Power System State Estimation : Theory and Implementation
24 Mar 2004-
TL;DR: In this paper, Peters and Wilkinson this paper proposed a WLS state estimation algorithm based on the Nodal Variable Formulation (NVF) and the Branch Variable Factorization (BVF).
Abstract: Preface INTRODUCTION Operating States of a Power System Power System Security Analysis State Estimation Summary WEIGHTED LEAST SQUARES STATE ESTIMATION Introduction Component Modeling and Assumptions Building the Network Model Maximum Likelihood Estimation Measurement Model and Assumptions WLS State Estimation Algorithm Decoupled Formulation of the WLS State Estimation DC State Estimation Model Problems References ALTERNATIVE FORMULATIONS OF THE WLS STATE ESTIMATION Weaknesses of the Normal Equations Formulation Orthogonal Factorization Hybrid Method Method of Peters and Wilkinson Equality-Constrained WLS State Estimation Augmented Matrix Approach Blocked Formulation Comparison of Techniques Problems References NETWORK OBSERVABILITY ANALYSIS Networks and Graphs NetworkMatrices LoopEquations Methods of Observability Analysis Numerical Method Based on the Branch Variable Formulation Numerical Method Based on the Nodal Variable Formulation Topological Observability Analysis Method Determination of Critical Measurements Measurement Design Summary Problems References BAD DATA DETECTION AND IDENTIFICATION Properties of Measurement Residuals Classification of Measurements Bad Data Detection and IdentiRability Bad Data Detection Properties of Normalized Residuals Bad Data Identification Largest Normalized Residual Test Hypothesis Testing Identification (HTI) Summary Problems References ROBUST STATE ESTIMATION Introduction Robustness and Breakdown Points Outliers and Leverage Points M-Estimators Least Absolute Value (LAV) Estimation Discussion Problems References NETWORK PARAMETER ESTIMATION Introduction Influence of Parameter Errors on State Estimation Results Identification of Suspicious Parameters Classification of Parameter Estimation Methods Parameter Estimation Based on Residua! Sensitivity Analysis Parameter Estimation Based on State Vector Augmentation Parameter Estimation Based on Historical Series of Data Transformer Tap Estimation Observability of Network Parameters Discussion Problems References TOPOLOGY ERROR PROCESSING Introduction Types of Topology Errors Detection of Topology Errors Classification of Methods for Topology Error Analysis Preliminary Topology Validation Branch Status Errors Substation Configuration Errors Substation Graph and Reduced Model Implicit Substation Model: State and Status Estimation Observability Analysis Revisited Problems References STATE ESTIMATION USING AMPERE MEASUREMENTS Introduction Modeling of Ampere Measurements Difficulties in Using Ampere Measurements Inequality-Constrained State Estimation Heuristic Determination of F-# Solution Uniqueness Algorithmic Determination of Solution Uniqueness Identification of Nonuniquely Observable Branches Measurement Classification and Bad Data Identification Problems References Appendix A Review of Basic Statistics Appendix B Review of Sparse Linear Equation Solution References Index
Citations
More filters
TL;DR: In this article, a new class of attacks, called false data injection attacks, against state estimation in electric power grids is presented and analyzed, under the assumption that the attacker can access the current power system configuration information and manipulate the measurements of meters at physically protected locations such as substations.
Abstract: A power grid is a complex system connecting electric power generators to consumers through power transmission and distribution networks across a large geographical area. System monitoring is necessary to ensure the reliable operation of power grids, and state estimation is used in system monitoring to best estimate the power grid state through analysis of meter measurements and power system models. Various techniques have been developed to detect and identify bad measurements, including interacting bad measurements introduced by arbitrary, nonrandom causes. At first glance, it seems that these techniques can also defeat malicious measurements injected by attackers.In this article, we expose an unknown vulnerability of existing bad measurement detection algorithms by presenting and analyzing a new class of attacks, called false data injection attacks, against state estimation in electric power grids. Under the assumption that the attacker can access the current power system configuration information and manipulate the measurements of meters at physically protected locations such as substations, such attacks can introduce arbitrary errors into certain state variables without being detected by existing algorithms. Moreover, we look at two scenarios, where the attacker is either constrained to specific meters or limited in the resources required to compromise meters. We show that the attacker can systematically and efficiently construct attack vectors in both scenarios to change the results of state estimation in arbitrary ways. We also extend these attacks to generalized false data injection attacks, which can further increase the impact by exploiting measurement errors typically tolerated in state estimation. We demonstrate the success of these attacks through simulation using IEEE test systems, and also discuss the practicality of these attacks and the real-world constraints that limit their effectiveness.
2,064 citations
09 Nov 2009
TL;DR: A new class of attacks, called false data injection attacks, against state estimation in electric power grids are presented, showing that an attacker can exploit the configuration of a power system to launch such attacks to successfully introduce arbitrary errors into certain state variables while bypassing existing techniques for bad measurement detection.
