the information input of the power information space system. The measurement information is transmitted and converted by the different functional modules in the power information space system After processing, it is finally transformed into control decision-making instructions, and the feedback acts on the physical space system. Therefore, the control command of the power information space system determines the operating state of the physical space entity grid system, and the operating state of the physical space system will determine the input of the power information space system.

2.2. Monitoring and Control Functional Model

The “monitoring” function in the power information physical fusion system is the key to realize the observation and described power grid. It can portray the various objects, the connection between the node, the dynamic topology structure, and the scope of business influence. The “control” function is the core capability convergence center for the regulation and control of the physical space system objects of the power grid through data collection, comprehensive analysis, and intelligent research and judgment in the whole process. It can realize command operations such as generator output adjustment and switch displacement. Therefore, how to quantify and analyze the impact of the risk cross-space evolution propagation on the physical space nodes of the power grid after the failure of the information space node caused by the network attack, first mathematically model the “monitoring” and “control” functions in the power cyber–physical fusion system. Then, on the basis of the mathematical model, the interference of malicious attacks is considered, and then the theoretical basis for the construction of the “monitoring” and “control” functional models under the characteristics of high-concealment attacks is provided. The two core elements of “monitoring” and “control” functions in the power cyber–physical fusion system are usually carried in node objects such as phasor measurement unit (PMU), data acquisition terminal, and master station control system in the information space. Inspired by the literature by Zhang et al. [21], based on the topologically observable PMU, the direct measurement domain is used as the observable domain. Using methods such as direct solvability based on the power flow equations, the same level of measurement of the physical space system’s operating status can be achieved through fewer monitoring nodes or a combination of multiple monitoring nodes. The voltage amplitude and phase angle of nodes in physical space and the voltage vectors of adjacent nodes can be directly measured by PMU. Therefore, the monitoring relationship between the information space system and the physical space entity operating system is a one-to-many coupling, which can be expressed as in Equation (7):

In the formula, the monitoring state is a 0–1 variable. When is 1, it means that the information space node is observable to the power physical space node , and when is 0, it means that it is not observable. indicates whether the information space node, is configured with physical space operating system status monitoring parameters, such as PMU, data acquisition terminal and other fixed value parameter settings etc. When the information space monitoring terminal has clearly configured these status monitoring parameters, it takes 1, otherwise it takes 0. is an element in the line set in the electric physical space. The matrix monitoring function model Equation (7) can obtain the condition monitoring terminal configuration model, as shown in the Equations (8) and (9):

In the formula: is the monitoring terminal configuration matrix, and its element is a 0–1 variable, indicating whether the -th information space status monitoring terminal node is configured with parameters; I represents a column vector whose element is 1. In a cyber–physical highly coupled system, the frequency modulation and voltage regulation of the physical space power generation system rely on the control function of the cyber space system. Here, local control scenarios such as circuit breakers and fusion terminals are not considered, and only the AGC function suffers from network attack failure. When its adjustment sensitivity is limited, output adjustment can only be feasible within a limited range adjacent to the output state of the previous stage. When there is a load component with a large change in the monitoring and analysis, due to the interference of the network attack, the output of the generator in the physical space at this time cannot be adjusted in real time by the information space control center, resulting in a reduction in the safety margin. Inspired by literature of Zhang et al. [21], it is assumed that the uncontrollable unit can only switch between the output power of the preorder stage and be cut off, and participate in the optimal power flow adjustment as an unadjustable unit, which can be described by the following Equation (10):

In the formula: is the working state of the information node corresponding to the power generation node g in the k stage; are the power generation power of the node g stage k, the output of the previous stage, and the minimum and maximum output limits.

