Optimal mitigation planning for highly disruptive contingencies to a transmission-level power system requires optimization with dynamic power system constraints, due to the key role of dynamics in system stability to major perturbations. We formulate a generalized disjunctive program to determine optimal grid component hardening choices for protecting against major failures, with differential algebraic constraints representing system dynamics (specifically, differential equations representing generator and load behavior and algebraic equations representing instantaneous power balance over the transmission system). We optionally allow stochastic optimal pre-positioning across all considered failure scenarios, and optimal emergency control within each scenario. This novel formulation allows, for the first time, analyzing the resilience interdependencies of mitigation planning, preventive control, and emergency control. Using all three strategies in concert is particularly effective at maintaining robust power system operation under severe contingencies, as we demonstrate on the western system coordinating council 9-bus test system using synthetic multi-device outage scenarios.
The methodology described in this article enables a type of holistic fleet optimization that simultaneously considers the composition and activity of a fleet through time as well as the design of individual systems within the fleet. Often, real-world system design optimization and fleet-level acquisition optimization are treated separately due to the prohibitive scale and complexity of each problem. This means that fleet-level schedules are typically limited to the inclusion of predefined system configurations and are blind to a rich spectrum of system design alternatives. Similarly, system design optimization often considers a system in isolation from the fleet and is blind to numerous, complex portfolio-level considerations. In reality, these two problems are highly interconnected. To properly address this system-fleet design interdependence, we present a general method for efficiently incorporating multi-objective system design trade-off information into a mixed-integer linear programming (MILP) fleet-level optimization. This work is motivated by the authors' experience with large-scale DOD acquisition portfolios. However, the methodology is general to any application where the fleet-level problem is a MILP and there exists at least one system having a design trade space in which two or more design objectives are parameters in the fleet-level MILP.
The challenge of cyberattack detection can be illustrated by the complexity of the MITRE ATT&CKTM matrix, which catalogues >200 attack techniques (most with multiple sub-techniques). To reliably detect cyberattacks, we propose an evidence-based approach which fuses multiple cyber events over varying time periods to help differentiate normal from malicious behavior. We use Bayesian Networks (BNs) - probabilistic graphical models consisting of a set of variables and their conditional dependencies - for fusion/classification due to their interpretable nature, ability to tolerate sparse or imbalanced data, and resistance to overfitting. Our technique utilizes a small collection of expert-informed cyber intrusion indicators to create a hybrid detection system that combines data-driven training with expert knowledge to form a host-based intrusion detection system (HIDS). We demonstrate a software pipeline for efficiently generating and evaluating various BN classifier architectures for specific datasets and discuss explainability benefits thereof.
Optimal mitigation planning for highly disruptive contingencies to a transmission-level power system requires optimization with dynamic power system constraints, due to the key role of dynamics in system stability to major perturbations. We formulate a generalized disjunctive program to determine optimal grid component hardening choices for protecting against major failures, with differential algebraic constraints representing system dynamics (specifically, differential equations representing generator and load behavior and algebraic equations representing instantaneous power balance over the transmission system). We optionally allow stochastic optimal pre-positioning across all considered failure scenarios, and optimal emergency control within each scenario. This novel formulation allows, for the first time, analyzing the resilience interdependencies of mitigation planning, preventive control, and emergency control. Using all three strategies in concert is particularly effective at maintaining robust power system operation under severe contingencies, as we demonstrate on the Western System Coordinating Council (WSCC) 9-bus test system using synthetic multi-device outage scenarios. Towards integrating our modeling framework with real threats and more realistic power systems, we explore applying hybrid dynamics to power systems. Our work is applied to basic RL circuits with the ultimate goal of using the methodology to model protective tripping schemes in the grid. Finally, we survey mitigation techniques for HEMP threats and describe a GIS application developed to create threat scenarios in a grid with geographic detail.
Multi-objective optimization methods can be criticized for lacking a statistically valid measure of the quality and representativeness of a solution. This stance is especially relevant to metaheuristic optimization approaches but can also apply to other methods that typically might only report a small representative subset of a Pareto frontier. Here we present a method to address this deficiency based on random sampling of a solution space to determine, with a specified level of confidence, the fraction of the solution space that is surpassed by an optimization. The Superiority of Multi-Objective Optimization to Random Sampling, or SMORS method, can evaluate quality and representativeness using dominance or other measures, e.g., a spacing measure for high-dimensional spaces. SMORS has been tested in a combinatorial optimization context using a genetic algorithm but could be useful for other optimization methods.