Abstract: A power grid is a complex system connecting electric power generators to consumers through power transmission and distribution networks across a large geographical area. System monitoring is necessary to ensure the reliable operation of power grids, and state estimation is used in system monitoring to best estimate the power grid state through analysis of meter measurements and power system models. Various techniques have been developed to detect and identify bad measurements, including the interacting bad measurements introduced by arbitrary, non-random causes. At first glance, it seems that these techniques can also defeat malicious measurements injected by attackers.In this paper, we present a new class of attacks, called false data injection attacks, against state estimation in electric power grids. We show that an attacker can exploit the configuration of a power system to launch such attacks to successfully introduce arbitrary errors into certain state variables while bypassing existing techniques for bad measurement detection. Moreover, we look at two realistic attack scenarios, in which the attacker is either constrained to some specific meters (due to the physical protection of the meters), or limited in the resources required to compromise meters. We show that the attacker can systematically and efficiently construct attack vectors in both scenarios, which can not only change the results of state estimation, but also modify the results in arbitrary ways. We demonstrate the success of these attacks through simulation using IEEE test systems. Our results indicate that security protection of the electric power grid must be revisited when there are potentially malicious attacks.
1,592 citations
TL;DR: In this article, a mathematical framework for cyber-physical systems, attacks, and monitors is proposed, and fundamental monitoring limitations from both system-theoretic and graph-based perspectives are characterized.
Abstract: Cyber-physical systems are ubiquitous in power systems, transportation networks, industrial control processes, and critical infrastructures. These systems need to operate reliably in the face of unforeseen failures and external malicious attacks. In this paper: (i) we propose a mathematical framework for cyber-physical systems, attacks, and monitors; (ii) we characterize fundamental monitoring limitations from system-theoretic and graph-theoretic perspectives; and (ii) we design centralized and distributed attack detection and identification monitors. Finally, we validate our findings through compelling examples.
1,430 citations
Posted Content•
TL;DR: This paper proposes a mathematical framework for cyber-physical systems, attacks, and monitors, and describes fundamental monitoring limitations from system-theoretic and graph- theoretic perspectives and designs centralized and distributed attack detection and identification monitors.
Abstract: Cyber-physical systems integrate computation, communication, and physical capabilities to interact with the physical world and humans. Besides failures of components, cyber-physical systems are prone to malignant attacks, and specific analysis tools as well as monitoring mechanisms need to be developed to enforce system security and reliability. This paper proposes a unified framework to analyze the resilience of cyber-physical systems against attacks cast by an omniscient adversary. We model cyber-physical systems as linear descriptor systems, and attacks as exogenous unknown inputs. Despite its simplicity, our model captures various real-world cyber-physical systems, and it includes and generalizes many prototypical attacks, including stealth, (dynamic) false-data injection and replay attacks. First, we characterize fundamental limitations of static, dynamic, and active monitors for attack detection and identification. Second, we provide constructive algebraic conditions to cast undetectable and unidentifiable attacks. Third, by using the system interconnection structure, we describe graph-theoretic conditions for the existence of undetectable and unidentifiable attacks. Finally, we validate our findings through some illustrative examples with different cyber-physical systems, such as a municipal water supply network and two electrical power grids.
1,190 citations
Cites background from "Power System State Estimation : The..."
...with (t) = 0 8t2R0, and = fC;y(t) 8t2Ng. Note that static monitors do not exploit relations among measurements taken at different time instants. An example of static monitor is the bad data detector [36]. Definition 2: (Dynamic monitor) A dynamic monitor is a monitor with (t) = 0 8t 2 R0, and = fE;A;C;y(t) 8t2R0g. Differently from static monitors, dynamic monitors have knowledge of the system dynami...
[...]
01 Jan 2012
TL;DR: It is argued that the “smart” grid, replacing its incredibly successful and reliable predecessor, poses a series of new security challenges, among others, that require novel approaches to the field of cyber security.
Abstract: It is often appealing to assume that existing solutions can be directly applied to emerging engineering domains. Unfortunately, careful investigation of the unique challenges presented by new domains exposes its idiosyncrasies, thus often requiring new approaches and solutions. In this paper, we argue that the “smart” grid, replacing its incredibly successful and reliable predecessor, poses a series of new security challenges, among others, that require novel approaches to the field of cyber security. We will call this new field cyber-physical security. The tight coupling between information and communication technologies and physical systems introduces new security concerns, requiring a rethinking of the commonly used objectives and methods. Existing security approaches are either inapplicable, not viable, insufficiently scalable, incompatible, or simply inadequate to address the challenges posed by highly complex environments such as the smart grid. A concerted effort by the entire industry, the research community, and the policy makers is required to achieve the vision of a secure smart grid infrastructure.
933 citations
Cites background or methods from "Power System State Estimation : The..."
...Here we briefly introduce the weighted least square (WLS) estimator [34], as it is widely used in practice....
[...]
...2) Bad Data Detection: Bad data detector such as 2 or largest normalized residue detector [34] detects the corruption in measurement z by checking the residue vector r....
[...]