Risk analysis on the source-grid-load-storage system affected by cyber attacks

doi:10.3969/j.issn.2097-0706.2024.05.005

Abstract

Abstract:

With the boost of Energy Internet， power grid dispatching is gradually taking "source-grid-load-storage" integrated optimization strategy. The optimization mode can realize effective use of clean energy，sharing of resources and demand response of an integrated system with optimal allocation of resources，multi-energy complementation，big data analysis and other advanced technologies. However， due to the deep coupling of physical devices and information systems， cyber attacks aiming at information systems might lead to physical faults. To evaluate the effect of cyber attacks on a source-grid-load-storage integrated system， the effect of cyber attacks is analyzed from the perspective of attackers. Then， the improved attack graph is built， and attack routes are determined by Frequent Pattern Growth（FP-Growth）association rule mining. Then， the probability of being aimed and attacked is obtained by vulnerability assessment and Bayesian theorem. The risk assessment index is the product of the probability of cyber attack on the source-grid-load-storage integrated system and the load loss. The risks of distribution network circuit breakers and distributed sources subjected to cyber attacks are quantitively assessed， and the effectiveness of the proposed method is verified.

Key words: Energy Internet, source-grid-load-storage system, multi-energy complementation, big data analysis, clean energy, cyber attack, attack graph, risk assessment

CLC Number:

TK018：TM769

YU Sheng, ZHOU Xia, SHEN Xicheng, DAI Jianfeng, LIU Zengji. Risk analysis on the source-grid-load-storage system affected by cyber attacks[J]. Integrated Intelligent Energy, 2024, 46(5): 41-49.

