Cyber Security-Oriented Smart Grid State Estimation

Development of Smart Grid involves the introduction of Wide Area Measurement System (WAMS), which provides the use of information, computing and digital technologies for measuring, transmitting and processing operating parameters when solving control problems. In this regard, the increased vulnerability to cyberattacks of the control system was noted. The control of Smart Grid includes monitoring, forecasting and planning of the system operation based on its Electric Power System state estimation results. Therefore, the goal of the paper is to develop a mathematical instrument to bad data detection under cyberattacks. Particular attention is paid to false data injection attacks which result in distortion of state variables estimates. The result of the research is an algorithm developed for state estimation based on the interior point method and test equation obtained by Crout matrix decomposition. The obtained results showed effectiveness of the algorithm in state estimation.


Introduction
The energy power systems (EPS) in the most advanced countries are developing towards the creation and largescale adoption of Smart Grid which got the name of intelligent energy system in Russia [1]. An attribute of the Smart Grid is cyber-physical intrusion tolerance of the network. Developing the conceptual Smart Grid models and projects, researchers nowadays, pay great attention to the issue of cyber security. In this connection it is necessary to note the elevated vulnerability of EPS information-communication infrastructure.
Thus, it becomes essential to upgrade the existing mathematical tools and develop new ones to furnish the EPS control and monitoring under cyberattacks with the data of required quality.
We consider the state estimation tool as a link between physical and information-communication infrastructures of EPS. It acts as a barrier to the corruption of data on current operating conditions of the electric power system in the control problem, including the data corruption caused by cyberattacks on data collection and processing systems of the EPS.
State estimation is a mathematical data processing method which is widely used for calculation of power system state variables on the basis of measurements.
The correct estimate of the system state can only be provided if the measurements do not contain gross errors or bad data.
The reasons for bad data are: -Random factors related to a failure in the data collection system, personnel errors, etc.
-Cyberattacks on the SCADA system and WAMS and state estimation software.
The most vulnerable facilities in terms of cyberattack consequences for state estimation are the informationcommunication control subsystems (SCADA and WAMS). Since the input data for the state estimation are represented by the SCADA measurements and PMU data, cyberattacks on the SCADA and WAMS, distort the results of state estimation. If no special measures are taken to identify these distortions and suppress their impact on the state estimation results, serious errors can appear in decisions made by dispatchers using the state estimation results. Therefore, to obtain quality state estimation results, the used measurements should be tested for the presence of bad data. The Melentiev Energy Systems Institute, SB RAS, has developed a test equation (TE) method for bad data detection and state estimation. The TE method enables us to detect bad data and systematic errors in measurements and identify their variances before state estimation [2]. Therefore, this method was chosen for the analysis of cyber security of SCADA system, WAMS and state estimation.
The paper is concerned with the issue of identification of the malicious cyberattacks in the EPS state estimation. To this end, we consider SCADA and WAMS structures, reveal vulnerable "points", and analyze potential cyberattacks. Special attention is paid to cyberattacks such as False Data Injection (FDI) Attacks aimed at distorting the state estimation results [3].
In this connection, we propose an algorithm for detection of cyber intrusions. The algorithm is based on test equations obtained by Crout matrix decomposition of the Jacobian matrix. The SCADA data were used to implement the algorithm under simulated cyberattacks. The obtained results showed effectiveness of the Russian analog of WAMS is the System for Transient Conditions Monitoring. It includes recorders of synchronized phasor measurements (PMU data), phasor data concentrators (PDC), dispatch control at all levels (central (CDC), interregional (IDC) and regional (RDC)), channels for data transfer between the recorders, data concentrators and dispatch control centers of JSC "SO of UES"', and facilities for processing the obtained information. WAMS measurements are synchronized using global navigation satellite systems (GNSS), including GPS and GLONASS. Signals from GNSS are received by time server (TS) intended for the generation of accurate time signals and further synchronization of phasor measurement units. A hierarchical structure of EPS control system in Russia is presented in Fig. 1. The functional components of the control system are a time synchronization subsystem (TSS), a measurement subsystem (MS), a data transfer subsystem (DTS), and a data processing subsystem (DPS) [4]. Possible cyberattacks on EPS control system [5] are presented in Table 1. We focused on the study of FDI attacks as they are negatively affect the state estimation results.