2.3. High-Stealth Attack Model

A high-concealment attack means that the attacker hides the attack load in the measurement data or control instructions of the original power information physical collaborative interaction business by interfering with the “monitoring” and “control” functions, without cracking the business encryption and decryption protection mechanism, and use the original business communication link to carry out transparent transmission attacks, thereby affecting the decision-making of the control center of the main station or directly causing abnormal operation of the physical space system, causing cascading failures and even large-scale power outages. This type of attack has typical high-concealment characteristics. For example, after the measurement data acquired by the “monitoring” function is eliminated and modified, there is an unexpected control risk in the operating state of the original physical space system [29–33]. It can be seen from Equation (3) that during the conversion process from energy flow to information flow, after the data collected by corresponding sensors and measurement terminals are eliminated or modified. Electrical operation data such as voltage, current, active power, and reactive power directly measured in the physical space, and state quantity data such as switch status and switching status will all change, as shown in Equation (11):

In the formula: is the information measurement variable of the information space node i in the Nth control period under the high-covert attack interference. represents the perception ability coefficient of information space node i to physical space nodes under high-covert attack interference. The logic of the original control center decision function itself has not changed, as shown in Equation (12):

In the formula, is the decision function of the local control center, and the value of represents the decision-making and disposal strategy of the control center. Therefore, the one-to-many monitoring and control coupling relationship between the information space system node and the physical space operation system node is changed from Equation (7) to Equation (13):

In the formula, the monitoring state is a variable in the interval (0,1). When takes 1, it means that the information space node is observable to the power physical space node , and when takes 0, it means that it is not observable. When , it means that after the “monitoring” function is disturbed by an attack, the information space system node makes a wrong observation of the operating status of the physical space node. Similarly, the control function model can be converted from Equation (10) to Equation (14) under high-stealth attacks, as follows:

In the formula: , and are, respectively, the working status of the information space node gʹ corresponding to the physical space node g in the k stage, the power generation power of the physical space node g in stage k, and the generator output in the previous stage. is the minimum output limit of power generation at stage k of physical space node g, and is the maximum output limit of power generation at stage k of physical space node g. Therefore, the working status of the information node gʹ corresponding to the physical node g in the k-stage of the power cyber–physical fusion system under the high-concealment attack, the power generation of the node g in the k-stage and the output of the previous stage have all changed due to the attack.

2.4. Cascading Failure Propagation Effects

Assume that at a certain moment information space “monitoring” or “control” node i is under the malicious attack, and the measurement data or control instructions obtained by node i’s perception are tampered with. Due to the strong coupling and interaction characteristics of information physics, starting from node i, the security risk caused by the failure of information space node i caused by the attack is transmitted and evolved to the physical space.

Let it affect the physical space nodes with the risk propagation probability (0,1), and is called the risk diffusion rate. The security protection mechanism and robustness characteristics of the power system itself lead to inconsistencies in the risk cross-space propagation rate after the “monitoring” and “control” functions are attacked. This inconsistency needs to be taken into account in the experimental simulation. The connection relationship (information and energy interaction) of nodes in the cyber–physical space of the power grid is represented by the adjacency matrix A, is shown in Equation (15):

In the formula, m and n are the number of nodes in information space and physical space, respectively. and are, respectively, represented as the adjacency matrix of the information space and the physical space. and are information physical cross-space adjacency matrix. indicates whether edge exists, and is one if edge exists in E, otherwise it is 0. Assume that when physical space node k is attacked and fails, its state value () becomes 1. The edges connected to node k fail as a whole, the information flow and energy flow associated with this node are removed from E, and the corresponding adjacency matrices C, D, and P all change, and P is transformed into Equation (16):

The power flow change caused by node failure in physical space will accelerate the transmission of cascading failures. When , record as the active output of node i. When is the power flow (power) of branch from i to j, indicating that active power flows from node i to node j. When branch in physical space is out of operation, will be redistributed to adjacent branches, and the power flow change rule is shown in Equation (17):

In the formula, is the branch weight adjacent to branch . In actual power production, the stability control strategy usually sets the load upper limit for the branch. Denote as the limit capacity of the branch , then the failure of the “monitoring” and “control” functions of the information space caused by the attack will lead to the failure to observe the power flow change and form a chain effect as follows:(1)When , the state of node j remains unchanged, and branch exits, that is, .(2)When , the states of node j and branch remain unchanged.

