U.S. patent application number 14/869865 was filed with the patent office on 2017-03-30 for method and apparatus for detecting cyber attacks on an alternating current power grid.
This patent application is currently assigned to POWER STANDARDS LAB INC. The applicant listed for this patent is Ronald Hofmann, Alexander McEachern. Invention is credited to Ronald Hofmann, Alexander McEachern.
Application Number | 20170093889 14/869865 |
Document ID | / |
Family ID | 58409436 |
Filed Date | 2017-03-30 |
United States Patent
Application |
20170093889 |
Kind Code |
A1 |
McEachern; Alexander ; et
al. |
March 30, 2017 |
Method and Apparatus for Detecting Cyber Attacks on an Alternating
Current Power Grid
Abstract
A method and apparatus for detecting cyber attacks on
remotely-operable elements of an alternating current distribution
grid. Two state estimates of the distribution grid are prepared,
one of which uses micro-synchrophasors. A difference between the
two state estimates indicates a possible cyber attack.
Inventors: |
McEachern; Alexander;
(Oakland, CA) ; Hofmann; Ronald; (Oakland,
CA) |
|
Applicant: |
Name |
City |
State |
Country |
Type |
McEachern; Alexander
Hofmann; Ronald |
Oakland
Oakland |
CA
CA |
US
US |
|
|
Assignee: |
POWER STANDARDS LAB INC
Alameda
CA
|
Family ID: |
58409436 |
Appl. No.: |
14/869865 |
Filed: |
September 29, 2015 |
Current U.S.
Class: |
1/1 |
Current CPC
Class: |
H02J 13/00002 20200101;
H02J 13/00 20130101; H04L 63/1441 20130101; Y02E 60/00 20130101;
Y04S 40/24 20130101; H02J 13/00034 20200101; Y04S 40/20 20130101;
Y04S 10/30 20130101; H04L 63/1416 20130101; Y02E 60/74 20130101;
H02J 3/00 20130101; H04L 63/1425 20130101 |
International
Class: |
H04L 29/06 20060101
H04L029/06; H02J 3/00 20060101 H02J003/00 |
Goverment Interests
STATEMENT REGARDING FEDERALLY SPONSORED RESEARCH OR DEVELOPMENT
[0002] The invention disclosed herein was conceived and developed
in part during work on Award Number DE-AR0000340, titled
"Micro-Synchrophasors for Distribution Systems," from the Advanced
Research Projects Agency-Energy (ARPA-E) of the U.S. Department of
Energy.
Claims
1-4. (canceled)
5. A method for detecting a possible cyber attack on an
alternating-current power distribution grid, such distribution grid
excluding high-voltage transmission lines, such distribution grid
having a plurality remotely-operable elements said such
remotely-operable element having a present state, the method
comprising the following steps: Periodically obtaining a first set
of information about the present state of each remotely operable
element either from the remotely-operable element through a
communication network, or from instructions sent to the
remotely-operable element through a communication network, or both;
Employing the first set of information obtained about the present
state of each remotely-operable element to prepare State estimate A
of the alternating current power distribution grid Periodically,
but contemporaneously with obtaining the first set of information
employed to prepare the State Estimate A, making a plurality of
micro-synchrophasor measurements at not less than two locations on
the alternating current power distribution grid, such
micro-synchrophasor measurements being made with an angular
resolution of .+-.0.015.degree. or better; Using the
micro-synchrophasor measurements to calculate a plurality of
synchrophasor parameter values; using the synchrophasor parameter
values to calculate a State Estimate B of the alternating current
power, distribution grid, such State Estimate B being
contemporaneous with State Estimate A; Comparing the State Estimate
A to the contemporaneous State Estimate B, and detecting a possible
cyber attack if the State Estimate A and the contemporaneous State
Estimate B are not equal.
6. (canceled)
7. The method of claim 5, in which the step of comparing the State
Estimate A to the contemporaneous State Estimate B includes an
evaluation of confidence in the accuracy of the State Estimate A,
an evaluation of confidence in the accuracy of the contemporaneous
State estimate B, or both, and uses the evaluation of confidence in
accuracy to determine if there is sufficient information to
conclude whether State Estimate A and State Estimate B are not
equal.
8. (canceled)
9. An apparatus for detecting a possible cyber attack on an
alternating-current power distribution grid, such distribution grid
excluding high-voltage transmission lines, such distribution grid
having a plurality remotely-operable elements, each such
remotely-operable element having a present state, each each
remotely operable element capable of receiving commands to change
its state, or each such remotely-operable element capable of
reporting its present state, or both, the apparatus comprising the
following elements, such elements not necessarily co-located: A
State Estimator A element that periodically calculates a first
state estimate of the alternating-current power distribution grid
based on the commands to, and the reports from, the remotely
operable elements; A plurality, but not less than two,
micro-synchrophasor instruments periodically making synchrophasor
measurements on the alternating-current power distribution grid,
each such micro-synchrophasor instrument capable of making
micro-synchrophasor measurements with an angular resolution or
.+-.0.015.degree. or better, each, such micro-synchrophasor
instrument capable of reporting its synchrophasor measurements to a
Phasor Data Concentrator element, such Phasor Data Concentrator
element capable of calculating a plurality of synchrophasor and
power flow parameters; A State Estimator B element that calculates
a second state estimate, contemporaneous with the first state
estimate of the alternating-current power distribution grid based
on the plurality of phasor and power flow parameters; A State
Estimate Comparison element that compares the State Estimate A with
the contemporaneous State Estimate B, and if the state estimates
are not equal the State Estimate Comparison element reports that
the alternating-current power distribution grid is under a possible
cyber attack.
