Downloaded from orbit.dtu.

dk on: oct 12, 2020

A Review of Cyber-Physical Energy System Security Assessment

Rasmussen, Theis Bo; Yang, Guangya; Nielsen, Arne Hejde; Dong, Zhaoyang

Published in:
Proceedings of 12th IEEE Power and Energy Society PowerTech Conference

Link to article, DOI:

Publication date:
2017

Document Version
Peer reviewed version

Link back to DTU Orbit

Citation (APA):
Rasmussen, T. B., Yang, G., Nielsen, A. H., & Dong, Z. (2017). A Review of Cyber-Physical Energy System
Security Assessment. In Proceedings of 12th IEEE Power and Energy Society PowerTech Conference IEEE.
https://doi.org/10.1109/PTC.2017.7980942

General rights
Copyright and moral rights for the publications made accessible in the public portal are retained by the authors and/or other copyright
owners and it is a condition of accessing publications that users recognise and abide by the legal requirements associated with these rights.

 Users may download and print one copy of any publication from the public portal for the purpose of private study or research.
 You may not further distribute the material or use it for any profit-making activity or commercial gain
 You may freely distribute the URL identifying the publication in the public portal

If you believe that this document breaches copyright please contact us providing details, and we will remove access to the work immediately
and investigate your claim.
 A Review of Cyber-Physical
Energy System Security Assessment
Theis B. Rasmussen, Zhaoyang Dong
Guangya Yang, Arne H. Nielsen School of Electrical and Information Engineering
Department of Electrical Engineering The University of Sydney
The Technical University of Denmark Sydney, New South Wales, Australia
Kongens Lyngby, Denmark
[email protected]

