Fig 6 - uploaded by Karama Kanoun
Content may be subject to copyright.
Source publication
The aim of this paper is to provide qualitative models characterizing interdependencies related failures of two critical infrastructures: the electricity infrastructure and the associated information infrastructure. The interdependencies of these two infrastructures are increasing due to a growing connection of the power grid networks to the global...
Context in source publication
Context 1
... and its essential character of large network make unlikely total outage. Latent errors can accumulate. Signalled i-failures may take place when the information infrastructure is in latent error states. When the information infrastructure is in a partial i-outage state, i-restoration is necessary to bring it back to an i-working state. Fig. 1-a gives the state machine model of the information infrastructure taking into account its own failures. It is noteworthy that all states are presented by several boxes, meaning that a state corresponds in reality to a group of different states that are considered as equivalent with respect to the classification given in Table 1. For example all states with only one busbar isolated can be considered as equivalent irrespective of which busbar is isolated. We assume that an i-failure puts some constraints on the electricity infrastructure (i.e., cascading failure), leading to a weakened electricity infrastructure (e.g., with a lower performance, unduly isolations, or unnecessary off-line trips of production plants or of transmission lines). From an e-weakened state, a configuration restoration leads the electricity infrastructure back into a working state, because no e-failures occurred in the electricity infrastructure. Accumulation of untimely configuration changes, may lead to e-lost state (i.e., a blackout state), from which an e-restoration is required to bring back the electricity infrastructure into an e-working state. Fig. 1-b shows the constraint that the information infrastructure puts on the electricity infrastructure when the latter is in an e-working state. 3.1.2 Impact of electricity infrastructure failures (e-failures). We consider that the occurrence of e-failures leads the electricity infrastructure to be in a partial e-outage state, unless propagation within the infrastructure leads to loosing its control (e.g., a blackout of the power grid), because of an i-failure (this latter case corresponds to escalating events that will be covered in the next section). Fig. 2-a gives the state machine model of the electricity infrastructure taking into account its own failures. Also e-failures may lead the information infrastructure to an i-weakened state in which parts of the information infrastructure can no longer implement their functions, although they are not failed, due to constraints originating from the failure of the electricity infrastructure. Fig. 2-b shows the constraint that the electricity infrastructure puts on the information infrastructure assuming that the latter is in an i-working state. Tables 2 and 3 summarise the states and events of each infrastructure, taking into account cascading events, as described above. The global state machine model of the two infrastructures is built progressively: - Considering, in a first step, only the constraints of the information infrastructure on the electricity infrastructure. - Considering constraints of each infrastructure on the other. Fig. 3 gives a state machine model of the infrastructures, taking into account, only the constraints of the information infrastructure on the electricity infrastructure. The states are described in terms of the statuses of both infrastructures. Both cascading failures (states 3, 4) and escalating ones are evidenced, with a distinction of consequences of the latter in terms of time to restoration (state 6) and of severity (state 7). Dependency of the electricity infrastructure upon the information infrastructure is illustrated by the need for both i- and e-restoration from states 6 and 7. A noteworthy example of transitions from states 1 to 2, and from 2 to 7 relates to the August 2003 blackout in the USA and Canada: the failure of the monitoring soft- ware was one of the immediate causes of the blackout, as it prevented confining the electrical line incident, before its propagation across the power grid [1]. A Petri net representation of the Fig. 3 model is given by Fig. 4 which enables to evidence the cascading and escalating mechanisms. Such mechanisms are, in Petri net terms, synchronizations between the individual events of the infrastructures. Table 4 gives the correspondence between the states and events of Figures 3 and 4. This Petri net is deliberately kept simple. In particular, it does not distinguish the individual states within a group of states represented by several boxes in Fig. 3. For example, state 2 of Fig. 3 that represents in reality a set of states is represented by a single state in the Petri net of Fig. 4. Fig. 5 gives a state machine model of the infrastructures, taking into account the constraints of the electricity infrastructure on the information infrastructure in addi- tion to those of the information infrastructure on the electricity infrastructure already considered in Fig. 3. In addition, Fig. 5 assumes possible accumulation of e-failures from states 5 to 7 and from the escalation restoration state 6 to the escalation severity state 8. Figure 6 gives a model with respect to common-cause failures that would occur when the infrastructures are in normal operation, bringing the infrastructures into states 6 or 8 of Figure 5, i.e., to escalation. Should such failures occur in other states of the infrastructures of Figure 5 model, they would also lead to states 6 or 8. Considering common-cause failures does not introduce additional states, they however add direct transitions from already existing states that do not exist when considering only cascading and escalating failures. The states of the resulting model become almost totally interconnected. We consider malicious attacks of the information infrastructure and their consequences on the electricity infrastructure. Due to the very nature of attacks, a distinction has to be performed for both infrastructures between their real status and their apparent status. For the electricity infrastructure, the apparent status is as reported by the information ...
