The complex nature and inter-connectivity of modern critical infrastructures such as our power generation, transmission and distribution systems embed hidden vulnerabilities that threaten their functionality when exploited. In contrast to traditional power grids that were working completely in isolation, modern power systems are reliant on the support of an advanced communication network which increases the attack surface and makes these systems more vulnerable to exploits mainly targeting their service availability and functionality through cyber attack.
In the past two decades, the robust operation of the power system soared as a major concern as power systems worldwide suffered unexpected outages. Catastrophic blackouts occurred in North America and Italy in 2003 due to vulnerabilities in the system design . More recently, in the last week of 2015, a cyber attack targeted the Ukrainian power utilities and resulted in a blackout that affected a large population in various areas . Those blackouts demonstrate that our critical infrastructure is susceptible to faults and attacks that threaten its availability and functionality.
The digital and power carrying components of today’s modern power systems have internal connection with each other which results in deviation from the normal performance of power networks due to abnormal operation of the digital (controlling) system. As a result, corruption of an element of the digital system causes direct or indirect failure, or inappropriate behaviour of other elements in the power system and vice versa.
Identifying those critical power and communication lines whose removal initiates a cascading failure and results in a blackout is critical for operators of power systems. Those critical nodes, once identified and exposed by an attacker, becomes a threat to the availability and throughput of the entire system. If we think about it from an attacker’s perspective, finding the minimum number of attack points with the most impact (service unavailability) is equal to minimising the attack budget (resource, skill, and time required). And if we think about it from a System Design expert, finding the most critical components in the system (whose removal would have the highest impact on the system functionality) is critical to prioritising the system hardening and resilience planning process.
In the article we have published in IEEE transaction on Industrial Informatics journal , we targeted this problem through modelling the modern interdependent power and communication systems and studying the critical component identification in such systems with respect to the cascading effects which result due to high inter-connectivity. Through the introduced model, we exposed those vulnerabilities in the form of critical links in the smart grid as attack targets and the impact of the attack on these links was quantified in terms of the drop in the load served (unavailability of served power) by the system. It is worth mentioning that the impact of cyber attacks could also be quantified through economic losses (cost of service restoration and repair) and even reputation damage for the service provider. To attack power and communication links in the system, an attacker has a multitude of options (possible attack scenarios) which was summed up in the attack tree presented in the above figure.