Figures/Tables 13

Fig.1

Fig.2

Fig.3

Table 1

Fig.4

Fig.5

Fig.6

Fig.7

Fig.8

Table 2

Fig.9

Table 3

Fig.10

References 23

[1]	刘东, 盛万兴, 王云, 等. 电网信息物理系统的关键技术及其进展[J]. 中国电机工程学报, 2015, 35(14):3522-3531.
	LIU Dong, SHENG Wanxing, WANG Yun, et al. Key technologies and trends of cyber physical system for power grid[J]. Proceedings of the CSEE, 2015, 35(14):3522-3531.
[2]	郭庆来, 辛蜀骏, 孙宏斌, 等. 电力系统信息物理融合建模与综合安全评估:驱动力与研究构想[J]. 中国电机工程学报, 2016, 36(6):1481-1489.
	GUO Qinglai, XIN Shujun, SUN Hongbin, et al. Power system cyber-physical modelling and security assessment: Motivation and ideas[J]. Proceedings of the CSEE, 2016, 36(6):1481-1489.
[3]	XIN S J, GUO Q L, SUN H B, et al. Cyber-physical modeling and cyber-contingency assessment of hierarchical control systems[J]. IEEE Transactions on Smart Grid, 2015, 6(5):2375-2385.
[4]	刘林, 祁兵, 李彬, 等. 面向电力物联网新业务的电力通信网需求及发展趋势[J]. 电网技术, 2020, 44(8):3114-3130.
	LIU Lin, QI Bing, LI Bin, et al. Requirements and developing trends of electric power communication network for new services in electric internet of things[J]. Power System Technology, 2020, 44(8):3114-3130.
[5]	胡怡霜, 丁一, 朱忆宁, 等. 基于状态依存矩阵的电力信息物理系统风险传播分析[J]. 电力系统自动化, 2021, 45(15):1-10.
	HU Yishuang, DING Yi, ZHU Yining, et al. Risk propagation analysis of cyber-physical power system based on state dependence matrix[J]. Automation of Electric Power Systems, 2021, 45(15):1-10.
[6]	汤奕, 王琦, 倪明, 等. 电力信息物理融合系统中的网络攻击分析[J]. 电力系统自动化, 2016, 40(6):148-151.
	TANG Yi, WANG Qi, NI Ming, et al. Analysis of cyber attacks in cyber physical power system[J]. Automation of Electric Power Systems, 2016, 40(6):148-151.
[7]	李田, 苏盛, 杨洪明, 等. 电力信息物理系统的攻击行为与安全防护[J]. 电力系统自动化, 2017, 41(22):162-167.
	LI Tian, SU Sheng, YANG Hongming, et al. Attacks and cyber security defense in cyber-physical power system[J]. Automation of Electric Power Systems, 2017, 41(22):162-167.
[8]	徐飞阳, 薛安成, 常乃超, 等. 电力系统自动发电控制网络攻击与防御研究现状与展望[J]. 电力系统自动化, 2021, 45(3): 3-14.
	XU Feiyang, XUE Ancheng, CHANG Naichao, et al. Research status and prospect of cyber attack and defense on automatic generation control in power system[J]. Automation of Electric Power Systems 2021, 45(3):3-14.
[9]	KANDASAMY N K. An investigation on feasibility and security for cyberattacks on generator synchronization process[J]. IEEE Transactions on Industrial Informatics, 2020, 9(16):5825-5834.
[10]	王轶楠, 林彦君, 李焕, 等. DoS攻击下电力网络控制系统脆弱性分析及防御[J]. 控制与决策, 2017, 32(3):411-418.
	WANG Yinan, LIN Yanjun, LI Huan, et al. Vulnerability analysis and countermeasures of electrical network control systems under DoS attacks[J]. Control and Decision, 2017, 32(3):411-418.
[11]	王电钢, 黄林, 刘捷, 等. 考虑负荷虚假数据注入攻击的电力信息物理系统防御策略[J]. 电力系统保护与控制, 2019, 47(1):28-34.
	WANG Diangang, HUANG Lin, LIU Jie, et al. Cyber-physical system defense strategy considering loaded false data injection attacks[J]. Power System Protection and Control, 2019, 47(1):28-34.
[12]	DENG R L, XIAO G X, LU R X. Defending against false data injection attacks on power system state estimation[J]. IEEE Transactions on Industrial Informatics, 2017, 13(1):198-207.
[13]	CHAOJUN G, JIRUTITIJAROEN P, MOTANI M. Detecting false data injection attacks in AC state estimation[J]. IEEE Transactions on Smart Grid, 2015, 6(5):2476-2483
[14]	梅生伟, 王莹莹, 陈来军. 从复杂网络视角评述智能电网信息安全研究现状及若干展望[J]. 高电压技术, 2011, 37(3):672-679.
	MEI Shengwei, WANG Yingying, CHE Laijun. Overviews and prospects of the cyber security of smart grid from the view of complex network theory[J]. High Voltage Engineering, 2011, 37(3):672-679.
[15]	薛禹胜, 李满礼, 罗剑波, 等. 基于关联特性矩阵的电网信息物理系统耦合建模方法[J]. 电力系统自动化, 2018, 42(2):11-19.
	XUE Yusheng, LI Manli, LUO Jianbo, et al. Modeling method for coupling relations in cyber physical power systems based on correlation characteristic matrix[J]. Automation of Electric Power Systems, 2018, 42(2):11-19.
[16]	张宇航, 倪明, 孙永辉, 等. 针对网络攻击的配电网信息物理系统风险量化评估[J]. 电力系统自动化, 2019, 43(21):12-22.
	ZHANG Yuhang, NI Ming, SUN Yonghui, et al. Quantitative risk assessment of cyber-physical system for cyber-attacks in distribution network[J]. Automation of Electric Power Systems, 2019, 43(21):12-22.
[17]	XU S, XIA Y X, SHEN H L. Analysis of malware-induced cyber attacks in cyber-physical power systems[J]. IEEE Transactions on Circuits and Systems: Express Briefs, 2020, 67(12):3482-3486.
[18]	王宇飞, 高昆仑, 赵婷, 等. 基于改进攻击图的电力信息物理系统跨空间连锁故障危害评估[J]. 中国电机工程学报, 2016, 36(6):1490-1499.
	WANG Yufei, GAO Kunlun, ZHAO Ting, et al. Assessing the harmfulness of cascading failures across space in electric cyber-physical system based on improved attack graph[J]. Proceedings of the CSEE, 2016, 36(6):1490-1499.
[19]	许训炜, 沈希澄, 周霞, 等. 基于数据驱动的源网荷储协同控制系统网络攻击关联性分析[J]. 浙江电力, 2023, 42(2):76-82.
	XU xunwei, SHEN Xicheng, ZHOU Xia, et al. Research on network attack correlation analysis for generation-network-load-storage control system based on data-driven algorithm[J]. Zhejiang Electric Power, 2023, 42(2):76-82.
[20]	周霞, 杨洲, 倪明, 等. 考虑信息-物理组合预想故障筛选的配电网CPS安全性评估[J]. 中国电力, 2020, 53(1):40-48.
	ZHOU Xia, YANG Zhou, NI Ming, et al. Security evaluation of distribution network CPS considering cyber-physical combinations for anticipated fault screening[J]. Electric Power, 2020, 53(1):40-48.
[21]	王作广, 魏强, 刘雯雯. 基于攻击树与CVSS的工业控制系统风险量化评估[J]. 计算机应用研究, 2016, 33(12):3785-3790.
	WANG Zuoguang, WEI Qiang, LIU Wenwen. Quantative risk assessment of industrial control systems based on attack-tree and CVSS[J]. Application Research of Computers, 2016, 33(12):3785-3790.
[22]	杨国泰, 王宇飞, 罗剑波, 等. 电力CPS信息网络脆弱性及其评估方法[J]. 中国电力, 2018, 51(1):83-89.
	YANG Guotai, WANG Yufei, LUO Jianbo, et al. Electric CPS information network vulnerability and assessment method[J]. Electric Power, 2018, 51(1):83-89.
[23]	ZHANG Y C, XIANG Y M, WANG L F. Power system reliability assessment incorporating cyber attacks against wind farm energy management systems[J]. IEEE Transactions on Smart Grid, 2017, 8(5):2343-2357.