Similar publications
Wireless sensor networks (WSNs) are usually utilized to perform decision
fusion of event detection. Current decision fusion schemes are based on binary
valued decision and do not consider bursty contextcapture. However, bursty
context and multi-valued data are important characteristics of WSNs. One on
hand, the local decisions from sensors usually...
Citations
... According to the study objectives, there are many de nitions of interdependency [33,34]. The following taxonomies, shown in Table 1, can be used to group network interdependency to highlight these distinctions: Functional Interdependency: This type of interdependency is justi ed by the fact that one network needs functional inputs from another network, acts as an input to another network, or can be partially replaced by another network (Ouyang M. &., 2015) (Laprie, 2007) . When two networks perform comparable tasks, it can also be said to exist (Buldyrev, 2010) (Zhang, A generalized modeling framework to analyze interdependencies among infrastructure systems., 2011). ...
This paper presents a novel approach to the Dependent Network interdependencies analysis, based on the Mutual Information Technique. This is a statistical measure that quantifies the amount of information shared between two variables. In the context of networks, we can calculate the mutual information between the nodes in each network and use it as a measure of the strength of their interdependency. This Technique is useful in capturing the functional and service level interdependencies between the networks. The Mutual Information based approach is a useful analytical tool for determining the degree of mutual effect and reliance between variables in linked systems. We want to shed light on how Mutual Information might help us comprehend and analyse the interplay of critical infrastructure networks by applying this technique to the example of a hydroelectric power plant depending on a river for water supplies A case study of simulated power network used in this paper for illustration and validation of the technique.
... In power systems, initial failures of a small number of components are known to sometimes lead to cascading failures, which results in catastrophic consequences. Many theoretical models have been proposed to explain this phenomenon [2,9,17,22]. Recently, models that capture power systems as a set of interdependent networks have received a great deal of attention. ...
Infrastructure systems, such as power systems, often experience cascading failures. Modeling an infrastructure system as a collection of interdependent networks has recently received attention as a way to explain cascading failures. In this study, we propose an approach to find the set of critical nodes in an interdependent network. For an integer k, we say that a set of k nodes is critical if the initial failures of these k nodes result in the most severe cascading failure among all sets of k nodes. This approach adopts the seminal model of interdependent networks proposed by Buldyrev et al., in which new link failures occur in a network if the connectivity is lost in the paired network. The problem of finding critical nodes is NP-hard; thus the aim of the approach is to accurately solve the problem in feasible time for moderate-size problem instances. The proposed approach consists of two phases. In the first phase, the maximum number of failure propagation stages is computed by repeatedly solving the Boolean satisfiability problem. This number is then used in the second phase, where the set of critical nodes is computed using integer linear programming. The results of applying this approach to a variety of problem instances demonstrate that the approach is feasible for up to at least 30 nodes and can be used as the baseline to compare the performance of heuristic solutions.
... O SEP consiste em um complexo sistema de engenharia no qual o centro de controle concentra a responsabilidade pelo monitoramento, controle e tomada de decisões operacionais em tempo real (Sridhar & Hahn, 2012). Além disso, os sistemas cibernéticos que consistem em dispositivos eletrônicos de campo, como vistos em redes de comunicação, sistemas de automação de subestações e centros de controle, são incorporados em toda a rede física e envolvem os segmentos de geração, transmissão e distribuição de energia (Laprie et al, 2008). Assim, esta infraestrutura representa uma tecnologia muito diversificada com vários graus de conectividade. ...
... Estes dispositivos permitem o gerenciamento do equilíbrio energético, uma vez que operam sistemas de proteção, supervisão, comando e controle do sistema elétrico (Huang et al, 2009). Entretanto, o intercâmbio de dados realizado por estes componentes tem como consequência o aumento das vulnerabilidades da superfície de exploração nos IEDs (Laprie et al, 2008) (Arghandeh et al, 2016). Os sistemas elétricos de comando e controle de potência são compostos por uma série de laços responsáveis pela identificação dos sinais de comunicação, protocolos, máquinas/dispositivos, processamento e ações de controle, associados a cada classificação funcional. ...
Este trabalho tem por objetivo comparar os controles mínimos de segurança cibernética definidos pelo Operador Nacional do Sistema Elétrico Brasileiro (ONS) com aqueles recomendados pelo Center for Internet Security (CIS) para avaliar se a Rotina Operacional do ONS inclui controles suficientes para lidar com os riscos cibernéticos do setor elétrico. Foi utilizada uma escala de cinco níveis contidas no CIS CSC para realizar a comparação. Os resultados mostram que um dos dezoito grupos de controle que o ONS recomenda excede as exigências do Framework. Em contraponto, cinco outros grupos de controle não são mencionados pelas recomendações do ONS, e, para os outros grupos, os requisitos do ONS ficam aquém da estrutura do CIS CSC. Este trabalho contribui para o debate de risco cibernético relacionado à infraestrutura operacional do Sistema Elétrico Brasileiro (SEB), que, de acordo com os resultados, ainda necessita de melhorias em sua maturidade de gestão e operacional.
