TY - BOOK
T1 - Power Network State Estimation Security for Centralized and Hierarchical Estimators
T2 - From Bad Data Injections to Estimator Stability
AU - Baiocco, Alessio
PY - 2017/2/14
Y1 - 2017/2/14
N2 - State estimation is a key problem wherever systems can only be observed partially, and is typically a pre-requisite for effective control. The most widespread current use of state estimation is in electrical power networks, which combine distribution over wide areas with real-time requirements. A number of state estimators have been proposed, but studies of robustness against attacks has concentrated solely on the centralised case; here we discuss the hierarchical case particularly relevant for smart and micro-grid environments. Existing models are too coarse to provide the necessary insight to understand the robustness to different, also novel, types of attacks. These have so far been studied only for centralised approaches, and are also relatively coarse in the forced states investigated. The problem of malicious false data injection in power grid state estimators has recently gained considerable attention. Most of this attention, however, has been focused on the assumption of a centralized state estimator. In a next-generation smart grid environment incorporating distributed generation and highly variable demand induced by electric mobility, distributed state estimation is highly desirable to enhance overall grid robustness. Using a formal observability model, we consider the case of an active adversary able to modify a set of measurements and derive bounds on the maximum number of manipulated measurements that can be tolerated, the composition of attack vectors, and give a formulation for identifying minimal sets of additional measurements to tolerate $k$-measurement attacks in this hierarchical state estimator.State estimation is critical to ensure the stability of many non-trivial control systems where full observability cannot be maintained. In recent years, the problem of malicious bad data injection has been studied extensively, with a number of innovative mitigation and protection measures being proposed. Hierarchical and distributed state estimation systems require not only correct measurements and means for detecting and mitigating any faults or attacks, but also timely transmission of measurements and intermediate results. We argue that the latter has thus far not been considered adequately, and that communication channels cannot be considered to be instantaneous and reliable, nor solely be captured by stochastic models. Hence, we introduce a communication channel model for hierarchical state estimators relying on the common WLS formulation and analyse the propagation of faults leading up to convergence failures in both intermediate and top-level state estimates as a consequence of interference with the communication channel. To this end we concentrate on denial of service-type attacks, limited to suppression of communication or channel manipulation resulting in delays or jitter as such attacks are feasible even where channel integrity and confidentiality are protected adequately. The stability of a power network is strongly influenced by the ability of network operators to determine the current state despite not having a full set of simultaneous measurements available as this determines the ability to dispatch generator capacity and to take corrective measures. State estimation for power networks has long been the subject of intensive scrutiny as it must satisfy requirements for computational efficiency, tolerance to bad data, and errors in the underlying topology. In addition, however, the canonical weighted least squares (WLS) solution is prone to ill-conditioning problems particularly when using Gauss-Newton normal equations (NE). Whilst these problems of stability and sensitivity have been studied intensely with methods from real analysis and optimization theory giving enhanced error bounds, this has not been considered as a source of attacks resulting in failure to achieve a satisfactory state estimate. Moreover, we show that these problems are further exacerbated in case of iterative state estimation stability found in hierarchical state estimators have received insufficient attention, particularly as smart (micro-) grids cannot rely on carefully designed measurement systems and topology. Both for centralized and hierarchical state estimators, however, we describe a novel class of attacks on state estimators which can both force error parameters to become unacceptable and result in outright state estimator divergence, noting that this is not limited to WLS approaches. Continuous and accurate state estimation is a key prerequisite for ensuring reliable and efficient operation of power networks. Conventional state estimation relies on a single centralized estimator, which is problematic in a smart grid environment where partitioning and distributed operation is far more likely, and represents a single point of failure. This has recently led to an interest in hierarchical and distributed state estimation, which has, however, been restricted to off-line configurations. Moreover, similar to the centralized approach, these estimators do not consider the source of measurements. We argue that robust and resilient state estimation requires the ability to tolerate partitioning of both the electric power and implicitly of the communication network. This paper therefore describes a randomized, constraint-based optimization algorithm for (re-)partitioning a power network based on externally imposed constraints as may particularly arise in case of attacks on both communication networks and the power network itself including maximization of overlapping areas and hence measurements. The latter constraint distinguishes the approach from well-studied graph partitioning problems normally seeking to minimize edges between partition elements. We also describe the establishment of a hierarchical state estimator with independent local state over the partitioning satisfying robustness and stability constraints.
