Synchrophasor spoofing detection and remediation for wide-area damping control

Evolving cyber-attack threats put at risk automatic closed-loop systems to be incorporated in the smart grid. Wide-area control systems are particularly vulnerable to signal spoofing attacks due to sensor remoteness and dependence on satellite communication for time synchronization. A successful cyber-attack on a wide-area controller has the potential to reduce relative stability of the power system or worse, destabilize it. As such, detection algorithms must be deployed as defense against such attacks with the ability to autonomously correct for detected tampering or misoperation. The Spoof Catch and Restore Routine (SCR2), a combination of three real-time spoof detectors, each requiring limited information about the plant, is presented. Nonlinear simulations of a compromised wide-area control system deployed in the Western Interconnection show the effectiveness of SCR2 in detecting both delay-type and counterfeit-type spoofing attacks on wide-area sensors.

Automated summary

The evolving cyber-attack threats put automatic closed-loop systems in the smart grid at risk. Wide-area control systems are vulnerable to signal spoofing attacks, and detection algorithms must be deployed as defense.