Modeling Coupled Nonlinear Multilayered Dynamics: Cyber Attack and Disruption of an Electric Grid

Abstract

We study the consequences of cyberattack, defense, and recovery in systems for which a physical system is enabled by a cyber system by extending previous applications of models from the population biology of disease to the cyber system and coupling the state of the cyber system to the physical system, using the synchronous model for the electric grid. In analogy to disease models in which individuals are susceptible, infected, or recovered, in the cyber system, components can be uncompromised and vulnerable to attack, uncompromised and temporarily invulnerable to attack, compromised, or reset and thus not able to contribute to the performance of the physical system. We model cyber defensive countermeasures in analogy to the adaptive immune system. We link the physical and cyber systems through a metric of performance of the physical system that depends upon the state of the cyber system using (i) a generic nonlinear relationship between the state of the cyber system and the performance of the physical system and (ii) the synchronous motor model of an electric grid consisting of a utility with many customers whose smart meters can become compromised, in which a steady state in the difference in rotor angles is the metric of performance. We use the coupled models, both of which have emergent properties, to investigate two situations. First, when an attacker that relies on stealth compromise is hidden until it is either detected during routine maintenance or an attack is initiated. The probability that compromise remains undetected declines with time and the level of compromise increases with time. Because of these dynamics, an optimal time of attack emerges, and we explore how it varies with parameters of the cyber system. Second, we illustrate one of the Electric Power Research Institute scenarios for the reverse engineering of Advanced Metering Infrastructure (AMI) by coupling the synchronous motor equations for the generator and utility to the model of compromise. We derive a canonical condition for grid failure that relates the level of compromise at the time of detection of compromise and the dissipation parameter in the synchronous motor model. We conclude by discussing the innovative aspects of our methods, which include (i) a fraction of decoy components in the cyber system, which are not connected to the rest of the cyber system or the physical system and thus do not spread compromise but increase the probability of detection of compromise, (ii) allowing components of the cyber system to return to the un-compromised state either temporarily invulnerable or immediately vulnerable, (iii) adaptive Defensive Counter Measures that respond in a nonlinear fashion to attack and compromise (in analogy to killer T cells of the immune system), (iv) a generic metric of performance of the physical system that depends upon the state of the cyber system, and (v) coupling a model of the electric grid to the model of compromise of the cyber system that leads to a condition for failure of the grid in terms of parameters of both compromise and the synchronous motor model, directions for future investigations, and connections to recent studies on broadly the same topics. We include a pseudocode as an Appendix and indicate how to obtain R script for the models from the first author.