Abstract—Increasing penetration of renewable energy re- is transitioning into a complex cyber-physical energy system
sources (RES) and electrification of services by implementing (CPES) [3]. The strong interactions across systems in a CPES
distributed energy resources (DER) has caused a paradigm shift entails new challenges in maintaining a high security of supply,
in the operation of the power system. The controllability of the
power system is predicted to be shifted from the generation as new factors can affect the general security of the power
side to the consumption side. This transition entails that the system. Such factors include cybersecurity, behavior and con-
future power system evolves into a complex cyber-physical energy straints of neighboring energy systems, and the dynamics
system (CPES) with strong interactions between the power, of interactions between the different systems [4]. In order
communication and neighboring energy systems. Current power to acknowledge security threats from ICT and neighboring
system security assessment methods are based on centralized
computation and N-1 contingencies, while these risks should energy systems, a revisit of current power system operation
still be considered in the future CPES, additional factors are methods is necessary.
affecting the system security. This paper serves as a review Power system security assessment plays a central role in
of the challenges entailed by transforming the power system maintaining a high security of supply. However, it is based on
into a CPES from a security assessment perspective. It gives a centralized power system and does not consider the threats
an indication of theoretical solutions to CPES challenges and
proposes a new framework for security assessment in CPES. entailed by the transition towards a CPES. The aim of this pa-
per is to review the power system security assessment method
Index Terms—Communication system, cyber-physical systems, from a CPES perspective. This review includes a description
distributed power generation, power system security, security of the current security assessment method, a presentation of
assessment. operational factors of CPES to be considered, a discussion of
challenges of the current security assessment method entailed
I. I NTRODUCTION by CPES, and propose a new framework for future CPES
The recent increase in implementation of generation based security assessment.
on renewable energy sources (RES) such as wind and solar, Section II introduces the current power system security
together with an increased focus on mitigating emission of assessment method and the three key factors, safety, security
greenhouse gasses in services such as transportation, through and sustainability, of cyber-physical system (CPS) operation.
electric vehicles (EVs), and domestic heating through heat Section III discusses CPES challenges of the current security
pumps (HPs), have led to a complex layout of the future power assessment method, section IV presents a new framework
system [1]. Integrating these technologies into the power for CPES security assessment based on the discussion in
system changes its topology from being centralized with a section III and emerging methods and philosophies. Section
few large controllable synchronous generators to being de- V concludes.
centralized with numerous distributed generating (DGs) units
based on intermittent energy sources [2]. In order to manage II. CPES T RANSITION
the decentralization of the power system, smarter monitoring Kundur et al. [5] have defined power system security as the
and control techniques are required. This issue is addressed degree of risk in its ability to survive imminent disturbances
by implementing an advanced metering infrastructure (AMI) without interruption of customer service. In order to ensure a
through smart meters and phasor measurement units (PMUs), high level of supply security, power system operators need to
as well as a further utilization of information and communi- verify operational properties in its continuous operation and
cation technologies (ICT). in the event of a disturbance that can change the operational
ICT helps improve the visibility of current power system environment. If a disturbance is expected to interrupt or limit
operation and enhances the possibilities of advanced control the supply, the power system operators are required to change
processes [1]. The ICT network build around the power system the operation of the power system in order to secure the system
becomes more and more integrated and the whole system from such a disturbance [6].
A. Power System Security Assessment the operation of the ICT network and depends on the reliable
The starting point of the continuous process of security operation of the CPES as a whole.
assessment is the monitoring phase as shown in Fig. 1. De- B. CPS Safety, Security and Sustainability
pending on the measuring devices, a supervisory control and
In recent years the classification of CPS has emerged in
data acquisition (SCADA) network, PMUs or a combination
different technologies such as health care, smart energy and
of both, measurements are taken and send to the control
industrial control systems [8], [9]. In CPS, there is a general
center every few second or millisecond. The measurements
understanding of three key factors that has to be preserved
include physical properties such as system frequency, bus
in order for CPS to function as intended. These factors
voltages, equipment thermal loading and generator rotor angle
are referred to as S3, and consist of safety, security and
displacement as well as load and generation levels [6]. After
sustainability. The complexity of the power system transition
measurements are received by the control center, operational
towards a CPES is illustrated in Fig. 2. First of all, CPS safety
constraints are verified. This process takes place in the alarm-
is characterized as avoidance of hazards that can interrupt the
phase shown in Fig. 1, where a few constraint examples are
CPS operation [3]. These hazards are the result of different
listed [6].
interactions within the CPS symbolized by the blue dobble
Every few minutes, the measured data are used by the power
arrows in Fig. 2.
system operators to perform the contingency analysis shown in
In CPS there are intended and unintended interactions
Fig. 1. The contingency analysis is based on the N-1 criterion
between the different systems, where intended interactions
and involves simulating a model of the power system, where
are created to improve the CPS operation and unintended
one component is taken out of operation, through a load flow
interactions are caused by changes in the different system
calculation to see how the power system reacts to such a
environment that can have a harmful effect on the system
disturbance. Ideally, power system operators should simulate
operation [3]. Furthermore, researchers distinguish between
all possible contingencies in order to ensure power system
three different types of interactions, inter-physical, cyber-
security. However, the computational burden of simulating the
physical and inter-cyber interactions. Each of these types
power system model is too extensive. Therefore, power system
can have both intended and unintended interactions [3]. As
operators identify and simulate the most critical contingencies
the power system transits towards a CPES with numerous
and assume the remaining possible contingencies have limited
interactions, the reliability of electricity supply depends on
effect on the power system [7].
CPS safety in avoiding all serious hazards.
As shown in Fig 1, the results from the contingency analysis
CPS security is characterized as assurance of integrity,
are used to check power system operation in case of a
authenticity, and confidentiality of information, which can be
disturbance. This check is performed in the alarm-phase of
understood as ensuring the cybersecurity of the ICT system in
Fig. 1, where operational values are compared to power system
the CPES from unauthorized access [3]. As the future power
constraints. If either current operation or a disturbance can
system will rely on a complicated ICT system to monitor and
cause operational constraints to be violated, power system
control the operation of future CPES, the security and validity
operators need to perform preventive control [6]. Power system
of the data transmitted in the communication network and
operators can perform different actions in order to satisfy
processed in the information network becomes an important
operational constraints, some of them are listed in Fig. 1.
factor to consider [10]. In Fig. 2, the security of the CPES is
The current security assessment displayed in Fig. 1 is highly
represented by a cyber-perimeter which objective is to block
dependent on valid measurements and accurate computations
hackers who try to access the CPES.
in comparing operational limits and calculating load flow. In
this way, the power system already has strong relations to
Cyber-physical
Energy System

Contingency Traditional
Monitoring Power System
analysis
- Physical properties - N-1 criterion
- Generation
- Load
No Alarm?
- Power balance
- Property limits Security
- Reserve capacity
Yes Centralized Decentralized

