A Survey on Synchrophasor Data Quality and Cybersecurity Challenges, and Evaluation of their Interdependencies

11/23/2018 ∙ by Aditya Sundararajan, et al. ∙ 0

Synchrophasor devices guarantee situation awareness for real-time monitoring and operational visibility of the smart grid. With their widespread implementation, significant challenges have emerged, especially in communication, data quality and cybersecurity. The existing literature treats these challenges as separate problems, when in reality, they have a complex interplay. This paper conducts a comprehensive review of quality and cybersecurity challenges for synchrophasors, and identifies the interdependencies between them. It also summarizes different methods used to evaluate the dependency and surveys how quality checking methods can be used to detect potential cyber-attacks. In doing so, this paper serves as a starting point for researchers entering the fields of synchrophasor data analytics and security.

READ FULL TEXT VIEW PDF
POST COMMENT

Comments

There are no comments yet.

Authors

page 2

This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.

1 Introduction

Smart grid has complex dependencies between physical and cyber realms mqtt ; theft15 ; theft18 ; theft16 . This has been demonstrated by recent attacks on smart grid (Table 3dagle ; corsi ; larsson ; berizzi ; gomes ; imai . These attacks exploited a limited visibility of the system and inadequate support from reliability coordinators theft17 ; theft22 ; bhatt ; nerc1 ; zima ; theft12 ; ashton ; naspi1 ; gomes2 ; theft19 ; theft20 ; theft21 . Wide-area measurement systems (WAMS) increase the situation awareness (SA) for operators sutar ; narendra ; novosel . WAMS devices that are part of the wide area monitoring, protection, automation and control include phasor measurement units (PMUs) at transmission, frequency disturbance recorders (FDRs) at low-voltage distribution and micro-PMUs (PMUs) for distributed renewables, called synchrophasors gentz ; reddy ; amare ; theft13 ; theft14 ; negash ; rahman ; nazari ; chouhan ; micropmu .

Significant challenges to the implementation of synchrophasors have emerged in communication, data quality and cybersecurity. The existing communication infrastructure is slow, expensive and inflexible. To leverage SA and support timeliness, adequate quality checking methods must be in-place at the phasor data concentrators (PDCs) which aggregate and process raw data and flag corrupt data. Due to their ubiquity, synchrophasors have an increased attack surface. The applications and challenges of synchrophasors are well-researched sexauer ; singh ; sanchez ; tushar ; lauby ; mohanta . However, the challenges of data quality and cybersecurity are considered one independent of the other, when in reality, they are interdependent pmudqnaspi ; christo ; zhu ; yangbo ; nadia ; veda ; sabha ; danielson2013analysis ; huyi ; kdjones ; huang ; huang1 ; gpsspoof ; morris ; cyberlikeli ; cyberthreats ; hlin ; beasley ; tiago ; energies ; auth01 ; auth02 ; auth03 ; attack01 ; attack02 ; doesecchal ; pmuchal ; re10

. Further, the literature does not leverage the knowledge of one challenge to address the other. For example, studying the changes to data quality can be key to potentially identify an underlying attack vector or an unexploited vulnerability.

The main contributions of this paper are: (1) maps the dependencies between data quality and cybersecurity challenges of synchrophasors; (2) reviews the methods to evaluate the challenges; and (3) surveys how data quality checking methods can leverage their observations to detect issues related to security. The paper also provides a high-level overview of synchrophasors, their standards, key applications, and challenges johnson ; martin ; ali ; retty . It is key to know that poor quality can be due to device errors or communication challenges like congestion and packet collision. Similarly, all cyber-attacks do not impact the data, although reduction in quality is one of the biggest observable consequences of a successful attack. A layout of WAMS comprising synchrophasors is shown in Fig. 1. This paper explores the challenges for PMUs at transmission and FDRs at distribution level.

Figure 1: Layout of smart grid WAMS comprising PMUs, PMUs, FDRs and PDCs
Figure 2: The proposed structure of this survey paper

This survey paper considers data quality and cybersecurity as challenges, where each has different issues. Issues are the ways in which the particular challenge manifests when observed. Figure 2

maps the challenges to their corresponding issues. The challenge of quality manifests in three ways: noise, outliers and missingness. Noise can be due to logical inconsistencies in data values or attributes while outliers result from poor integrity and origination. Missing data is a direct consequence of poor completeness and availability. Accuracy is impacted by noise, outliers as well as missingness while plausibility is a characteristic impacted by noise and outliers. These characteristics are discussed in Section

3.1. Cybersecurity manifests as delay/loss, manipulation or theft. While a delay/loss corresponds to a packet delay or drop due to congestion, timeout, buffer fullness or an intentional attack that affects availability, manipulation deals with attacks that alter the information, thereby impacting integrity. Theft captures attacks which compromise the confidentiality of data such as snooping, spoofing or espionage. These attacks occur at different levels of the synchrophasor hierarchy: device corresponds to the edge devices like PMUs, FDRs, or PMUs, while aggregator implies Local PDCs or SuperPDCs. Communication refers to the synchrophasor network while Application contains the different power system applications that use synchrophasor data.

The rest of the paper is organized as follows. Section 2 summarizes the architecture, major applications and key challenges of synchrophasors. The characteristics are described in Section 3, and their interdependencies mapped in Section 4. While evaluation methods for data quality and cybersecurity are discussed in Section 4.1, Section 4.2 surveys methods which use data quality characteristics to detect potential cyber-attacks. Section 5 highlights future directions of research in synchrophasor data analytics and cybersecurity.

2 Architecture, Applications, Challenges

Synchrophasors can be standalone devices with dedicated purposes, or be a part of a larger system like the substations, depending on various functional and operational requirements. With increased penetration of renewables and smart loads, synchrophasors are used at distribution transformers and points of common coupling to study frequency disturbances and harmonics. The architecture of synchrophasor devices are summarized at the device and network levels below.

