Power grids are considered some of the most critical infrastructure in the United States as defined by the Cybersecurity and Infrastructure Security Agency (CISA). The modern power grid has evolved into a large Cyber Physical Systems (CPS) equipped with the wide area monitoring systems (WAMS) and distributed control. The power grid contains high fidelity sensors and measurement devices, such as phasor measurement units (PMU’s), that can relay data about the system with high temporal resolution. There are both cyber security threats and physical disturbances at play. The influx of data is massive, finding the needle in the haystack can be a daunting task, and will require the use of supervisied, unsupervised, and deep learning models.
Anomaly detection and the digital twin: A key factor will be to label anomalies as events that have low probability of taking place, for example, an unexpected spike in voltage. The power grid data is considered as a probability distribution and the model will approximate the probability densities; low-density values can be found in the data on the digital twin. The data points, which are least probably are considered irregularities. Each time series data point caputured over time across sensors are linked in certain configurations and can influence each other. A deep-learning model, normalizing-flow, is an effective tool in approximating probably density. A Bayesian network can be constructed to learn the intricate and causal relationships between sensors along a powergrid network. Once deployed, a steady flow of new data would be used to determine potential drift thus upholding accuracy over time. This methodology can be used not only for anomaly detection but also for determining forecasts and as inputs to downstream models.
Another topic of interest is False Data Injection Attacks or FDIA. An FDIA is a data attack where attackers alter original measurements supplied by sensors that can have computational impact on downstream models. The attacker injects undetected intentionally false data in calculating variables used to define the system state. These attacks can result in operational overheads and severe power outages. Many of these attacks come from internal sources having precise knowledge of the systems bilinear pairing operations. Internal attackers also have intricate knowledge of network topology, capacity, cost, and standard measurements of systems.
To defend against FDIA attacks countermeasures and mitigation tools and procedures must be established across the digital twin. Anomaly detection is critical to establish proactive detection-based defenses including security assessment, runtime monitoring, alerts, and remediation steps. Deep learning algorithms like “deep belief network” will help identify active attacks through temporall behavioral analysis. Another statistical relative entropy model like Kullback-Leibler Divergence, provides normalized and symmetrical measures of one probably distribution from another. Jacobian Matrix, or sparse optimization, can be levered to shrink value equally via factorization to improve scalability and performance for detection of FDIA attacks. Continuous evaluation of FDIA countermeasures must be evaluated.
The resulting actions might require human or machine implementation. In cases of human intervention, responses may range from repairing specific equipment to adjusting supply mechanisms. If the decision-making process is repeatable, operators can leverage API protocols with source applications to enact changes directly into the systems. This approach enables a fully closed-loop and automated alert resolution, a capability long desired by companies but hindered by integration difficulties across platforms. The power of this methodology is to understand the dependency relationships between the different nodes in the graph and overlay these across the digital twin.