- Generation dispatch
Perform Safety
- Change topology
control - Risk consideration (unintended interactions)
- Voltage control - Preventive controls (intended interactions)

Fig. 1. Flowchart of current power system security assessment method. Fig. 2. Power system transition towards a cyber-physical energy system.
 The last of the entities in S3, required for ensuring intended performance requirements for control center computers to
operation of CPS, is sustainability which is characterized as process the data and give relevant and valid information of
maintenance of long-term operation of CPS using environ- current power system operation in a timely fashion [1].
mental friendly sources of energy [3]. From a power system
perspective, the motivation for transitioning the power system B. Contingency Analysis
into a CPES is to enable an efficient integration of RES into The contingency analysis in security assessment serves to
the generation part and environmental friendly alternatives increase the security of supply by acknowledging possible
to services into the consumption part of the power system. disturbances that can affect the power system dynamics. As
Therefore, you could say that sustainability is an inherent part described in section II, the current practice is to investigate
of the future power system through the decentralization of possible power system equipment outages that have the largest
generating units, which is illustrated by the arrow in Fig. 2. In impact on the continuous operation [5], [6]. In the CPES, the
order to ensure CPES sustainability, the power system needs power system will have strong interactions with neighboring
intelligent control and monitoring processes from the ICT energy systems such as the transportation, waste treatment and
system because of the intermittent nature of distributed energy domestic heating system [15].
resources (DERs). These systems operate in ever changing environments which
complicate the contingency analysis by increasing the number
III. S ECURITY A SSESSMENT C HALLENGES of possible disturbances with unknown severity. The uncer-
The main challenge of the current security assessment tainty lies in the operational environment of neighboring
method is the decentralization of generating units and interac- energy systems, which indirectly affects the operation of the
tions between the power system and an ICT network, which power system. The operation of neighboring energy systems
changes the landscape of the modern power system. This are limited by a set of technical, environmental and govern-
change affects the requirements of power system operational mental constraints. Reaching these limits during operation can
methods that help operators maintain a high security of supply disturb the CPES by limiting its controllability.
illustrated by the transition in Fig. 2. From the characterization As more end-user services are electrified, the CPES has
of a CPES based on S3, it is apparent that each phase of more interactions with energy systems affected by end-user
the current security assessment method in Fig. 1 becomes irrational behavior. Even though power system engineers are
insufficient, as a method of securing the electricity supply in trying to implement control of end-user consumption, there is
the future. no certainty that end-users will behave rational and always re-
member to plug-in EVs as an example. Additional uncertainty
A. Monitoring is introduced as more intermittent DGs are installed. Thereby
In section II the monitoring phase of security assessment the power system becomes more dependent on the weather
is described as providing the power system operators with the system, which increases the operational uncertainty further.
visibility of the current operational status. In this way ensuring In the CPES, the power system and the ICT network are
the validity of the acquired data is extremely important in interdependent, meaning a loss of power supply at a substation
operating power systems. With the transition towards a CPES, or load bus affects the ICT equipment and when the ICT
monitoring the current power system operation becomes in- network fails control, computation and monitoring actions be-
creasingly challenging. In recent years, researchers have in- comes disabled. This cascading behavior has previously been
vestigated the possibility of ICT cyberattacks with false data the cause of a major blackout which happened in Italy in 2003
injection into a CPES, that can result in an inaccurate picture [16]. From this interdependence the complexity of determining
of power system operation [1], [11], [12]. possible contingencies increases further. Not only physical
In [11] the authors concluded that the current practice of bad power system equipment failure can cause disturbances, but
data detection (BDD) to ensure data validity is insufficient as also failure of ICT network equipment.
knowledgeable attackers can inject data which evades BDDs. The increasing interactions between ICT and the power
