Abstract
Given the increase in deployment of large scale renewable energy plants such as offshore wind, there is a growing interest in protecting these assets from targeted cyber-attacks on their SCADA control system. Detecting when a breach has occurred is a priority, as once detected it is possible to reduce the effects of the attack by disconnecting the attacker and reconfiguring the system from a backup. Network intrusion methods are currently in use, but there has not been a comprehensive study of the best methods to detect cyber-attacks using control system data. This paper introduces a benchmark cyber-detection strategy in wind turbine grid-side controllers. It combines a detailed model of the wind turbine's electrical subsystem, control loops equivalent to the ones used in industrial scenarios, and robust model-based detection techniques. The detector consists of an Unscented Kalman Filter (UKF) for residual generation, along with a Generalised Likelihood Ratio (GLR) test and a Cumulative Sum (CUSUM) algorithm for residual evaluation. It was tested in the presence of noise with bias-injection attack profiles. The performed tests show great detection performance on setpoints, controller gains and sensor measurements changes, as they are direct inputs to the observer design. Yet, it still detects larger changes in unobserved variables such as control signals.
Original language | English |
---|---|
Title of host publication | International Conference on Control, Decision and Information Technologies (CoDIT) |
Publication date | 1 Jul 2024 |
Publication status | Published - 1 Jul 2024 |