Content uploaded by Taha Selim Ustun
Author content
All content in this area was uploaded by Taha Selim Ustun on May 18, 2020
Content may be subject to copyright.
978-1-7281-3958-6/19/$31.00 ©2019 IEEE
Cybersecurity Vulnerabilities of Smart Inverters and
Their Impacts on Power System Operation
Taha Selim Ustun
Fukushima Renewable Energy Institute, AIST (FREA), Fukushima, Japan
Department of Energy and Environment, Research Institute of Energy Frontier, Ibaraki, Japan
Abstract— Smart Inverters (SIs) are becoming more popular
with their ability to support voltage and frequency in a grid.
This helps overcome the natural limitation of renewable energy
deployments. More companies are looking at using SIs in their
networks and closely study their impacts of these devices on the
power system operation. Carefully controlled test environments
show that necessary auxiliary support can be received from SIs.
However, these modes actively inject power into the grid and
may cause unknown problems. Especially if the SI control block
is compromised by a hacker, these problems may have
disastrous consequences. In order to fill this gap and investigate
these points, a newly developed simulation platform called Sora-
Grid is utilized to investigate impacts of cyberattacks on SI
operation as well as power system operation at large. With the
integration of Information Technologies (IT) and automation in
power systems, cybersecurity has become a real threat and a
concern. Most of the cybersecurity research focuses on large
scale power plants that are connected at transmission level. This
work analyzes the impact of such attacks on small-scale
inverters that are connected to distribution networks. Based on
these findings, cybersecurity measures can be developed to
secure SI operation.
Keywords—Cybersecurity; Power System Automation; IEC
62351; IEC 61850; Authentication; Message Integrity;
I. I
NTRODUCTION
Renewable energy-based generation created opportunities
for environment-friendly energy policies as well as
electrification of underserved communities [1, 2]. The latter
becomes very relevant where locations are far from cities and
costs of such projects are prohibitive [3, 4]. Most of the
renewable energy based generation is connected to the grid
with inverters. High number of conventional inverters in
power systems create new challenges in control and operation
of power systems [5]. They lower the inertia of the system,
alters the power system dynamics and render traditional
protection schemes obsolete [6-8].
It is imperative to keep these negative effects to a
minimum, if it is desired to increase the share of clean energy
in the overall mix. Smart Inverters (SIs) are able to provide
voltage and frequency support to the grid and, thus, mitigate
some of the above mentioned challenges [9]. Despite this
advantage, SIs contribute to active power flow and impact the
power system operation. Therefore, power companies are
reluctant to deploy such active components before
investigating their behaviors thoroughly.
In addition to impacts that result from normal operation, it
is important to consider extraordinary cases such as behavior
under fault conditions or malicious operation due to cyber-
attacks. Cybersecurity of smartgrids, in other words power
systems equipped with IT and communication devices, has
become a cause for concern recently [10]. Experiences with
the recent Ukrainian blackout and Stux-net virus showed how
near these threats are and how dire the consequences might be
[11]. Researchers have started looking into cyber-security
issues in smart meters [12], phasor measurement units
(PMUs) [13], electric vehicles (EVs) [14, 15]. Following this
trend, there is an immediate need to investigate cybersecurity
issues related to SIs.
Smart inverters are new in the power system arena and
most of the well-established simulation package programs do
not have them in their libraries. Those who have implemented
them, such as OpenDSS, can support only a few
functionalities and not the ones related to frequency control.
Feeling this need and seeing this knowledge gap, a unique
simulation platform called Solar Resource Application
Platform for Grid Simulation (SoRA-Grid) which inherently
models SIs and has the ability to run frequency related
functionalities.
This paper presents a study into possible cyber-attacks on
SIs. The operating modes of SIs are clearly defined [9], but
hackers may alter these to disrupt operation and cause havoc.
In this paper, critical points in these operating modes are
altered and their impact on power system operation are
investigated. Presented results show that even a single
component can seriously disrupt safe and secure operation of
distribution networks. Therefore, SIs need to be equipped with
cybersecurity measures, such as key-based authentication,
message encryption and integrity checks.
