ICT and Power Distribution Modeling using Complex Networks

ICT and Power Distribution Modeling using Complex Networks José Sánchez, Raphaël Caire and Nouredine Hadjsaid Grenoble Electrical Engineering Laboratory (G2ELAB) University of Grenoble Saint Martin d’Hères, France {jose.sanchez, raphael.caire, nouredine.hadjsaid}@g2elab.grenoble-inp.fr

Abstract—Power Distribution Network reliability and security highlights the need to identify and understand vulnerabilities that emerge from its interaction with Information and Communication Technologies (ICT). Modeling the physical, logical, cyber, social and geographical relations can give some information about the interactions between both infrastructures to enlighten their interdependencies and to identify their mutual vulnerabilities. This paper presents a method that adapts the theory of Complex Numbers to the theory of Complex Networks. The result of this symbiosis is a two-dimensional model that allows inherent vulnerabilities of coupled infrastructures to be identified. Few simple cases are explained and the method is then demonstrated on a typical French Distribution Network including a surrounding ICT network. Index Terms—Complex Networks (CN), Critical Infrastructures Vulnerability, Cyber-Physical System, Information and Communication Technologies (ICT), Power Distribution Systems.

I. I NTRODUCTION Power Distribution and Information and Communication Technologies (ICT) infrastructures are known to be Critical Infrastructures because vital services, such as financial, defense and medical assistance, rely on them [1]. These infrastructures are characterized by being highly interconnected and interdependent in many ways. On the one hand, ICT infrastructure is essential for the control, supervision and operation of Power Distribution Systems. Therefore, an extremely large amount of information is exchanged between control centers, substations and markets, e.g. switchgears status, load frequency control and electric energy demand. On the other hand, ICT infrastructure needs energy supply from the Power Distribution to work properly. Undoubtedly, ICT infrastructure has improved significantly control and protection functions in Power Distribution Systems. Nevertheless, there is still a big question: Is the ICT infrastructure improving or endangering the security, the reliability and the resilience of Power Systems? Recent events [2] have shown two important facts. Firstly, failures in ICT infrastructure can affect Power Distribution Systems. Secondly, it is impossible to protect an infrastructure without identifying and understanding its vulnerabilities, i.e. multi-infrastructure threats. The work presented in this paper has been funded by the French National Research Agency (ANR), Project-09-CSOSG SINARI - Sécurité des Infrastructures et Analyses des RIsques, www.sinari.org.

Bompard et al. [3] discussed the importance to study and to improve (even to develop) defense and protective strategies in the cyber and physical layers in order to reduce the vulnerability levels. The Power Systems Engineering Research Center (PSERC) identified many research challenges in order to secure the future power grids, these challenges include: cyber attack risk modeling and risk mitigation, defense against coordinated cyber attacks, and simulation models, data sets, testbed evaluations [4]. Up to now, research into vulnerability of critical infrastructures has mainly focused on single infrastructures threats [5], [6]. However, few studies have given attention to threats that emerge from the interaction and interplays among infrastructures, a real and critical problem discussed by several authors [7], [8]. Kröger and Zio [9] analyzed the vulnerability of critical infrastructures using different approaches, including: complex networks, agent-based simulations, dynamic control theory, and others. Rozel et al. [10] highlighted the importance to understand the interactions and interdependencies between ICT and Power Systems, introducing a combined simulator that communicates single-infrastructure simulators in order to study the dynamic behavior of interconnected infrastructures. This paper proposes a method to identify critical vulnerabilities that emerge from the physical and cyber relationship between Power Distribution and ICT infrastructures using Complex Networks. More precisely, this paper is focused on two-dimensional graphs allowing to model each infrastructure in a different space, preserving their characteristics, and to integrate both infrastructures in a common representation. The choise of Complex Networks is justified since several works validated their use in power systems security and vulnerability assessments. For instance, Ricardo Moreno et al. [11] worked with Complex Networks to identify electrical islands in the Power System to solve problems of under frequency and undervoltage. Rozel et al. [12] implemented the Complex Network Theory and partitioning in order to find potential cuts of large power transmission grids. As well, [9], [13], [14] showed Complex Networks as a promising tool to evaluate the interdependencies of critical infrastructures. The proposed method differs in different aspects to the studies already done, as follows: i) the proposed method models the Power Distribution and ICT infrastructures as a whole system, i.e. a System-of-Systems, ii) the 2-dimensional representation solves one of the common problems modeling

