Cyber Security of Grid-Scale Battery Energy Storage Systems using Battery Modeling and Statistical Methods

Battery Energy Storage Systems (BESSs) are cyber-physical systems (CPSs) that can be implemented at the grid-scale to supplement intermittent energy generation sources by storing excess energy and supplying energy for grid balancing. To meet grid scale requirements, hundreds of battery cells may be connected as stacks and are controlled by a battery management system (BMS). The BMS ensures the safe operation of the batteries by taking sensor readings, estimating battery states, and protecting and balancing the cells. Most BMSs have voltage sensors for each cell and the battery stack, that may be vulnerable to cyber attacks, and sensor readings are used to estimate the state of charge (SoC) of each cell. The SoC is the available capacity of the cell relative to the total cell capacity and cannot be measured directly. Inaccurate SoC estimation has been linked to the overcharging or overdischarging of battery cells, which could result in rapid degradation, or thermal runaway events. CPSs have been the target of various cyber attacks and malware, one notable example being the Stuxnet worm attack on Iranian industrial plants. One type of man-in-the-middle attack, the false data injection attack (FDIA), aims to disturb state estimation by corrupting sensor measurements before they are used in state estimation. FDIAs use knowledge of the system’s parameters to evade traditional detection mechanisms. Although there have not been FDIAs discovered in CPSs yet, multiple publications contain brute-force and heuristic methods to design FDIA vectors, so proactively exploring defense against FDIA is crucial. It is critical to detect and isolate FDIAs to ensure the safe operation of CPSs, in this case the detection of FDIAs is applied to BESSs. In the scope of grid-scale BESSs a bad actor may use FDIAs to corrupt sensor readings, which could lead to inaccurate SoC estimation. In this dissertation, a three-pronged approach was used to detect FDIAs targeting the sensors of a BESS. Step one was to use a battery model to represent the dynamics of the battery cell or stack, step two was to use a suitable estimation method to estimate the system states, measurements, and generate measurement residuals, and step three was to postprocess the measurement residuals using a FDIA detection mechanism to determine the presence of FDIA. Multiple battery models were studied to represent the cells, including equivalent circuit models (ECMs), ambient temperature dependent ECMs (ATDECMs), and single particle models (SPMs). Various estimation methods were utilized including the Kalman filter (KF) for linear systems, the extended KF (EKF), input noise aware EKF (INAEKF), and unscented KF (UKF) for nonlinear systems. A statistical cumulative sum (CUSUM) algorithm was used to postprocess residuals and detect small-magnitude bias FDIAs injected to the sensors of BESSs. Simulations performed in MATLAB and Simulink were used to demonstrate the effectiveness of the CUSUM algorithm in detecting FDIAs applied to battery cells and stacks. FDIAs were applied to the scenarios described above, where the battery model and estimation method were varied from case to case. The CUSUM algorithm could be tuned to detect the FDIAs in all the systems studied, and in some cases was able to reveal pertinent information about the attack vector such as the targeted sensors and the sign of the FDIA. The false positive rate was able to be tuned to zero in each case, eliminating false alarms sent to the BMS.