With support from the Siebel Energy Institute, a team of scientists from the University of Illinois Urbana-Champaign (UIUC) developed algorithms that help utility companies zero in on electricity thieves.
For almost as long as electricity has been around, people have been stealing it. Today, the majority of electricity theft is committed by an individual at their home or small business, where they either siphon power from another line or tamper with their meter.
Electricity theft is a significant global problem that results in revenue loss and increased costs to paying customers, as well as a range of safety issues. One recent study by Northeast Group, LLC puts the 2015 cost of worldwide electricity theft at $89.3 billion – a remarkable figure for an “invisible” crime.
Smart meters and other Internet-based software in energy systems have expanded the opportunities for theft, yet the measures utility companies have in place to detect malicious activity are largely incapable of detecting the sophisticated attacks that target the metering infrastructure.
With support from the Siebel Energy Institute, a team of scientists from the University of Illinois Urbana-Champaign (UIUC) has developed algorithms that identify energy usage patterns that are indicative of electricity theft. The software can help utility companies zero in on electricity thieves by alerting them to unusual electricity use.
William Sanders, the Donald Biggar Willett Professor of Engineering and head of the department of Electrical and Computer Engineering at UIUC, led the project. ECE Illinois graduate student Varun Badrinath Krishna and research scientist Gabriel Weaver collaborated on the work with Sanders.
The researchers tested three statistical methods on a dataset of real smart meter readings from Ireland’s Commission for Energy Regulation. Each method employed data analysis to develop profiles for different types of usage, such as when people were home or on vacation. The algorithms were then trained to recognize anomalies in consumption patterns.
The project, Design and Evaluation of Methods to Detect Electricity Theft in Advanced Metering Infrastructure, is the first to combine fundamental mathematical methods to identify and detect attacks that can lead to electricity theft.
Articles published by the team have won best paper awards at two academic conferences. A proposal based on the research was also accepted as one of the projects to be supported by the U.S. Department of Energy’s Cyber Resilient Energy Delivery Consortium (CREDC), a new five-year, $28.1 million initiative led by the University of Illinois at Urbana-Champaign.
Krishna and Sanders spoke with the Siebel Energy Institute about the project.
Q: This project was partially motivated by the fact that the majority of electricity theft attacks circumvent the detection methods on which utilities now rely. Are the existing systems generally similar to one another? Why aren’t the current detection systems effective?
Communication networks in power grids, like communication networks in many applications (like the Internet itself), were not historically designed to be secure from the ground up. Security measures taken by utilities have been added to existing communication infrastructure in response to attacks, such as theft. Our work allows utilities to determine whether smart meters have been compromised based on an understanding of normal consumption patterns.
Q: How technologically savvy does someone need to be to successfully manipulate their smart meter?
It’s been reported that some smart meters that have been deployed come with the “feature” that a utility employee can upgrade the software on the meter using its optical interface. It’s thus possible that inadequate authentication measures on the meter could make that interface vulnerable. We have read, from unverified online sources, that consumers have paid disgruntled utility employees (or former employees) a fee to help them compromise their own smart meters.
Q: In addition to using real data to create profiles of typical electricity usage, your team also identified patterns that signal theft. In terms of data analysis, what does electricity theft “look” like?
An attacker who is not adequately masking his/her attack will under-report the meter demand. That leads to abnormally low measurements seen at the utility’s end, which can be detected with data analysis. If the attacker is masking his/her attack by over-reporting a neighbor’s demand, the utility might see abnormally high readings indicating that the meter belongs to a customer who may be a victim of an attacker in the same neighborhood (sharing the same transformer).
Q: What were the biggest challenges you faced when defining parameters or conditions that would be flagged as possible illegal activity?
Our greatest challenge has been in differentiating possible illegal activity from anomalous, but legitimate, activity. For example, from meter data alone, we would not be able to tell whether a consumer has gone on vacation (leading to abnormally low consumption) or whether the consumer is under-reporting meter readings. By seeing whether other consumers are simultaneously reporting similarly anomalous behavior, we may be able to reduce the false positive rate, assuming that low consumption is a consequence of a holiday (like Labor day).
Q: Why is it so important for the detection algorithm to minimize both false positives and false negatives?
When a meter is reporting suspicious activity, the utility would send an employee to investigate the meter in person. If that meter turned out to be properly functioning, the cost of investigation would have gone to waste. By reducing the false positive rate, utilities can reduce their cost of investigation. But by reducing the false negative rate, utilities can reduce their cost due to theft itself. Therefore, it is important to simultaneously minimize both.
Q: The mathematical methods this research employs are fairly well known data analysis models. Why hadn’t they been applied to grid security analysis prior to this project?
We believe that the recent availability of smart meter data has made it possible for this research to happen now, whereas it was not possible before the data became available.
Q: The necessary data to detect electricity theft is already being collected from customers for billing purposes. What else needs to be in place for a utility company to implement your detection software?
Nothing else needs to be in place, and therein lies the reason why our work has been well received- it is readily implementable with existing technologies. In order to improve detection rates and mitigate attacks, it would be helpful to have redundant smart meters at upstream locations in the power grid (at all transformers). That would make it significantly harder for an attacker to steal a lot of electricity while going undetected, within our detection framework.
Q: How does this research fit into the broader objectives of the U.S. DOE’s efforts to make the power grid more resilient to cyber-attacks?
This research makes advances in intrusion detection in the context of power grid data. The methods being used to detect theft are equally applicable in detecting other kinds of attacks on the power grid. We are in the process of uncovering other motives an attacker may have in manipulating meter data, and that could lead to loss of resiliency.
Q: With support from the National Science Foundation (NSF), your team has been granted access to test your detection algorithms on the Blue Waters supercomputer at the National Center for Supercomputing Applications (NCSA). What will you do with your 50,000 node hours?
A: We are using Blue Waters to evaluate our detection algorithms on a wide range of simulated electricity theft attacks. These evaluations allow us to understand the limits of our methods. We plan to investigate the minority of scenarios where our methods do not work well, and to develop solutions for those scenarios.
F-DETA: A Framework for Detecting Electricity Theft Attacks in Smart Grids, presented at the Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2016) by Varun Badrinath Krishna, Kiryung Lee, Gabriel A. Weaver, Ravishankar K. Iyer and William H. Sanders.
ARIMA-Based Modeling and Validation of Consumption Readings in Power Grids, presented at the 10th International conference on Critical Information Infrastructure Security (CRITIS 2015) by Varun Badrinath Krishna, Ravishankar K. Iyer and William H. Sanders, where it was a winner of the CIPRNet Young CRITIS Award.
PCA-Based Method for Detecting Integrity Attacks on Advanced Metering Infrastructure presented at the 12th International conference on Quantitative Evaluation of SysTems (QEST 2015) by Varun Badrinath Krishna, Gabriel A. Weaver and William H. Sanders, where it was the winner of a Best Paper Award.