PMU device: It comprises Current Transformers (CTs) and Potential Transformers (PTs) that measure current and voltage magnitudes which are then converted to digital data, a microprocessor module that compiles these values, computes phasors, and synchronizes them with the Coordinated Universal Time (UTC) standard reference used by global positioning system (GPS) receivers that acquire a time-lag based on the atomic clock of GPS satellites premerlani ; ieee2 ; sutar ; phadke ; rihan . They measure local frequency and its rate of change, and can record individual phase voltage and current along with harmonics, negative and zero sequence values eval4 . The information paints a dynamic picture of the grid at a given time. PMUs and PDCs transmit measured data as frames ieee3 . A -bit cyclic redundancy check ensures data integrity. PDCs equipped with logging functionality use comma separated values or transient data exchange for data logs, and Common Format for Event Data Exchange for event logs kezunovic ; ieee4 . The data transfer rate of PMUs, which determine the message processing delays and network latencies, depend greatly on the timing requirements of applications.

PMU network: If there are multiple PMUs in a substation, Local PDCs aggregate site-level data and then transmit to a SuperPDC. PDCs conduct various data quality checks and set flags according to the issues encountered, log performance, validate, transform, scale and normalize data, and convert between protocols ieee1 . There is typically a direct interface between PDC and the utility’s SCADA or energy management system. PDCs can be deployed as standalone devices or integrated with other systems in the grid.

FDR device: The Oak Ridge National Laboratory and the University of Tennessee Knoxville have been leading the FNET/GridEye project since 2004. FDRs have been installed and managed to capture dynamic behaviors of the grid. Although FDRs are essentially PMUs, they are connected at , and hence incur lower installation costs than traditional PMUs do chai . FDRs are largely deployed at renewable integration zones of the grid, and measure nearly samples per second with a hardware accuracy of while PMUs measure between and samples per second and use GPS receivers that have s accuracy for synchronization egypt ; liu ; stenbakken ; wang . Given the availability of an extensive discussion of the architecture by the author of fdrdev ; fdr3rd , it is beyond the scope of this paper.

FDR network: FDRs use the internet to send data directly to the central servers for analytics and can provide information on transients, load shedding, breaker reclosing and the switching operations of capacitor banks and load tap changers wang . Unlike PMUs, FDRs can be installed at buildings and offices.

Synchrophasor standards: Multiple standards exist for PMU data measurement, transfer and communication, proposed by IEEE, the National Institute of Standards & Technology (NIST), the North American Electric Reliability Commission (NERC) and the International Electrotechnical Commission (IEC) ieee5 ; ieee6 ; ieee7 ; firouzi ; mackiewicz ; iec1 ; nistir ; cip . Due to multiple specifications and guidelines, there are possible contradictions in recommendations mehta ; johnson ; martin ; ali ; retty . A North American SynchroPhasor Initiative (NASPI) report in early 2016 identified the need for standardizing definitions related to synchrophasor data quality and availability by establishing the PMU applications requirements task force (PARTF) naspi16 . IEEE standard C37.X deals with WAMS, specifically PMUs ieee1 ; ieee8 ; ieee9 . These standards are summarized in Table 1 with their core contributions highlighted. A more comprehensive review of the synchrophasor standards is documented in synchstd .

Body Standard Core Contribution
IEEE 1344-1995 Original parameter definitions for synchrophasors
C37.118-2005 Improved message formats, inclusion of time quality, Total Vector Error (TVE)
C37.239-2010 PMU/PDC event logging
1711-2010 Serial SCADA Protection Protocol for substation serial link cybersecurity
C37.118.1-2011 PMU measurement provisions, performance requirements
C37.118.2-2011 Synchrophasor data transfer requirements
C37.238-2011 Common profile for applying Precision Time Protocol (PTP) using Ethernet
C37.242-2013 Synchronization, calibration, testing and installation of PMUs for PC
C37.244-2013 PDC functions and requirements for PC and monitoring
C37.111-2013 PMU/PDC data logging using COMFEDE
1686-2013 Procuring, installing and commissioning IED cybersecurity
C37.240-2014 Sound engineering practices for high cybersecurity of substation APC
IEC 61850 Interoperable and adaptable architectures to substation automation
61850-90-5 Requirements for data exchange between PMUs, PDCs, PCs and control center
62351-1,2 Security threats and vulnerabilities in smart grid devices
62351-6 Prescribes digital signature using asymmetric cryptography for sending PMU data
NERC CIP 002-009 Series of standards to ensure enterprise, field and personnel security
NIST NISTIR 7628 Provides guidelines for smart grid cybersecurity (including WAMS)
Table 1: Various standards and guidelines for Synchrophasors

Applications: Synchrophasors streamline security, reliability and stability of power systems. They have online and offline applications smartcity

. Online applications of PMUs include enhancing real-time SA, analyzing faults and disturbances, detecting and appraising oscillations and harmonics that impact power quality, and improving accuracy and reducing computational time of state estimation. Offline applications include congestion management, providing effective protection schemes, benchmarking, system restoration, overload monitoring and dynamic rating, validating the network model of SCADA, and improving overall power quality 

novosel ; iotsg ; appmag . Real-time (online) applications of FDRs include frequency monitoring interface integrated with command and control centers in the future for power system health diagnosis to prevent cascading failures, and event trigger module that detects and notifies the mismatch between generation and load caused by frequency variations. Offline applications include event visualization that renders the data read from the even data files zhangfnet .