Rest of the paper is organized as follows: Section II gives
an overview of SI operation and related cybersecurity issues.
Section III gives the details of the simulation software,
modeled network and the simulated scenarios along with the
results. Section IV gives future research directions and draws
the conclusions.
II. O
VERVIEW OF
SI
O
PERATION AND
C
YBERSECURITY
A
SPECTS
Initially, IEC/TR 61850-90-7 [9] has defined a list of
standardized interoperability functions for DERs. These
functions are grouped under nine modes. First seven groups
focus on power-related functions that are expected from
power converters with advanced capabilities. These functions
aim at supporting grid by supplying reactive power (VAR),
reactive current or managing real power and supporting
frequency.
Most of the works reported in the literature focus on Volt-
Var control of Smart Inverters. In this paper, to diversify the
results, Volt-Watt management capability is investigated.
There are two modes, VW51 and VW52, that control volt-watt
during generation and charging, respectively. Figure 1 shows
standard curves recommended for these modes as well as
hacked versions. It can be observed that VW51 curve is
Authorized licensed use limited to: AIST C1 (RIPS). Downloaded on May 18,2020 at 04:01:40 UTC from IEEE Xplore. Restrictions apply.
changed by the hackers so that the operation is completely
cancelled while VW52 operation is reversed by the hacked
operating points.
Standard VW51 curve is designed so that SIs do not cause
over voltages in the system. As the terminal voltage increases,
P output is capped to counter this trend. If the voltage reaches
105 % of its nominal value, P injection needs to be stopped.
With the hacked curve, this logic is completely ignored. The
P injection from SI is increased with increasing terminal
voltage adding fuel to the fire.
Standard VW52 is designed to use charging to counter
over-voltage. As shown, the charging rate increases along
with terminal voltage value. The hacked curve opposes this
operation and sets the SI to zero power exchanged all the time.
Needless to say, this is not desired effect of VW52 operation.
The system
So far, cybersecurity in power systems has been achieved
with security by obscurity [10]. Communication was only
utilized in very limited areas such as PMUs within dedicated
networks. With the latest advances in smart grid technology,
data exchange takes place in almost everywhere [12]. SIs are
located in consumers’ houses and can be easily accessed, in
contrast to substation equipment which is well protected.
Therefore, it is possible that home area network or
physical connection can be utilized to take control of SIs and
change its operation, similar to EVs [14]. Research has shown
that this vulnerability can be exploited, and necessary
measures should be put in place [13,15]. Due to their
similarity in operation place, control method and accessibility,
SIs are just as vulnerable and need to be protected.
Therefore, this work considers a possible attack on SI that
changes its behavior and investigates the impacts on the power
system operation.
III. S
YSTEM
M
ODELING AND
S
IMULATIONS
A 10-node distribution network is modeled for power
system simulations. The design and parameters are taken
from real systems with typical values [5].
Figure 2. A Simple Distribution Network
As shown in Figure 2, each node includes four separate
houses which individually have a load, PV panel and SI. The
measurement points are shown with red circles. Node 1 and 5
are sampled to follow status in connection and mid-points of
Center Right
Fi
g
ure 3. Model Simulated in SoRA-Grid
(
Matlab Simulink-Interface is used
)
Figure 1. Standard and Hacked Volt-Watt Curves
0
20
40
60
80
100
97 102 105 107
P output (% of Nominal Value)
Terminal Voltage (% of Nominal Value)
Standard-VW51
Hacked- VW51
0
20
40
60
80
100
97 102 105 107
P output (% of Nominal Value)
Terminal Volta
g
e
(
% of Nominal Value
)
Standard-VW52
Hacked -VW52
Authorized licensed use limited to: AIST C1 (RIPS). Downloaded on May 18,2020 at 04:01:40 UTC from IEEE Xplore. Restrictions apply.
the system. Due to its distance, Node 10 is the most vulnerable
node to voltage fluctuations.
