Resilient Control Architectures and Power Systems E-Book

Table of Contents

Cover

Title Page

Copyright

Foreword

Preface

References

Acknowledgments

Editors Biography

List of Contributors

Part I: Introduction

1 Basis, Definition, and Application

1.1 Introduction

1.2 Definition and Application

References

2 General Use Case Introduction

2.1 Introduction

2.2 Importance of Resilient Controls for Power Systems

2.3 Power Systems Operations and Control

2.4 Summary

References

Part II: Infrastructure Fundamentals

3 Power Grid Architecture

Objectives

3.1 Introduction

3.2 Classical Power System Architectures

3.3 Emerging Architecture Trends

3.4 Power Systems Operations and Control

3.5 Power Systems Planning

3.6 Measures of Performance

3.7 Summary

Further Reading

References

4 Control System Architecture

Objectives

4.1 Introduction

4.2 Automatic Generation Control

4.3 Reactive Power and Voltage Control

4.4 Excitation System Stabilizer

4.5 Summary

Further Reading

5 Communication Architecture

Objectives

5.1 Introduction

5.2 Communication Media

5.3 Summary

References

Part III: Disciplinary Fundamentals

6 Introducing Interdisciplinary Studies

Objectives

6.1 Introduction

6.2 The Pathway to an Interdisciplinary Team

Further Reading

7 Cybersecurity

Objectives

7.1 Introduction

7.2 Systems and Control Systems

7.3 Fundamental Cybersecurity Objectives: The CIA Triad

7.4 Fundamental Cybersecurity Techniques

7.5 Threats, Vulnerabilities, and Attacks

7.6 Secure System Design Principles

7.7 Approaches for Threat and Risk Assessment and Mitigation

7.8 Approaches for Incident Detection and Response

7.9 Summary

7.10 Thoughtful Questions to Ensure Comprehension

Further Reading

References

8 Control Theory

Objectives

8.1 Introduction

8.2 Deterministic Linear Systems

8.3 Pontryagin Principle and HJB Equation

8.4 Stochastic Linear Systems

8.5 Deterministic Nonlinear Systems

8.6 Summary

8.7 Thoughtful Questions to Ensure Comprehension

Further Reading

References

9 Human System Interfaces

Objectives

9.1 Introduction

9.2 Basic Methods

9.3 Summary

Further Reading

References

Notes

Part IV: Metrics Fundamentals

10 Differentiating Resilience

Objectives

10.1 Introduction

10.2 Conventional Views of Grid Resilience

10.3 Grid Characteristics

10.4 Grid Resilience and the Relationship to Electric Reliability

10.5 Characterization of Resilience

10.6 Architectural Principles and Concepts for Resilience

10.7 Structural Resilience Quantification and Valuation

10.8 Summary

Further Reading

References

Notes

11 Cross-architecture Metrics

Objectives

11.1 Definition of Resilience

11.2 Notional Capture of Resilience Adaptive Capacity

11.3 Response Epoch: Adaptive Capacity on an Asset-Level Development

11.4 Adaptive Capacity on an Aggregated-Level Development

Exercises

Exercises

11.5 Cybersecurity Considerations

11.6 Consideration of Resist Epoch (Inertia)

11.7 Consideration of Recover and Restore Epochs

References

Part V: Resilience Application

12 Introducing the Grid Game

Objectives

12.1 Introduction

12.2 Download/Install the Game

12.3 Play the Grid Game

12.4 Fundamentals

12.5 Evaluate the Grid Game and Players (Yourself and Others)

12.6 Play Together

12.7 Improve the Game

References

13 Cybersecurity and Resilience for the Power Grid

Objectives

13.1 Introduction

13.2 Operation Technologies in the Power Grid

13.3 Cyberattacks to the Power Grid

13.4 Research Efforts

13.5 Summary

13.6 Thoughtful Questions to Ensure Comprehension

Further Reading

References

14 Control Challenges

Objectives

14.1 Introduction

14.2 Resiliency Challenges in Control Systems

14.3 Resiliency Design Framework

14.4 Resiliency for Decentralized Control Systems

14.5 Summary

14.6 Thoughtful Questions to Ensure Comprehension

Further Reading

References

15 Human Challenges

Objectives

15.1 Introduction

15.2 Experiential Learning and the Multidisciplinary Grid Game

15.3 Benefits of Gamifying Cybersecurity

15.4 Summary

Further Reading

References

Part VI: Additional Design Considerations

16 Interdependency Analysis

Objectives

16.1 Introduction

16.2 Approaches to Infrastructure Dependency Analysis

16.3 Bulk Power Systems Interdependency Case Studies

16.4 Summary

Further Reading

References

17 Multi-agent Control Systems

Objectives

17.1 Introduction

17.2 Control System Design

17.3 Control System Application

17.4 Summary

Further Reading

References

18 Other Examples of Resilience Application

Objectives

18.1 Introduction

18.2 Resilient Design Capacities

18.3 Anticipative Capacity

18.4 Absorptive Capacity

18.5 Adaptive Capacity

18.6 Restorative Capacity

18.7 Considerations for Resilient Design

18.8 System of Interest

18.9 Threat Space

18.10 Operational Constraints

18.11 Summary

Further Reading

References

Notes

Part VII: Conclusions

19 Summary and Challenge for the Future

19.1 Introduction

19.2 Resilience Is Not a Design Layer, It Is a Philosophy

19.3 Resilience and the Road to Autonomous Systems

References

Index

End User License Agreement

List of Tables

Chapter 3

Table 3.1 OSI seven-layer communication architecture.

Table 3.2 Outage data for Problems 6–8.

Chapter 4

Table 4.1 Turbine-generator parameters for the power station example.

Table 4.2 LFC loop parameters for the power station example.

Table 4.3 Generation parameters for three-unit power system example.

Table 4.4 Final power output values for three-unit power system example.

Table 4.5 Parameters for the two-area system with LFC example.

Table 4.6 Additional parameters for a two-area system with AGC.

Table 4.7 Parameters for an example generator with a simple AVR.

Chapter 7

Table 7.1 Security mechanisms and their properties.

Chapter 9

Table 9.1 Human errors in process control attributed to human-system interfa...

Table 9.2 Typical subjective agreement Likert scale used in user research.

Table 9.3 Evaluation phases and types for GONUKE.

Table 9.4 Short checklist of HSI design and evaluation activities.

