This paper presents a new proposed infrastructure that enables simultaneous cyber security and operational security. The basis of the method is command interception and fast authentication from the cyber security point of view (reliable detection of cyber intrusions) and from the operational reliability point of view. To simplify the process, the command authentication is done at the relay level and relay controls. As such it does not depend on the communication architecture. The method is based on new developments on dynamic state estimation based protection and substation level distributed state estimation. This infrastructure provides the capability to monitor, intercept, and authenticate/block commands as they reach the relay and the control circuits of the relay. Since all controls are exercise through a relay, this approach provides 100% coverage.
The authentication/blockage of commands is done quickly because of the distributed approach which enables quick assembly of a local real time model and fast analytics with this local model. Specifically, for each command the proper local real time model is constructed and quickly analyzed to determine the effects on the power system. The analytics determine the effect of the command, if executed, on the system and in particular on the operational reliability of the system. In case of a command that may have adverse effects on the operational reliability of the system, the command will be blocked and the operator will be alerted. In addition to the command authentication at the relay level, an open-source real-time network monitoring system for capturing and parsing network traffic is presented. Because the method is based on the substation level dynamic state estimator which uses only local substation level measurements and data, a byzantine type attack is not considered possible for the proposed approach. Finally, a discussion on the architecture required to integrate the network monitoring and state estimation sys- ems is presented. The methodology is presently being tested in a laboratory setup that includes a digital simulator of the electric power system and hardware in the loop.