Additional cyber-attacks, such as replay attacks and denial of system was visualized in December 2015 when hackers gained
service (DoS) attacks, that can affect the visibility of the power access of a part of the Ukrainian power system control center
system are described in [13]. and caused a region wide blackout [18]. Such an extreme
The DoS attacks are not the only challenge that can cause interference raise new questions to the security of the future
congestion of communication channels [14]. As more and power system as a CPES [4], [10], [19] and adds an additional
more electronic devices have communication capabilities as contingency to the contingency analysis pool in the form of
an inherent part of their design, a larger amount of data is outages of region wide SCADA networks.
communicated and bottlenecks in the ICT network can occur. Additional risk is present in the power system control
By considering the power system as a dynamic physical equipment, as a large number of the distributed units, have
system, communication latency and interruptions can affect autonomous control abilities. If hackers gain access to them,
the validity of the current power system operation shown they can change the control of these equipment to perform
at the control center. Additional challenges are entailed by harmful instead of helpful actions [9], [17]. These contingen-
the increase in the amount of data, which puts additional cies apply a whole new level of risk and complexity in the
security assessment not considered in the current formulation method is known as load shedding. If hackers gained access
of the method. to such a control mechanism, the protective nature of load
From this short discussion of contingencies introduced by shedding could be turned into a disruptive action instead [22].
the transition towards a CPES, the sheer number and variety
of possible contingencies is evident. The current contingency IV. CPES S ECURITY A SSESSMENT
analysis is based on the N-1 criterion, but with the increasing
From the discussion of challenges and limitations of the
number of interactions between systems in the CPES, predict-
current security assessment method in section III it is apparent
ing the possible contingencies and their impact becomes even
that a revisit of the traditional method is needed when con-
more complicated than previously.
sidering the transition towards a CPES shown in Fig. 2. An
C. Preventive Control Actions updated security assessment method for CPES should consider
both interactions between the power system and neighboring
As the power system have previously been a centralized
energy systems as well as the ICT network and the risk of
physical system based on large generating units, the protective
cyber-attacks.
actions have been performed by performing a constrained eco-
A summary of all challenges described in section III are
nomic dispatch where contingency impacts are considered [5],
divided into each phase of the security assessment shown in
[6]. However, due to the decentralization, a growing interest
Fig. 1 and are shown in Table I. In this section a description of
in the research community has focused on the paradigm shift
different technologies and methods that could help transform
where regulating actions are shifted from the generation side
the security assessment method and make it useful in the
to the consumption side.
future CPES. In this way, the aim of the current security
This paradigm shift has resulted in numerous possible
assessment will stay the same, but the means of achieving this
control actions performed by distributed equipment that help
aim will change. Following the Ukraine blackout in December,
improve the operational status of the power system in a
continuous fashion. Examples of these include static VAR
compensators, inverters with droop control and active power TABLE I
C HALLENGES FOR POWER SYSTEM SECURITY ASSESSMENT
storage devices. However, as previously described, these de-
vices are vulnerable to unauthorized access where either the Phase Challenge Solutions
control methods can be altered or false data can cause internal Cyber-attacks IDS
control loops to perform undesirable control actions. Besides Monitoring Communication congestion DI
the risk of cyber-attacks, the autonomous control capabilities Large data quantity Big data
can also misbehave due to non-considered events as has Neighboring system constraints RMP
been seen on November 4, 2006, where a major European Neighboring system uncertainty RMP
blackout occurred. When the frequency increased beyond the Contingency Interdependence IA
safe operation range of the wind farms in the Northeastern part analysis Unauthorized control IDS
of Germany, they disconnected. When the operators managed SCADA outage RMP
to improve the operational status of the power system and Determining worst case DC
lowered the frequency, the wind farms reconnected and forced Recurring autonomous control Coordination
a recurring increase of system frequency [20]. Preventive Cyber-attacks IDS
In the consumption side of the power system, new methods control actions Large-scale economic dispatch DO
