Title: Attack-resilient algorithms and testbed federation for wide-area protection and control in smart grid

Today’s energy infrastructure is undergoing a massive transformation across all generation, transmission, and distribution systems to provide reliability, efficiency, and sustainability to the power system network. During the past 10 years, there has been a remarkable enhancement in developing close-loop wide-area protection and control (WAPAC) applications, such as automatic generation control (AGC), wide-area protection scheme (WAPS), synchrophasor-based wide-area voltage control system (WAVCS), etc., in the energy management system (EMS) to provide an adequate situational awareness to control center operators during physical disturbances and natural events. The rapid digitalization, unencrypted communication, and numerous data-sharing devices have increased digital access points that have exposed the grid network to countless cyberattacks pertinent to the WAPAC cybersecurity. Given the amount of complex grid network coupled with legacy infrastructures, it is untrustworthy to completely rely on information technology (IT)-based conventional security measures to defend against evolving cyberattacks. Hence, there is a compelling need to go beyond the traditional paradigm of ‘security by obscurity’ and ‘bolt-on’ security measures, and develop a suite of innovative security solutions at multiple layers to transform the current “fault-resilient” grid into “fault and attack-resilient” grid of the future. This dissertation specifically focuses on developing application-specific attack-resilient solutions for critical WAPAC applications in the smart grid. The first part of the study, Attack-Resilient Wide-Area Protection Scheme, presents a cyber-physical attack-resilient system (CPARS) for WAPS, where two anomaly detection methods are proposed to detect multi-level cyberattacks followed by the rules-based intrusion mitigation system (RIMS) to initiate effective mitigation strategies, tailored to these attacks, to restore the normal grid operation after disturbances. The first anomaly detection component, Machine learning-based Anomaly Detection for Centralized WAPS, discusses a novel architecture and methodology for developing a machine-learning-based anomaly detection system (ADS) for the centralized wide-area protection system (CWAPS) by applying the variational mode decomposition (VMD) technique and decision tree (DT) algorithms using cyber logs and synchrophasor measurements. The second component, Multi-Agent-based Anomaly Detection for Decentralized WAPS, presents a two-level hierarchical multi-agent-based decentralized WAPS against the system-aware stealthy cyber-attacks. Finally, for the RIMS, the state transition diagram-based mitigation measures are defined based on the grid operation states and experimental testing and evaluation are presented in a cyber-physical testbed environment. The second part of the study, Attack-Resilient Wide-Area Voltage Control System, addresses the existing vulnerabilities in the wide-area voltage control system (WAVCS), presents the methodology for performing an impact analysis during data integrity attacks, and proposes a data-driven attackresilient system (DARS) by incorporating machine learning-based ADS and rules-based anomaly mitigation system (RAMS) to detect these attacks and provide necessary mitigation actions to maintain the transient voltage stability after disturbances. Finally, the third part, Networked Federation Testbed (NEFTSec) for Smart Grid Cybersecurity, focuses on developing an interconnected federated testbed through a common network like the internet, describes its conceptual architectures, and also presents its design components for experimental testing, validation, and evaluation. Further, it presents the co-simulation interface algorithm (CIA) to facilitate the geographically-dispersed real-time distributed simulation (GD-RTDS) during the cyber-physical federation. In general, this dissertation presents innovative attack-resilient solutions for WAPAC applications that are experimentally tested and evaluated using the PowerCyber testbed and NEFTSec platform to accelerate the transition of state-of-the-art research works to the real-field deployments.