Figure 3 shows the model developed in SoRA-Grid
simulation tool, which uses MATLAB interface. In addition
to buses and location of PV panels and loads; this figure shows
SI output terminals that are monitored, in green.
Firstly, the system is run with constant over-voltage
protection. In other words, SIs are not allowed to increase their
power output if their terminal voltages are above a certain
value. Figures 4 and 5 show obtained P and V profiles,
respectively. As shown, Node 10 reaches much faster this
forces SIs to limit their output power. As the nodes get closer
to feeder connection point, voltage becomes more stable and
more power output can be observed. Node 1 does not enforce
any limitation on its power output.
Figure 4. Normal Operation P
Figure 5. Normal Operation V
After this reference case, VW51 operation is run with
hacked-curve shown in Figure 1. Since the normal operation
of VW51 is negated by the hackers, very high P outputs are
observed as shown in Figure 6. In fact, all SIs have the same
output which is equal to output of SI at Node 1 in Figure 4.
Figure 6. VW51 hacking all SI P output
Figure 7. VW51 hacking all SI V output
Figure 7 shows the voltage rise in the network due to
excessive power injection. Again, Node 10 (Bus 31 in Figure
3) shows the highest vulnerability and the highest voltage rise.
Distribution operators are very particular about these
dangerous voltage values and have strict connection
requirements imposed on renewable energy owners. In a real-
world scenario, owners of all SIs except SI connected to Node
1 would be subject to hefty penalties. More importantly, half
of the distribution network (downstream of Bus 6) would have
very high voltages which would damage the network and
household equipment.
In this situation, the voltage rise is limited by the capacity
of SI (i.e. magnitude of P injection) and absolute cut-off
voltages. Cut-off voltages represent absolute minimum and
maximum voltages that SIs should not exceed in operation.
These values are stored inside SIs and control parameters as
well. If the hacker alters the high-voltage cut-off setting to a
much higher value, SIs stay online and damage themselves as
well as the power system.
Same simulations are carried out with hacked VW52
curves. Obtained voltage and frequency profiles are given in
Figures 8 and 9, respectively. Due to the twisted operation of
SIs, the voltage rises quicker and the SIs start reducing their
power injection, in an operating mode that is designed to
behave on the contrary. The voltage profile shows that the
further the measurement point is from the feeder location, the
deeper is the voltage drop due to hacked operation modes.
Figure 8. VW52 hacking all SI P output
Authorized licensed use limited to: AIST C1 (RIPS). Downloaded on May 18,2020 at 04:01:40 UTC from IEEE Xplore. Restrictions apply.
Figure 9. VW52 hacking all SI V output
The direct effect of this can be seen from several P outputs
dipping down to zero in Figure 8. This results in a
considerable amount of renewable generation loss in the
power system. Especially, for systems where distributed
generation based on renewables is taken as a major source of
generation, such unexpected losses will create significant
issues. More importantly, it may be hard to notice such
changes, as there is no large power plant loss. The effect is a
collection of individual power generation losses which are
small on their own.
IV. C
ONCLUSIONS
Integration of intermittent renewable energy technologies
in power systems, especially in distribution networks, requires
extensive changes in the operation and control principles.
Unprecedented amounts of local generation and power
injection create voltage and stability issues. So far,
distribution operators have mitigated these by imposing a limit
on the penetration level of such technologies. However, to
meet global targets on carbon emission reductions and
environmentally friendly generation shares, more needs to be
done. Smart inverters, equipment that have the capability to
support grid operation by providing voltage and frequency
control assistance, can be the answer to these pressing needs.
However, SIs actively participate in power flow and effect
the network in many ways. Electric power companies have
always been reluctant in introducing new components with
little known characteristics to their system. SIs are no
exception. To address this gap, several impact studies have
been performed. However, cybersecurity vulnerabilities of SIs
have not been reported yet. With the rising awareness of
cybersecurity needs of power systems, i.e. smart grids, it is
important to see what impact such attacks would have on SIs
and their interaction with the grid.