for controlling consumption have emerged. Most popular is the
demand response (DR) method, where household appliances 2015, cybersecurity of power systems has been a hot topic for
and electrified services can be controlled to change consump- both ICT and power system researchers [18]. The research
tion to balance the power system [21]. However, compared to focus is further emphasized after the North American Electric
the traditional economic dispatch, where a relative few number Reliability Corp. (NERC) has announced an update of their
of units have to be coordinated, the DR method includes grid codes from July 2016. The updated grid codes demand
controlling thousands, if not millions, of distributed units. that power system operators change the current methodology
Therefore, the complexity of performing protection actions of of creating a cyber-perimeter to avoid unauthorized access, to
power systems increases rapidly [1], [15]. actively perform intrusion detection and prevention [23].
Furthermore, when all these distributed units are capable Already at the time of writing, there exists numerous
of providing control which should help ensuring the security different intrusion detection systems (IDS), some of which are
of supply, further cyber security risk can be considered as explained in [9]. By implementing IDS into the CPES security
unauthorized personal can enforce protective control actions assessment method as additional cyber security measures, the
when not required. An example is in the case of smart meters, general CPS security increases as the monitoring and com-
which are predicted to be distributed to all households in most munication network is less vulnerable to unauthorized access.
countries to enable real time pricing. These smart meters are As seen in Table I, the implementation of IDS could help
equipped with a control capability which allows the utility counteract challenges in all phases of the security assessment
company to disconnect the households from the grid, this method.
 In [1] the possibility of distributing calculations and deci- be done in a continuous fashion for the cyber risk in the CPES,
sions making in the ICT network is introduced. The authors the SCADA outage challenge in the contingency analysis in
propose utilization of the increased computational capacity of Table I could be treated.
integrated electronic devices (IEDs) to decentralize parts of A RMP can also be developed to analyze the threats posed
the control and computation responsibilities. By implementing by neighboring energy systems and their changing environ-
distributed intelligence (DI) into parts of the CPES, additional ment. For example an identification of possible changes in the
challenges in Table I can be solved. In the monitoring phase, neighboring energy system environments could be performed
DI can help analyze and filter data to limit the communication utilizing system specific techniques such as weather forecasts,
channel congestion. seasonal or daily variations in transport requirements etc.. The
In the preventive control phase of security assessment, impact of these risk can then be analyzed and evaluated in a
distributed optimization (DO) can help by locally calculate similar fashion as cyber risk, which could be useful for treating
the required control actions that help balance the power system the neighboring energy system constraints and uncertainty
in its current operation and against disturbances. By utilizing challenges of the contingency analysis parts of Table I.
DO, the number of units in the large-scale economic dispatch The topic of interdependency have previously been covered
decreases which increases the computational speed. Further- by [16] and [12]. In the latter, the effects of having backup
more, in the contingency analysis phase, the determination power supply to control centers in the ICT network is in-
of worst case scenarios could be partially solved as the vestigated. The process of a interdependency analysis (IA) in
combined computational power would increase when utilizing the CPES can be applied in the CPES security assessment
distributed computation (DC). This means that a larger number method and give indications of large scale contingencies and
of contingency situations can be investigated. their combined impact in the power system and the ICT
In recent years researchers have looked into the Internet of network. The integration of such an analytical tool could solve
Things (IoT) and the concept of big data [24]. The utilization the interdependence challenge in the contingency analysis in
of these technologies is widespread and could potentially be Table I.
applicable to the power system. As more and more data is In case of a fault in the power system or unsustainable oper-
generated and available, a number of big data computational ating conditions, autonomous control units can help providing
tools have been developed which can help scientists in pro- fast regulating actions. However, as mentioned earlier they