High-concealment attacks act on the “monitoring” and “control” functions of the information space, and the evolution of risks from the information space to the physical space may cause failure or damage to the physical space system. Here, the line load loss rate in physical space is selected as the evaluation of the propagation degree of attack impact. Because the information space system is driven by information events based on the discrete mathematics, while the physical space system is based on the continuous mathematics. Therefore, this paper adopts the attack–defense game model to identify the key lines affected when the risk caused by the attack is transmitted to the physical space system, and uses the load loss status of the line as the impact quantitative evaluation index. Here, the A and D models are used as the two layers of the offensive and defensive game model, and the line attack strategy is formulated with the goal of maximum load loss, and the generator output plan is formulated with the goal of minimum load reduction. The D model is the optimal power flow adjustment result triggered by the impact caused by the A model attack. The A model includes K-attack stages. is the cascading failure stage corresponding to the K-attack stages. In the output stage, the k () line attack result . Cascading failure result . The information space node monitoring degree and the physical space node control state are used as the operation constraints of the D model and the judgment conditions of cascading failures. The D model transmits the physical space node power and load power to the A model to update the operating status of the information space system.

The maximum load loss rate of the line is used as the objective function of the A model, and the minimum load reduction is used as the objective function of the D model. The A model objective function is as in Equation (18):

The objective function of D model is shown in Equation (19):

Equations (11)–(13), (15)–(17), and (20)–(25) are the constraint conditions of the A model. Equation (20) represents the line attack constraint, which is to screen a key line in each stage; Equation (21) represents the line attack constraint; Equation (22) represents the functional constraints of information space nodes; Equation (23) represents the monitoring constraints on physical space nodes; Equations (24) and (25) represent unconstrained power flow constraints.

Equations (17), (26)–(30) are the constraints of the D model, respectively; Equations (26) and (27) represent power balance constraints; Equations (28)–(30) represent load reduction constraints, branch power flow constraints, and power angle constraints, respectively.

In the formula, and are the loads of node i in the initial stage and stage k, respectively. The set of load nodes is represented by , and represents the line interruption index. represents the energy supply state of information space node at stage k. β is the energy supply coefficient. is the node–branch correlation matrix, .

is the physical space power generation node correlation matrix. is the physical space node load node correlation matrix. is the branch power flow matrix of stage k; is the power generation matrix of stage k. is the load power matrix of stage k. are stage k cascading fault s, stage k line l power flow and line maximum transmission capacity, respectively. and are the operating status of the transmission line in stages k and s, respectively. represents the power angle of node i at stage k and fault stage s. indicates the power angle of node i at stage k. and are the minimum and maximum power angle stability constraints of and , respectively.

3. Experimental Simulation Analysis

In this paper, the physical space adopts the IEEE RTS-79 node system, and the information space system is based on the simulation shooting range under the power grid dispatching automation scenario, and the experimental analysis is carried out after the node abstract equivalence assignment. The IEEE RTS-79 node system is an enhanced test system for the reliability evaluation research of large-capacity power systems. The information space nodes correspond to the physical space nodes one by one. The simulation is implemented on matlab2016b, as shown in Figure 2.

In the real power grid production business, a protection framework focusing on border protection is adopted, that is, the 16-character policy of “safe partition, network dedicated, horizontal isolation, and vertical encryption”. Different from the experience proposed by existing studies that the higher the degree of “monitoring” and “control” function nodes in the information space, the greater the amount of information interaction they undertake, the higher the importance of nodes, and the corresponding higher security protection configuration. In the actual power grid production business, the information space power “control” function node has a higher protection level due to the concept of partition. In order to facilitate the simulation verification analysis, two hypotheses are given, and different risk propagation rate values are assigned to the “monitoring” and “control” functions.(1)Assuming that the information space “control” function node is attacked by the network, the probability of its risk being transmitted to the physical space and having an impact is set at 0.7.(2)Assuming that the “monitoring” functional nodes in the information space are attacked by the network, the probability of its risk being transmitted to the physical space and having an impact is set at 0.2.

These two assumptions do not affect the accuracy of the simulation analysis results. In this paper, according to the mathematical model of formulae (7)–(30), the experimental simulation evaluates the impact of different risk diffusion rates and coupling parameters on the vulnerable lines in physical space, load loss rate, and line observability. The experimental simulation evaluates the impact of different risk diffusion rates and coupling parameters on the fragile line in physical space, the total load loss rate and cascading failure load loss rate under the different risk diffusion rates and coupling parameters, and the line observability.