10. (canceled)
11. The apparatus of claim 14 in which the State Estimate
Comparison element includes an evaluation of confidence in the
accuracy of state Estimate A, the accuracy of State Estimate B or
both, and uses the evaluation of confidence in accuracy to
determine if there is sufficient information to conclude whether
State Estimate A and State Estimate B are not equal.
12. (canceled)
Description
CROSS-REFERENCE TO RELATED APPLICATIONS
[0001] Application Ser. No. 14/808,439, "Method and Apparatus for
Precision Phasor Measurements Through a Medium-voltage Distribution
Transformer"
REFERENCE TO SEQUENCE LISTING, A TABLE, OR A COMPUTER PROGRAM
LISTING COMPACT DISK APPENDIX
[0003] Not Applicable
BACKGROUND OF THE INVENTION
[0004] The present invention is in the technical field of
measurement of electric parameters.
[0005] More particularly, the present invention is in the technical
field of voltage and current phasor measurements on an alternating
current (a.c.) power distribution grid, and employing those phasor
measurements to detect a cyber attack on remotely-operable elements
of that power distribution grid.
[0006] Electric power distribution grids, including substations,
are commonly used to move a.c. power from high-voltage transmission
lines towards a set of loads, and sometimes to move power from
distributed generation resources.
[0007] These electric power distribution grids, including
substations, contain elements such as switches, bus connecting
elements, interrupting elements, and transformer tap changing
elements. To improve energy efficiency and grid reliability, these
elements are often configured for remote operation, for example by
an operator at a Distribution Grid Control Center.
[0008] Such a remote operation generally takes place through a
communication network. Often, the remotely-operable element can
report its present state. For example, a distribution grid control
center might be able to ask a remotely-operable switch to report if
it is "on" or "off", and a distribution control center could
instruct such a remotely-operable switch to change its state from
"off" to "on".
[0009] Such automated systems can be subject to cyber attack, an
event in which unauthorized individuals or organizations attempt to
take control of remotely-operated elements in a distribution grid,
or attempt to cause remotely-operated elements to incorrectly
report their state, or both.
[0010] In our Department of Energy ARPA-E Project DE-AR0000340,
titled "Micro-Synchrophasors for Distribution Systems," we have
been investigating the application of synchrophasor measurements to
medium-voltage distribution grids, as opposed to the traditional
application to high-voltage transmission grids. Due to smaller
inductances and shorter distances on distribution grids compared to
transmission grids, the phase angle changes during interesting
phenomena on distribution grids are much smaller. We have
determined that, for distribution grid applications, a angular
resolution for voltage phasors and current phasors of
.+-.0.015.degree. could be useful.
[0011] Such voltage phasor and current phasor measurements can be
used to detect cyber attacks on distribution systems.
SUMMARY OF THE INVENTION
[0012] The present invention is a method and apparatus for
detecting cyber attacks on remotely-operable elements on a
distribution grid by comparing a first state estimation of the
distribution grid based on the commands to and reports from the
remotely-operable elements, with a second state estimation of the
distribution grid based on precise phasor measurements performed on
the distribution grid. A difference between the two state
estimations indicates that the distribution grid may be under cyber
attack.
BRIEF DESCRIPTION OF THE DRAWINGS
[0013] FIG. 1 is an illustration of the present invention.
[0014] FIG. 2 is a view of an exemplary instrument used in the
present invention.
DETAILED DESCRIPTION OF THE INVENTION
[0015] Turning our attention to FIG. 1, we see an illustrative
example: a one-line schematic representation of a 3-phase
high-voltage transmission line 1, well known in the art, that
provides alternating current power to a substation 2, which is
equipped in this illustrative example with two transformers 3,4.
The medium-voltage secondaries of the two transformers 3,4 are
connected through remotely-operable elements 5,6, which are
switches in the present example, to two substation buses 7,8. The
two substation buses can be tied together through a
remotely-operable element 9, which, in the present example is a
normally-open switch.
[0016] Medium-voltage a.c. power leaves the substation through
other remotely-operable elements 10,11,12 and travels in the usual
ways, well known in the art, in this illustrative example through
distribution feeders 20,21,22,23,24,25,26,27, in some cases passing
through additional remotely-operable elements 13,14,15 to
ultimately reach loads 31,32,33,34,35. The exact nature of the
loads 31,32,33,34,35 are not important to the present
invention.
