Profiles in Innovation: Anil Kondabathini, HyoJong Lee, Reynaldo Nuqui, Jiuping Pan

Deck: 

Hitachi ABB Power Grids

Fortnightly Magazine - November 11 2020

PUF's Steve Mitnick: What does this do to strengthen the cybersecurity of HVDC?

Reynaldo Nuqui: I'm the principal investigator of this DOE funded project. The innovation we produce here is an area of control extensions for HVDC. They detect, alarm, and even block malicious commands and measurements that seek to destabilize the HVDC systems.

The chief aspect about this innovation is that the functions developed are aware of the power system operations, unlike traditional IT cybersecurity defense applications. We advance on top of that, by being aware of power system operations that enable the defense system we developed to perform a consistency check between the cyber measurements and commands with HVDC converters operations.

That's one key feature of this function. Because we perform this cyber and physical system check, we ask ourselves, where could the system be compromised?

The HVDC physical world, mainly the power electronics and the HVDC station, the transformers and all the switchgear equipment are being operated continuously by control commands coming from the cyberspace. We then evaluate the inconsistency between the cyber commands coming into the control for the purpose of controlling the system of equipment, to the physical state of the system of equipment. 

Anil Kondabathini: The hacker can ramp down or up the DC power. We monitor those. If the behavior is not consistent with normal operation, we stop the command from being executed.

When this is evident, we flag it and send an alarm to the operator that this command is malicious, and we filter it out. Because a lot of commands that come to the HVDC system are automatic, we automatically filter out the malicious commands to prevent them from ever going into the control system or control room.

The innovation detects intrusion in real time. It's not like there's an attack and then we react to it one day later. This is the way we designed the defense mechanism - we can perform the automatic mitigation of the attacks that are coming in, at such speed that does not interfere with normal HVDC controller operation.

The innovation advances the state of the art in cybersecurity for HVDC systems by introducing an extra layer of defense on the HVDC.

PUF: We can help the reader understand that when we talk about HVDC, High-Voltage-Direct-Current transmission systems - even though most of the grid is alternating current - there are some crucially important HVDC systems in North America to the operation of our grid.

HyoJong Lee: I formulated the secured control dispatch algorithm, deployed it in an HVDC control main computer, and with the rest of the controls platform, we simulated and validated its performance.

DC systems have convertors where on one side you go from alternating current to direct current and then you transmit, and then on the other side you have also have a convertor to go from direct current back to alternating current, and those convertors as well as the system itself have to be protected from cyberattacks.

Reynaldo Nuqui: Let me cite one example. Let's say a dispatcher from the control center sends a power order command to the converter station, from a thousand megawatts to fifteen hundred megawatts. Normally, with state of the art, the HVDC station executes the order without considering the impact it could cause on the AC system, because of how it is designed right now. But what we introduce here is an evaluation of what if that command was sent by an attacker, and is therefore malicious, and could impact the AC system negatively?

We then perform this analysis where we predict the outcome of that command with respect to the loading of the HVDC equipment and, especially, the AC transmission lines around the converter station. If we predict some of those AC lines will be overloaded, we say, this is most likely an operator error or a malicious command coming from a cyber attacker. That's one scenario.

PUF: How did the team work together on this project?

Reynaldo Nuqui: The innovation is an area of control extensions for HVDC that detect, alarm, and block malicious commands and measurements that seek to destabilize the systems.

Reynaldo Nuqui: I'm responsible for the overall project, developing a strategy for conceptualizing and verifying the cybersecurity functions that we developed. There are other partners like the Bonneville Power Administration, Argonne National Lab, University of Illinois at Urbana Champaign, and University of Idaho

We deployed the algorithms that we developed inside a hardware-in-the-loop testbed in a converter station of our utility partner. We're not connected live. We're simulating the system as it drives what will happen with the software if a cyberattack comes into the converter station and how we protect it.

Anil Kondabathini: We developed functions that will evaluate some non-normal conditions, which are caused by what we call cyberattacks. Most of the functions we developed can identify or discriminate between what is a valid operation of a system or non-valid operation.

If it detects a non-valid operation, which may compromise the operation of the grid and eventually lead to some security consequences, then our functions will log it as an error and restore the operation.

Jiuping Pan: DOE has been promoting an HVDC overlay for the national grid. This technology must be implemented as a control feature.

The cybersecurity operations are time critical. That means they should not compromise the real time operation of the system. 

In one attack case, if the hacker wanted to compromise our operation, the hacker can ramp down or ramp up the DC power, so, the hacker by just sending the command, affects various parts of the grid. We monitor those effects and evaluate the impact of any command on how the grid is going to behave. If the behavior is not consistent with normal operation, then we will stop the command from being executed.

HyoJong Lee: For this project, my role is to develop a security feature for the HVDC control dispatch. In this role, I formulated the corresponding Hitachi ABB Power Grids secured control dispatch algorithm, deployed it in an HVDC control main computer device, and together with the rest of the controls platform, we simulated and validated its performance.

Jiuping Pan: I would like to say that DOE has been promoting an HVDC overlay for the national grid. These include HVDC intertie between regions and interconnections. Therefore, cybersecurity is important to ensure the reliable operation of this critical infrastructure. I think that this technology must be implemented as a control feature in HVDC.

PUF: What do you think will happen in the future as far as further work in this field?

Reynaldo Nuqui: The best way is to implement the technology into a product. We developed this technology, I think at TRL Level 7 or Level 8, where we tested inside an HVDC converter station, and got the real time measurements that mimics that station. 

Then we tested the algorithms. Now the next move should be, hopefully, to commercialize on this as an expanded offering on our control system.

To this end, we need some way to showcase the technology around the U.S. to make other HVDC asset owners aware of it. We've been fully aware of this innovation's capabilities and its role in securing HVDC from cyberattacks. Commercialization - that would be the next best move for us.


Profiles in Innovation