multiple infrastructures, iii) most of the methods are usually tested on typical Power Transmission Grids (IEEE 39, 118, 300 bus, Italian transmission system, etc), the test system in this paper is a distribution network, which will allow to use the proposed method to model Smart Grids. Section II describes how the Complex Networks theory can be modified in order to introduce the Complex Numbers. This framework is applied to a case study to exemplify its realization in Section III. Finally, discussion, further work and conclusions are addressed in Section IV and V, respectively. II. C OMPLEX N ETWORKS M ODELING A Network is a set of items with connections between them and a Graph is the network mathematical representation [15]. Networks are present in almost every aspect of life, e.g. traveling, calling by cell-phone, finding a job, chatting, etc. For this reason, mathematicians and experts in many domains have tried to find the best way to model real systems, considering the relations and dependencies between their components. Leonhard Euler solved the enigmatic seven bridges of Königsberg problem during the 18th century using what has been called the foundations of the Graph Theory. Since its origin, the Graph Theory has been evolving thanks to the computerization of data acquisition and the availability of high computing power. Some of the main contributions include the Random Graphs Theory by Paul Erdös and Alfred Rényi, the ‘Small-World’ concept by Watts and Strogatz (WS), and the discovery of ‘scale-free’ characteristic in large networks. The application of graph theory to study large and complex systems is called Complex Networks theory. This theory allows systems topology characteristics and connectivity properties to be known, as well as, fault and cascade phenomena analysis to be performed [16], [17]. A complete overview of Complex Networks evolution is presented in [15] and [18]. A graph G is a pair of sets (V, E). The elements of V ≡ {v1 , v2 , v3 , . . . , vn } are the vertices or nodes and n is the number of vertices, they represent system elements such as buses, routers, airports, or people . While the elements of E ≡ {e1 , e2 , e3 , . . . , em } are the edges between the vertices and m is the number of edges, they represent the connections or relations between vertices; these connections can be physical, logical, or functional. Some common edges include: power lines, optical fiber, flight itineraries, and friendship [17]. If the edges have a direction associated with them, the graph is called Directed Graph or digraph, otherwise the graph is called Undirected Graph. Since Power Distribution and ICT infrastructures have different type of edges, according to the information transmitted, we identified four main types: • • •

Type 1: From an electrical node to another. This edge represents the normal power flow in the Power System. Type 2: From an ICT node to another. This edge represents the normal data flow from one router to another. Type 3: From an electrical node to an ICT node. Basically, it is the energy supply for ICT infrastructure.

Type 4: From an ICT node to an electrical node. This edge is used to send commands or to request information to/from the electrical component. A graph can be represented by an n × n matrix A, called Adjacency Matrix; where every row and column represents a vertex in the graph. Its entry ahj is 1 if the edge exists between the hth and jth vertices, and 0 otherwise. It is important to note that for undirected graphs the matrix A is symmetric (ahj = ajh ) and for directed graphs is asymmetric (ahj 6= ajh ). The degree kh of a node h is the number of incident links to the node h, it is defined in terms of the adjacency matrix A as shown in (1) for undirected graphs [17]. The Node Degree is the first step in the assessment of the vulnerability of Critical Infrastructures, providing information about the system topology. X kh = ahj (1) •

j∈V

For Directed Graphs, the Node Degree have two components: In-Degree (khin ) and Out-Degree (khout ). The first one is the number of ingoing links. The second one is the number of outgoing links. Mathematically they are represented by (2) and (3), respectively. X khin = ahj (2) j∈V

khout =

X

ajh

(3)

j∈V

We changed the definition of the edges and consequently the Adjacency Matrix A, in order to model multiple infrastructures. We propose to use complex-valued Adjacency Matrices to add flexibility and to expand the analysis into a two dimensional space that will allow modeling ICT and Power Distribution infrastructures in different spaces, preserving their characteristics. In the specific case of Power Distribution and ICT infrastructures, the entry ahj is set as a Complex Number (ahj ∈ C), as shown in (4), for undirected graphs. We choose to represent the Electrical dependencies within the Power System as the real component (1), the Communication dependencies within the ICT infrastructure as the imaginary component (1i) and consequently the interdependencies among both infrastructures as a complex number (1 + 1i) to show the dual interaction electricity and data flow.

ahj

   

1, 1i, = 1 + 1i,    0,

if link (h,j) is type 1 if link (h,j) is type 2 if link (h,j) is type 3 and 4 otherwise

(4)

In order to identify the vulnerabilities of coupled infrastructures, this paper attempts to identify the most important nodes in the system, as in [9], the term ‘importance’ is intended to qualify the role that the presence and location of the node plays with respect to the average global and local properties of the whole network. The Node Degree is one of the most widespread characteristics of Complex Networks to identify

the node role in the Network. We propose to divide it into two components. The Electrical Node Degree (keh ), that is the number of electrical edges incident with the node; and the ICT Node Degree (kch ), that is the number of ICT edges incident with the node (5). X kh = ahj = keh + ikch (5) j∈V