AB - State estimation is a key problem wherever systems can only be observed partially, and is typically a pre-requisite for effective control. The most widespread current use of state estimation is in electrical power networks, which combine distribution over wide areas with real-time requirements. A number of state estimators have been proposed, but studies of robustness against attacks has concentrated solely on the centralised case; here we discuss the hierarchical case particularly relevant for smart and micro-grid environments. Existing models are too coarse to provide the necessary insight to understand the robustness to different, also novel, types of attacks. These have so far been studied only for centralised approaches, and are also relatively coarse in the forced states investigated. The problem of malicious false data injection in power grid state estimators has recently gained considerable attention. Most of this attention, however, has been focused on the assumption of a centralized state estimator. In a next-generation smart grid environment incorporating distributed generation and highly variable demand induced by electric mobility, distributed state estimation is highly desirable to enhance overall grid robustness. Using a formal observability model, we consider the case of an active adversary able to modify a set of measurements and derive bounds on the maximum number of manipulated measurements that can be tolerated, the composition of attack vectors, and give a formulation for identifying minimal sets of additional measurements to tolerate $k$-measurement attacks in this hierarchical state estimator.State estimation is critical to ensure the stability of many non-trivial control systems where full observability cannot be maintained. In recent years, the problem of malicious bad data injection has been studied extensively, with a number of innovative mitigation and protection measures being proposed. Hierarchical and distributed state estimation systems require not only correct measurements and means for detecting and mitigating any faults or attacks, but also timely transmission of measurements and intermediate results. We argue that the latter has thus far not been considered adequately, and that communication channels cannot be considered to be instantaneous and reliable, nor solely be captured by stochastic models. Hence, we introduce a communication channel model for hierarchical state estimators relying on the common WLS formulation and analyse the propagation of faults leading up to convergence failures in both intermediate and top-level state estimates as a consequence of interference with the communication channel. To this end we concentrate on denial of service-type attacks, limited to suppression of communication or channel manipulation resulting in delays or jitter as such attacks are feasible even where channel integrity and confidentiality are protected adequately. The stability of a power network is strongly influenced by the ability of network operators to determine the current state despite not having a full set of simultaneous measurements available as this determines the ability to dispatch generator capacity and to take corrective measures. State estimation for power networks has long been the subject of intensive scrutiny as it must satisfy requirements for computational efficiency, tolerance to bad data, and errors in the underlying topology. In addition, however, the canonical weighted least squares (WLS) solution is prone to ill-conditioning problems particularly when using Gauss-Newton normal equations (NE). Whilst these problems of stability and sensitivity have been studied intensely with methods from real analysis and optimization theory giving enhanced error bounds, this has not been considered as a source of attacks resulting in failure to achieve a satisfactory state estimate. Moreover, we show that these problems are further exacerbated in case of iterative state estimation stability found in hierarchical state estimators have received insufficient attention, particularly as smart (micro-) grids cannot rely on carefully designed measurement systems and topology. Both for centralized and hierarchical state estimators, however, we describe a novel class of attacks on state estimators which can both force error parameters to become unacceptable and result in outright state estimator divergence, noting that this is not limited to WLS approaches. Continuous and accurate state estimation is a key prerequisite for ensuring reliable and efficient operation of power networks. Conventional state estimation relies on a single centralized estimator, which is problematic in a smart grid environment where partitioning and distributed operation is far more likely, and represents a single point of failure. This has recently led to an interest in hierarchical and distributed state estimation, which has, however, been restricted to off-line configurations. Moreover, similar to the centralized approach, these estimators do not consider the source of measurements. We argue that robust and resilient state estimation requires the ability to tolerate partitioning of both the electric power and implicitly of the communication network. This paper therefore describes a randomized, constraint-based optimization algorithm for (re-)partitioning a power network based on externally imposed constraints as may particularly arise in case of attacks on both communication networks and the power network itself including maximization of overlapping areas and hence measurements. The latter constraint distinguishes the approach from well-studied graph partitioning problems normally seeking to minimize edges between partition elements. We also describe the establishment of a hierarchical state estimator with independent local state over the partitioning satisfying robustness and stability constraints.
KW - Smart Grids
KW - State Estimation
KW - WLS
KW - Hierarchical State Estimation
KW - Numerical Stability
KW - DoS Attacks to State Etimators
KW - Jitter Attack
KW - Covariance Matrix Manipulation
M3 - Doctoral Thesis
ER -