Assessing the impact of cyber attacks on distributed energy resources for power system operation

Abstract

An increasing number of distributed energy resources (DERs) are being connected to the power system at the distribution grid (DG) level to achieve the goals of decarbonizing the electric power supply. These DERs must be integrated into the operational processes of the grid operators, such as congestion management, and are thus connected to monitoring and control systems using information and communication technology. A core requirement for this cyber-physical system is to be resilient against disturbances in the physical system as well as in the cyber system. During the last decade, several cyber attacks targeted the electric power system and were able to create significant disturbances up to power outages. Therefore, risk assessment is necessary to develop and deploy suitable risk mitigation strategies. Part of this assessment is quantifying the physical system impact of cyber attacks onpower system stability as addressed in current research.One possible cyber attack with a high impact potential is the malicious utilization of a high amount of DERs connected to the DGs to create disturbances with a short-term impact on power system stability. Possible manipulation scenarios include the simultaneous disconnection of DERs or the adjustment of active or reactive power setpoints. These events can affect properties like, for example, local bus voltages or bulk power system frequency. If these properties remain outside the limits specified by grid codes protection functions will disconnect affected assets and thus inducefurther dynamics or cause cascading effects. For assessing these dynamics and their impact, detailed modeling of the DGs and connected assets is necessary to perform systemic investigations.Therefore, the goal of this thesis is to develop and verify an assessment scheme to quantify the criticality of possible manipulation scenarios utilizing DERs in the context of power system studies by analyzing the impact in the DGs and on the superimposed grid level.The first scientific contribution is the derivation of a set of generic manipulation scenarios that represent the possible objective of the attacker. For the design of these manipulation scenarios, requirements and restrictions from grid codes are taken into account. First, the remotely available control signals, the proposed operational range of the DERs, as well as active and reactive power control modes are analyzed. Based on this analysis, three attacker actions are identified. These include the disconnection of DERs and the adjustment of the active and reactive power setpoints within the specifications of the grid codes and the technical capability of the assets. These actions are then applied to a specified set of DERs to cause a deterioration of the power system state within a short time frame by synchronous disconnection, or by adjusting the power setpoints accordingly to create intentional undervoltage or overvoltage situations. The second scientific contribution is the derivation of assessment criteria based on metrics quantifying the local impact in the DGs and the impact on the superimposed grid level for the proposed assessment scheme. Three severity indices are defined to quantify the criticality of each investigated scenario. The voltage severity index is based on a volt-sec metric quantifying the magnitude and the duration of voltage band violations at each bus taking into account the decoupling protection of targeted and electrically close DERs. Thus, it quantifies the local impact of the manipulation scenarios. The lost power severity index quantifies the overall amount of lost active power injection due to disconnection of DERs (either directly triggered by the attacker or due to subsequent decoupling protection triggering). The frequency severity index quantifies the overall disturbance of the bulk power system by analyzing the maximum system frequency deviation caused by the manipulation scenario. All three indices are used for the assessment of the overall criticality of each investigated scenario. The third contribution is an assessment scheme is designed to quantify the criticality of the manipulation scenarios for different grid topologies. Study cases are defined for depicting different initial operating points of the distribution grid such as low load and high DER infeed scenarios. Each combination of manipulation scenarios and study cases is then simulated for each grid model using RMS time-domain simulations. With this method, the dependency of the impact of the manipulation scenarios on the different topologies and study cases is investigated. The assessment scheme is then verified using benchmark grid models depicting a variety of medium and high voltage DGs with different DER penetration rates.For the investigated scenarios, disconnection of DERs at maximum active power infeed and overvoltage manipulation scenarios using reactive power injection of DERs to increase bus voltages during low load and high infeed study cases situations prove most critical. The overall criticality increases, if a higher share of DERs targeted by the attacker and if a higher amount of reactive power injection is remotely controllable. The manipulation scenarios and metrics studied can be used as a basis for developing additional contingency cases for power system stability analyses.