For instance, Fig. 1 shows a graph with 6 vertices V = {v1 , v2 , v3 , v4 , v5 , v6 }, in which the sub-set Ve = {v1 , v2 , v3 } are electrical nodes, and the sub-set Vc = {v4 , v5 , v6 } are communication nodes; vertices are connected by 6 edges E = {e1 , e2 , e3 , e4 , e5 , e6 }, where the sub-set {e1 , e2 } are type 1, the sub-set {e5 , e6 } are type 2, and the sub-set {e3 , e4 } are type 3 and 4 (bidirectional). v1

e1

e2

v2

v1

e1

e4

e7

Fig. 1.

e6

v6

6-Vertices Undirect Graph example.

As a result, the Adjacency matrix A is defined in (6) and the degrees are presented in Table I.     A=   

0 1 0 0 0 0

1 0 1 0 1 + 1i 0

0 0 0 1 0 1 + 1i 0 0 0 0 0 1i 0 1i 0 1 + 1i 0 1i

0 0 1 + 1i 0 1i 0

       

e6 ICT Node

e8 v6

Fig. 2. 6-Vertices Direct Graph example. Energy supply from node v2 to v5, and v5 sends control data to v2.

Since the adjacency matrix A is two-dimensional, equations (2) and (3) are composed by (8) and (9), respectively. X khin = ahj = keinh + i kcinh (8) j∈V

X

ajh = keout + i kcout h h

(9)

j∈V

e8 v5

e5

v5

khout =

ICT Node v4

e4

e7 v4

v3

e5

v3 Electrical Node

e3

Electrical Node e3

e2

v2

(6)

TABLE I N ODE D EGREES

Fig. 2 shows a Directed Complex Network with 6 vertices V = {v1 , v2 , v3 , v4 , v5 , v6 }, in which the sub-set {v1 , v2 , v3 } are electrical nodes, and the sub-set {v4 , v5 , v6 } are communication nodes; vertices are connected by 8 edges E = {e1 , e2 , e3 , e4 , e5 , e6 , e7 , e8 }, where the sub-set {e1 , e2 , e3 , e5 } are type 1, and the sub-set {e4 , e6 , e7 , e8 } are type 2. As a result, the Adjacency matrix A is defined in (10). It can be seen that nodes v2 and v3 are supplying energy to nodes v5 and v6 respectively. At the same time, nodes v5 and v6 are delivering commands to nodes v2 and v3 respectively. The in/out degree nodes are presented in Table II.   0 1 0 0 0 0  0 0 1 0 1 0     0 0 0 0 0 1    (10) A=   0 0 0 0 1i 0   0 1i 0 0 0 1i  0 0 1i 0 0 0 TABLE II IN AND OUT N ODE D EGREES

Vertex

v1

v2

v3

v4

v5

v6

kh

1

3+1i

2+1i

1i

1+3i

1+2i

ke

1

3

2

0

1

1

Vertex

v1

v2

v3

v4

v5

v6

2

in kh

0

1+1i

1+1i

0

1+1i

1+1i

out kh

1

2

1

1i

2i

1i

kc

0

1

1

1

3

Even though, undirected graphs have been successfully used to model single critical infrastructures, it is a basic method that provides indications of obvious vulnerabilities. Therefore, this paper evaluates as well the Directed Graphs in order to take into account the flow of electricity (in Power Systems) and data (in ICT), and to represent the relation between source (operators) and load (end-users), where the first is offering a service to the second. Entry ahj is defined as in (7). This definition allows creating a Mixed Graph with some edges with a double direction, to represent the energy supply from the Power Distribution Networks and the data from the ICT.   1, if link (h,j) is type 1 or 3 1i, if link (h,j) is type 2 or 4 ahj = (7)  0, otherwise

III. T EST S YSTEM AND R ESULTS The test system is a modification of the typical French Distribution Network presented in [19]. The Power Grid has 14 power-bus, 17 lines, 7 distributed generation, 9 loads, and 3 transformers HTB/HTA1 , as shown in Fig. 3. Aside from this network, there is a considerable supporting ICT infrastructure. The communications network involves 2 routers from a communication network of a public ICT provider (nodes 38 and 39), 1 WiMax BS (node 41), and 8 multiplexers, 26 links including ADSL, PSTN/ISDN, Optic Fiber, and Ethernet 1 From French “Haute Tension B / Haute Tension A”, i.e. High Voltage B (63kV)/High Voltage A(20kV)

technologies. As well, there is a private LAN-GigaEthernet connecting the electrical buses 2, 3 and 4. Router 42 was introduced in order to model the GigaEthernet connection. 01

01

63/20kV

represent edges type 3 and 4. Fig. 5 presents the distribution of node degrees. The results highlight some important nodes that have a dependency with both infrastructures, such as node 39 (ke = 5 and kc = 8) or node 2 (ke = 7 and kc = 2).