Chapter 10

Table 10.1 Resilience group characteristics.

Table 10.2 Resilience groups and subgroups.

Table 10.3 Resilience foundational elements.

Table 10.4 Grid structures and issues.

Chapter 15

Table 15.1 Attack information provided to criminal justice students.

Table 15.2 Sample attack schedule from a criminal justice group.

Table 15.3 Final attack schedule designed by criminal justice students.

Chapter 16

Table 16.1 NERC regional risk profiles [20].

List of Illustrations

Chapter 1

Figure 1.1 Resilient control system architecture.

Chapter 2

Figure 2.1 System power and communication architecture.

Chapter 3

Figure 3.1 Classical power system.

Figure 3.2 Radial versus meshed architectures. (a) Radial, (b) Meshed.

Figure 3.3 Communication and electrical Infrastructure integration to create...

Figure 3.4 Example of a smart grid.

Figure 3.5 Distribution grid with high penetration of DERs.

Figure 3.6 Comparison of the resilience of two systems.

Figure 3.7 Example of a microgrid.

Figure 3.8 Rotor-angle stability curves.

Figure 3.9 V–P curve and critical point.

Chapter 4

Figure 4.1 Schematic diagram of a synchronous generator with the load freque...

Figure 4.2 Block diagram of a synchronous generator.

Figure 4.3 Expanded and reduced block diagrams of the generator and frequenc...

Figure 4.4 Block diagram for a simple hydro or non-reheat steam turbine.

Figure 4.5 Governor steady-state speed regulation characteristic.

Figure 4.6 Block diagram of speed governing system for steam turbines.

Figure 4.7 Block diagram of the load frequency control of an isolated power ...

Figure 4.8 The speed/frequency response for a 10% load increase in the power...

Figure 4.9 AGC for an isolated power system.

Figure 4.10 The speed/frequency response for a 10% load increase in the powe...

Figure 4.11 Equivalent network for a two-area system.

Figure 4.12 Control block diagram for a two-area system with LFC.

Figure 4.13 Speed/frequency response for a two-area system with LFC. Load de...

Figure 4.14 Turbine powers and tie line power flow for a two-area system wit...

Figure 4.15 Control block diagram for a two-area system with AGC.

Figure 4.16 Speed/frequency response for a two-area power system with AGC. L...

Figure 4.17 Turbine powers and tie line power flow for a two-area power syst...

Figure 4.18 Control block diagram for a simple AVR.

Figure 4.19 Terminal voltage response for a generator with a simple AVR. Rea...

Figure 4.20 Control block diagram for a simple AVR with a feedback stabilize...

Figure 4.21 Terminal voltage response for a generator with a simple AVR and ...

Figure 4.22 Control block diagram for a simple AVR with a feedback stabilize...

Figure 4.23 Terminal voltage response for a generator with a PID stabilizer....

Chapter 5

Figure 5.1 RJ-45 termination plugs.

Figure 5.2 Maximum bending radius.

Figure 5.3 Individual optical cables in the core.

Figure 5.4 All-dielectric self-supporting cable.

Figure 5.5 Mechanical splicing.

Figure 5.6 Standard connector.

Figure 5.7 Straight tip.

Figure 5.8 Lucent connector.

Figure 5.9 Mechanical transfer registered jack.

Figure 5.10 Patch panel.

Figure 5.11 Various communications.

Figure 5.12 Illustrative energy management system architecture.

Figure 5.13 Redundant energy management system architecture.

Figure 5.14 Illustrative distribution management system architecture.

Figure 5.15 Distribution system example.

Figure 5.16 Legacy RTU communication architecture.

Figure 5.17 Data concentrator/IED communication architecture.

Figure 5.18 Data concentrator/IED redundant communication architecture.

Figure 5.19 Ethernet star topology architecture.

Figure 5.20 Redundant Ethernet star topology architecture.

Figure 5.21 Hybrid communication architecture.

Figure 5.22 Auxiliary relay contact multiplication.

Figure 5.23 GOOSE and Sampled Values example.

Figure 5.24 Microgrid.

Chapter 8

Figure 8.1 Implementation of the closed-loop optimal control: infinite final...

Figure 8.2 Continuous-time LQG regulator – finite-horizon: summary.

Chapter 9

Figure 9.1 The relationship between the system and the user in a human-syste...

Figure 9.2 Development phases for user-centered design.

Figure 9.3 The relationship between design maturity and evaluation type.

Figure 9.4 Types of usability testing and related human performance measures...

Chapter 10

Figure 10.1 Grid architecture development process.

Figure 10.2 Relationship of grid architecture to grid characteristics.

Figure 10.3 Synthesis of grid architectures.

Figure 10.4 Electric reliability elements.

Figure 10.5 Grid resilience in context.

Figure 10.6 Resilience and reliability domains.

Figure 10.7 Resilience domains and subdomains.

Figure 10.8 Closed-loop control stress and strain.

Figure 10.9 Characteristics definition, quantification, and valuation.

Chapter 11

Figure 11.1 The notional form of the measure of performance of a system unde...

Figure 11.2 Some of the disciplines that are required for design and operati...

Figure 11.3 A cartoon view of adaptive capacity versus uncontrollable aspect...

Figure 11.4 Economic unit grouping examples.

Figure 11.5 Illustration of one asset with energy constraints.

Figure 11.6 Juxtaposition of the manifold with corresponding epochs of resil...

Figure 11.7 Graph of adaptive capacity combining assets from Example 1 and E...

Figure 11.8 Graph showing the effect on the adaptive capacity if disturbance...

Figure 11.9 Disabling the control of a device will decrease the controllable...

Figure 11.10 Illustration of a possible communication and control architectu...

Figure 11.11 The illustration in (a) is the baseline system with sufficient ...

Chapter 12

Figure 12.1 The ecosystem of a resilient control system.

Figure 12.2 Primary function of the controller and operator is maintaining f...

Figure 12.3 Tools for the operator.

Figure 12.4 The battery system control knob.

Figure 12.5 Frequency monitor.

Figure 12.6 Choose your gains.

Figure 12.7 Bank some points.

Figure 12.8 Details of load and generation.

Figure 12.9 Purchase assets and grow your customers.

Figure 12.10 Buy contracts.

Figure 12.11 Also, you can monitor the status of the contracts you have purc...

Figure 12.12 Try to sell excess power.