In this paper, a typical distribution system has been
designed with SIs. Simulations have been performed to
observe results with normal and hacked operations of SIs. The
results show that dangerous voltage values can be reached
with uncontrolled (or ill-controlled) real power injection. The
results validate that SIs need to be equipped with
cybersecurity measures to mitigate these risks before on-site
deployments. Future work may focus on implementing key-
management systems, certificate-based authentication as well
as encrypted message exchanges with SIs.
R
EFERENCES
[1] A. H. Hubble et. al., “Scaling renewable energy based microgrids in
underserved communities: Latin America, South Asia, and SubSaharan
Africa”, IEEE PES PowerAfrica, Livingstone, 2016, pp. 134-138.
[2] F. Almeshqab et. al., “Lessons learned from rural electrification
initiatives in developing countries: Insights for technical, social,
financial and public policy aspects”, Renewable and Sustainable
Energy Reviews, Volume 102, 2019, pp. 35-53
[3] WEO-2017 Special Report: Energy Access Outlook, From Poverty to
Prosperity, IEA Publications, International Energy Agency 2017
[4] A. H. Hubble et. al., “Composition, placement, and economics of rural
microgrids for ensuring sustainable development”, Sustainable Energy,
Grids and Networks, Volume 13, 2018, pp. 1-18
[5] T. S. Ustun and Y. Aoto, "Analysis of Smart Inverter’s Impact on the
Distribution Network Operation," in IEEE Access, vol. 7, pp. 9790-
9804, 2019.
[6] T. S. Ustun, C. Ozansoy and A. Zayegh, "Simulation of communication
infrastructure of a centralized microgrid protection system based on
IEC 61850-7-420," IEEE Third International Conference on Smart
Grid Communications (SmartGridComm), Tainan, 2012, pp. 492-497.
[7] T. S. Ustun, C. Ozansoy and A. Zayegh, "Differential protection of
microgrids with central protection unit support," IEEE 2013 Tencon -
Spring, Sydney, NSW, 2013, pp. 15-19.
[8] T. S. Ustun, R. H. Khan, A. Hadbah and A. Kalam, "An adaptive
microgrid protection scheme based on a wide-area smart grid
communications network," IEEE Latin-America Conference on
Communications, Santiago, 2013, pp. 1-5.
[9] IEC/TR 61850-90-7, “Communication Networks and systems for
power utility automation, Part 90-7: Object models for power
converters in dist ributed energ y resources (DER) systems,
International Electrotechnical Commission (IEC), February 2013
[10] S. M. Farooq et. al., "Performance Evaluation and Analysis of IEC
62351-6 Probabilistic Signature Scheme for Securing GOOSE
Messages," in IEEE Access, vol. 7, pp. 32343-32351, 2019.
[11] Industrial Control Systems Cyber Emergency Response Team (ICS-
CERT), “Cyber-Attack Against Ukrainian Critical Infrastructure”,
Incident Report, February 25, 2016
[12] R. Mbitiru et. al., "Using input-output correlations and a modified slide
attack to compromise IEC 62055-41," 2017 IEEE International
Autumn Meeting on Power, Electronics and Computing (ROPEC),
Ixtapa, 2017, pp. 1-6.
[13] S. M. Farooq et. al., “Certificate Based Authentication Mechanism for
PMU Communication Networks Based on IEC 61850-90-5”,
Electronics 2018, 7, 370
[14] M. A. Aftab, et. al, "IEC 61850 and XMPP Communication Based
Energy Management in Microgrids Considering Electric Vehicles," in
IEEE Access, vol. 6, pp. 35657-35668, 2018.
[15] S. M. Farooq et. al., “Certificate Based Security Mechanisms in
Vehicular Ad-Hoc Networks based on IEC 61850 and IEEE WAVE
Standards”, Electronics 2019, 8, 96.
Authorized licensed use limited to: AIST C1 (RIPS). Downloaded on May 18,2020 at 04:01:40 UTC from IEEE Xplore. Restrictions apply.