Challenges: One of the major drawbacks of synchrophasors is the lack of transmission protocol, which makes them vulnerable to spoofing attacks gentz . The existing architecture is not scalable since it entails an initially high investment. NASPI’s research initiative task force (RITT) emphasizes optimal placement as a significant challenge but also one dependent on the nature of applications the utility intends to use them for naspi1

. The literature has multiple models including but not limited to genetic algorithm, simulated annealing, Tabu search, Madtharad’s method, particle swarm optimization, artificial neural networks, binary search and binary integer programming to address this challenge 

reddy ; amare ; negash ; rahman ; nazari ; chouhan ; yuill ; manousakis . More recently, managing and analyzing large volumes of synchrophasor data has become increasingly challenging. Lack of standardized data management solutions for smart grid has only made this problem more challenging. The ubiquitous presence of these devices has expanded their attack surface, making them vulnerable to different types of attacks. These two challenges are elaborated in the following section since they percolate to applications that directly operate upon the streaming data subject to minimal processing owing to timeliness requirements.

3 Data Quality and Cybersecurity Challenges in Synchrophasors

Due to their wide-ranging communication and automation capabilities, the challenges of synchrophasor data quality and cybersecurity have gained prominence.

Attribute Challenges Solutions
Completeness (Device, aggregator) huyi ; pmudqnaspi ; wuh
  • PMU/PDC device damage

  • Faulty PMU-PDC communication

  • Network error

  • Database storage error

  • Data missing for failing to comply with latency and QoS requirements

  • Acquiring better management techniques

  • Use of TCP protocol to re-transmit the lost data packets at the cost of timeliness

  • Adjusting the synchrophasor frame rate by increasing the wait time at PDC

Measurement Accuracy (Device) pmudqnaspi ; christo ; terzija ; wuh ; cokkinides ; stenbakken1
  • Expected signal differs from measured signal due to harmonic interference

  • Introduction of noise to data

  • Improving phase error using filtering techniques

  • NIST calibration per Standard C37.118-2005

  • Omnidirectional antennas

  • Context-based reconstruction of missing data

  • Network Time Protocol (NTP), e-Loran and Chip Scale Atomic Clock (CSAC)

Attribute Accuracy (Device, aggregator, communication) pmudqnaspi ; zhu
  • Measured vs actual timestamp discrepancy due to satellite timing error; disagreement between encoded and actual location of PMU

  • Development of linear state estimation tools

  • Avoiding timestamp discrepancy by modifying real-time clock element

  • Using OMP-based identification, BB algorithm to solve PMU location discrepancies

Plausibility and Availability (Communication, application) veda ; sabha ; kdjones ; heiko ; maab ; danielson2013analysis
  • Impact of measurement system on individual data points

  • Data inaccessibility due to high network latency or device failure.

  • Delayed data arrival due to increased routing traffic

  • Use of Electrical Data Recorder (EDR) tools for capturing high-rate time series data, data storage and analysis

  • A more lenient time limit could be set for non-critical application usage.

  • Latency-aware application design

Origination (Device, aggregator, communication, application) pmudqnaspi ; castello ; dua ; huang1
  • Poor standard interpretation, implementation

  • Misalignment, erroneous compression

  • Latency, loss of communication nodes

  • Data corruption due to delivery time of PDC exceeding permissible slot

  • Network unavailability to process incoming data streams

  • Redundancy in communication by using wireless and wired connections

  • Lagrange interpolating polynomial method

  • Data substitution, imputation, interpolation and extrapolation

  • Stochastic forecasting with Prediction Error Minimization (PEM)

Logical Consistency (Aggregator, communication) pmudqnaspi
  • Data transmitted contains no headers

  • Sampling rate of data changed at PMU without being adjusted at PDC

  • Data duplication while processing

  • Data from different PMUs with incorrect timestamps

  • Logical consistency can be ensured by maintaining the PMU registries and data protocols

Table 2: Summary of existing research in Synchrophasor Data Quality Challenges and Solutions

3.1 Data Quality Challenges

NERC’s real-time tools best practices task force (RTBPTF) and NASPI’s PARTF impose requirements to ensure synchrophasor data quality pmudqnaspi ; pmudqnerc . Data quality can be contextualized in different ways, depending on the needs of the concerned domain. For instance, data quality requirements of a smart meter recording energy consumption might differ from those of a net meter at a solar photovoltaic (PV) power plant. NASPI contextualizes synchrophasor data quality to determine “fitness of use” in terms of accuracy and lineage for static data points; lineage, completeness and logical consistency for static datasets; and availability, timeliness and origination for streams of data points pmudqnaspi .

There could be different causes for poor data quality: a) Device: poor calibration of device, biases due to CT, PT; erroneous filter design, poor synchronization of timing measurements, and issues due to measurement channel; b) Communication: latency exceeding stipulated limits, network congestion, signal interferences and failure of communication nodes; c) Aggregator: Data transformation resulting in errors, delayed arrival of packets dropped due to time-limit exceeding, and unwanted duplication or corruption of data during computations; and d) Application: storage and maintenance issues, insufficient training size, erroneous manipulations to the data and poor association of context. Although data quality requirements vary with applications, they have been extensively documented synchstd ; huang ; pmudqnaspi ; pmudqnerc . The existing literature on synchrophasor data quality is summarized in Table 2.

Completeness: focuses on the gaps between different values, accounts for missing values pmudqnaspi . The attributes of completeness defined at device and aggregator-levels are: gap rate- number of gaps in data per unit time; mean gap size- mean of the length of known gaps; and largest known gap- length of the largest known gap among the different gaps. While completeness is impacted by device malfunction, packet drops and communication link failure, the literature does not recognize the possibility of an attack behind such causes.
Accuracy: can be of the value or attribute, primarily measured in Total Vector Error (TVE), which according to IEEE standard C37.118, is the vector difference between the measured and expected phasor value (magnitude, angle and frequency). Accuracy is categorized into that of: data values- impacted by factors like the difference between expected and observed signals or the introduction of noise to the data within the synchrophasor; and data attributes- affected by factors like accuracy of the measured timestamp, agreement between encoded and actual location coordinates of the device, and alignment of the location recorded in the power system topology with its actual location nadia .