[0017] Continuing to examine FIG. 1, we see a Distribution Grid
Control Center 40 with connections 41 to the remotely-operable
elements 5,6,9,10,11,12,13,14,15 by any typical electric power grid
communication system, known to those familiar with the art.
[0018] Examining the illustration of the connections 41 to the
remotely-operable elements, we see that the arrows are
bi-directional, indicating that the Distribution Grid Control
Center 40 can both instruct the remotely-operable elements
5,6,9,10,11,12,13,14,15 to change to a different state, e.g. change
from "off" to "on", and the remotely-operable elements
5,6,9,10,11,12,13,14,15 may in some cases also report their state
to the Distribution Grid Control Center 40, both types of
communications taking place through the connections 41.
[0019] The exact nature of the connections 41 is unimportant to the
present invention except that the connections 41 may be subject to
a disruptive cyber attack. Such a disruptive cyber attack could,
for example, cause one or more of the remotely-operable elements
5,6,9,10,11,12,13,14,15 to transition to an undesired state; or it
could, for example, cause one or more of the remotely-operable
elements 5,6,9,10,11,12,13,14,15 to inaccurately report its state,
e.g. report that it is "off" when it is in fact "on".
[0020] Continuing to examine FIG. 1, we see three instruments
50,51,52 (referred to by those familiar with the art as
micro-phasor-measurement-unit(s), abbreviated .mu.PMU) for
measuring micro-synchrophasors that specifically measure
time-synchronized magnitude and phase angle of voltages and, in
some cases, currents on the distribution feeders 20, 23, 26. It
will be recognized by those familiar with the art that the location
in the distribution grid that has been selected for these .mu.PMU's
50, 51, 52 in FIG. 1 is simply illustrative of the present
invention, and that other placements incorporating more or fewer
.mu.PMU's could be selected.
[0021] The .mu.PMU's 50, 51, 52 report their time-synchronized
magnitudes and phase angles through communication channels 53, the
precise nature of which is not important to the present invention
except that it is unlikely to be subject to the attack at the same
time and in the same way as the other connections 41, to a Phasor
Data Concentrator 60 of a type well-known in the art, which
calculates various phasor and power flow parameters such as phase
angle differences, the exact list and nature of which is not
critical to the present invention. These phasor and power flow
parameters are passed to a Phasor-based State Estimator 61, which
has algorithms, the nature of which do not limit the present
invention, that employ the values of the phasor and power flow
parameters to form an estimate of the state of this distribution
grid.
[0022] By the "state" of this distribution grid, we mean the
present state of all of the elements in this distribution grid,
including the remotely-operably elements 5,6,9,10,11,12,13,14,15 .
Returning our attention to the Distribution Grid Control Center 40,
we see that, based on the information it receives from
remotely-operable elements 5,6,9,10,11,12,13,14,15 through their
connections 41, it prepares State Estimation A 43 and communicates
it through a communication channel 42, the nature of which is not
critical to the present invention. A second State Estimate B 62 is
prepared by the Phasor-based State Estimator 61 and communicated
through a connection 63.
[0023] A State Estimation comparison block 44, the details of which
are not critical to the present invention, compares State
Estimation A 43 with State Estimation B 62. The State Estimation
comparison block 44 may, for example, simply compare the estimated
states prepared in State Estimation A 43 and State Estimation B 62;
or it may also include an evaluation of confidence in the
estimations prepared by State Estimation A 43 and State Estimation
B 62, or use other algorithms to conclude whether the two State
Estimations are sufficiently equal.
[0024] If the algorithm comparison block 44 determines that the two
State Estimations 43, 62 are not equal, it concludes that the
distribution grid may be under a cyber attack. It could, for
example, use a communication channel 45 to activate an alarm 46 in
the Distribution Grid Control Center. It will be apparent to one of
ordinary skill that the above description, which assumes a
single-phase system, can be readily extended to three-phase
systems.
[0025] Turning our attention now to FIG. 3, we see an illustration
of a Micro Synchrophasor Instrument 31 which implements one
possible embodiment of the present invention. (The hand 37 in the
illustration is shown to visually indicate approximate scale, and
does not play any part in the present invention.) This Micro
Synchrophasor Instrument 31 is one embodiment of the uPMU
instrument 52 shown in FIG. 1.
[0026] The Micro Synchrophasor Instrument 31 incorporates a display
33 and communications means 36. The display 33 is not an essential
element to the present invention. The Micro Synchrophasor
Instrument 31 also incorporates voltage inputs 35 for measuring
voltage phasors, current inputs 34 for optionally measuring the
current phasors, and computing means 32 for converting raw voltage
measurements and optional raw current measurements into phasor
measurements.
[0027] While the foregoing written description of the invention
enables one of ordinary skill to make and use what is considered
presently to be the best mode thereof, those of ordinary skill will
understand and appreciate the existence of variations,
combinations, and equivalents of the specific embodiment, method,
and examples herein. The invention should therefore not be limited
by the above described embodiment, method, and examples, but by all
embodiments and methods within the scope and spirit of the
invention.
* * * * *