Cybersecure and Resilient Power Systems with Distributed Energy Resources

Abstract

Power systems constitute a pillar of the critical infrastructure and, as a result, their cybersecurity is paramount. Traditional power system architectures are moving from their original centralized nature to a distributed paradigm. This transition has been propelled by the rapid penetration of distributed energy resources (DERs) such as rooftop solar panels, battery storage, etc. However, with the introduction of new DER devices, technologies, and operation models, the threat surface of power systems is inadvertently expanding.

This dissertation provides a comprehensive overview of the cybersecurity landscape of DER-enabled power systems outlining potential attack entry points, system vulnerabilities, and the corresponding cyberattack impacts. Cyber-physical energy systems (CPES) testbeds are crucial tools to study power systems and perform vulnerability analyses, test security defenses, and evaluate the impact of cyberattacks in a controlled manner without impacting the actual electric grid.

This work also attempts to provide bottom-up security solutions to secure power systems from their lowest abstraction layer, i.e., hardware. Specifically, custom-built hardware performance counters (HPCs) are proposed for the detection of malicious firmware, e.g., malware, within DER inverter controllers. The experimental results prove that HPCs are an effective host-based defense and can accurately identify malicious firmware with minimum performance overheads. Also, methodologies to secure communication protocols and ensure the nominal operation of DER devices using physics-informed schemes are presented. First, DERauth, a battery-based secure authentication primitive that can be used to enhance the security of DER communication, is proposed and evaluated in a CPES testbed. Then, a physics-based attack detection scheme that leverages system measurements to construct models of autonomous DER agents is presented. These measurement-based models are then used to discern between nominal and malicious DER behavior.

The dissertation concludes by discussing how the proposed defense mechanisms can be used synergistically in an automated framework for grid islanding to improve power system security and resilience, before it provides prospective directions for future research.