Plausibility and Availability:

Measurement specifiers are the attributes of data which describe whether the process of measuring some phenomenon of the power system (observed value) and calculating its value (expected value) are documented effectively in terms of standard units to a given precision and are within a stated confidence interval 

nadia ; sabha . These specifiers have decisive sub-attributes influencing the qualitative value of data: data representing the measurement of quality or condition of the grid, and data represented in the form of SI units up to 3 decimal places with a confidence interval included.

Network availability plays an important role in streaming data danielson2013analysis , and in-turn affects data availability. In case of high network latency, the incoming data streams from different synchrophasors get delayed or lost, causing applications to perceive them as missing or incomplete. Hence, network availability can be considered an indirect attribute affecting quality. This can be mitigated if the overlying applications are programmed to account for the delays, or if a more lenient waiting time limit is set. However, the second solution is dependent on the kind of applications the synchrophasors cater to. The latency requirements for synchrophasors recommended by the standards are very stringent.

Origination: is the source from which the data is measured. Its trustworthiness is associated with the background and source. Its attributes are: point of origin: the class of device from where the data originated (Measurement (M) or Performance (P) for PMUs), the standard followed by the device, and any data manipulation or standardization techniques through which the data passes eval5 ; pmudqnaspi ; coverage: physical location of the device based on its geospatial or electrical topology location zhu ; yangbo ; and transformation applied to the data at the device, aggregator or application level.

Source of Attack (Year) Target of Attack Data Quality Characteristic Impacted Cybersecurity Characteristic Impacted Attack Specifics
Vulnerability in network firewall (2001) California ISO (CAISO) web servers Consistency, accuracy Integrity Poor security configuration during planned maintenance
Stuxnet worm (2010) Programmable Logic Controllers (PLCs) at SCADA Accuracy, consistency, plausibility Integrity, Availability Exploits zero-day vulnerabilities of PLCs
BlackEnergy (2011) Human-Machine Interface of utility grid control systems Plausibility, origin, accuracy, consistency Confidentiality, Integrity, Availability General Electric’s HMI targeted
Remote Access Trojan; watering-hole attack (2014) ICS/SCADA Plausibility, origin, accuracy, consistency Confidentiality, Integrity, Availability Conducted by Dragonfly, Energetic Bear
Trojan.Laziok reconnaissance malware (2015) Energy companies Origin, plausibility Confidentiality Gathered information from compromised devices
BlackEnergy3 (2015) Ukrainian grid control center Plausibility, origin, accuracy, consistency Confidentiality, Integrity, Availability Lack of SA left 220,000+ customers without power
WannaCry ransomware cryptoworm (2017) Computers running MS Windows Operating System Availability, origin Availability Used EternalBlue, a vulnerability in older Windows systems
Table 3: Summary of the Recent Cyberattacks on Smart Grid Impacting Data Quality

Consistency: determines how agreeable the data is with the overall structure of its type. Incompatibility of attributes in terms of measurement rates or header labeling between datasets results in outliers, leading to an inconsistent result from an application. The attributes of consistency are: Header frame consistency: consistency of the Header frame of the device. This could be categorized into: persistence of PMU Header that states whether the PMU header structure is consistent over time, and persistence of PDC Header that states whether the PDC header structure is consistent over time; Data frame consistency: consistency of Data frames of the device. This could be categorized into: persistence of PMU Data frame that states whether the PMU data frame structure is consistent over time, and persistence of the PDC Data frame that states whether the PDC data frame structure is consistent over time; order consistency of Data frames: whether the order in which the Data frames are recorded is consistent in the device; consistency in compliance to standards recommended for PMU and all the devices associated with it; and consistency of reporting rate: whether data reporting rate is consistent across all devices.

Emerging research in this area has lately focused on determining solutions for ensuring data quality. These solutions include using omnidirectional antennas to improve GPS availability, context-aware determination of missing data streams using accurate timing information, Network Time Protocol (NTP) and associated chip scale atomic clocks (CSACs) as backups for synchronization when GPS fails, imputation, interpolation and extrapolation, stochastic forecasting with prediction error minimization (PEM) and data substitution huang .

Evaluation of Quality: Methods to evaluate quality is discussed in Section 4.1. The approach for performance evaluation is to first study the impacts of device calibration and network conditions on quality, then examine how poor quality reduces the application performance pmudqnaspi . Two effective methods are proposed to evaluate the impact of quality on performance: benchmarking that tests an application multiple times with numerous erroneous datasets in contrast to those with no known errors, and standardization that documents, for each application, the level of tolerable errors.

3.2 Cybersecurity Challenges

Level Challenges Solutions
Device, Aggregator synchstd ; flexpdc ; wuh ; cip ; gpsspoof ; morris
  • Device damage

  • Device calibration tampering

  • Forging PMU data

  • GPS spoofing

  • Multi-alteration technique to trace adversary in event of GPS spoofing

  • Visible GPS satellite prediction

  • Anomaly between expected and measured GPS signals

  • Using SSL/TLS or IPSec to encrypt data before transmission

  • Using state estimation technique to mitigate device calibration and tampering

  • Rigorous penetration testing prior to installation

Communication cokkinides ; stenbakken1 ; zhushi ; heiko ; maab ; cyberthreats ; energies ; auth01 ; attack02
  • Denial of Service

  • Man-in-the-Middle

  • False Data Injection

  • Snooping attack

  • Delay attack

  • Airgapping PMU network

  • Filtering routers, disabling IP broadcasts, applying security patches, disabling unused ports

