Recent cyber-attacks on power grids highlight the necessity to protect the critical functionalities of a control center vital for the safe operation of a grid. Even in a distributed framework one central control center acts as a coordinator in majority of the control center architectures. Such a control center can become a prime target for cyber as well as physical attacks, and, hence, a single point failure can lead to complete loss of visibility of the power grid. If the control center which runs the critical functions in a distributed computing environment can be randomly chosen between the available control centers in a secure framework, the ability of the attacker in causing a single point failure can be reduced to a great extent. To achieve this, a novel distributed hierarchy based framework to secure critical functions is proposed in this paper. The proposed framework ensures that the data aggregation and the critical functions are carried out at a random location, and incorporates security features such as attestation and trust management to detect compromised agents. A theoretical result is proved on the evolution and convergence of the trust values in the proposed trust management protocol. It is also shown that the system is nominally robust so long as the number of compromised nodes is strictly less than one-half of the nodes minus 1. For demonstration, a Kalman filter-based state estimation using phasor measurements is used as the critical function to be secured. The proposed framework's implementation feasibility is tested on a physical hardware cluster of Parallella boards. The framework is also validated using simulations on the IEEE 118 bus system.
翻译:最近对电网的网络攻击凸显出有必要保护对电网安全运行至关重要的控制中心的关键功能。 即使在一个分布式框架内,一个中央控制中心也可以在大多数控制中心架构中充当协调员。这样的控制中心可以成为网络攻击和物理攻击的首要目标,因此,单一点失败可能导致电网完全丧失可见度。如果在分布式计算环境中运行关键功能的控制中心可以在一个安全的框架内随机地在现有的控制中心之间选择,攻击者造成单一点故障的能力可以大大降低。为了实现这一点,本文件提出了一个新的分布式结构框架,以保障关键功能。拟议的框架可以确保数据汇总和关键功能在随机地点进行,并纳入安全特征,如验证和信任管理,以探测受损的剂。如果在拟议的信任管理协议中的信任值的演变和趋同性,那么攻击者造成单一点故障的能力可以大大降低。为了实现这一点,本文件提出了一个新的基于分布式结构的框架以保障关键功能。拟议框架确保数据汇总和关键功能在随机地点进行,例如验证和信任管理,从而检测拟议中的信任值值值值的演变和统一。还表明,只要基于易失的节点节点节点数的节点数数量,系统数量框架的运行系统数量在严格上使用KLA的测试,则使用一个关键的硬值框架。