3.1. Analysis of the Influence of Risk Diffusion Rate and Coupling Parameters on Line Vulnerability

It can be seen from Table 1 that the high-concealment attacks in the information space cause the failure of the “monitoring” and “control” functions. As the k value continues to increase, the risk caused by node failure under the influence of information-physical coupling will be transmitted to the physical space system. The number of affected vulnerable lines in the physical space is increasing, which can further cause cascading failures and cause more serious damage to the physical space. Under the influence of an attack, both the risk propagation probability α and the cyber–physical energy supply coefficient β will have an impact on the physical space line, and the energy supply coefficient β has a greater impact on the physical space line than the risk propagation probability α. Therefore, the coupling degree of cyber-physics is a key factor that determines the transmission of the impact of cyber attacks in cyberspace to physical space. Lines 28, 11, and 18, respectively, serve as connections between power generation nodes and load nodes, and the power generation capacity of these nodes exceeds 50% of the total system power generation capacity. When the risk of cyber attacks in the information space is transmitted to the physical space, these lines are extremely prone to system chain collapse.

The total load loss rate and the cascading fault load loss rate under the different risk propagation rates and coupling parameters are shown in Figure 3.

Figure 4 shows the variation trend under the different risk propagation rates and coupling parameters. In the power cyber–physical fusion system, when the information risk cross-space propagation probability α is constant, the greater the energy supply coefficient β, the greater the load loss rate of the physical space caused by the attack. Taking α = 0.7, β = 0.8 and α = 0.7, β = 1.0 as comparative analysis, at this time, the cyber–physical space is strongly coupled. After the risk of network attack in the information space is transmitted across space, both of them can cause cascading failures in the system in the physical space, and the load loss rate is close to the same at this time. When α = 0.2 and β = 0.8, the number of unobservable lines is smaller than that of α = 0.2 and β = 0.3, but the loss of load rate is higher than the latter. This reflects that when the number of unobservable lines reaches a certain scale, its cascading fault propagation ability is limited. Taking α = 0.2, β = 0.8, and α = 0.7, β = 0.8 as an example, at this time, the information space system has a higher energy supply demand for the physical space system. The risk propagation rate α can directly affect the load loss rate and line observability of the physical space nodes. The higher the risk propagation rate, the higher the load loss rate and the number of unobservable lines.

3.2. Comparative Analysis of Risk Conduction under Different Methods

In order to study in depth the impact on the operation system of the physical power grid after the “monitoring” and “control” functions of the information space under the interaction enhancement of cyber–physical coupling and interaction are attacked by the network, the following four methods are used for the comparative analysis. The method proposed in literature by Costilla-Enriquez and Weng [22] is to establish a reliability model of the equipment for the circuit breaker, which is the object of the control function, and to evaluate the impact of information system risk on the physical system. However, this method does not consider the case of flexible control in addition to the rigid control of the circuit breaker. The simulation verification method proposed in literature by Zhang et al. [21] uses the PMU to configure the number of nodes and the energy supply coefficient as a method for evaluating the impact analysis of information space network attacks on the physical space systems. The difference in the risk propagation probability of the “monitoring” and “control” functions in real scenarios after being attacked by a network is not considered and differentiated.(1)Method 1: take a specific “circuit breaker” as the research object, and evaluate its impact on physical space after being attacked by a network.(2)Method 2: consider the energy supply relationship between cyber–physical spaces, and evaluate the impact of cyber-attacks on cyberspace on physical spaces after a specific “circuit breaker” object is attacked.(3)Method 3: on the basis of considering the energy supply relationship between cyber–physical spaces, without distinguishing the probability of risk propagation after the “monitoring” and “control” functions are attacked, evaluate the impact of cyber attacks on cyberspace on physical space.(4)Method 4: comprehensively consider the energy supply coupling relationship between cyber–physical spaces, distinguish the probability of risk propagation after “monitoring” and “control” functions are attacked, and evaluate the impact of cyber attacks on cyberspace on physical space.