  • Server authentication by clients before establishing connection

  • Use of time-series state estimation

  • Cryptographic methods like AES, DES

  • Mutual authentication

  • Cyber trust model with blockchains

  • NASPInet hub-spoke model

  • Optimal key generation and distribution

Application castello ; dua ; auth02 ; auth03 ; attack01
  • Phishing and social engineering

  • APT and insider threats

  • Replay attacks

  • Authentication, Authorization and Accounting (AAA)

  • Use of secure data transfer protocol to prevent replay attack

Table 4: Summary of Existing Research in Synchrophasor Cybersecurity Challenges and Solutions

Synchrophasors cater to applications like state estimation, contingency analysis and optimal power flow that need real-time high-resolution data measurement, communication and analytics inlsec . Therefore, a successful attack on these devices might cause erroneous SA or cascading failures synchrodqup ; cyberlikeli . Yet, many industrial organizations do not consider synchrophasors as critical cyber assets. Recent cyberattacks on the smart grid (Table 3) mostly used powerful malware like worms, viruses or Trojan horse, but a few attacks like the one on the Pacific Gas & Electric transmission substation relied on physical means. These attacks jeopardized not just the availability of power but also that of control data (information). Cybersecurity of synchrophasors are categorized into: 1) Device, Aggregator, 2) Communication, and 3) Control center application.

Device, Aggregator: NASPI Network (NASPInet) is logically capable of integrating WAMS across multiple geographically distant organizations using phasor gateways (PGWs). The attacks at this level compromise data integrity, targeting devices from individual PMUs to PDCs, SuperPDCs or even PGWs. Some attacks include: 1) tampering the signal measurement units of devices through interference, 2) illicitly changing the calibration of devices to report erroneous readings, 3) forging data to reflect wrong measurements, and 4) GPS spoofing by broadcasting fabricated signals to the receiver to yield erroneous synchronization of phasors computed, modifying satellite position, or replaying legitimate GPS signals at later timestamps gpsspoof .

GPS spoofing can be mitigated by enabling the receiver to predict visible GPS satellites at a given position and time instant and use the Coarse/Acquisition (C/A) code from those satellites. Another strategy compares the measured GPS signal to the estimated signal and computes the anomaly error which must have an accuracy of for nearly of the values according to IEEE C37.118 zhu . Synchrophasors must be subject to rigorous testing before installation. Some methods include port scans, device security feature robustness, network congestion testing, denial of service testing, network traffic sniffing and disclosure testing morris . These tests should be periodically conducted by certified white hat penetration testers after installation. Regular patches and configuration updates must be made down to the end-device level.

Level Quality Attribute Quality Issue Cyber-Attack Observed Security Attribute Impacted
Device Completeness, accuracy, plausibility Synchronization signal loss, measurement signal loss, missing data GPS spoofing, replay, device tamper, changing device calibration, FDI Integrity
Aggregator Origin, consistency, plausibility Corrupted data, anomalies, outliers FDI, Tampering, Buffer overflow, MITM Confidentiality, Integrity
Communication Availability, origin, consistency Anomalies, outliers, inconsistent, out-of-order data DoS, MITM, FDI, snooping, replay, delay Confidentiality, Integrity, availability
Application Origin, availability, consistency, completeness, accuracy DoS, delay, APT, FDI, theft/fraud, insider attack corrupted data, missingness, anomalies, outliers Confidentiality, Integrity, Availability
Table 5: Summary of the Interdependency between Quality and Cybersecurity Challenges

Communication: Synchrophasors support bidirectional communication channels, where data measurements flow from devices to the control center while control signals flow the other way. The vulnerabilities of the protocols used by the devices also contribute to the overall security. Attacks on communication channels compromise integrity, availability and confidentiality. Some attacks include: 1) Denial of Service (DoS) by overwhelming PMUs, PDCs or other aggregation devices higher in the hierarchy with bogus frames so that legitimate frames are lost, delayed, denied or dropped, 2) Man-in-the-Middle (MITM) attacks by a malicious entity posing itself as PDC (to PMU) or PGW (to PDC) and sending malicious commands that causes PMUs/PDCs to behave in an abnormal manner that triggers failures, 3) False Data Injection (FDI) by intercepting frames over the channel, altering or replacing them with malicious information that then gets propagated to higher levels of the WAMS, 4) Snooping by the attacker eavesdropping on the channel for incoming or outgoing frames, typically not modifying or stealing but just capturing a copy of that information for packet replay or espionage, and 5) Delay caused by compromising communication routers that deliberately induce latencies in propagation to critically affect the grid’s SA.

Many authentication and authorization algorithms are proposed to secure synchrophasor data over communication channels cyberthreats . These methods range from conventional encryption methods to cyber trust. Due to the ubiquity and widespread range of these devices, key distribution and management becomes a problem. Mutual authentication is also proposed to account for trust energies . Decentralized, blockchain-based trust acquisition is being considered too. The publish-subscribe hub-spoke architecture proposed by NASPInet supports dynamic sharing of device data to alleviate shortcomings of the communication medium like delays and latencies. Standards like IEC 61850-90-5 recommend trusted key distribution center to generate and distribute keys that meet system requirements auth02 ; auth03 ; attack01 ; attack02 .

Application: Despite being protected by enterprise security tools for intrusion detection and prevention, virtualization, segmentation, authentication, authorization and access control, cyberattacks still proliferate doesecchal ; pmuchal

. It is understood that any successful attack at the other two levels perpetrated in a manner undetectable by the enterprise security systems can pose a significant threat. The attacks at this level are the most dangerous, since crucial power system applications use data from WAMS to conduct analysis to address reliability, power quality, network topology, and faults. An adverse impact on these calculations could compromise the “self-healing” nature of the grid. More recent solutions include game theory, machine learning, proactive data visualization, and Defense-in-depth 

theft22 ; human .