Solving classification problems with machine learning often entails laborious manual labeling of test data, requiring valuable time from a subject matter expert (SME). This process can be even more challenging when each sample is multidimensional. In the case of an anomaly detection system, a standard two-class problem, the dataset is likely imbalanced with few anomalous observations and many “normal” observations (e.g., credit card fraud detection). We propose a unique methodology that quickly identifies individual samples for SME tagging while automatically classifying commonly occurring samples as normal. In order to facilitate such a process, the relationships among the dimensions (or features) must be easily understood by both the SME and system architects such that tuning of the system can be readily achieved. The resulting system demonstrates how combining human knowledge with machine learning can create an interpretable classification system with robust performance.
When faced with uncertainty regarding potential failure contingencies, prioritizing system resilience through optimal control of exciter reference voltage and mechanical torque can be arduous due to the scope of potential failure contingencies. Optimal control schemes can be generated through a two-stage stochastic optimization model by anticipating a set of contingencies with associated probabilities of occurrence, followed by the optimal recourse action once the contingency has been realized. The first stage, common across all contingency scenarios, co-optimally positions the grid for the set of possible contingencies. The second stage dynamically assesses the impact of each contingency and allows for emergency control response. By unifying the optimal control scheme prior and post the failure contingency, a singular policy can be constructed to maximize system resilience.
This report presents a framework to evaluate the impact of a high-altitude electromagnetic pulse (HEMP) event on a bulk electric power grid. This report limits itself to modeling the impact of EMP E1 and E3 components. The co-simulation of E1 and E3 is presented in detail, and the focus of the paper is on the framework rather than actual results. This approach is highly conservative as E1 and E3 are not maximized with the same event characteristics and may only slightly overlap. The actual results shown in this report are based on a synthetic grid with synthetic data and a limited exemplary EMP model. The framework presented can be leveraged and used to analyze the impact of other threat scenarios, both manmade and natural disasters. This report d escribes a Monte-Carlo based methodology to probabilistically quantify the transient response of the power grid to a HEMP event. The approach uses multiple fundamental steps to characterize the system response to HEMP events, focused on the E1 and E3 components of the event. 1) Obtain component failure data related to HEMP events testing of components and creating component failure models. Use the component failure model to create component failure conditional probability density function (PDF) that is a function of the HEMP induced terminal voltage. 2) Model HEMP scenarios and calculate the E1 coupled voltage profiles seen by all system components. Model the same HEMP scenarios and calculate the transformer reactive power consumption profiles due to E3. 3) Sample each component failure PDF to determine which grid components will fail, due to the E1 voltage spike, for each scenario. 4) Perform dynamic simulations that incorporate the predicted component failures from E1 and reactive power consumption at each transformer affected by E3. These simulations allow for secondary transients to affect the relays/protection remaining in service which can lead to cascading outages. 5) Identify the locations and amount of load lost for each scenario through grid dynamic simulation. This can be an indication of the immediate grid impacts from a HEMP event. In addition, perform more detailed analysis to determine critical nodes and system trends. 6) To help realize the longer-term impacts, a security constrained alternating current optimal power flow (ACOPF) is run to maximize critical load served. This report describes a modeling framework to assess the systemic grid impacts due to a HEMP event. This stochastic simulation framework generates a large amount of data for each Monte Carlo replication, including HEMP location and characteristics, relay and component failures, E3 GIC profiles, cascading dynamics including voltage and frequency over time, and final system state. This data can then be analyzed to identify trends, e.g., unique system behavior modes or critical components whose failure is more likely to cause serious systemic effects. The proposed analysis process is demonstrated on a representative system. In order to draw realistic conclusions of the impact of a HEMP event on the grid, a significant amount of work remains with respect to modeling the impact on various grid components.