... Our third factor, topological criticality, refers to the fact that some components or facilities are critical to the resilience of a power system. Modern power grids are interdependent networked systems [11,29,30,42,45], and the failure of some critical portions might affect not only customers' power within their own service territories but could also degrade the entire system's resistance ability and lead to the failure of other dependent nodes in the same networks via the common mechanism of cascading failures and blackouts. Note that we consider each geographic unit in the power network to be a node, and we model connectivity between nodes using a directed graph [50] in which directed edges between nodes represent the direction of a power outage's propagation. ...
In recent decades, the weather around the world has become more irregular and extreme, often causing large-scale extended power outages. Resilience - the capability of withstanding, adapting to, and recovering from a large-scale disruption - has become a top priority for the power sector. However, the understanding of power grid resilience still stays on the conceptual level mostly or focuses on particular components, yielding no actionable results or revealing few insights on the system level. This study provides a quantitatively measurable definition of power grid resilience, using a statistical model inspired by patterns observed from data and domain knowledge. We analyze a large-scale quarter-hourly historical electricity customer outage data and the corresponding weather records, and draw connections between the model and industry resilience practice. We showcase the resilience analysis using three major service territories on the east coast of the United States. Our analysis suggests that cumulative weather effects play a key role in causing immediate, sustained outages, and these outages can propagate and cause secondary outages in neighboring areas. The proposed model also provides some interesting insights into grid resilience enhancement planning. For example, our simulation results indicate that enhancing the power infrastructure in a small number of critical locations can reduce nearly half of the number of customer power outages in Massachusetts. In addition, we have shown that our model achieves promising accuracy in predicting the progress of customer power outages throughout extreme weather events, which can be very valuable for system operators and federal agencies to prepare disaster response.
... (Fig. 6) Last but not least, some of the components or facilities hold critical status in the resilience of a power system. Modern power grids are interdependent networked systems [23,24,31,34,8], and failure of some critical portions may not only affect the customers' power supply within their own service territories, but also degrade the entire system's resistance ability and lead to failure of other dependent nodes in the same networks. This is a common mechanism of cascading failures and blackouts. ...
In recent years, extreme weather events frequently cause large-scale power outages, affecting millions of customers for extended duration. Resilience, the capability of withstanding, adapting to, and recovering from a large-scale disruption, has becomes a top priority for power sector, in addition to economics and sustainability. However, a good understanding on the power grid resilience is still lacking, as most approaches still either stay on the conceptual level, yielding no actionable results, or focus on a particular technical issue, revealing little insights on the system level. In this study, we take a quantitative approach to understanding power system resilience by directly exploring real power outage data. We first give a qualitative analysis on power system resilience and large-scale power outage process, identifying key elements and developing conceptual models to describe grid resilience. Then we propose a spatio-temporal random process model, with parameters representing the identified resilience capabilities and interdependence between service areas. We perform analyse using our model on a set of large-scale customer-level quarter-hourly historical power outage data and corresponding weather records from three major service territories on the east-coast of the United States under normal daily operations and three major extreme weather events. It has shown that weather only directly cause a small portion of power outages, and the peak of power outages usually lag the weather events. Planning vulnerability and excessively accumulation of weather effects play a key role in causing sustained local outages to the power system in a short time. The local outages caused by weather events will later propagate to broader regions through the power grid, which subsequently lead to a much larger number of non-local power outages.
... Researchers have used different approaches to identify interdependence among components, systems, or operations. In [5], the interdependencies between electrical infrastructure and the associated information infrastructure are qualitatively investigated and the pattern of fault propagation is explored. There are also examples of using correlation metrics for studying the interdependence. ...
Interdependence is an intrinsic feature of cyber–physical systems. Cyber and physical components are tightly integrated with each other, and hence, a trivial impairment in a part of the system may affect several components, leading to a sequence of failures that collapses the entire system. In this paper, we seek to identify the interdependencies among the components of a cyber–physical system using correlation metrics as well as a heuristic causation analysis method. We also demonstrate applicability of neural networks for prediction of imminent failures given the current system state. The proposed prediction tool can help system operators to perform timely preventive actions and mitigate the consequences of accidental failures and malicious attacks. As a case study, we have analyzed two smart grid test cases based on IEEE power bus systems, namely, IEEE–14 and IEEE–57.