Table 2 presents the analysis results of four methods to evaluate the impact of risk cross-space conduction on physical space under the influence of high-concealment network attacks on N-5 faulty critical line groups. , and represent the attack line, cascading fault lines, failed power generation nodes, and load shedding, respectively. The attack line refers to the impact on the physical space line after the “monitoring” and “control” nodes in the information space are attacked, and will not be described in detail below.

At the same time, it can be seen from Table 2 that the load loss of the physical space system in Methods 3 and 4 is higher than that in Methods 1 and 2, because line 28 carries the output power of power generation areas 18, 21, and 22, so its interruption will cause the control function of node 16 to fail, at this time the load reduction of the system is less than the Methods 1 and 2. In Stage 2, passing through the attack line 18 will cause the information nodes 3, 14, and 16 to fail due to insufficient energy supply, and the power generation nodes 14, 15, 18, 21, and 22 will be out of control and unobservable. On the basis of Method 2, Methods 3 and 4 consider the situation when the core key nodes of the monitoring and control functions suffer from high-concealment attacks, making the results more general. It can be seen from the data analysis that the results of the first three stages are similar. It can be seen that cascading failures and a large amount of load loss will be triggered when the faults accumulate to a certain threshold, and the load reduction is roughly stable until the threshold is reached. In the third stage, after the line 11 was attacked, the information nodes 10 and 14 failed due to insufficient energy supply, and more than half of the lines were unobservable. Method 4 comprehensively considers the energy supply coupling relationship of the cyber–physical space and distinguishes the different probability of cross-domain risk propagation after the “monitoring” and “control” functions are attacked. Assume that the risk propagation rate after the “control” function is attacked, and the risk propagation rate 2 after the “monitoring” function is attacked. If the line 15 is attacked, the overload trip of line 2 will occur, and this part of the power will be borne by the other lines, causing the line in the lower area to run close to full load. In the fifth stage, only attacking the line 17 will cause a large number of line interruptions, and the power generation nodes 22 will also be forced to withdraw from the operation.

Figure 5 shows the comparison of line load loss between Method 2 and Method 4 under the condition that coupling parameters are both considered. Method 2 only considers the energy supply coupling relationship between information physics, as shown in the figure, when α = 0.2, β = 0.3, α = 0.2, β = 0.5, and α = 0.7, β = 0.8, three lines are under attack, some out-of-control units quit operation, and the load-loss rate jumps, which also indirectly proves that the direct control of the circuit breaker as the object has an impact on a certain key line. Method 4 has roughly the same load reduction trend in the histogram, and the monitoring nodes improve the controllability of the information space network to the physical space power network and reduce the risk of cascading failures. However, since the failure of the monitoring function is realized by the failure of the control function and the insufficient energy supply level, the accuracy of the evaluation results can be improved by considering the coupling effect of information physics.

The above analysis shows that the failure of the “monitoring” and “control” functions of the information space will indirectly reduce the safety and stability margin of the system, and when multiple faults occur in the physical space, it will cause chain faults such as line tripping and generator shutdown, which further expands the scale of the accident. Method 4 comprehensively considers the cyber–physical energy supply coupling relationship and distinguishes the cross-domain propagation probability of the different risks after the monitoring and control functions are attacked, and the quantitative results are closer to the actual power cyber–physical fusion system collaborative interaction scenario.

4. Conclusions

This paper proposes a cross-domain propagation impact assessment method considering cyber–physical coupling risks caused by the attacks. By establishing the “monitoring” and “control” functional models of the information space under the action of high-concealment attacks, the impact of the risk caused by its failure is analyzed after it is transmitted to the physical space with different propagation probabilities. The experimental results show that the proposed method can comprehensively consider the cyber–physical power supply coupling relationship, the risk propagation probability, and the operating characteristics of the information system, and effectively quantify and evaluate the impact of cyber attacks in cyberspace on physical power grids in physical space. Finally, a comparative analysis between this method and the research technology that has been carried out shows that because this method considers the real power grid production business security protection system architecture and optimizes the key parameters in the risk transmission, the simulation results are detailed and more instructive. At the same time, the article also has shortcomings:(1)In view of the failure of the “monitoring” and “control” functions suffered from the cyber attacks, there are subjective experience judgments in the quantitative analysis of the risk propagation probability. There is still a gap between the risk transmission assessment results and the real scene;(2)The method proposed in the article does not consider the integration with dynamic thermal rating (DTR) technology, which has been proven to increase the capacity of existing lines [23, 24]. Therefore, the follow-up research on the method model proposed in this article needs to consider the cross-space conduction assessment method of cyber attack risk under the action of DTR system.