Sandia National Laboratories sponsored a three-year internally funded Laboratory Directed Research and Development (LDRD) effort to investigate the vulnerabilities and mitigations of a high-altitude electromagnetic pulse (HEMP) on the electric power grid. The research was focused on understanding the vulnerabilities and potential mitigations for components and systems at the high voltage transmission level. Results from the research included a broad array of subtopics, covered in twenty-three reports and papers, and which are highlighted in this executive summary report. These subtopics include high altitude electromagnetic pulse (HEMP) characterization, HEMP coupling analysis, system-wide effects, and mitigating technologies.
In order to effectively plan the management and modernization of their large and diverse fleets of vehicles, Program Executive Office Ground Combat Systems (PEO GCS) and Program Executive Office Combat Support and Combat Service Support (PEO CS&CSS) commis- sioned the development of a large-scale portfolio planning optimization tool. This software, the Capability Portfolio Analysis Tool (CPAT), creates a detailed schedule that optimally prioritizes the modernization or replacement of vehicles within the fleet - respecting numerous business rules associated with fleet structure, budgets, industrial base, research and testing, etc., while maximizing overall fleet performance through time. This paper contains a thor- ough documentation of the terminology, parameters, variables, and constraints that comprise the fleet management mixed integer linear programming (MILP) mathematical formulation. This paper, which is an update to the original CPAT formulation document published in 2015 (SAND2015-3487), covers the formulation of important new CPAT features.
To help effectively plan the management and modernization of their large and diverse fleets of vehicles, the Program Executive Office Ground Combat Systems (PEO GCS) and the Program Executive Office Combat Support and Combat Service Support (PEO CS &CSS) commissioned the development of a large - scale portfolio planning optimization tool. This software, the Capability Portfolio Analysis Tool (CPAT), creates a detailed schedule that optimally prioritizes the modernization or replacement of vehicles within the fleet - respecting numerous business rules associated with fleet structure, budgets, industrial base, research and testing, etc., while maximizing overall fleet performance through time. This report contains a description of the organizational fleet structure and a thorough explanation of the business rules that the CPAT formulation follows involving performance, scheduling, production, and budgets. This report, which is an update to the original CPAT domain model published in 2015 (SAND2015 - 4009), covers important new CPAT features. This page intentionally left blank
As system of systems (SoS) models become increasingly complex and interconnected a new approach is needed to capture the effects of humans within the SoS. Many real-life events have shown the detrimental outcomes of failing to account for humans in the loop. This research introduces a novel and cross-disciplinary methodology for modeling humans interacting with technologies to perform tasks within an SoS specifically within a layered physical security system use case. Metrics and formulations developed for this new way of looking at SoS termed sociotechnical SoS allow for the quantification of the interplay of effectiveness and efficiency seen in detection theory to measure the ability of a physical security system to detect and respond to threats. This methodology has been applied to a notional representation of a small military Forward Operating Base (FOB) as a proof-of-concept.
As system of systems (SoS) models become increasingly complex and interconnected a new approach is needed to capture the effects of humans within the SoS. Many real-life events have shown the detrimental outcomes of failing to account for humans in the loop. This research introduces a novel and cross-disciplinary methodology for modeling humans interacting with technologies to perform tasks within an SoS specifically within a layered physical security system use case. Metrics and formulations developed for this new way of looking at SoS termed sociotechnical SoS allow for the quantification of the interplay of effectiveness and efficiency seen in detection theory to measure the ability of a physical security system to detect and respond to threats. This methodology has been applied to a notional representation of a small military Forward Operating Base (FOB) as a proof-of-concept.
Modern systems, such as physical security systems, are often designed to involve complex interactions of technological and human elements. Evaluation of the performance of these systems often overlooks the human element. A method is proposed here to expand the concept of sensitivity—as denoted by d’—from signal detection theory (Green & Swets 1966; Macmillan & Creelman 2005), which came out of the field of psychophysics, to cover not only human threat detection but also other human functions plus the performance of technical systems in a physical security system, thereby including humans in the overall evaluation of system performance. New in this method is the idea that probabilities of hits (accurate identification of threats) and false alarms (saying “threat” when there is not one), which are used to calculate d’ of the system, can be applied to technologies and, furthermore, to different functions in the system beyond simple yes-no threat detection. At the most succinct level, the method returns a single number that represents the effectiveness of a physical security system; specifically, the balance between the handling of actual threats and the distraction of false alarms. The method can be automated, and the constituent parts revealed, such that given an interaction graph that indicates the functional associations of system elements and the individual probabilities of hits and false alarms for those elements, it will return the d’ of the entire system as well as d’ values for individual parts. The method can also return a measure of the response bias* of the system. One finding of this work is that the d’ for a physical security system can be relatively poor in spite of having excellent d’s for each of its individual functional elements.