Figure 12.13 Demand response.

Figure 12.14 Protect yourself from malicious hackers.

Figure 12.15 Let's play!.

Figure 12.16 The electric grid is made up of generators that are large spinn...

Figure 12.17 This illustration depicts the generators and loads on a system ...

Figure 12.18 The parts of a control system.

Figure 12.19 A PID control system.

Chapter 13

Figure 13.1 Power grid anatomy.

Figure 13.2 Communications protocols used in a power grid.

Figure 13.3 IEC 104 APDU as part of TCP payload and APDU structure. Note, AP...

Figure 13.4 I-format APCI with typeID=“Measured value, short floating point ...

Figure 13.5 Mapping of IEC 61850 model protocols to OSI model.

Figure 13.6 While the attack in 2015 required remote hackers operating the s...

Chapter 14

Figure 14.1 Multistage planning and design for resilient control systems: ex...

Figure 14.2 Composition of cyber games and physical layer games together to ...

Figure 14.3 Network connectivity: dynamic configuration of secure robotic ne...

Figure 14.4 The network connectivity over time.

Figure 14.5 Conceptual model of the composed..

Figure 14.6 Iterations to compute a Gestalt Nash equilibrium..

Chapter 15

Figure 15.1 Excerpt of the interview guide developed by a criminal justice s...

Figure 15.2 Excerpt of the observation guide developed by a criminal justice...

Chapter 16

Figure 16.1 Example cross-sector interdependency relationships.

Figure 16.2 Functional dependency model.

Figure 16.3 Generating capacity by energy source.

Figure 16.4 Primary natural gas production regions.

Figure 16.5 2010 USGS estimated water withdrawals made for thermoelectric po...

Figure 16.6 Water-related power-plant incidents.

Chapter 17

Figure 17.1 Agent attributes.

Figure 17.2 HMADS hierarchy.

Figure 17.3 Notional methodology integration of a HMADS architecture to powe...

Figure 17.4 Cyber–physical degradation assessment framework.

Figure 17.5 Decision weighting from expert opinion.

Figure 17.6 Human scenario studies for decision analysis.

Figure 17.7 Execution layer agents and consensus equations.

Figure 17.8 HMADS design and interfaces.

Figure 17.9. Small notional chemical plant.

Guide

Cover Page

Title Page

Copyright

Foreword

Preface

Acknowledgments

Editors Biography

List of Contributors

Table of Contents

Begin Reading

Index

End User License Agreement

Pages

ii

iii

iv

xv

xvii

xviii

xix

xx

xxi

xxii

xxiii

xxv

xxvi

xxvii

xxviii

1

3

4

5

6

7

8

9

11

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

83

85

86

87

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

145

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

231

232

233

234

235

236

237

238

239

240

241

243

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

287

288

289

290

291

292

293

294

295

296

297

298

299

300

301

302

i

ii

iii

iv

v

vi

303

IEEE Press445 Hoes LanePiscataway, NJ 08854

IEEE Press Editorial BoardEkram Hossain, Editor in Chief

Jón Atli Benediktsson

Anjan Bose

David Alan Grier

Elya B. Joffe

Xiaoou Li

Lian Yong

Andreas Molisch

Saeid Nahavandi

Jeffrey Reed

Diomidis Spinellis

Sarah Spurgeon

Ahmet Murat Tekalp

Resilient Control Architectures and Power Systems

Copyright © 2022 by The Institute of Electrical and Electronics Engineers, Inc. All rights reserved.

Published by John Wiley & Sons, Inc., Hoboken, New Jersey.Published simultaneously in Canada.

No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 750-4470, or on the web at www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permission.

Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the publisher nor author shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages.

For general information on our other products and services or for technical support, please contact our Customer Care Department within the United States at (800) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002.

Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic formats. For more information about Wiley products, visit our web site at www.wiley.com.

Library of Congress Cataloging-in-Publication Data

Names: Rieger, Craig G., editor. | Boring, Ronald, editor. | Johnson, Brian  (Engineering professor), editor. | McJunkin, Timothy, editor.

Title: Resilient control architectures and power systems / edited by Craig Rieger, Ronald Boring, Brian Johnson, Timothy McJunkin.

Description: Hoboken, New Jersey : Wiley-IEEE Press, [2022] | Series: IEEE press series on power and energy systems | Includes bibliographical references and index.

Identifiers: LCCN 2021035609 (print) | LCCN 2021035610 (ebook) | ISBN 9781119660415 (cloth) | ISBN 9781119660224 (adobe pdf) | ISBN 9781119660422 (epub)

Subjects: LCSH: Electric power distribution–Automation. | Electric power system stability. | Electric power failures.

Classification: LCC TK3091 .R47 2022 (print) | LCC TK3091 (ebook) | DDC 621.319–dc23

LC record available at https://lccn.loc.gov/2021035609

LC ebook record available at https://lccn.loc.gov/2021035610

Cover Design: Wiley

Cover Images: © Lisa-S/Shutterstock, JordiDelgado/iStockphoto, landbysea/Getty Images, William Kiestler

Foreword

With the growing dependence on control system technologies and concerns over stresses on existing energy infrastructure, specifically the automated operation of the power grid, the resilience of control systems to malicious and/or unexpected threats has received greater focus by the government. This attention includes the implementation of a smart grid, where existing loads can be more readily monitored and controlled, allowing the existing power generation to be operated more efficiently. However, the complexity generated with such extended monitoring requires a clear understanding of those system interactions, human and automated, which are necessary to bring resilience to the overall design. In addition, the cyber vulnerability of these systems has raised specific concerns, documented in many recent articles on state-sponsored attacks to electric power systems and similar infrastructure. It is therefore critical in the next generation of control systems that resilience plays a large role in its design and development. As a necessary contributor, the paradigm of education should reflect this need, and while other electrical engineering and computer science programs in the nation have included a cybersecurity perspective, few if any have focused on the unique control system aspects.

To address this need, this text is intended to provide a primer for universities to cultivate interdisciplinary teaming considerations for resilient control systems. While each undergraduate or graduate student will have in-depth knowledge in one discipline, each chapter is written at an entry skill level to enable greater comprehension and appreciation of other disciplines. The infrastructure domain considered is the power system, but the disciplinary aspects provide a basis for other infrastructure applications. Additional chapters were added at the end of the text to provide additional resilience metrics and design considerations as special studies.