5. Future Research Directions

An important research direction for future work is to consider the integration of the DTR system with the method model proposed in the article, and study the impact on the physical power grid after the cyber attack risk in the information space is transmitted across space. Usually, the limit value of the transmission capacity of the transmission line used by the power dispatching center for the assessment of the transmission capacity ahead of the day is the static thermal rating (STR), which is based on the extreme environmental conditions. The thermal limit value of the transmission capacity of the line is obtained. In actual operation, the environmental conditions of the transmission line are changeable, and the STR limit value is too conservative [25]. DTR calculated or predicted by using the real meteorological environment information of the line operation can more accurately reflect the real transmission capacity of the line. DTR technology can fully tap the transmission potential of the transmission network, improve the delivery capacity of various resources, provide a wider power transmission space for dispatching, and greatly reduce the operating cost of the system [26–28]. With the construction of a new power system, the proportion of wind and light installed capacity has gradually increased, providing a broader space for the large-scale application and promotion of DTR technology in the future. For example, literature by Lawal and Teh [23] and Su and Teh [24] proves that the deployment of DTR system can safely increase the capacity of existing lines by 30%–50%. Subsequent research ideas can introduce the concept of “line tolerance” to apply the influence of cyber attacks to the calculation and prediction of dynamic heat capacity limit values, and evaluate the impact of cyber attack risks in the information space on transmission lines of physical power grids after cross-space transmission.

Data Availability

The basic data set used to support the results of this study comes from: http://labs.ece.uw.edu/pstca/rts/pg_tcarts.htm. Processed data are currently embargoed. Data requests submitted 6 months after publication of this article will be considered by the corresponding author.

Conflicts of Interest

The authors declare that there is no conflict of interest regarding the publication of this paper.

Acknowledgments

This work is supported by the Science and Technology Project of State Grid Corporation of China: “Research on Risk Identification and Attack Suppression Technology of Distributed Photovoltaic Cyber-Physical Cross-Domain Attack” (grand no. 5700-202318304A-1-1-ZN).