3.2.1 Evaluation of Security

Works have tested the resilience of PMUs and PDCs against different attacks. The authors in cybersec1 conducted penetration testing of a synchrophasor network in IEEE 68-bus system to map vulnerabilities against the Common Vulnerabilities Exposure (CVE) database. Potential corrective measures to ensure the security of PMUs and PDCs is proposed cybersec2 . Considering the security at substation and information levels, the authors provide a wide range of tools to mitigate breaches at both fronts. A multilayered architecture at the substation is proposed where different levels of data abstraction is provided between PMUs and external environment, supplemented by firewalls, User Datagram Protocol (UDP) Secure for communication over untrusted networks, and remote access using Secure Shell (SSH).

4 The Data Quality-Cybersecurity Dependency

The severity of an attack can be understood from the extent of its impacts on the targeted system. With the smart grid encouraging interoperability between devices, information, applications, and protocols, a transparent and direct information exchange is now feasible. This also means that if information in one of the interconnected systems is infected, it is bound to propagate to other systems upon exchange, affecting the whole network. Synchrophasor devices harbor such vulnerabilities, as summarized in Section 3.2. However, to mitigate cyberattacks on interconnected systems, the relationship between devices and data must be known.

Issue Challenge Evaluation Methods
Noise (DQ) Consistency, accuracy
  • Cable configuration, testing, validation

  • Specifying confidence interval, precision, TVE, ROCOF for measurements

  • Evaluating instrumentation channels

    • Model-based correction

    • State estimation-based error filtering

  • Presistence in Data/Header frames

  • Standards compliance

Outlier (DQ) Consistency, origin, accuracy
  • Standardization, benchmarking

  • Enhancing endpoints with switches, routers

  • Specifying device model, coverage and content

Missingness (DQ) Completeness, availability, accuracy
  • Dedicated communication channels

  • Enhancing endpoints with switches, routers

Delay/loss (CS) All levels
  • Regular penetration testing of all levels

  • Link-level encryption, selective encryption

  • Dedicated communication channels

  • Data redundancy for fault tolerance

Manipulation (CS) Device, Aggregator, Communication
  • Regular penetration testing of all levels

  • Link-level encryption, selective encryption

  • Data abstraction, multi-layered architecture

  • Data redundancy for fault tolerance

  • Augmenting ID/IPS, firewalls, ACLs, VPNs

Theft (CS) Device, Aggregator, Communication
  • Regular penetration testing of all levels

  • Data abstraction, multi-layered architecture

  • Data redundancy for fault tolerance

  • Augmenting firewalls, ACLs, VPNs

Table 6: Summary of Evaluation Methods for Quality (DQ) and Cybersecurity (CS) Issues

Table 5 summarizes key interdependencies between the two challenges. There is a tight coupling between data quality and cyber-attacks, implying it is wise to study synchrophasor cybersecurity by accounting for the impacts on quality. In most attacks, plausibility, completeness, accuracy and consistency are primarily impacted anurag ; kzhu . In Section 4.1, specific evaluation methods for quantifying this relationship are reviewed. Section 4.2 looks at how data quality characteristics can be used as markers to detect potential cyber-attacks within the context of synchrophasors. Results from these subsections are summarized in Tables 6 and 7, respectively.

4.1 Interdependency Evaluation Methods

Next to communications, cybersecurity was found to impact the design and installation costs for synchrophasors eval2 . This is because they are critical to the mission-support systems of the grid. Different practical ways for utilities to mitigate quality issues like accuracy, timeliness and consistency are also identified. Some methods include employing dedicated communication channels between PMUs and PDCs, encrypting PMU data before communication, and enhancing communication endpoints using firewalls and routers. The report, however, does not delve into the details of how such methods could impact latency (and hence, timeliness) and availability of the data.

Given different manufacturers of devices, there will be differences in measurement and calibration quality despite adhering to the standards. The varying application requirements cause differences in application-level PMU performance, of which data quality is a major one. The static and dynamic PMU testing efforts of the Performance and Standards Task Team (PSTT) of NASPI and the PMU performance characterization are briefly summarized in eval6 . In it, the different steady-state tests performed on magnitude, phase and frequency evaluate their conformance to accuracy requirements, which is an important attribute of data quality and is a direct target of many cyberattacks. Given the impact of instrumentation channels on the quality, they have been well-characterized and evaluated for impacts on accuracy in the literature. The errors induced by them could be rectified through model-based correction algorithms and state estimation based error filtering. Some other avenues where data quality could be evaluated include the cable configurations, testing and validating the devices to ensure accurate, consistent performance and interoperability at all levels pstt1 ; pstt2 . Although not explicit, these works hint at the improvement in the resilience of synchrophasor devices against potentially malicious activities by accounting for proper testing methods to characterize and evaluate the different sources of errors prior to deployment that might contribute to poor quality.

