Stealthy cyber attacks and impact analysis on wide-area protection of smart grid

Smart grid is vulnerable to many cyber attacks due to legacy nature of the infrastructure coupled with increase in control and monitoring functions through cyber advancements. Remedial Action Scheme (RAS), widely used for wide area protection, provides autonomous operations through the RAS controller. Due to its dependence on the timely cooperation of multiple devices and communication network, it is highly vulnerable to cyber attacks. In this paper, we present an impact analysis for the power system due to a class of malware-based coordinated cyber attacks targeting the RAS scheme. Specifically, we make the following two contributions. First, modeling a stealth attack vector based on malware and coordinated attack behavior. In particular installing the malware (Trojan horse) in the RAS controller which turns the controller into an attacker's bot. Then, performing a coordinated attack which involves malicious tripping of one of the parallel lines connected to a generator followed by the continuous pulse attack on the generator. The pulse attack includes periodically changing the generations through RAS controller which remains undetected by the control center. Second, testbed-based implementation and evaluation to quantify system impacts. We have leveraged Iowa State's PowerCyber CPS security testbed for experimental evaluation. In our evaluation, we varied the duty cycle of the pulse attack to obtain different attack scenarios and consequent impacts are analyzed on modified IEEE 9-bus system in real-time simulation. Our studies show that the duty cycle of the pulse attack is a critical factor in determining the severity of the attack impacts on system stability.