References

S. Liu, B. Chen, T. Zourntos, D. Kundur, and K. Butler-Purry, “A coordinated multi-switch attack for cascading failures in smart grid,” IEEE Transactions on Smart Grid, vol. 5, no. 3, pp. 1183–1195, 2014.
View at: Publisher Site | Google Scholar
J. D. Cunningham, A. Aved, D. Ferris, P. Morrone, and C. S. Tucker, “A deep learning game theoretic model for defending against large scale smart grid attacks,” IEEE Transactions on Smart Grid, vol. 14, no. 2, pp. 1188–1197, 2023.
View at: Publisher Site | Google Scholar
Y. Zhang, W. Liu, G. Liu, and S. Huang, “Modeling and vulnerability analysis of electric cyber physical system considering topological correlation and double coupling,” Proceedings of the Chinese Society of Electrical and Electronics Engineers, vol. 41, no. 16, pp. 5486–5499, 2021.
View at: Google Scholar
S. Xin, Q. Guo, H. Sun, B. Zhang, J. Wang, and C. Chen, “Cyber–physical modeling and cyber-contingency assessment of hierarchical control systems,” IEEE Transactions on Smart Grid, vol. 6, no. 5, pp. 2375–2385, 2015.
View at: Publisher Site | Google Scholar
W. Xu, I. M. Jaimoukha, and F. Teng, “Robust moving target defence against false data injection attacks in power grids,” IEEE Transactions on Information Forensics and Security, vol. 18, pp. 29–40, 2023.
View at: Publisher Site | Google Scholar
Y. Tang, G. Bu, and J. Yi, “Analysis and lessons of the blackout in Indian power grid on July 30 and 31,” Zhongguo Dianji Gongcheng Xuebao, vol. 32, no. 25, pp. 167–174, 2012.
View at: Google Scholar
N. Liu, X. H. Yu, and J. H. Zhan, “Coordinated cyber-attack: inference and thinking of incident on Ukrainian power grid,” Automation of Electric Power Systems, vol. 40, no. 6, pp. 144–147, 2016.
View at: Google Scholar
K.-D. Lu and Z.-G. Wu, “Resilient event-triggered load frequency control for cyber–physical power systems under DoS attacks,” in IEEE Transactions on Power Systems, pp. 1–11, IEEE, 2022.
View at: Publisher Site | Google Scholar
K.-D. Lu, Z.-G. Wu, and T. Huang, “Differential evolution-based three stage dynamic cyber-attack of cyber–physical power systems,” IEEE/ASME Transactions on Mechatronics, vol. 28, no. 2, pp. 1137–1148, 2023.
View at: Publisher Site | Google Scholar
Y. Liu, P. Ning, and M. K. Reiter, “False data injection attacks against state estimation in electric power grids,” ACM Transactions on Information and System Security, vol. 14, no. 1, pp. 1–33, 2011.
View at: Publisher Site | Google Scholar
Y. Wu, Z. Wei, J. Weng, X. Li, and R. H. Deng, “Resonance attacks on load frequency control of smart grids,” IEEE Transactions on Smart Grid, vol. 9, no. 5, pp. 4490–4502, 2018.
View at: Publisher Site | Google Scholar
J. Liu, Y. Gu, L. Zha, and Y. Liu, “Event-triggered h∞ load frequency control for multiarea power systems under hybrid cyber attacks,” IEEE Transactions on Systems, Man, and Cybernetics: Systems, vol. 49, no. 8, pp. 1665–1678, 2019.
View at: Publisher Site | Google Scholar
T. Wu, W. Xue, H. Wang et al., “Extreme learning machine-based state reconstruction for automatic attack filtering in cyber physical power system,” IEEE Transactions on Industrial Informatics, vol. 17, no. 3, pp. 1892–1904, 2021.
View at: Publisher Site | Google Scholar
J. Hao, R. J. Piechocki, D. Kaleshi, W. H. Chin, and Z. Fan, “Sparse malicious false data injection attacks and defense mechanisms in smart grids,” IEEE Transactions on Industrial Informatics, vol. 11, no. 5, pp. 1–12, 2015.
View at: Publisher Site | Google Scholar
S. V. Buldyrev, R. Parshani, G. Paul, H. E. Stanley, and S. Havlin, “Catastrophic cascade of failure sin interdependent networks,” Nature, vol. 464, pp. 1025–1028, 2010.
View at: Publisher Site | Google Scholar
W. G. Li, J. S. Li, and S. G. Deng, “Defense strategy of cascading failures between information network and physical power grid,” High Voltage Engineering, vol. 39, no. 11, pp. 2714–2720, 2013.
View at: Google Scholar
B. Falahati, Y. Fu, and L. Wu, “Reliability assessment of smart grid considering direct cyber-power interdependencies,” IEEE Transactions on Smart Grid, vol. 3, no. 3, pp. 1515–1524, 2012.