Preface

There are seven Parts to this Book consisting of 19 chapters:

Part I, “Introduction,” provides background on the definition of a resilient control system and its application to the power system use case.

Chapter 1: This chapter outlines a course designed to introduce students from multiple science and engineering disciplines to the challenges of automation in the power system. As more automatic control systems are applied, the resulting complexity and vulnerabilities increase the need for resilient control systems. A resilient control system “maintains state awareness and an acceptable level of operational normalcy in response to disturbances” [1]. The chapter also discusses the expected outcomes of the course.

Chapter 2: The electric power system is a fundamental infrastructure that is critical to everyday life. Resilient design and resilient control of the power grid are essential. This chapter will introduce the power system as a use case to demonstrate the concepts of resilient control system design. The use case will illustrate how power systems measurements and control are implemented using autonomous control devices, both in normal operation and during larger disturbances. Later chapters will show how modern control approaches can improve system resilience. The use case also considers the human system operator interface and the importance of applying human factors to allow automation to support the human operators to ensure the human-in-the-loop can concentrate on what humans do best. The use case also allows exploration of cybersecurity and cyber-defense concerns.

Part II, “Infrastructure Fundamentals,” provides a background on the design of current power system designs, including the integrated control and communications systems.

Chapter 3: Power system architectures evolved over a period of more than 100 years. The power grid from the 1960s to the late 1990s will be referred to as a “traditional architecture.” This architecture was the result of 60 years of gradual evolution. Recent decades have seen accelerating changes. Emerging trends, especially those driven by the significant increase of renewable power generation sources, the evolution of power markets, and the advent of microgrids, will be described. The chapter will discuss power systems operations and control, including the roles of human operators. In addition, the power system planning process will be introduced in this chapter, followed by a discussion of measures of operational performance used for transmission and distribution operations.

Chapter 4: The most important control of electric power generation is the inherent detection of load demand changes. The first response mechanism is to keep the production and the consumption operating in balance. The second response mechanism is to maintain the voltage level within tolerance for the operation of loads. The power and voltage control at generation units is a primary problem in power-system design. The control of individual generators has evolved into a hierarchical control for the management of large interconnections. Modern energy control centers command the generation levels and supervise the flow of power across the grid.

The control of alternative current (AC) power systems is benefited by the inherent ability of electric generation to detect the load demand changes without any communication and control infrastructure. The basic response mechanism to keep the balance between electric power production and consumption comes from the turbine-generator response to the conservation of energy. The control of generator units is the primary control problem of power systems. The methods developed for control of individual generators and of large interconnections play a vital role in energy control centers.

Chapter 5: The electric power utility system has, over the past several decades, become highly dependent upon high-speed, reliable communications systems. This evolution has gone from simple human-to-human communication for the manual operation of the system to a variety of systems and subsystems. These include systems such as Supervisory Control and Data Acquisition (), Distribution Automation (DA), system protection including specialized systems dependent upon communication, and more modern systems for security and surveillance, condition monitoring, asset management, and customer billing.

Part III, “Disciplinary Fundamentals,” provides background on the unique disciplinary foundations that are brought to bear in this text.

Chapter 6: This chapter argues that an interdisciplinary education is critical to addressing the complex problems of today. Engineering curricula traditionally provide students with a broad education, but additional work must be done to help students appreciate the unique contributions of members of an interdisciplinary team. Because resilient solutions are not found in any one system, interdisciplinary teams are critical to success. Initiatives such as the Resilient Control Systems for the Power Grid course and the GridGame promote have been developed to help students understand multiple roles and perspectives within the resilience community.

Chapter 7:Cyber–Physical Systems (CPS) or Industrial Control Systems (ICS), such as the power grid and manufacturing plants, are systems that are comprised of an array of interconnected physical, control, computing, and networking devices. Often, such systems bear vulnerabilities in either their physical or digital components, which in turn may expose them to threats and render them susceptible not only to physical but also cyberattacks. In this chapter, we will examine the main elements of security within the context of ICS/CPS and focus on its cybersecurity aspects. We will analyze the main properties of cybersecurity, namely confidentiality, integrity, and availability, and study the most important technical mechanisms that exist to ensure these properties, including cryptography, authentication, authorization, accountability, access control, and redundancy. We will describe the common types of vulnerabilities in ICS/CPS and inspect the main stages of a cyberattack. We will also provide pointers of system design principles that must be followed during the various stages of the ICS/CPS lifecycle to increase their security. Finally, the most important approaches for threat and risk mitigation will also be outlined.

Chapter 8: Control Theory addresses the feedback principles of any dynamical system where the output is fed back via a controller for comparison with the desired input to make any necessary changes to satisfy the customer specifications. Dynamical systems exist in various forms such as linear or nonlinear, continuous or discrete, deterministic or stochastic, etc. The field of control systems has a long history dating back to 300 BCE when the Greeks invented a water clock and with a formal work on governors by James Clerk Maxwell in 1868, leading to classical control era (Routh-Hurwitz, Bode, Nyquist) and modern control era (Lyapunov, Pontryagin, Kalman, etc.). This chapter presents an overview of the theory and techniques arising in modern control systems such as optimal control, and briefly touch upon nonlinear control, adaptive control, intelligent control, etc. Any engineering system to be controlled needs to have three components of modeling, analysis or performance, and synthesis or design. Optimization is a very desirable feature in day-to-day life. We like to work and use our time in an optimum manner, use resources optimally, and so on. The main objective of optimal control is to determine control signals that will cause a process (plant) to satisfy some physical constraints and at the same time extremize (maximize or minimize) a chosen performance criterion (performance index or cost function). Thus, we address optimal control systems where the theory is rooted in the field of calculus of variations developed during sixteenth and seventeenth centuries over 300 years ago [2] and flourished right into the twenty-first century.

Chapter 9: This chapter reviews user-centered design for human–system interfaces of control systems. The premise of user-centered design is that the designer must consider the user, in this case the operator of a control system. User-centered design also advocates for iteration, in which feedback from operator testing is used to improve the design of the system. This chapter walks through the importance of keeping humans in the loop in control systems design and then outlines approaches for design planning, prototyping, and evaluation. It concludes with a checklist to help the control systems engineer follow a user-centered process in the design of human–system interfaces.

Part IV, “Metrics Fundamentals,” establishes a basis for measuring success in the area of resilience.

