Power systems are complex systems that have great importance to socio-economic development due to the fact that the entire world relies on the electric network power supply for day-to-day life. Therefore, for the stable operation of power systems, several protection and control techniques are necessary. Among various power system controls, the load frequency control (LFC) is the most time-consuming control mechanism of power systems due to the involvement of mechanical parts. As the control algorithms of frequency stabilization deliver control signals in the timescale of seconds, LFC systems cannot handle complicated data validation algorithms, making them more vulnerable to disturbances and cyber-attacks. Hence advanced research is highly encouraged in the field of development of attack resilient frequency stabilization techniques and in the area of cyber-security of LFC systems.
Although LFC schemes ensure power system stability with reliable electric power of guaranteed quality and zero frequency deviations, it is prone to cyber-attacks from malicious adversaries. Modern deregulated power system LFC schemes use open communication infrastructure in contrast to conventional LFCs, which used dedicated communication channels for the transmission of signals, among remote terminal units (RTU), control center, and generator unit . The highly decentralized LFC scheme with open communication network is more prone to various malicious attacks like jamming of communication channels, injection of false data, alterations in the load of the power system, etc. . In addition, LFC schemes have to generate control signals in the timescale of seconds. Therefore, the LFC loop cannot afford to use complex data validation algorithms for the validation and estimation of measurement data. The attackers can take advantage of this and manipulate the measurement data with less detailed mathematics . These circumstances indicate the vulnerability of the LFC system to cyber-attack. Therefore, the study and analysis of attack impacts on the LFC system are highly important. The research activities in the area of cyber-security of the LFC system also help developing countermeasures like detection and defense mechanisms which can mitigate cyber-attack impacts. The impact of the attack in the LFC system is measured in terms of breach of operating frequency . The defense mechanisms of the LFC system generally include resilient control algorithms .
The power system control loops (including LFC systems) consists of control centers, electronic field devices, and communication networks working together, for the reliable and efficient generation, transmission, and distribution of power . Sensors collect measurements of various physical parameters, like the terminal voltage, power flow, rotor speed, etc., from the field devices and the measurements are sent to the control center using dedicated communication protocols. The group of computational algorithms that processes and analyzes the measurements from sensors or terminal units is collectively called as energy management system (EMS) . The decisions from the control center are then transmitted to actuators for the implementation of required changes through field devices or actuators. Primary control or governor control, secondary control scheme with the help of traditional supervisory control and data acquisition (SCADA), the secondary control scheme in smart grid/microgrid control using phasor measurement units (PMU), etc. have been developed for the LFC in the generation side of the power system . The LFC scheme is basically implemented to ensure the balance between load and frequency in the power system and thus eliminating the non-zero frequency deviation . A well-designed power system with LFC adjusts perfectly against the load variations and system disturbances while producing high-quality electric power and maintaining frequency within the tolerance limit .
The LFC scheme primarily starts with governor control, which is the control of the generation unit using speed regulation or droop characteristics. Droop characteristics represent the slope of the governor steady-speed characteristics curve . From the control point of view, it can be viewed as a proportional controller that ends up with a steady-state frequency deviation .
The governor control (local control) of LFC system does not rely on the SCADA telemetry system, as the rotor speed measurements of the single generator are locally sensed . In this case, the valve position of the prime mover is adjusted according to the sensed speed to reflect the corresponding change in the output power of the generator .
Even though this is a local control scheme, the control module/controller of this scheme does have a communication link with the control center of the plant as it defines the governor controller operating setpoint using this link. The attack surface of local control loops is limited due to the local sensing of measurements without using the SCADA network. Therefore, attacks like DoS, replay, integrity, timing, etc. are not applicable to this control loop. However, the malware can still compromise system cyber-security measures and enter substation LAN through entry points like USB keys. The malware then corrupts the control module settings and disrupts normal operation. The Modbus protocol is used by the controllers of modern digital governor control for the communication with control center computers via Ethernet .
Different from governor control, the secondary control of the LFC scheme allows the frequency control of multiple generators that are operated in parallel, sharing large electrical loads. The secondary control provides a reset action for the steady-state frequency deviation and adjusts the generation automatically to re-establish the system frequency to the nominal value for the continuous load changes . The secondary control system resets the frequency deviation at steady-state to zero value .
The LFC system configurations can be divided into single-area and multi-area schemes. In the multi-area or interconnected-area LFC system, the power exchange between the areas happens through connections called tie-lines . The aim of the single-area LFC system is only restricted to the stabilization of operating frequency to the nominal value as the interconnected system adjustment is not needed . In the multi-area LFC system, the generators of each area have to control local load and tie-line power variations from interconnected areas to attain load balances at local and global levels .
Traditionally, LFC of an area or interconnected areas involving multiple generators is done with the help of energy control centers that make use of on-line computers and remote data acquisition systems like SCADA . In the modern electric grid and smart grid, PMU is used for real-time monitoring and control. The communication channels from RTUs to the control center and from the control center to governor control are the main attack points of secondary control loops both in single-area and multi-area LFC systems .
The typical LFC loop is given in Figure 1 and the attack points of the single-area LFC system are provided in Figure 2. The schematic diagram of the multi-area LFC system with attack points is provided in Figure 3.
The main types of cyber-attacks in the LFC system are given in Figure 4.
Figure 4. Various attacks of the LFC system .
Different fields in the cyber-security of the LFC system that has not received adequate attention are mentioned below .
Some of the inferences obtained from the research works related to the LFC system are that the vulnerability to cyber-attacks is higher for multi-area LFC systems due to the increased number of attack points. In addition, as the frequency response time of LFC systems is more, the computational algorithms of these systems are slower compared to other control loops in the power systems. Therefore, more research is essential to develop fast computational algorithms and resilient control strategies. There are many research areas like “stochastic LFC systems”, “non-linearities of LFC systems”, “cyber-security against stealthy attacks in LFC systems”, etc. which still remain unexplored .