01

63/20kV

63/20kV

42 04

02

03

31 05

09 33

06

37

07 38

08

40

14

39

10

41

32

N/O N/C Comm Link

12

11

13

WiMax

Fig. 3. Test System, 14-Bus Power Distribution Network and ICT Network. Missing nodes from 15 to 30 represent loads and generation. Nodes from 31 to 42 are from the ICT Network.

26

8

15

16

37

33

34

7

38

25

23

28

40

11 18

4

42

2

1

22

24

10

Fig. 6 presents the graph representation of the Test System, using a directed graph. Directions in the Power Distribution System (nodes from 1 to 30) where selected from the power load flow. Fig. 7 shows the graphical representation of the Adjacency Matrix A. In/Out node degrees distribution are shown in Fig. 8 and 9, respectively. These figures, shown the existence of few nodes with a high node degree value, that is the case of ICT outdegree 7i (node 39), which is the maximum ICT out-degree value, and the maximum electrical out–degree is 5 (node 2). The kin is more important because shows the dependency of nodes on other infrastructures. For example, there are 7 nodes with an in-degree of 1 + 1i, showing a dependency on both infrastructures.

20

17

IV. D ISCUSSION AND F URTHER W ORK

3

31 9

21 27

14

39

13

12

41

30

19 Electrical Link

Fig. 4.

Node Degree distribution ke and kc , Undirected Graph.

6 32

29

35

5

Fig. 5.

ICT Link

36

Control/Supply Link

Undirect Graph representation of 14-Bus Test System.

Fig. 4 shows the graph representation of the Test System, using an undirected graph. Solid lines represent the edges type 1, i.e. the connection between electrical nodes. Short dashed lines represent edges type 2. And finally, long dashed lines

Despite some of the presented results are evident, it is the first step modeling interdependent infrastructures with complex-valued complex networks. We strongly believe that a two-dimensional analysis of ICT and Power Distribution infrastructures dependencies will help to understand and to identify their vulnerabilities and main threats. Therefore, new models containing the proposed method with more elaborated vulnerability indexes are being developed in order to improve our methodology. Spectral graph theory with two-dimensional Complex Networks will be developed in order to find potential cuts of interconnected infrastructures or to identify critical nodes using more advanced mathematical algorithms. The work presented in this paper will be taken as the foundation of future work, in order to identify break points in coupled infrastructures.

26

8

15

16

37

33

34

7

38

25

23

28

40

11

24

4

42

2

1

22

10 6

18 32

3

31 9

20 29

21

17

27

14

39

13

12

41

30

19 Electrical Link

Fig. 6.

35

5

36

Fig. 8.

Node Degree kin distribution, Directed Graph.

Fig. 9.

Node Degree kout distribution, Directed Graph.

Control/Supply Link

ICT Link

Direct Graph representation of 14-Bus Test System. 0 5 10

To

15 20 25 30 35 40

Due to lack of similar methods –with an integrated representation of multiple infrastructures– in order to verify our results, further work revolves around the results validation on the PREDIS platform and the Control Center Platform built during the European project INTEGRAL. The platform is located at Grenoble - France and is based on 10 demonstration facilities developed by G2ELAB in conjunction with industrial partners.

of coupled infrastructures as shown in the previous section. This method emerges from the need of advanced tools to analyze and understand the new threats and vulnerabilities that emerge from an interconnected and interdependent world. For instance, future Power Distribution Networks: the SmartGrids, which will be electrical networks integrating users, markets, producers and operators, are a clear example of an infrastructure that will highly depend on other infrastructures. The presented method should serve to identify vulnerabilities of Power Distribution and ICT infrastructures by topology-driven analysis. The Node Degree provides important information concerning the connectivity of the system, as well allows knowing key-nodes in the system –hubs– that topologically represent vulnerable components that can failed or be attacked.