Chapter 10: The improvement of resilience in electric power systems has been of growing importance in the United States for several years. Progress has been made in various areas, but much remains to be done in terms of the basic architecture of the power grid. A limiting factor has been the lack of a connection between foundational grid architecture principles and methods on the one hand and clearly defined relationships between resilience improvement objectives and actual means for assessing, planning, and implementing resilience measures on the other. At the core of this limitation is the need for principled definition, quantification, and valuation of the resilience impacts of grid architectures and architecture changes. The use of structural concepts provides a framework for these issues and provides a new means to obtain insight into how resilience may be analyzed and improved.

Chapter 11: To improve anything, there must be a way to assess its character with respect to the definition of the desired characteristics. With this in mind, a solid definition that people or organizations with an interest in the performance of the system, the stakeholders, must be stated. From there, a method of measuring the system against that definition needs to be created. It is often useful to express a concept in a notional manner but to put it into use the metric must be made tangible. This chapter will present a definition of the word resilience in the context of critical infrastructure. For that definition, a notional representation that has become common in the description of resilience that captures performance through time as it proceeds from an event that disturbs the system through the stages of resilience. Next, we will construct a tangible form of a metric to that can be used as a design tool to determine what improvements should be made to produce a more resilient system keeping in mind that cost is always a consideration.

Part V, “Resilience Application,” provides a resilient control system perspective for application of disciplinary contributions, with the intent to evolve from multidisciplinary to interdisciplinary. A system application gaming environment provides a thoughtful means for students to apply these considerations.

Chapter 12: What is with a game in a resilience class? Well, there are many reasons to use a game for education. One, it is something for you to look forward to as part of a class. An event where you compete and cooperate with your fellow students can reveal more about resilience than reading papers, doing homework, or studying for an examination. The only thing that you might learn more from is creating your own game or really using a project development to dig into the understanding of a subject. The Grid Game has evolved from a simple swing equation simulation of the real power aspects of a microgrid to a multiplayer game that enables players to experience the impacts of unexpected events. As resilience is multidisciplined as you have been learning in this textbook, a simulated game gives you a chance to think about strategy and improvements to the human interaction with a system.

Chapter 13: Modern power grids rely heavily on TCP/IP networks to monitor and control physical processes. This reliance opens the door to potentially new and powerful cyberattacks against them. In this chapter, we introduce technologies that are used to operate the power grid and security challenges facing the power grid, present previous attacks, and discuss research efforts to improve the security and resiliency of the grid.

Chapter 14: In this chapter, we introduce methods to address resiliency issues for control systems. The main challenge for control systems is its cyber–physical system nature that strongly couples the cyber systems with physical layer dynamics. Hence, the resiliency issues for control systems need to be addressed by integrating cyber resiliency with physical layer resiliency. We introduce frameworks utilizing a games-in-games paradigm that can provide a holistic view of the control system resiliency and enable an optimal cross-layer and cross-stage design at the planning, operation, and recovery stage of control systems. The control systems are often large-scale systems in industrial application and critical infrastructures. Decentralized control of such systems is indispensable. We extended the resiliency framework to address distributed and collaborative resiliency among decentralized control agents.

Chapter 15: Technological advancements have resulted in highly critical infrastructure, which has increased the infrastructure's attack surface and made them more vulnerable to cyberattacks. The constantly evolving threat landscape and sophisticated attack vectors boasts intelligent and adaptive threat actors that can surpass traditional engineered and deployed defenses. A skilled cybersecurity workforce is essential; furthermore, there is an immediate need for anticipatory defense measures that reflect the adaptive and dynamic nature of the threat actors. Developing anticipatory cyber strategies require understanding the human aspects of cyberattacks: how adversaries organize, strategize, adapt, and function effectively, and how defenders secure grids and make effective decisions in cyber defense and system operation when experiencing cyberattacks. One effective mechanism to train the future workforce in this space is by gamifying cybersecurity.

Part VI, “Additional Design Considerations,” as an optional chapter, includes considerations that extend the resilience considerations to different domains, consider interdependencies among infrastructures and provide some thoughts for the future of distributed control.

Chapter 16: Critical infrastructure is ubiquitous in modern societies and its reliable and resilient operation is of paramount importance to national security, economic vitality, and public confidence [3,4]. The nation's critical infrastructure is diverse and complex. Electricity transmission and distribution networks, telecommunication networks, and transportation systems are common representative examples. Their high degree of inter- and intra-connectedness make them vulnerable to cascading disruptions when exposed to man-made or natural hazards. These critical infrastructures must be secure and able to withstand or rapidly recover from all hazards. Safeguarding the reliability of the nation's infrastructure will require a greater understanding of the complex interdependencies of these systems, from their subtle emergent behaviors to large-scale cross-sector consequences in an all-hazard environment.

In the context of this paper, all-hazard vulnerability analysis of critical infrastructure is assumed to be a quantitative process, used to facilitate risk-informed decision-making by identifying which infrastructures are susceptible to what hazards. The resulting outcome of this process is then used to reduce the probability of adverse events and mitigate their consequences, should they occur. Modeling and simulation play an important role in identifying, understanding, and analyzing these events and their effects on the robustness and resilience of the nation's critical infrastructure. This is because, for most scenarios, it is impossible or impractical to create experimental conditions to directly measure the effects of hazards on these complex and diverse systems.

Chapter 17: The idea of distributed control has been considered for decades and became the namesake of a certain type of ICS architecture released in the 1980s. While the digital components were, in fact, distributed throughout a facility, the concept of distributed control was not in play. Not just the dependence on a centralized set of operator consoles provided this limitation but also the ability to autonomously negotiate shifts in operations. Current ICSs are still dependent upon human input down to some common feedback loops, if not direct action. Evolving from current system designs to distributed control will require tiers of recognition and response, at the top providing the management and coordination, currently based in procedures and skill of the craft, but in future extracting the management parameters for operation (e.g. production rate) and engineering parameters through coordination of resources (i.e. settings that safely and efficiently transition the operations from one state to another). At the lowest tier, the execution layer provides a true time-based dynamic but taking intelligent instruction from the settings and autonomous control action in response. To establish resilience to threats, including cyberattack or damaging storms causing physical degradation, the tiers are decomposed into agents, which maintain state awareness and adapt to maintain the overall management philosophy. Even if the communications are lost, also a possibility with threats, those elements that survive can recognize and respond to maintain an optimized state. The result is a distributed and resilient control system.

