We investigate worst-case impacts of stealthy full sensor attacks against linear control systems under a general class of anomaly detectors. We show that the worst-case impact scales with a parameter that is solely determined by the number of sensors in the plant, the detector used, and its tuning. Therefore, we obtain a general metric to compare the performance of detectors of this class of detectors under the investigated sensor attack, which is independent of the plant dynamics and applies to all linear systems with the same number of sensors.

In this paper, batteries are used to preserve the privacy of households with smart meters. It is commonly understood that data from smart meters can be used by adversaries to infringe on the privacy of the households, e.g., figuring out the individual appliances that are being used or the level of the occupancy of the house. The Cramer-Rao bound is used to relate the variance of the estimation error of any unbiased estimator of the household consumption from the aggregate consumption (i.e., the household plus the battery) to the Fisher information. Subsequently, optimal policies for charging and utilizing batteries are devised to minimize the Fisher information (in the scalar case and the trace of the Fisher information matrix in the multi-variable case) as a proxy for maximizing the variance of the estimation error of the electricity consumption by adversaries (irrespective of their estimation policies). The policies are chosen to respect the physical constraints of the battery regarding capacity, initial charge, and rate constraints. The results are demonstrated on real power measurement data with non-intrusive load monitoring algorithms.

In this paper, we study the H∞-norm of linear systems over graphs, which is used to model distribution networks. In particular, we aim to minimize the H∞-norm subject to allocation of the weights on the edges. The optimization problem is formulated with LMI (Linear-Matrix-Inequality) constraints. For distribution networks with one port, i.e., SISO systems, we show that the H∞-norm coincides with the effective resistance between the nodes in the port. Moreover, we derive an upper bound of the H∞-norm, which is in terms of the algebraic connectivity of the graph on which the distribution network is defined.

Distributed approaches to secondary frequency control have become a way to address the need for more flexible control schemes in power networks with increasingly distributed generation. The distributed averaging proportional-integral (DAPI) controller presents one such approach. In this paper, we analyze the transient performance of this controller, and specifically address the question of its performance under noisy frequency measurements. Performance is analyzed in terms of an H2 norm metric that quantifies power losses incurred in the synchronization transient. While previous studies have shown that the DAPI controller performs well, in particular in sparse networks and compared to a centralized averaging PI (CAPI) controller, our results prove that additive measurement noise may have a significant negative impact on its performance and scalability. This impact is shown to decrease with an increased inter-nodal alignment of the controllers' integral states, either through increased gains or increased connectivity. For very large and sparse networks, however, the requirement for inter-nodal alignment is so large that a CAPI approach may be preferable. Overall, our results show that distributed secondary frequency control through DAPI is possible and may perform well also under noisy measurements, but requires careful tuning.

In this paper, we propose a retrofit control method for stable network systems. The proposed approach is a control method that, rather than an entire system model, requires a model of the subsystem of interest for controller design. To design the retrofit controller, we use a novel approach based on hierarchical state-space expansion that generates a higher-dimensional cascade realization of a given network system. The upstream dynamics of the cascade realization corresponds to an isolated model of the subsystem of interest, which is stabilized by a local controller. The downstream dynamics can be seen as a dynamical model representing the propagation of interference signals among subsystems, the stability of which is equivalent to that of the original system. This cascade structure enables a systematic analysis of both the stability and control performance of the resultant closed-loop system. The resultant retrofit controller is formed as a cascade interconnection of the local controller and an output rectifier that rectifies an output signal of the subsystem of interest so as to conform to an output signal of the isolated subsystem model while acquiring complementary signals neglected in the local controller design, such as interconnection signals from neighboring subsystems. Finally, the efficiency of the retrofit control method is demonstrated through numerical examples of power systems control and vehicle platoon control. 

In this paper, we consider a state estimation problem for stochastic linear dynamical systems in the presence of bias injection attacks. A Kalman filter is used as an estimator, and a chi-squared test is used to detect anomalies. We first show that the impact of the worst-case bias injection attack in a stochastic setting can be analyzed by a deterministic quadratically constrained quadratic program, which has an analytical solution. Based on this result, we propose a criterion for selecting sensors to secure in order to mitigate the attack impact. Furthermore, we derive a condition on the necessary number of sensors to secure in order for the impact to be less than a desired threshold.

We consider frequency control of synchronous generator networks and study transient performance under both primary and secondary frequency control. We model random step changes in power loads and evaluate performance in terms of expected deviations from a synchronous frequency over the synchronization transient; what can be thought of as lack of frequency coherence. We compare a standard droop control strategy to two secondary proportional integral (PI) controllers: centralized averaging PI control (CAPI) and distributed averaging PI control (DAPI). We show that the performance of a power system with DAPI control is always superior to that of a CAPI controlled system, which in turn has the same transient performance as standard droop control. Furthermore, for a large class of network graphs, performance scales unfavorably with network size with CAPI and droop control, which is not the case with DAPI control. We discuss optimal tuning of the DAPI controller and describe how internodal alignment of the integral states affects performance. Our results are demonstrated through simulations of the Nordic power grid.

High-voltage direct current (HVDC) is a commonly used technology for long-distance electric power transmission, mainly due to its low resistive losses. In this paper the voltagedroop method (VDM) is reviewed, and three novel distributed controllers for multi-terminal HVDC (MTDC) transmission systems are proposed. Sufficient conditions for when the proposed controllers render the closed-loop system asymptotically stable are provided. These conditions give insight into suitable controller architecture, e.g., that the communication graph should be identical with the graph of the MTDC system, including edge weights. Provided that the closed-loop systems are asymptotically stable, it is shown that the voltages asymptotically converge to within predefined bounds. Furthermore, a quadratic cost of the injected currents is asymptotically minimized. The proposed controllers are evaluated on a four-bus MTDC system.

Industrial control systems are cyber-physical systems that are used to operate critical infrastructures such as smart grids, traffic systems, industrial facilities, and water distribution networks. The digitalization of these systems increases their efficiency and decreases their cost of operation, but also makes them more vulnerable to cyber-attacks. In order to protect industrial control systems from cyber-attacks, the installation of multiple layers of security measures is necessary. In this paper, we study how to allocate a large number of security measures under a limited budget, such as to minimize the total risk of cyber-attacks. The security measure allocation problem formulated in this way is a combinatorial optimization problem subject to a knapsack (budget) constraint. The formulated problem is NP-hard, therefore we propose a method to exploit submodularity of the objective function so that polynomial time algorithms can be applied to obtain solutions with guaranteed approximation bounds. The problem formulation requires a preprocessing step in which attack scenarios are selected, and impacts and likelihoods of these scenarios are estimated. We discuss how the proposed method can be applied in practice.

In this paper, we propose a glocal (global/local) control method for large-scale network systems. The objective of the glocal control here is to suppress global propagation of a disturbance injected at a local subsystem based on the integration of different types of controllers, called global and local controllers. For the design of global and local controllers, we construct an aggregated model and a truncated model that can, respectively, capture global average behavior and local subsystem behavior of the network system of interest. Based on state-space expansion, called hierarchical state-space expansion, we show that a cascade interconnection of the aggregated model and the truncated model can be seen as a low-dimensional approximate model of the original network system, which has good compatibility with independent design of the global and local controllers. Furthermore, we show that appropriate integration of the global and local controllers can improve control performance with respect to global propagation of local disturbance. Finally, the effectiveness of the proposed method is shown through a numerical example of a benchmark model representing the bulk power system in the eastern half of Japan.