This report summarizes the work performed as part of a Laboratory Directed Research and Development project focused on evaluating and mitigating risk associated with biological dual use research of concern. The academic and scientific community has identified the funding stage as the appropriate place to intervene and mitigate risk, so the framework developed here uses a portfolio-level approach and balances biosafety and biosecurity risks, anticipated project benefits, and available mitigations to identify the best available investment strategies subject to cost constraints. The modeling toolkit was designed for decision analysis for dual use research of concern, but is flexible enough to support a wide variety of portfolio-level funding decisions where risk/benefit tradeoffs are involved. Two mathematical optimization models with two solution methods are included to accommodate stakeholders with varying levels of certainty about priorities between metrics. An example case study is presented.
Recent budget reductions have posed tremendous challenges to the U.S. Army in managing its portfolio of ground combat systems (tanks and other fighting vehicles), thus placing many important programs at risk. To address these challenges, the Army and a supporting team developed and applied the Capability Portfolio Analysis Tool (CPAT) to optimally invest in ground combat modernization over the next 25-35 years. CPAT provides the Army with the analytical rigor needed to help senior Army decision makers allocate scarce modernization dollars to protect soldiers and maintain capability overmatch. CPAT delivers unparalleled insight into multiple-decade modernization planning using a novel multiphase mixed-integer linear programming technique and illustrates a cultural shift toward analytics in the Army's acquisition thinking and processes. CPAT analysis helped shape decisions to continue modernization of the $10 billion Stryker family of vehicles (originally slated for cancellation) and to strategically reallocate over $20 billion to existing modernization programs by not pursuing the Ground Combat Vehicle program as originally envisioned. More than 40 studies have been completed using CPAT, applying operations research methods to optimally prioritize billions of taxpayer dollars and allowing Army acquisition executives to base investment decisions on analytically rigorous evaluations of portfolio trade-offs.
System-of-systems modeling has traditionally focused on physical systems rather than humans, but recent events have proved the necessity of considering the human in the loop. As technology becomes more complex and layered security continues to increase in importance, capturing humans and their interactions with technologies within the system-of-systems will be increasingly necessary. After an extensive job-task analysis, a novel type of system-ofsystems simulation model has been created to capture the human-technology interactions on an extra-small forward operating base to better understand performance, key security drivers, and the robustness of the base. In addition to the model, an innovative framework for using detection theory to calculate d’ for individual elements of the layered security system, and for the entire security system as a whole, is under development.
To help effectively plan the management and modernization of its large and diverse fleet of vehicles, the Program Executive Office Ground Combat Systems (PEO GCS) commissioned the development of a large-scale portfolio planning optimization tool. This software, the Capability Portfolio Analysis Tool (CPAT), creates a detailed schedule that optimally prioritizes the modernization or replacement of vehicles within the fleet - respecting numerous business rules associated with fleet structure, budgets, industrial base, research and testing, etc., while maximizing overall fleet performance through time. This report contains a description of the organizational fleet structure and a thorough explanation of the business rules that the CPAT formulation follows involving performance, scheduling, production, and budgets.
In order to effectively plan the management and modernization of its large and diverse fleet of vehicles, the Program Executive Office Ground Combat Systems (PEO GCS) commissioned the development of a large-scale portfolio planning optimization tool. This software, the Capability Portfolio Analysis Tool (CPAT), creates a detailed schedule that optimally prioritizes the modernization or replacement of vehicles within the fleet - respecting numerous business rules associated with fleet structure, budgets, industrial base, research and testing, etc., while maximizing overall fleet performance through time. This paper contains a thorough documentation of the terminology, parameters, variables, and constraints that comprise the fleet management mixed integer linear programming (MILP) mathematical formulation.