Chapter 18: Previous chapters focus on resilient architectures for the electrical power grid. Emphasis on this “uniquely critical” infrastructure system is merited, and other critical infrastructures can also benefit from design of resilient control systems. This chapter discusses resilient design considerations that generally apply across a broad spectrum of critical infrastructures. The chapter introduces four resilient design capacities, that is, fundamental system attributes that contribute to or detract from resilient operations. The chapter also discusses design issues and system constraints that often need to be considered when balancing the capacities in resilient designs.

Part VII, “Conclusions,” summarizes the book and challenges the students to consider the future and the new science of resilience.

Chapter 19: The previous chapters of this book take an interdisciplinary approach to discussing resilience in control systems, designed to encourage students from diverse disciplines to consider this critical concept. This chapter concludes that resilience is not a design layer. Instead, it is a philosophy. This chapter summarizes the challenges of designing resilient control systems and the relationship between humans and automation. Autonomy is not the final goal, but one tool to achieve a resilient system.

References

1

Rieger, C. (2010). Notional examples and benchmark aspects of a resilient control system. Resilient Control Systems (ISRCS).

3rd International Symposium

(August 2010), 64–71.

2

Sussmann, H.J. and Willems, J.C. (1997). 300 Years of optimal control: from the Brachys-Tochrone to the maximum principle.

IEEE Control Systems Magazine

17: 32–44.

3

President's Commission on Critical Infrastructure Protection. (1997). Critical Foundations: Protecting America's Infrastructures the Report of the President's Commission on Critical Infrastructure Protection. United States. President's Commission on Critical Infrastructure Protection, Washington, DC.

4

The White House (1998).

Presidential Decision Directive 63

. Washington, DC: The White House.

Acknowledgments

This text is the culmination of a multi-university course that focused on the interdisciplinary considerations to achieve resilience. While much of the science is yet to be established for this area, we must thank the many professors that supported the course. We would also like to thank Idaho National Laboratory for its vision in the pioneering of this field of study and in the completion of the book writing effort.

Editors Biography

Craig Rieger

Chief Control System Research Engineering and Directorate Fellow

Craig Rieger, PhD, PE, is the Chief Control Systems Research Engineer and a Directorate Fellow at the Idaho National Laboratory (), pioneering interdisciplinary research in next generation resilient control systems. The grand challenge provided an integrated research strategy to address the cognitive, cyber–physical challenges of complex control systems into self-aware, trust-confirming, and threat-resilient architectures.

In addition, he has organized and chaired 13 co-sponsored symposia and one National Science Foundation workshop in this new research area and authored more than 70 peer-reviewed publications.

Craig received BS and MS degrees in Chemical Engineering from Montana State University in 1983 and 1985, respectively, and a PhD in Engineering and Applied Science from Idaho State University in 2008. Craig's PhD coursework and dissertation focused on measurements and control, with specific application to intelligent, supervisory ventilation controls for critical infrastructure.

Craig is a senior member of IEEE and has 20 years of software and hardware design experience for process control system upgrades and new installations. Craig has also been a supervisor and technical lead for control systems engineering groups having design, configuration management, and security responsibilities for several INL nuclear facilities and various control system architectures.

Ronald Boring

Distinguished Scientist, Human Factors and Reliability

Ronald Boring, PhD, is a Distinguished Human Factors Scientist and Department Manager at Idaho National Laboratory, where he has led research projects for the US Nuclear Regulatory Commission, NASA, the US Department of Energy, the Canadian Nuclear Safety Commission, the Department of Defense, and the Norwegian Research Council. He previously worked as a human reliability researcher at Sandia National Laboratories, a usability engineer for Microsoft Corporation and Expedia Corporation, a guest researcher in human–computer interaction at the National Research Council of Canada, and a visiting human factors scientist at OECD Halden Reactor Project.

Ronald and his research team developed the Guideline for Operational Nuclear Usability and Knowledge Elicitation () for conducting human factors in support of nuclear technologies, the Human Unimodel for Nuclear Technology to Enhance Reliability () dynamic human reliability framework, and the Advanced Nuclear Interface Modeling Environment () for prototyping digital interfaces in nuclear power environments. Dr. Boring is the founder of the Human Systems Simulation Laboratory.

Ronald has a PhD in Cognitive Science from Carleton University, a Master's degree in Experimental Psychology from New Mexico State University, and dual Bachelor's degrees in Psychology and German from the University of Montana. He was a Fulbright Academic Scholar to the University of Heidelberg, Germany.

Ronald has published over 300 research articles in a wide variety of human reliability, human factors, and human–computer interaction forums. He is the founder and chair of the Human Error, Reliability, Resilience, and Performance conference, he was co-chair for the 2019 American Nuclear Society Nuclear Power Instrumentation, Controls and Human-Machine Interface Technology () conference, and he is ongoing Chair for the Annual Meeting of the Human Factors and Ergonomics Society. He is a fellow of the Human Factors and Ergonomics Society.

Brian K. Johnson, PhD, PE

University Distinguished Professor, Schweitzer Engineering Laboratories Endowed Chair in Power Engineering

Brian K. Johnson, PhD, PE, is a University Distinguished Professor and the Schweitzer Engineering Laboratories Endowed Chair in Power Engineering in the University of Idaho Department of Electrical and Computer Engineering. Brian received BS, MS, and PhD degrees in electrical engineering from the University of Wisconsin-Madison in 1987, 1989, and 1992, respectively. He joined the University of Idaho shortly after completing his doctoral degree.

He was chair of the Department of Electrical and Computer Engineering from 2006 to 2012. His teaching and research interests include power system protection, power systems transients, HVDC and FACTS, and resilience controls for critical infrastructure systems. He has advised over 200 part-time and full-time Master's and doctoral students. He has published over 170 papers in journals and conferences.

Dr. Johnson was chair of the IEEE Power and Energy Education Committee from 2014 to 2015, and is currently the chair of the IEEE HVDC and FACTS subcommittee. Dr. Johnson is a registered professional engineer in the State of Idaho.