Cyber-attack Quality Affected Quality Check Looks For Mitigation Methods Using Quality
Device tampering (delay/loss, theft)
exploringchallenges ; synchsec
Completeness, plausibility, accuracy, consistency, origination Large gap sizes, inaccurate readings, ping fail
  • Statistical substitution: regression, imputation, interpolation

  • Intelligent substitution: neural networks, logistic regression, optimization

  • Securing the physical devices

Spoofing PMU data (manipulation)
fdi2 ; dataspoof ; dataspoof2
Consistency, accuracy, plausibility Unexpected values, errors, mismatch with SCADA values, redundant timestamp, out-of-order packet arrival
  • Monitoring line impedances for anomalies

  • Divergence and miscorrelation between SCADA and PMU data

GPS Spoofing (manipulation, delay/loss)
gpsspoof ; eval3 ; gpsspoofing1 ; gpsspoofing2
Consistency, origination, plausibility Inaccurate timing value, TVE , packets arrive out-of-order
  • Using multiple synchronization sources or telecommunications

  • Anti-spoofing checking methods at receivers

  • Internal holdover oscillators as backups for providing accurate timing signals

  • Spoofing match algorithm with Golden Search for lighter computation

Denial of Service (delay/loss)
synchsec
Completeness, accuracy, consistency Congestion at PDCs/network, delayed arrival of packets, dropped packets, inability to reach suspected device
  • Augmenting PDCs with inline blocking tools

  • Employ port hardening and disable IP broadcasts

  • Use high bandwidth communications (expensive)

Man-in-the-Middle (delay/loss, manipulation, theft)
synchsec
Origination, accuracy, availability, consistency Mismatch between obtained and expected value, abnormal delay in packet arrival
  • Mutual authentication, message authentication codes

  • Digital certificates with active management of CRLs

False Data Injection (manipulation, theft)
 fdi1 ; fdi3 ; fdi4 ; fdi5 ; fdi6
Plausibility, consistency, accuracy, origination Mismatch with SCADA values, unexpected values, spatio-temporal outliers
  • Spatio-temporal correlations, density-based local outlier factoring

  • Monitor line impedance for anomalies

  • Random time-hopping of packets

  • Divergence and miscorrelation between SCADA and PMU data

Snooping, Sniffing (theft)
synchsec ; beasley
Plausibility, origin No observable changes- additional analysis needed
  • Using secure gateway/VPN communication

  • Employing TLS/SSL, SSH, lightweight selective encryption

Delay (delay/loss)
synchsec ; beasley
Completeness, consistency, availability, accuracy Observable patterns in gaps, slow arrival of packets
  • Statistical and intelligent substitutions

  • Redundant measurement devices on the same line

APT, Insider threat (delay/loss, theft, manipulation) human Accuracy, consistency, origin, plausibility No observable changes- additional analysis needed
  • Defense-in-depth

  • Machine learning, advanced data analytics

Table 7: Summary Showing How Quality Can Help Identify Cybersecurity Issues

Final conclusions can be gathered from eval7 . The report by the Pacific Northwest National Laboratory (PNNL) analyzes existing synchrophasor networks in terms of their communication and information-level interoperability, security and performance. It concluded that latency is a key issue for the future synchrophasor designs which is expected to compound latency due to PDC functionality. It also emphasized that substations generally did not employ redundancy; there is little consistency in adoption of security methods for synchrophasor networks. Some tools include link-level encryption, virtual private networks (VPNs), ID/IPS, firewalls and access control lists (ACLs). Further, existing data quality checking methods locate a compromise in integrity by identifying faulted data values (due to measurement errors, communication delays or external events) but not due to result of device tampering, MITM, spoofing or FDI. Since both faults and attacks have the same impact on quality, it is important to differentiate the two causes while checking for the attributes such as accuracy, consistency and timeliness.

To summarize, the following measures can be used as metrics to quantify data quality: TVE, errors in magnitude, phase, frequency and ROCOF, harmonics and noise for measurement accuracy; comparison between measured and expected results, confidence interval and precision for measurement specifiers; temporal, geospatial and topological accuracy for attribute accuracy; device model specifications, geospatial and topological coordinates, coverage and content for origination; persistence in Header and Data frames, standards compliance, reporting rate and order for logical consistency; and gap rate, gap size and largest known gap for completeness. Benchmarking and standardization are two methods that can be used to evaluate data quality. Similarly, cybersecurity can be quantified by conducting extensive penetration testing of the synchrophasor networks integrated into benchmarked IEEE bus systems for different types of attacks (DoS, MITM, FDI, spoofing, probing, cache poisoning) and discovering potential vulnerabilities that could be exploited. While doing so, it would be important to also repeat the evaluation of the quality attributes using the above metrics and explore how they are impacted due to the specific attacks, and whether they violate the industry standards requirements specified for different applications.

4.2 Addressing Cyber-attacks Using Quality Issues

It can be seen from Table 7 that successful cyberattacks compromise synchrophasor data quality since the security requirements are violated cybersecreq . Given synchrophasors use TCP/UDP on the transport layer for their communications, attacks typically possible on TCP/IP stack like DoS, MITM, packet replay or spoofing are possible in synchrophasor domains as well.

Physical attacks like device tampering causes loss or incurs theft of critical information, easily observed through large gaps sizes, poor accuracy in obtained values and unreliable origin. The lost data is typically handled through substitution, either statistical or intelligent exploringchallenges ; synchsec . The best way to prevent physical attacks like cable disconnects, direct damage to device, etc. is by ensuring the devices are isolated from external weather and human elements.

Spoofing synchrophasor data is achievable through polynomial fitting or data mirroring techniques. Such attacks impact quality that manifests as outliers or noise. Several methods have been proposed to counter these attacks: intra-PMU and inter-PMU correlations to determine the relationship between PMU parameters and across PMUs in a locality, respectively; machine learning techniques like Support Vector Machines (SVMs) and more 

fdi2 ; dataspoof ; dataspoof2 .

GPS spoofing exploits publicly available civilian GPS signals using air or cable to produce signals that initially align with the original, but slowly start increasing the power to drown the authentic signal and thereby compromising the receiver gpsspoof ; eval3 . By introducing measurement errors in the time synchronization, the attacks induce changes in data consistency and plausibility which can be used as markers to identify the likelihood of the attack gpsspoofing1 ; gpsspoofing2 ; yuder .

In a successful DoS where multiple synchrophasor devices get compromised, packet delay or loss is observed. This impact in quality can serve a clue to the onset of DoS-style attacks. Typical solutions involve augmenting inline blocking tools, high bandwidth connections, disabling IP broadcasts and port hardening.

MITM is possible in synchrophasors where the attacker acts as a legitimate PDC to the PMUs and vice-versa, thereby intercepting and/or modifying all messages exchanged. This is noticed by quality checking methods in the form of poor accuracy and consistency in values between what was sent by PMU and what was received by PDC. It can be avoided by having the devices employ mutual authentication and a digital certificate mechanism with an actively managed Certificate Revocation Lists (CRLs) and certificate authorities synchsec ; beasley .

FDI impacts the consistency, accuracy and plausibility of the data. The effects are typically observed as spatio-temporal outliers in the data. Quality checking methods check for this anomaly and may employ correlation across different timestamps to identify the corruption of data. FDI is one of the widely explored attacks on synchrophasor domain, with solutions like determining the mismatch between the values obtained from PMUs and that observed in SCADA, monitoring the line impedances which get affected when data is manipulated, and using density-based Local Outlier Filter (LOF) analysis fdi1 ; fdi3 ; fdi4 ; fdi5 ; fdi6 .

Sometimes, attackers simply capture the packets flowing in a channel with an intent to listen. Such sniffing/snooping attacks have been conducted using WireShark to realize messages are exchanged in plaintext. This attack is difficult to detect using data quality checking methods since most often, no quality characteristic is impacted as the attackers do not affect the data actively. However, technologies like VPN, encryption of selective messages (to reduce the overall process overhead), or Transport Layer Security (TLS)/Secure Socket Layer (SSL), Secure Shell (SSH) can be used to mitigate them. While TLS has been shown to be susceptible to poisoning attacks and VPN to side channel attacks, careful network design can account for them synchsec ; snooping .

With the increased frequency of campaign efforts and nation-sponsored attacks against the grid, synchro-phasors could be lucrative targets for sophisticated attacks like advanced persistent threats (APTs), social engineering, watering-hole attacks and malware-based intrusions tong ; flau ; lanchao ; jzhang ; hastings . While these attacks scale beyond specific devices in the synchrophasor hierarchy, the quality checking methods alone would not be sufficient human . The use of defense-in-depth model augmented with stakeholder interactions, awareness and training, and intelligent solutions like machine learning for attack data classification and/or event prediction, root-cause analysis of observed events, developing evolving defense topographies using moving target defense, and advanced visualization techniques for efficient cognition of events would play a critical role.

The key takeaway from this section is that impacts on data quality can provide strong markers for an underlying cyber-attack. Noise, outliers and missing values are all commonly observed issues which quality checking methods may be programmed to detect, analyze and base decisions on. Certain sophisticated attacks like APTs, insider threats, sniffing, and social engineering have indirect impacts on quality which a checking method may not be able to detect with enough confidence or precision. Additional solutions are required to mitigate such attacks in the synchrophasor domain. These solutions include statistical methods like divergence, correlation, regression and substitution; intelligent methods like neural networks and evolutionary algorithms for event classification and prediction, logistic regression for substitution; technologies like VPNs, firewalls, ID/IPS, anomaly detectors, selective encryption, port hardening, network isolation and use of TLS/SSL, SSH; and human-in-the-loop solutions like advanced visualization techniques, awareness and training, and stakeholder engagements. While the impacts on quality can also be due to underlying device or measurement errors, most of the works in the literature assume the data has been subject to delay/loss, manipulation or theft intentionally. This paves way for the recommendation that the upcoming research in this area must look at ways to differentiate the impacts on data quality due to attacks from errors.

5 Future Directions of Research and Conclusion

The future directions of research in the areas of synchrophasor data quality, cybersecurity and communications are multi-faceted. Addressing data quality challenges must begin with a strong push to the adoption of industry-wide, vendor-agnostic data management, processing and storage standards for smart grid. Most recent cyber-attacks were successful due to the difference in speed of cognition of the information generated by automated vulnerability detection tools and the speed with which the machine data is created (called cognitive gap) human . The design of synchrophasor devices are also expected to improve in the future smartcity . Keeping in mind the quality challenges, an improvement to PDC design called flexible integrated synchrophasor system (FIPS) was proposed to minimize issues in quality and communication, and tackles specific tasks of PDC such as data alignment, employs cryptographic methods to ensure confidential exchange of data without jeopardizing integrity, and establishes relevance to the NASPInet flexpdc . To ensure device and application-level interoperability, development of technical standards and conformance testing rules is expected. Further, the emergence of distribution-level PMUs will evoke the need for developing measurement, communication, quality and security standards. Further, with the deployment of distributed renewable sources, electric and autonomous vehicles, energy storage and transactive energy, there is a strong impetus for enhancing technologies behind monitoring and control, of which synchrophasors will play a major role eval2 .

To conclude, while existing research has focused on the synchrophasor challenges of quality and cybersecurity individually, their interdependency has largely been ignored. This paper makes one of the first attempts at highlighting the impacts of cyber-attacks on various quality attributes, thereby recommending that the future research on the design and development of security solutions should account for their impacts on quality as well, and that different quality characteristics can be used by quality checking methods to flag for potential cyber-attacks. Plausibility, completeness, accuracy and consistency are some of the attributes that are most adversely impacted by a majority of the attacks on synchrophasors. At the same time, not all cases of poor data quality imply a successful cyber-attack as the reason. Different metrics that could be used to quantify quality attributes were summarized, and the methods that help evaluate the impacts of quality and security on performance were also briefly highlighted. This paper serves as a starting point for researchers entering these areas as it summarizes and determines their interdependency and relevance to smart grid security.

Acknowledgments

This material is based on work supported by the National Science Foundation Grant No. CNS-1553494 and the Department of Energy Grant No. 800006104. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the NSF and DOE.

References