FDI Attacks
False data injection attacks are aimed at breaking integrity, availability and validity of data or operability of the system.
For the case of invalid data that occurred due to cyberattacks, we propose the following model [6] to describe the measurements of parameters of state y : a y y y + + = ξ , where y is a stream of true values of measured parameters; y ξ is vector of measurement noise that has normal distribution ) , 0 ( 2 y y σ ξ → with zero mean and variance 2 y σ that characterizes the accuracy of measurements; a is cyberattack. We described possible FDI attacks (Fig. 2), affecting the accuracy of the state estimation results. Mathematical models of measurements with cyberattacks are proposed Table 2.
Pseudo-measurements of nodal loads are used in addition to measurements of generation to obtain nodal injections i P , i Q .

Formation of test equations for EPS state estimation
The test equations are steady-state equations that include only measured variables:  (2): ) (x z z = . ( To obtain test equations, the components of state vector ) , ( i i U x δ = are excluded from (4) [2]. In this paper, we use the test equations obtained in this way.
Write (4) in the form By linearizing (6)  By applying Crout matrix decomposition to matrix H , we obtain 11 21 where 11 L is a lower triangular matrix whose order is equal to the number of components of vector , x 21 L is a rectangular matrix whose number of rows is equal to the number of redundant measurements or the number of test equations, 11 U is an upper triangular matrix. The matrix of coefficients of the system of test equations is determined by According to (6), the system of test equations will have the form Thus, (8) in a matrix form is written as follows where [ ] , E is a square identity matrix, whose dimension is determined by the number of redundant measurements. We propose using the Interior Point Method (IPM) based on the TE method to solve the state estimation problem under FDI attacks.

IPM based on TE method
Minimize objective function (1) Subject to (9) and max min i.e. the estimated values of some state variables obtained during the state estimation must be within certain technological limits. Thus, generation of active and reactive power at nodes should be within the limits determined by the power generation schedule; for power flows in transformers and lines, the limits determined by line transfer capability can be assigned; at load nodes it is necessary to provide correct direction (sign) of the nodal injection, etc. The Interior Point Algorithm based on the TE method consists of two stages: Stage 1. Calculation of initial parameters meeting the feasibility conditions; Stage 2. Optimization in the feasibility region consists in iterative calculation: where ) (k y ∆ is direction of improving the solution in iteration k , ) (k λ is the step value in this direction.
In stage 1, the vector is the solution to the auxiliary problem [ ] where ) (k r is a residual vector in the k -th iteration. Denote the diagonal matrices The problem is solved by Lagrange multiplier method. Proceeding from the optimality conditions, we express where u is Lagrange multipliers vector. Substituting (13) into (12), we obtain a system of linear equations with respect to u , We find vector u , and use (14)   The iterative transition is carried out according to the rules (11).
The stopping criterion is the satisfaction of the condition: i.e., it is assumed that the optimal solution is obtained [7].

Case study
To demonstrate the proposed approach, we considered the IEEE 14-bus test system (Fig. 3). Nodal voltage i U ) 14 , 1 ( = i , injection nodes i P , and power flows in lines j i P − were given as measurements.  . Errors were set to meet the active power balance at node 1. The state estimation problem was solved in three ways:  Table 3 presents the results of a comparative analysis of the values of the objective function (1) for three cases.
As evidenced by the analysis of the obtained results (Table 3), the traditional approach does not detect errors. In the second case, the IPM does not detect gross errors and distorts all measurement estimates. In the third case, we can determine at which node a cyberattack occurred by the value and the components of objective function (1). To eliminate the consequences of these attacks, we propose duplicating the data with WAMS measurements in real time to obtain redundant measurements [9].

Conclusions
1. Smart grids based on the sophisticated computer and communications equipment are characterized by elevated vulnerability to different types of cyberattacks. 2. The proposed approach to state estimation based on the Crout matrix decomposition allows detecting bad data under FDI attacks on SCADA system and WAMS. 3. To improve the performance of the methods for the verification of data used in the EPS state estimation, it is necessary to increase the redundancy of SCADA measurements, supplement the SCADA measurements with the PMU measurements obtained from WAMS, combine various bad data detection methods (a priori, a posteriori, robust), and use the criterion of maximum probability of bad data detection when placing PMUs.