Timothy McJunkin

Distinguished Researcher, Power and Energy Systems

Timothy McJunkin is a Distinguished Research in the Power and Energy Systems Department of Idaho National Laboratory (INL). At INL since 1999, his current research and development interests include resilient control of critical infrastructure, Smart Grid for renewable energy integration, and cybersecurity. He has performed research in robotics and automation, intelligent systems, and acoustic-based nondestructive examination. Mr. McJunkin has published 20+ peer review journal articles, two book chapter and been awarded 13 patents on topics of computer systems, analytical chemistry instrument systems, industrial automation, Smart Grid, and nondestructive examination. He has served as an Adjunct Faculty member of Idaho State University Electrical Engineering Department and was a co-initiator of the multi-university class in resilient control systems, centered at the public Idaho universities. He is the architect and principal developer of the Grid Game. Prior to joining INL, he was with Compaq Computer Corporation's Industry Standard Server Group (1994–1999) leading board level motherboard design of multiple server products. He holds a Master of Science in electrical and computer engineering from Utah State University and is pursuing his PhD in the University of Idaho's Electrical Engineering Department. At Utah State he was awarded a Rocky Mountain NASA Space Grant Consortium fellowship for his work on autonomous planetary vehicles.

List of Contributors

Rômulo Bainy

Electrical and Computer Engineering University of Idaho

Moscow, ID

USA

Thomas Baldwin

Electrical and Computer Engineering, Idaho State University

Pocatello, ID

USA

Ronald Boring

Center for Advanced Energy Studies, Idaho National Laboratory

Idaho Falls, ID

USA

Alvaro A. Cárdenas

Computer Science and Engineering, University of California

Santa Cruz, CA

USA

Chris Dyer

SCADA and Analytical Services, Power Engineers

Meridian, ID

USA

Ryan Hruska

National and Homeland Security, Idaho National Laboratory

Idaho Falls, ID

USA

Brian K. Johnson

Electrical and Computer Engineering University of Idaho

Moscow, ID

USA

Constantinos Kolias

Computer Science, University of Idaho

Idaho Falls, ID

USA

Keerthi Koneru

Computer Science and Engineering, University of California

Santa Cruz, CA

USA

Daniel Conte de Leon

Computer Science, University of Idaho

Moscow, ID

USA

Kelvin Mai

Computer Science, University of Texas-Dallas

Dallas, TX

USA

Georgios M. Makrakis

Computer Science, University of Idaho

Idaho Falls, ID

USA

Timothy McJunkin

Energy and Environment Science and Technology, Idaho National Laboratory

Idaho Falls, ID

USA

Desineni S. Naidu

Electrical Engineering, University of Minnesota-Duluth

Duluth, MN

USA

Neil Ortiz

Computer Science and Engineering, University of California

Santa Cruz, CA

USA

Xi Qin

Computer Science and Engineering, University of California

Santa Cruz, CA

USA

Aunshul Rege

Criminal Justice, Temple University

Philadelphia, PA

USA

Craig Rieger

National and Homeland Security, Idaho National Laboratory

Idaho Falls, ID

USA

Meghan G. Sahakian

National Security Programs, Sandia National Laboratories

Albuquerque, NM

USA

Jeff Taft

Energy and Environment, Pacific Northwest National Laboratory

Richland, WA

USA

Eric D. Vugrin

National Security Programs, Sandia National Laboratories

Albuquerque, NM

USA

Quanyan Zhu

Electrical and Computer Engineering, New York University

Brooklyn, NY

USA

Part IIntroduction

1Basis, Definition, and Application

Craig Rieger

National and Homeland Security, Idaho National Laboratory, Idaho Falls, ID, USA

1.1 Introduction

As energy companies and governments attempt to get more from the existing power grid and other critical infrastructures, more automatic control systems are being applied [1,2]. With this greater reliance on network-based, digital automation, and the stresses of pressing the existing infrastructure for greater performance, the power grid and underlying systems have become more susceptible to both malicious attacks and unexpected, natural threats. Governments and other stakeholders have chosen to address infrastructure issues by the implementation of a smarter grid. In the smart grid, operators and control systems supervise power generation, distribution, transmission, and loads to utilize these assets most efficiently [3]. Such extensive monitoring and control over a distributed system cause complexity that challenges system designers and human operators in new ways. In addition, cyber vulnerability of these systems has been illustrated in many recent articles on state-sponsored attacks to electric power systems and other similar infrastructure for natural gas, water, and communications [4]. Therefore, it is critical in the next generation of control systems that resilience plays a large and critical role in the grid design and development. Resilient control systems are a field of research that seeks solutions to complexity through a holistic approach that combines cognitive science, computer security, communications, and control systems. To enable future researchers and practitioners to assist with designing more resilient systems, science, technology, engineering, and mathematics education needs to incorporate interdisciplinary topics. While electrical engineering and computer science programs in the nation include a cybersecurity perspective, few if any have focused on the unique control system aspects. Human cognitive aspects are most definitely not addressed in technology education discourse. To this end, a class and education tools in resilient controls systems have been created.

1.2 Definition and Application

Benefiting from an already ongoing interdisciplinary field of study [5], a course was created to establish a perspective for college students on the unique challenges of automation in our society. The course was broadcast to the participating universities through interactive web-based lectures and provides perspectives based upon the definition of a resilient control system, which is one that “maintains state awareness and an acceptable level of operational normalcy in response to disturbances, including threats of an unexpected and malicious nature” [5]. The course was first organized in the fall 2013 as a series of lectures in resilient controls, without a central application theme. The course was refined for fall 2014 to include institutions outside of Idaho and incorporate a focus on the application of power systems. Lecturers and faculty from Idaho National Laboratory and participating university institutions covered the disciplinary contexts, with a mentor at each institution to facilitate the student questions and grading as part of a special topics or catalogue course.

Resilient control systems architecture, as shown in Figure 1.1, offers additional perspective on a subset of interdisciplinary topics that impact real-world critical infrastructure. The course addressed how systems fail due to threats from cybersecurity, human error, and complex interdependencies, and how the application of resilient control system technologies addresses these challenges. The broad range of topics in resilient control systems would typically be addressed in different courses and in different departments or colleges. When taught together, a course becomes relevant to multiple engineering and science disciplines, drawing students into the sometimes challenging but equally rewarding interdisciplinary conversation. The course has the potential to lead to the desired academic and social outcome of more broadly developed engineers and scientists with the ability to connect the “languages” of the distinct disciplines to tackle increasingly coupled problems in complex systems.