View at: Publisher Site | Google Scholar
G. Liang, J. Zhao, F. Luo, S. R. Weller, and Z. Y. Dong, “A review of false data injection attacks against modern power systems,” IEEE Transactions on Smart Grid, vol. 8, no. 4, pp. 1630–1638, 2017.
View at: Publisher Site | Google Scholar
S. Gao, J. Lei, J. Shi, X. Wei, M. Dong, and Z. Han, “Assessment of overloading correlations among transmission lines under load redistribution attacks,” IEEE Transactions on Smart Grid, vol. 13, no. 2, pp. 1570–1581, 2022.
View at: Publisher Site | Google Scholar
D.-H. Shin, D. Qian, and J. Zhang, “Cascading effects in interdependent networks,” IEEE Network, vol. 28, no. 4, pp. 82–87, 2014.
View at: Publisher Site | Google Scholar
Y. Zhang, C. Peng, C. Cheng, and Y.-L. Wang, “Attack intensity dependent adaptive load frequency control of interconnected power systems under malicious traffic attacks,” IEEE Transactions on Smart Grid, vol. 14, no. 2, pp. 1223–1235, 2023.
View at: Publisher Site | Google Scholar
N. Costilla-Enriquez and Y. Weng, “Attack power system state estimation by implicitly learning the underlying models,” IEEE Transactions on Smart Grid, vol. 14, no. 1, pp. 649–662, 2023.
View at: Publisher Site | Google Scholar
O. A. Lawal and J. Teh, “Dynamic line rating forecasting algorithm for a secure power system network,” Expert Systems with Applications, vol. 219, Article ID 119635, 2023.
View at: Publisher Site | Google Scholar
Y. Su and J. Teh, “Two-stage optimal dispatching of AC/DC hybrid active distribution systems considering network flexibility,” Journal of Modern Power Systems and Clean Energy, vol. 11, no. 1, pp. 52–65, 2023.
View at: Publisher Site | Google Scholar
S. N. Edib, Y. Lin, V. M. Vokkarane, F. Qiu, R. Yao, and D. Zhao, “Optimal PMU restoration for power system observability recovery after massive,” IEEE Transactions on Smart Grid, vol. 12, no. 2, pp. 1565–1576, 2021.
View at: Publisher Site | Google Scholar
B. Jimada-Ojuolape and J. Teh, “Impacts of communication network availability on synchrophasor-based DTR and SIPS reliability,” IEEE Systems Journal, vol. 16, no. 4, pp. 6231–6242, 2022.
View at: Publisher Site | Google Scholar
B. Jimada-Ojuolape and J. Teh, “Composite reliability impacts of synchrophasor-based DTR and SIPS cyber–physical systems,” IEEE Systems Journal, vol. 16, no. 3, pp. 3927–3938, 2022.
View at: Publisher Site | Google Scholar
J. Teh and C.-M. Lai, “Reliability impacts of the dynamic thermal rating system on smart grids considering wireless communications,” IEEE Access, vol. 7, pp. 41625–41635, 2019.
View at: Publisher Site | Google Scholar
O. Kosut, L. Jia, R. J. Thomas, and L. Tong, “Malicious data attacks on the smart grid,” IEEE Transactions on Smart Grid, vol. 2, no. 4, pp. 645–658, 2011.
View at: Publisher Site | Google Scholar
J. Kim and L. Tong, “On topology attack of a smart grid: undetectable attacks and countermeasures,” IEEE Journal on Selected Areas in Communications, vol. 31, no. 7, pp. 1294–1305, 2013.
View at: Publisher Site | Google Scholar
C. Ma, H. Liang, and Y. Jing, “A novel ZSV-based detection scheme for FDIAs in multiphase power distribution systems,” IEEE Transactions on Smart Grid, vol. 14, no. 2, pp. 1236–1248, 2023.
View at: Publisher Site | Google Scholar
S. Liu, S. Mashayekh, D. Kundur, T. Zourntos, and K. Butler-Purry, “A framework for modeling cyber–physical switching attacks in smart grid,” IEEE Transactions on Emerging Topics in Computing, vol. 1, no. 2, pp. 273–285, 2013.
View at: Publisher Site | Google Scholar
D.-H. Choi and L. Xie, “Ramp-induced data attacks on look-ahead dispatch in real-time power markets,” IEEE Transactions on Smart Grid, vol. 4, no. 3, pp. 1235–1243, 2013.
View at: Publisher Site | Google Scholar
J. P. G. Sterbenz, D. Hutchison, E. K. Çetinkaya et al., “Resilience and survivability in communication networks: strategies, principles, and survey of disciplines,” Computer Networks, vol. 54, no. 8, pp. 1245–1265, 2010.
View at: Publisher Site | Google Scholar

Copyright

Copyright © 2023 Shenjian Qiu et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies