Failures in the power grid in the recent times with examples 2003 blackout in the Northeastern U.S.  and 2012 blackout in India  gave us the evidence about the catastrophic failures which can have acute effects on the modern world. Excluding the natural disasters such as earthquakes, hurricanes and solar flare, the power grid is also vulnerable to terrorists and Electromagnetic (EMP) attacks . Because of this, the utility industry is undergoing through massive grid modernization efforts in effort to tackle the situations like the blackouts discussed above. The massive blackouts came as a wake up call to utilities and consumers alike, climate change, overpopulation and scarcity of natural resources. In reaction, the industry began to strive for a more intelligent power grid called Smartgrid. One of many ”smart” features of the smart grid is automated microgrids that connect seamlessly with the main grid, and may operate independently when needed. This ensures efficiency, security, reliability, quality and sustainability for energy consumers and producers alike.
A microgrid is defined as a discrete energy system consisting of distributed energy sources (e.g. renewables, conventional, storage) and loads capable of operating independently from the main grid. The important goal of microgrid is to increase the self-sufficiency of energy and independence of system operation in local energy communities. A microgrid includes generation, a distribution system, consumption and storage, and manages them with advanced monitoring, control and automation systems. A fully-developed microgrid has the capability of automatically disconnecting and operating independently from the main grid. For example, in case of a natural disaster, if the energy service is disrupted from the main grid, the automated controls will cut off the microgrid from the main grid in order to avoid cascading failure. Given there is a blackout or cascading failure in the power network, the microgrids separate themselves from the main grid. Or the blackout has itself caused separation of the microgrid from the main power grid. The internal power generating resources balance the demands after the separation.
The existing class of cyberattacks and EMP attacks are targeted towards the main grid without considering the reliability of the microgrids. Microgrids are safe from the cascading failure effect caused by the above attacks in the main grid. They separate themselves from the main grid and operate independently once they sense disruption or the main grid is cut off. Also a single point attack is not possible given the distributed generation units of the microgrid is local to itself than a central generation as in the case of the main grid. In order to attack the microgrids, only the severe blackouts in the other areas of the smart grid would not have any impact. In the other way around, cyber attacker would not be successful in attacking nodes in microgrid unless the microgrid is islanded, because they would still keep receiving power from the main grid. In addition, power generation done at a smaller scale is costlier, hence the microgrid’s self generation is much costlier than the power provided by the main grid. Taking both the scenarios into the consideration, we demonstrate that the microgrid is still vulnerable to cyber attacks.
In our approach, we force the microgrids run solely on their own power by islanding them from the main power grid. We achieve this through price modification attack on the entire grid, but with focus on islanding the microgrid i.e. attacking nodes which will lead to failure of edges separating microgrid from the main power grid. The next step involves launching the price modification attack inside each of the microgrids, to fail as many lines as possible and cause cascading failures, leading to massive failure in the smart grid as well as the microgrids connected to the smart grid. Our contribution to the paper are 1) We have proposed a new cyberattack through price modification against the microgrids. We have structured the attacks given the self sustaining nature of the microgrids. It is a 2 step attack, where first we separate the microgrids from the main grid and in the second step, we attack the load nodes of the microgrid itself. 2) We have ran the experiments on IEEE 14 Bus data along with IEEE 9 Bus data serving as the microgrids.
The rest of the paper is as structured as follows. Section 2 describes the DC power flow model used in the Smart grid including the microgrid. Section 3 describes the attack model for the Price Modification Attack (PMA). In section 4, we evaluate our proposed algorithm and discuss mitigation measures in section 5. Section 6 concludes our paper.
2 Power Flow
Power flow in smart grid as well as the microgrid are governed by power laws. We have adopted the widely used model of linearized DC model over the AC model. DC power flow approximation is chosen because it is solved far more quickly and is proved to be accurate under good operating conditions. In order to reduce the running time and make the linearization feasible, the following assumptions are taken into consideration:
Phase angle differences are small and hence we can use and , where is the phase angle between the voltages at the two nodes and .
Lossless lines; i.e. the resistance of the arcs/lines is negligible.
Voltage profile is kept flat.
We briefly describe the linearized or DC power flow model. In the linearized approximation, we are given a power grid represented by a directed graph , where:
Each node corresponds to either a power generator (i.e., a supply node), or to a load (i.e., a demand node), or to a node that neither generates nor consumes power. The set of generator nodes are denoted by .
If node is a generator, then there are values . If the generator is operated, then its output must be in the range [, ]; if the generator is not operated, then its output is zero. In general, .
If node is a demand, then the ”nominal” demand is given by . The set of demands or demand nodes is denoted by .
The edges represent power/transmission lines. For each line , two parameters are given i.e. (the resistance or reactance) and (the capacity).
Now, given a set of operating generators, the linearized power flow is a solution to the system of constraints given in the following set of the equations. For each edge , represents the power flow on the edge (transmission line) . In the case where , power is effectively flowing from to . Additionally, the phase angle at node is given by the variable . Given a node , is the set of lines oriented out of (into) node . The power flow equations are given below:
3 Attack Model and Proposed Algorithms
In this section, we introduce the two step price modification attack (PMA) in the smart grid to disrupt the services of the microgrid as shown in Fig 1. Given the robustness of smart grid, the price modification attack is launched in 2 steps. Step 1 being the process to separate the microgrid from the main grid called as islanding, so that they start operating solely on the local distributed generation sources (which includes PVs, generators and batteries). In step 2, we attack the individual component in the microgrid to make the system go unstable and cause failure of other nodes inside the microgrid.
3.1 Cascading Failure
Before moving on to the attack, we discuss the cascading failure model adopted in the paper. We have adopted the cascading failure described in [6, 7] which is an extension of the model as proposed in . The total power generation matches the total demand, given the steady state of the power grid. When some lines/arcs are disconnected, or they fail, they are removed from . Following which, the total demand and supply are balanced or adjusted within each island or component by decreasing the load and supply at the various buses. Overall system state is again calculated given the linearized DC power model described in the previous section. The new flows may exceed the capacity and as a result, the corresponding lines will become overheated. The outages are modeled by moving average of the power flow : . Here parameter used to encode memory so as to model thermal effects. For memoryless system, . For the paper, we use the following rule: line fails if , where is the capacity or flow limit for the transmission line . The moving average approximates thermal effects, including heating and cooling from prior states to first order . The algorithm for the cascading failure is given by Algorithm 1.
3.2 Islanding the Microgrid
Given the lower protection and lower sophistication involved in attacking the consumption sector  (the other sectors are generation and distribution and control), we focus our attention to this sector.. This class of cyber-intrusion alters the electricity prices through fabricated price signals thereby altering load at certain grid locations through the Internet and by means of automatic and distributed software intruding agents. In order to island the microgrid, we need to disconnect the main power generation sources from the microgrid. Attacker alters the price of electricity through modification of the price signal sent from the energy distributor over the communication network. This causes disruption in the service from the main grid to the microgrids and thus forcing the microgrid to work in islanded mode. Once the microgrid is in islanded mode, its own power generators are the only sources available to it, which becomes the focus of attack in the second step of the attack.
Minimum cost to break e* [MCB(e*)]
Every bus/user receives the electricity rate from the Internet which we assume to be accessible to the attacker to manipulate or alter. is the total demand at the load node . The total bill is given by where represents the user’s targeted billing amount and represents the sensitivity of the user towards billing amount. indicates that the user is not willing to pay anymore than the targeted billing amount. For simplification we allow the with a maximum value of . The line fails when the power flow through the transmission line goes over its capacity. A certain portion of the rate is allowed to change for each user given the baseline constraints set up or hard coded by electricity distribution companies. Hence, we have the maximum rate change (MRC) , which represents the maximum change in the rate that the attacker is allowed. The attacker can choose what percentage of the MRC it wants to change denoted by which lies between 0 and 1.
Given the automated demand side management, one of the ”smart” features of the smart grid, the rate change causes automated increase in the use of the demand for the same household or the company, such as starting up the laundry, more frequent use of the heating/cooling devices, etc. There is a cost associated with the change done by the attacker. Here we consider a linear cost function for simplicity. The integer programming for calculating the minimum cost for breaking the edge is given by . After knowing the MCB for each edge, we find the lines that need to broken to separate the microgrids from the main grid, called Islanding the Microgrids (IM) given by Algorithm 2.
In IM, we first calculate the minimum cost to break (MCB) for all the transmission lines. Islanding potential of a line is given by the number of the microgrids that are separated from the main grid due to the failure of the corresponding line’s failure divided by the MCB. This is followed by sorting of all the edges in the increasing order of their potential. We fail the edges in the computed order, given that the constraint of budget is met. We keep updating the set of disconnected or islanded microgrids and the set of disconnected edges . The temporary budget usage is also increased by the MCB every iteration where there is a line failure. This process is repeated till we exhaust out of resources or all the microgrids are islanded.
3.3 Breaking the Microgrid
After we have islanded the microgrids, they start to operate independently from the main grid and its own power generation sources (such as photovoltaic panels, battery storage and diesel generators) ramp up to meet the demand of the load nodes that have been separated from the power grid. This feature ensures the reliability of the microgrid and power security for the consumers in the microgrid. Although the microgrids are much smaller in nature, the attacker can modify the rates of particular generation units inside the microgrid, leading to the failure of the particular generation unit and leading to the further failures of other generating units in the microgrid ending with complete failure of the microgrid.
Breaking the transmission Lines (BL)
In this second step of the PMA, that is breaking the microgrid, our aim is to fail as many as loads inside the microgrid. Failure of a load or demand node occurs when it is separated from all the generating resources similar to the islanding process of the microgrid itself. Here we utilize the price modification cyberattack to increase the load of the demand nodes by changing the price information for the generation units. This leads to unbalance and recalculation of power flow in the network and can cause overflow in the circuits and leads to transmission line failures resulting in the break down of the demand nodes.
However in the microgrid due to the presence of multiple source of energy generation, instead of reducing the Internet price for the load nodes and randomly attacking any power generating device, intuitively the lowest capacity generation device is selected. The rate for the particular generation device is then lowered. Once most of the demand node start using the selected source for power usage, the overall load in the network is manipulated to cause maximum number of failures through Breaking the transmission Lines (BL) algorithm. This continues till the resource gets exhausted. For simplicity we assume a linear cost function for modifying the price of the generation unit . The above proposed approach is presented in Algorithm 3 namely Breaking the Microgrid (BM).
In BM, the temporary budget usage is check against maximum resource to verify if resources are available to cause internal demand node failures inside the microgrid. If so, a sorted list of the generation units according to their capacity in increasing order is used while picking the generation source for the corresponding price modification. If the cost follows the resource constraint, we alter the price and perform the breaking the transmission lines (BL). This process is repeated till the resources are exhausted and the set of failed nodes is returned.
3.4 Price Modification Attack
We combine the above two steps Islanding the Microgrid and Breaking the Microgrid to launch the Price Modification Attack (PMA) given by Algorithm 4. We initiate the PMA with disconnecting the microgrid from the generating source and BM is executed once there is one islanded microgrid. This is continued till we exhaust the maximum resource allocated .
4 Experimental Evaluation
In this section, we evaluate the efficiency of the different algorithms we proposed. In the experiments reported in this section we used a 3.0 GHz Xeon machine with 2 MB L2 cache and 12 GB RAM. All experiments were run using a single core. For the power system simulation, we use the matlab package called MatPower . 50 runs of each cycle was run and averaged for consistency. We use the random algorithm as a baseline to compare our proposed algorithms. In order to represent the microgrid system we take IEEE 14 bus system data as the smart grid as shown in Fig 3 and set up microgrids on bus 13 and 14. To represent the microgrid architecture, we use the IEEE 9 bus test system with 3 generators and 3 loads as shown in Fig. 4. By default we keep the system at the line capacity reduced by and maximum resource at and microgrid load is kept at the default. Node or load failure occurs when a particular load gets cut off from the all power generating sources. Microgrid is islanded when it is separated from the power generating source in the main grid and thereafter starts operating independently.
In all the experiments the same approach was employed: first, we calculated the optimal powerflow in the main grid with the preset parameters . In case of load imbalance due to cascading failure or price modification; both the demand and total power were made equal and power flow was recalculated. The line was failed if there was any overflow i.e. .
In the Fig. 4(a), we evaluate the PMA by varying the line capacity in the grid. By reducing the line capacity, the power flow in the transmission gets closer to capacity of the network, thus increasing the stress level of the grid. As the capacity gets reduced, it becomes much easier to attack and increase the power overflow the transmission line’s capacity. Here we reduce the line capacity by percentage from to and evaluate PMA algorithm on the grid with respect to the variance. As we can verify from the experiment, PMA algorithm performs really well not just in the overall node failures, but is also to separate the microgrids from the main grid and failing the nodes inside the microgrid. Although the random algorithm is blind and not able to island the microgrids as efficiently and performs really worse in failing the loads inside the microgrid.
and evaluate PMA algorithm on the grid with respect to the variance. As we can verify from the experiment, PMA algorithm performs really well not just in the overall node failures, but is also to separate the microgrids from the main grid and failing the nodes inside the microgrid. Although the random algorithm is blind and not able to island the microgrids as efficiently and performs really worse in failing the loads inside the microgrid.
Then we evaluate the PMA with respect to change in the maximum resource available to the attacker as shown in Fig 4(b). We vary maximum resource from to and verify the effect of PMA and random algorithm in the grid. Attacker gains more means to attack the grid and more loads to reduce the price information such that the overall load in the grid increases with the increase in the maximum resource. Hence, the rise in the number of load failures, islanded microgrids and load failures inside the microgrids.
Here we test the reliability of the microgrids against PMA given the variance in overall variance of microgrid loads. We vary the load from units (default) to units. As the total load of the microgrids increase, it becomes more vulnerable to PMA, given the increased stress the transmission lines from the generating source to the microgrids. This works in the favor of the PMA and after the islanding, the PMA proceeds with breaking the microgrid and fails much more nodes than the random algorithm.
5 Mitigation Measures
The protection mechanisms from the Internet based price modification attack could be accomplished by protection of price and command signals; smart meter and data center protection; load shedding and load relocation ;and attack detection and learning demand patterns . Based on the type of load and defense mechanism, full load protection, i.e., protecting all vulnerable loads, can be a significant expense. Assuming that protecting every node in the network against price modification attack is neither feasible nor economical, we suggest the approach of the greedily choosing the most critical nodes in the network. These critical nodes are found by the algorithms IM and BM whose electricity prices are modified to bring maximum failure in the network. Protection of critical nodes found in IM algorithm restricts attacker to manually separate the microgrid from the main grid. And protection of critical nodes found in BM algorithm restricts attacker to fail edges inside the microgrid when it starts operating independently.
This paper deals with price modification cyberattack on the microgrids as a part of the smart grid. The proposed method is applied to the test system, in order to demonstrate its applicability. The proposed 2-step PMA on the microgrid involves disconnecting the microgrid from the main grid in the first step in order to force the microgrid to operate independently, and in the second step, we try to the fail the nodes inside the microgrid itself. The effect of PMA under various parameters of the power grid network such as line capacity, maximum resource and microgrid load are presented and discussed. In the future work we would like to consider the multiple variations of the microgrid i.e. AC and DC microgrids, eventually which follow different. We would also consider the impact of both active and reactive power flow and their role in stability of the network or rather instability of the network.
-  U.S.-Canada Power System Outage Task Force. report on the August 14, 2003 blackout in the United States and Canada: Causes and recommendations. https://reports.energy.gov, (2004).
-  Report of the enquiry committee on grid disturbance in Northern region on 30th July 2012 and in Northern, Eastern and North-Eastern region on 31st July 2012, Aug. 2012. http://www.powermin.nic.in/pdf/GRID_ENQ_REP_16_8_12.pdf.
-  U.S. Federal Energy Regulatory Commission, Dept. of Homeland Security, and Dept. of Energy. Detailed technical report on EMP and severe solar flare threats to the U.S. power grid, Oct. 2010.
-  A. Zaidi and F. Kupzog, Microgrid Automation - A Self-Configuring, IEEE International Multitopic Conference INMIC 2008.
Kumar A, Gao W. Optimal distributed generation location using mixed integer non-linear programming in hybrid electricity markets. IET Generation, Transmission & Distribution 2010;4(2):2,81–98.
-  Mishra S, Li X, Kunhle A, Thai M and Seo J, Rate Alteration attacks in the SmartGrid in IEEE INFOCOM 2015, April.
-  Bernstein, Andrey, Daniel Bienstock, David Hay, Meric Uzunoglu, and Gil Zussman. ”Power grid vulnerability to geographically correlated failures—Analysis and control implications.” In IEEE INFOCOM 2014-IEEE Conference on Computer Communications, pp. 2634-2642. IEEE, 2014.
-  J. Chen, J. S. Thorp, and I. Dobson, Cascading dynamics and mitigation assessment in power system disturbances via a hidden failure model, Int. J. Elec. Power and Ener. Sys., vol. 27, no. 4, pp. 318–326, 2005.
-  M. Anghel, K. A. Werley, and A. E. Motter, Stochastic model for power grid dynamics, in Proc. HICSS07, Jan. 2007
-  MATPOWER, http://www.pserc.cornell.edu//matpower/
-  Power Systems Test Case Archive, https://www.ee.washington.edu/research/pstca/
-  Mohsenian-Rad, Amir-Hamed, and Alberto Leon-Garcia. Distributed internet-based load altering attacks against smart power grids. Smart Grid, IEEE Transactions on 2.4 (2011): 667-674. APA