V. C ONCLUSION

ACKNOWLEDGMENT

Complex Networks are suitable to model multiple systems despite their inherent differences, e.g. ICT and Power Distribution Systems. This property allows identifying vulnerabilities

Authors wish to thank Claude Chaudet, from Telecom ParisTech, for the inspiration of the Communication Network model presented in Fig. 3. The SINARI project is developed in

0

5

10

15

20

25

30

35

40

From Type 1 or 3

Fig. 7.

Type 2 or 4

Adjacency Matrix representation.

collaboration with Atos Origin, CEA List, EDF R&D, FP Conseil, Telecom ParisTech. R EFERENCES [1] S. Rinaldi, J. Peerenboom, and T. Kelly, “Identifying, understanding, and analyzing critical infrastructure interdependencies,” IEEE Control Syst., vol. 21, no. 6, pp. 11–25, 2001. [2] T. Chen and S. Abu-Nimeh, “Lessons from stuxnet,” Computer, vol. 44, no. 4, pp. 91–93, april 2011. [3] E. Bompard, P. Cuccia, M. Masera, and I. Fovino, “Cyber vulnerability in power systems operation and control,” in Critical Infrastructure Protection, ser. Lecture Notes in Computer Science. Springer Berlin / Heidelberg, 2012, vol. 7130, pp. 197–234. [4] M. Govindarasu, A. Hann, and P. Sauer, “Cyber-physical systems security for smart grid,” in PSERC – Future Grid Initiative White Paper, 2012. [5] T. Chen, J. Sanchez, and J. Buford, “Petri net modeling of cyber-physical attacks on smart grid,” IEEE Trans. Smart Grid, vol. 2, no. 4, pp. 741– 49, dec. 2011. [6] C.-W. Ten, C.-C. Liu, and G. Manimaran, “Vulnerability assessment of cybersecurity for scada systems,” IEEE Trans. Power Syst., vol. 23, no. 4, pp. 1836–46, nov. 2008. [7] A. Merdassi, R. Caire, J. Sanchez, N. Hadjsaid, M. Kellil, N. Oualha, C. Bousba, D. Georges, S. Machenaud, L. Piètre-Cambacédès, and N. Vignol, “Modélisation des Infrastructures critiques interdépendantes,” European Journal of Electrical Engineering (EJEE), vol. 15/6, pp. 557– 585, 2012. [8] W. Kröger, “Critical infrastructures at risk: A need for a new conceptual approach and extended analytical tools,” Reliability Engineering & System Safety, vol. 93, no. 12, pp. 1781–87, 2008. [9] W. Kröger and E. Zio, Vulnerable Systems. New York: Springer, 2011. [10] B. Rozel, M. Viziteu, R. Caire, N. Hadjsaid, and J.-P. Rognon, “Towards a common model for studying critical infrastructure interdependencies,” in 2008 IEEE PES General Meeting - Conversion and Delivery of Electrical Energy in the 21st Century, 2008. [11] R. Moreno, A. Torres, A. George, and M. A. Rios, “Sequential islanding of power systems as a security strategy,” International Review of Electrical Engineering (I.R.E.E.), vol. 6, no. 7, pp. 3058–3064, November– December 2011. [12] B. Rozel, R. Caire, N. Hadjsaid, J.-P. Rognon, and C. Tranchita, “Complex network theory and graph partitioning: Application to large interconnected networks,” 2009 IEEE PowerTech Bucharest, June-July 2009. [13] N. Hadjsaid, L. Le-Thanh, R. Caire, B. Raison, F. Blanche, B. Stahl, and R. Gustavsson, “Modeling cyber and physical interdependencies application in ICT and power grid,” in 2009 IEEE PES Power Systems Conference and Exposition, 2009. [14] S. Arianos, E. Bompard, A. Carbone, and F. Xue, “Power grid vulnerability: A complex network approach,” Chaos, vol. 19, no. 013119, 2009. [15] M. Newman, “The structure and function of complex networks,” SIAM Review, vol. 45, no. 2, pp. 167–256, 2003. [16] R. Albert and A.-L. Barabási, “Statistical mechanics of complex networks,” Reviews on Modern Physics, vol. 74, pp. 47–97, Jan 2002. [17] S. Boccaletti, V. Latora, Y. Moreno, M. Chavez, and D. Hwang, “Complex networks: Structure and dynamics,” Physics reports, vol. 424, no. 4, pp. 175–308, 2006. [18] X. F. Wang and G. Chen, “Complex networks: Small-world, scale-free and beyond,” IEEE Circuits Syst. Mag., vol. 3, no. 1, pp. 6–20, 2003. [19] B. Stahl, L. L. Thanh, R. Caire, and R. Gustavsson, “Experimenting with infrastructures,” in 5th International CRIS Conference on Critical Infrastructures, Beijing, 2010.