... The framework is tested using an example test case of the Wellington region of Aotearoa New Zealand, to illustrate each module and demonstrate the validity of the framework. Here we focus on linking the electricity, potable water and road networks as they greatly determine the level of economic stability and development of a country [24,25]. The most important aspect of this framework is that it is valid for both the component and network-level linkages. ...
An infrastructure impact assessment process relies on the analysis of multiple types of models, the performance of individual infrastructure networks and the interdependencies between multiple infrastructure networks. Several models are developed for their specific purposes and there is a need to link these models for the assessment of natural hazard impacts on distributed infrastructures to deliver the desired outcomes on network functionality and disruption levels that are suitable to assess socio-economic impact. In this paper, an ‘end-to-end’ linkage structure is proposed to link different models by which various features, data standards, parameters and structures are linked in a transparent and consistent manner. The framework has adopted a dedicated knowledge discovery and data analysis process to acquire information around input and output parameters for each of these models developed by various researchers and used in risk assessment tools. The framework is illustrated by applying the step-by-step procedure towards integrated impact assessments of electricity, potable water and road networks and their interdependencies.
... Chen et al. [28] modeled cyber-physical attacks on the smart grid using Petri Net. Laprie et al. [29] provided a Petri-net model to study the interdependencies between electric supply CI and information technology. Omidvar et al. [30] Developed a Petri net model to understand and assess the failure risk between the various CI facilities in an interdependent CI network when an earthquake occurs. ...
During an urban flooding scenario, Healthcare Critical Infrastructure (HCI) represents a critical and essential resource. As the flood levels rise and the existing HCI facilities struggle to keep up with the pace, the under-preparedness of most urban cities to address this challenge becomes evident. Due to the disruptions in the interdependent Critical Infrastructures (CI) network (i.e., water supply, communications, electricity, transportation, etc.), during an urban flooding event, the operations at the healthcare CI facilities are inevitably affected. Hence, there is a need to identify cascading CI failure scenarios to visualize the propagation of failure of one CI facility to another CI, which can impact vast geographical areas. The goal of this work is to develop an interdependent HCI simulation model in a spatiotemporal environment to understand the dynamics in real-time and model the propagation of cascading CI failures in an interdependent HCI network. The model is developed based on a real-world cascading CI failure case study on an interdependent HCI network during the flood disaster event in December 2015 at Chennai, TamilNadu, India. The interdependencies between the CI networks are modeled by using the Stochastic Colored Petri Net (SCPN) based modeling approach. SCPN is used to model a real-word process that occurs in parallel or concurrently. Furthermore, a geographic information system-based interface is integrated with the simulation model, to visualize the dynamic behavior of the interdependent HCI SCPN simulation model in a spatiotemporal environment. Such a dynamic simulation model can assist the decision-makers and emergency responders to rapidly simulate ‘what if’ kind of scenarios and consequently respond rapidly.
... To analyze the risks posed by cyber-physical attacks against power systems, a number of approaches have been proposed. These include attack trees [19], graph-theory [20,21], hyper-graphs [22], probabilistic methods [23,24,17], complex network theory [25], Petri nets [26,27] and Markov Decision Processes [28]. Ten et al. [19] proposed an attack tree model to evaluate cyber security risks considering password policies and port auditing. ...
... Approaches using network indices may not however best reflect the effects of physical failures. Laprie et al. [26] proposed a Petri net-based cyber-physical interdependency modelling. Chen et al. [27] combined several smaller domain specific petri-nets into a higher level Petri net. ...
Deployment of energy management systems in electric utilities has resulted in improvement of situational awareness in power systems. However, additional cyber security issues are introduced in real-time operations. Substantial research has since been dedicated towards the feasibility and formulation of coordinated cyber-physical attacks against power systems. However, the full extent of their impacts contributing to cascading failures is not widely explored. This paper investigates to what extent such coordinated attacks against power system state estimation lead to large scale blackouts. To consider the worst case scenarios, false data injection attacks against parameter-based remedial action schemes are investigated on realistic power networks under large inter-area power transfers. Additionally, three indices are proposed to quantify the severity of the post-attack impacts: Loss of Observability after Cascading Failures, Loss of Observability after Controlled Islanding and Lines Recoverable after Controlled Islanding. The three indices will enable system operators to estimate the extent of recoverability of the grid after attacks have adversely impacted the power grid. All simulations are carried on synthetic Illinois 200-bus and South Carolina 500-bus systems.
... Our model treats each fault-tolerant aspect of a service-oriented software system as a set of roles, and defines each role as a set of properties. Taking into account the lack of UML language widely used in industry, the modeling capability of the aspect is intended to describe the fault-tolerant aspect using the UML extension mechanism [4] combined with the Object Constraint Language (OCL). The UML extension mechanism of the fault-tolerant aspect designed by the research group is shown in the figure below. ...