cessing large scale data. In the monitoring phase of security can also worsen the problem due to build-in control action
assessment, a challenge is the large amount of available data constraints. In order to ensure fast recovery from a fault, it
and how to process it safely without losing important signals would make sense to analyze the behavior of autonomous
or alarms. Therefore the authors propose an investigation of control units in normal and abnormal operating conditions
big data computational tools, such as machine learning and and coordinate the control of these units in case of abnormal
clustering, applied to SCADA and PMU data [24]. The aim operating conditions, the implementation of fault coordination
is to improve the visibility and ease the preventive action is shown in Table I for the recurring autonomous control
decision process. challenge in the preventive control action phase.
The power system is not the only large scale system that is
facing problems and threats through strong interconnections A. Proposed framework
with ICT. For several years, industrial control systems have The discussion on problems faced by the current security
recognized the risk of unauthorized personnel access due assessment method in Section III. and the possible theoret-
to the growing digitalization of monitoring and actuating ical solutions presented in Section IV. is used as the base
devices. The common practice of industrial cyber security of a framework for CPES security assessment presented in
starts by consultants performing a risk assessment (RA) of the following. The general idea of the new security assess-
the current control system. From this point security measures ment framework is to distribute the process of monitoring,
such as encryption and certification of programmable logical contingency analysis and preventive actions decision to the
controllers (PLCs) are implemented [25]. distribution level.
In industrial control systems, the scale is somewhat small In the CPES, the distribution network is diverse and ranges
compared to the power system. In the CPES, new devices are from substations connected to distributed generation such
implemented continuously and their sheer number is too large as wind farms, to substations connecting residential areas
for encrypting the whole network. Therefore RA in the power with both generation and consumption. The CPES security
system should be implemented as a continuous process as part assessment method is based on an implementation of IEDs
of a risk management process (RMP) [25]. at a substation level. At this level, the IEDs will perform the
The RMP contains different steps where the context of tasks presented in Fig. 3. In Fig. 3 the monitoring task is
the system is analyzed to provide an overview of intended preceded by an intrusion detection task, the type of IDS at each
operation. After a context establishment, RA is performed substation can vary according to the operational environment.
which consists of a risk identification, risk analysis and risk After the signals measured in each substation area is validated
evaluation process. These processes give an overview of the by the IDS, the IED observes whether the measured values
current security threats and their impact. If such a RMP could are within operational limits. By performing this verification
 Intrusion Risk [2] H. Farhangi, ”The path of the smart grid,” IEEE Power and Energy
Contingency
detection Monitoring management
system process
analysis Magazine, vol. 8, no. 1, pp. 18-28, Jan.-Feb. 2010.
[3] A. Banerjee, K. K. Venkatasubramanian, T. Mukherjee and S. K. S. Gupta,
”Ensuring Safety, Security, and Sustainability of Mission-Critical Cyber-
No Alarm? Physical Systems,” Proc. of the IEEE, vol. 100, no. 1, pp. 283-299, Jan.
2012.
[4] X. Shi, Y. Li, Y. Cao and Y. Tan, ”Cyber-physical electrical energy
Yes
systems: challenges and issues,” CSEE Journal of Power and Energy
Systems, vol. 1, no. 2, pp. 36-42, June 2015.
Perform
control [5] P. Kundur et al., ”Definition and classification of power system stability
IEEE/CIGRE joint task force on stability terms and definitions,” IEEE
Transactions on Power Systems, vol. 19, no. 3, pp. 1387-1401, Aug. 2004.
Fig. 3. Proposed framework of security assessment of future cyber-physical [6] A. J. Wood, B. F. Wollenberg and G. B. Shebl, Power system security, in
energy system. Power generation, operation, and control, 3rd ed. New York, Wiley, 2013,
ch. 7, pp. 296-349.
[7] K. Morison, L. Wang and P. Kundur, ”Power system security assessment,”
on a substation level, less data is being transferred to the IEEE Power and Energy Magazine, vol. 2, no. 5, pp. 30-39, Sept.-Oct.
2004.
main control centers and the risk of communication channel [8] S. Huang, C. Zhou, S. Yang and Y. Qin, ”Cyber-physical System Security
congestion is lower. for Networked Industrial Processes,” International Journal of Automation
As in the original security assessment method, the IEDs and Computing, vol. 12, no. 6, pp. 567-578, Dec. 2015.