The power grid was chosen due to its importance to the support of modern society, the distributed and complex nature of the control systems, and the current and planned efforts to modernize through smart grid initiatives. The goal of the course is for students from multiple disciplines, ranging from college juniors to graduate students, to arrive at an intuitive perspective on the control, human, and cybersecurity aspects of the electric grid. Understanding of the multiple challenges and failure modes in critical infrastructure is performed through weekly sessions in a semester-long course. The weekly sessions cover a survey of resilient control topics as well as sufficient background discussion on the electric power grid to prime students from a variety of levels in engineering studies for the discussions.

This book is organized in the sequence that discussions would be expected to occur, with the exception of Part VI, which provides additional special topics that could be addressed as desired. The focus of each book section is provided below:

Part I

. The introduction and use case for reference in the remainder of the book.

Part II

. Overviews of the power system infrastructures that would be recognized in practice in the community, including the power grid, control system, and communications architectures.

Part III

. Disciplinary fundamentals for the student for each of the primary disciplinary considerations considered on resilient control.

Part IV

. For relevance, metrics are required for measurement of benefit and success, not unlike those know for reliability. This section will provide a differentiation of how resilience is quantified and valued.

Part V

. Building upon the fundamentals and the means to measure, this section provides the interdisciplinary challenges with examples of applications that can be addressed to achieve resilience.

Part VI

. Additional design considerations provide a basis for other factors that influence the resilience of control systems, specifically in addressing the current complexity and the future of systems that are designed to engender resilience and prevent brittle failures.

Part VII

. Concluding the book will be a summary and a brief overview of interdisciplinary research challenges, borne out in the current understanding and addressed as this foundational area matures.

Figure 1.1 Resilient control system architecture.

Source: Worldpics/Shutterstock.com; Monty Rakusen/Getty Images; Dmitry Yashkin/Shutterstock.com; ritanan/Getty Images; Marko Rupena/Getty Images; Alexey Stiop/Shutterstock.com; pryzmat/123RF.

Each chapter will provide objectives and overview of the particular topic. Designed to be readable across disciplines, the chapters are written at a high level with additional references provided for future reading. Questions are provided to aid the student in testing comprehension of the main points of the chapter.

References

1

Cecati, C., Mokryani, G., Piccolo, A. et al. (2010). An overview on the smart grid concept. IECON 2010 – 36th Annual Conference on IEEE Industrial Electronics Society (November 2010), 3322–3327.

2

Shladover, S. (2007). PATH at 20 – history and major milestones intelligent transportation systems.

IEEE Transactions on Intelligent Transportation Systems

8 (4): 584–592.

3

Sridhar, S., Hahn, A., and Govindarasu, M. (2012). Cyber-physical system security for the electric power grid.

Proceedings of the IEEE

100 (1): 210–224.

4

Bradley, T. (2010). Critical Infrastructure under Siege from Cyber Attacks, PC World.

http://www.pcworld.com/article/188095/Critical_Infrastructure_under_Siege_from:Cyber_Attacks.html

(accessed 30 August 2021).

5

Rieger, C. (2010). Notional examples and benchmark aspects of a resilient control system. Resilient Control Systems (ISRCS), 2010 3rd International Symposium, 64–71.

2General Use Case Introduction

Brian Johnson

Electrical and Computer Engineering, University of Idaho, Moscow, ID, USA

2.1 Introduction

Resilient control approaches can be applied in any cyber-physical system that utilizes distributed communication and control architectures that provide automation support to enable human operators to better run systems. Such applications can range from individual industrial facilities to power grids that span nations.

The authors in this book use the power grid as an use case example to illustrate the key aspects of modern resilient control design. Resilient control systems combine communication-enhanced distributed control, improved operator support through human factors engineering, and applied cybersecurity concepts. All these are aspects are critical to modern power systems operations. Improving grid resilience is of national significance and is an active area of research.

2.2 Importance of Resilient Controls for Power Systems

The power grid was chosen as the use case for this book since most people have some understanding of the pervasiveness of electrification in modern society and the importance of power system resilience.

Most aspects of daily life are affected by the power infrastructure, including heavy industries, commercial sectors, health systems, and residential sectors. The interconnected power system of the United States and Canada is one or the largest and most critical infrastructures in the world [1].

The power infrastructures of most nations are large, complex systems that are of critical importance to a nation's financial well-being. They are large, interconnected networks that can span continental distances, and local events can have far-reaching impacts. The Northridge earthquake in 1994 caused power outages over 1000 miles away. A little over a year later, an incorrect protective device response to a short circuit in Idaho caused millions of customers in southern California to lose power.

2.3 Power Systems Operations and Control

Power systems operations utilize a decentralized control scheme with human operators playing a critical role. Generation sources and end use load points are interconnected using transmission and distribution lines, as will be discussed in Chapter 3. Measurements from devices in the substations are communicated to control centers owned by utilities. Most utilities have developed an extensive communications infrastructure over the past 50 years. The measurements are processed in a control center to correct errors and focus what is presented to human operators. Operator responses are communicated back to components in the system to take actions such as changing generator set points or changing switch states [2].

The control of the power system takes place over a range of time scales. Operators largely respond to slowly changing conditions with time scales ranging from tens of minutes to hours, with support from computer simulation and automation tools. Faster disturbances are dealt with by autonomous controls. The fastest controls use local measurements in a substation, possibly enhanced with measurements from neighboring substations. Examples include protections systems that respond to faults with time responses on the order of tens of milliseconds. Other autonomous control schemes respond over time periods of seconds to minutes, which often encompass larger areas.

Most of these measurement, protection, and control systems are implemented in intelligent electronic devices (IEDs). These devices are special purpose computing platforms. IEDs can communicate measurements to the control center or receive commands from operators or control devices. In many cases, these devices have communication interfaces that allow remote access to modify settings.

Many utilities maintain multiple communication systems which overlay the power system, as shown in Figure 2.1. The system is often referred to as the operational system. Historically, the operational technology communication networks were isolated from the outside Internet. However, the utility control center often forms several bridges between the enterprise system and the utility uses for financial operations, such as retrieving information for billing from the operational network. Other communication links allow engineering access for engineers in the headquarters to read event logs from protection and control devices. These bridges open possible cyber-vulnerabilities, which can compromise the resilience of the power grid. Cybersecurity is becoming an increasing concern for power systems operations. This book introduces basic concepts of power grid cybersecurity.

Figure 2.1 System power and communication architecture.

Chapter 12