指标	CVSS指标	等级	取值
可利用性	攻击路径V_A	物理	0.20
		本地	0.55
		邻近网络	0.62
		远程网络	0.85
	攻击复杂度C_A	高	0.44
	攻击复杂度C_A	低	0.77
	权限要求R_P	无要求	0.85
		低权限	范围不变0.62
		低权限	范围可变0.68
		高权限	范围不变0.27
		高权限	范围可变0.50
	用户交互I_U	无交互	0.85
	用户交互I_U	有交互	0.62
影响度	机密性C_o/完整性I_n/可用性A_v	无影响	0
		低影响	0.22
		高影响	0.56

节点	节点名	漏洞号	后果	成功概率
A₁	ONU设备	CVE-2007-5460	路由模式改变	0.396
A₂	无线终端	CVE-2013-4984	权限提升	0.462
I₁/I₂	OLT 设备	CVE-2017-5521	权限提升	0.326
I₃	公网前置机	CVE-2007-4752	权限提升	0.235
I₄	监控子站服务器	CVE-2009-0241	获取执行任意代码权限	0.563
I₅	主站前置机	CVE-2007-4752	权限提升	0.276
G	控制服务器	CVE-2013-4465	获取执行任意代码权限	0.357

节点	节点名	漏洞号	后果	成功概率
A₁	WTCP	CVE-2015-3950	获取访问权限	0.726
A₂	风电场LAN	CVE-2016-6159	获取访问权限	0.248
A₃	远程控制LAN	CVE-2010-2843	获取访问权限	0.336
A₄	控制中心LAN	CVE-2012-5968	获取访问权限	0.268
I₁	WTCP主机	CVE-2016-2287	获取执行任意代码权限	0.465
I₂	通信服务器	CVE-2019-1872	权限提升	0.563
I₃	ICCP服务器	CVE-2006-0059	权限提升	0.276
I₄	WEB服务器	CVE-2017-13995	权限提升	0.357
I₅	应用服务器	CVE-2002-2153	权限提升	0.554
G	SCADA服务器	CVE-2019-1040	执行任意代码	0.467