[9] R. Mitchell III, ”Design and Analysis of Intrusion Detection Protocols in
will assess the security of the system by including faults and Cyber Physical Systems,” Ph.D. dissertation, Dept. Computer Sciencem,
disturbances, that can happen in each distinctive area, in the Virginia Polytechnic Institute and State University, Falls Church, VA, 2013.
contingency analysis task of Fig. 3. Prior to the contingency [10] G. N. Ericsson, ”Cyber Security and Power System Communica-
analysis, the IEDs will utilize knowledge about their respective tionEssential Parts of a Smart Grid Infrastructure,” IEEE Transactions on
Power Delivery, vol. 25, no. 3, pp. 1501-1507, Jul. 2010.
area to predict the worst case scenarios based on the risks and [11] Y. Liu, P. Ning and M. Reiter, ”False Data Injection Attacks against
uncertainties in their part of the CPES, including interactions State Estimation in Electric Power Grids,” ACM CCS, pp. 21-32, Nov.
between physical and cyber systems. 2009.
[12] L. Liu, J. Ma, Z. Dong, G. Chen and K. Wong, ”Influence of enhanced
In the case where a preventive actions is needed, the interconnecting links on cascading failures in smart grid,” IEEE Power &
IEDs will evaluate the distributed control of their area and Energy Society General Meeting, Denver, CO, 2015, pp. 1-5.
coordinate and perform the optimal control. If the system is [13] A. Teixeira, H. Sou, H. Sandberg and K. Johansson, ”Secure Control
Systems,” IEEE Control Systems Magazine, pp. 24-45, Feb. 2015.
unable to perform a suitable preventive action, the required
[14] National Institute of Standards and Technology, ”Guidelines for Smart
information about needed control are send to the transmission Grid Cybersecurity,” National Institute of Standards and Technology Inter-
level control center, which will act as an additional layer of agency Report 7628 Rev. 1, Vol. 1, Sep. 2014.
security, [15] R. C. Green, L. Wang and M. Alam, ”Applications and Trends of High
Performance Computing for Electric Power Systems: Focusing on Smart
The transmission system control center will perform a secu- Grid,” IEEE Transactions on Smart Grid, vol. 4, no. 2, pp. 922-931, Jun.
rity assessment of similar to the one shown in Fig. 3 and will 2013.
handle the overall operation of the system by including central [16] S. Buldyrev, R. Parshani, G. Paul, H. Stanley and S. Havlin, Catastrophic
cascade of failures in interdependen networks, Nature, vol. 464, pp. 1025-
power plant operation points and interdependence analysis in 1028, Apr. 15 2010.
the contingency analysis. [17] C. Ten, C. Liu, G. Manimaran, ”Vulnerability Assessment of Cyberse-
curity for SCADA Systems,” IEEE Transaction on Poer Systems, vol. 23,
V. C ONCLUSION No. 4, pp. 1836-1846, Nov. 2008.
[18] K. Zetter. (2016, January 20). Everything we know about
In this paper, the power system security assessment is Ukraines power plant hack (1st ed.) [Online]. Available:
analyzed in a CPES with strong interconnections between the https://www.wired.com/2016/01/everything-we-know-about-ukraines-
power system, ICT network and neighboring energy systems. power-plant-hack/
From the analysis of CPS safety, security and sustainability in [19] Y. Mo et al., ”CyberPhysical Security of a Smart Grid Infrastructure,”
Proceedings of the IEEE, vol. 100, no. 1, pp. 195-209, Jan. 2012.
the future CPES, a number of challenges are listed for each of [20] Union for the co-ordination of transmission of electricity, System
the three phases in the traditional security assessment method. disturbance on 4 November 2006, UCTE, Final report, 2007.
Based on the challenges, a new framework for CPES security [21] J. Mathieu, T. Rasmussen, M. Sørensen, H. Jó hannsson and G. Ander-
sson, ”Technical resource potential of non-disruptive residential demand
assessment is proposed, which adds new solutions, such as response in Denmark,” in IEEE PES General Meeting Conf. & Expo.,
IDS and RMP, on top of the traditional power system security National Harbor, MD, 2014, pp. 1-5.
assessment method. [22] S. Sridhar, A. Hahn and M. Govindarasu, ”CyberPhysical System
Security for the Electric Power Grid,” Proc. of the IEEE, vol. 100, no.
Topics of further research include investigation of IDSs, dis- 1, pp. 210-224, Jan. 2012.
tributed optimization, intelligence and computation, analysis [23] P. Fairley. (2016, April 20). Upgrade coming to grid cybersecurity
of utilizing big data computational tools to improve visibility in U.S. (1st ed.) [Online]. Available: http://spectrum.ieee.org/energy/the-
and development of a RMP that can cover all risks in a CPES. smarter-grid/upgrade-coming-to-grid-cybersecurity-in-us
[24] J. Stankovic, ”Research Directions for the Internet of Things,” IEEE
R EFERENCES Internet of Things Journal, Vol. 1, No. 1, pp. 3-9, Jan 2014.
[25] Y. Cherdantseva et al., ”A Review of Cyber Security Risk Assessment
[1] X. Yu and Y. Xue, ”Smart Grids: A CyberPhysical Systems Perspective,” Methods for SCADA Systems,” Elsevier Journal in Computers and Secu-
Proc. of the IEEE, vol. 104, no. 5, pp. 1058-1070, May 2016. rity, Vol. 56, pp. 1-27, Oct. 2015.