Robustness Assessment of Cyber-Physical Power Systems Considering Cyber Network Performance

Abstract

The integration of cyber and physical networks in modern power system introduces complex interdependencies that necessitate effective robustness assessment frameworks. In this paper, we propose a novel robustness assessment method for cyber-physical power systems (CPPS), which integrates structural and functional robustness. Firstly, an interdependent dynamic hierarchical network model that accounts for static topological structure, functional attributes and dynamic operational characteristics of cyber-physical power system is established. Based on the model, a probabilistic cascading failure model considering topological connectivity loss, power flow overload, cyber functional failures, and cyber-physical dependence is proposed. The proposed model quantifies the cross-layer impact of cyber-layer impairments (such as communication delay and data loss) on physical-layer operation. Finally, the impacts of cyber network performance and initial failure modes on the robustness of the coupled system are analyzed. The results show that an excellent processing performance and topological connectivity of cyber network can enhance the robustness of the coupled system, and the failure of high-degree nodes is more likely to trigger more severe cascading failure results than the failure of high-betweenness nodes.

1. Introduction

The extensive deployment of intelligent electronic devices (IEDs) has led power grid to increasingly rely on cyber system for situational awareness and precise control. Modern power system have evolved into a cyber-physical power system (CPPS), characterized by deep coupling between the physical power layer and the cyber layer [1,2]. The security and reliability of the coupled system critically depend on the coordination between these two layers. The physical power system relies on the cyber system for data sensing and communication to ensure real-time perception and dynamic control. Conversely, the cyber system depends on the physical system for power supply and physical device, as its control commands are executed by physical equipment [3]. Although this interdependence enables the operation of the power system more intelligent and efficient, disturbances originating in either subsystem can propagate to the other, potentially triggering cascading failures and thereby posing significant risks to the entire CPPS [4].

In recent years, there have been numerous power outages worldwide, triggered by natural disasters, malicious attacks, and other incidents. For instance, during the 2015 Ukraine power outage, the cyber system was compromised, leading to malicious switching operations and resulting in outages for 80,000 customers [5]. This illustrates that disturbances can not only cause direct physical damage but can also exploit cyber-physical coupling mechanism to inflict power loss by disrupting cyber components or functionality. Therefore, ensuring the secure and stable operation of the power system requires taking into account the impact of cyber system. Cyber failures such as delays and interruptions can lead to abnormal power system operation or even cascading failures, directly compromising the robustness of CPPS [6,7].

Numerous studies have been devoted to assessing the robustness of the CPPS. Several studies focus on assessing CPPS robustness from a topological perspective, weakening inherent dynamic operational characteristics and failing to accurately capture functional robustness of the system [8,9,10,11]. For instance, Chen et al. [11] took into account the survival clusters and heterogeneity of nodes in cyber-physical power systems, and studied robustness of the system under various attack scenarios. They revealed the impact of survival clusters on the robustness of CPPS during cascading failures, but ignored the roles of power flow and information flow in the failure propagation process, resulting in an inability to accurately assess the performance of the system. After that, some scholars have attempted to take into account the dynamic operational characteristics of the coupled system. For example, Zhang et al. [12] investigated CPPS robustness considering the power flow overload and largest connected component in the cyber network, but their model ignored data transmission dynamics in the cyber network. Chen et al. [13] studied the robustness of CPPS from a complex network viewpoint, taking into account the power flow distribution and cyber network traffic load, but employed a deterministic model for evaluating the consequences of data transmission overload. Actually, the failure of data transmission does not necessarily alter the topology or state of CPPS. On the contrary, it can disable monitoring and control functions, increasing the failure risk of physical network. Chen et al. [14] took into consideration probabilistic line outage rules, cyber flow transmission, and interdependence probabilities between systems, and evaluated the robustness of cyber-physical system under multi-stage attacks. However, the cyber flow model based on betweenness and shortest path restricts the analysis of the impact of cyber network performance on coupled systems. Besides, Zhang et al. [15] evaluated the CPPS robustness considering the cyber network’s role in wide-area protection. Then, artificial intelligence algorithms were applied to the robustness analysis of cyber-physical power systems [16]. The prior work provides a reference for the robustness assessment of CPPS, but there is still a lack of effective models to quantify the impact of cyber network performance (functional or topological attributes) on the robustness of CPPS.

Recently, some research focuses on the impact of cyber network equipment and functions on the reliability of cyber-physical power systems. Jimada-Ojuolape et al. [17] integrated the wide area monitoring function of phasor measurement unit and studied the impact of information and communication technology contingencies on the reliability of cyber-physical power systems. Furthermore, they studied the crucial role of deployment of phasor measurement units and network observability on the reliability of cyber physical power systems [18]. Moreover, Sun et al. [19] utilized multi-objective optimization methods to investigate the critical role of control decisions in cyber network on the reliable and optimized operation of cyber-physical power systems. Lu et al. [20] studied the impact of functional degradation of cyber network caused by false data injection attacks on the reliable operation of cyber-physical power systems. Zhu et al. [21] integrated the resilient control of cyber system with the robust control of physical system, and proposed a hybrid theoretical framework for resilient and robust control design. Although the above-mentioned research revealed the impacts of cyber network equipment and functions on the reliable operation of cyber-physical power systems, they fail to clarified the specific role of failure propagation mechanisms under multiple dependencies on system robustness, and cannot propose the robustness metric that integrates failure evolution features. Therefore, it is urgently necessary to systematically sort out the complex dependency relationships and failure evolution mechanism within the cyber-physical power system, and then construct a robustness evaluation framework that integrates topological and functional attributes.

In this paper, we propose a novel model for assessing the robustness of CPPS and investigate the impacts of cyber network performance (functional and structural attributes) and initial failure modes on the robustness of cyber-coupled systems. The proposed method quantifies the cross-layer impact of cyber-layer impairments (such as delays and data loss) on physical-layer operation. Firstly, an interdependent CPPS network model is established, which integrates power flow dynamics, data transmission dynamics, and component functional attributes. Then, a probabilistic cascading failure propagation model for the cyber-physical power system is proposed, which takes into account topological connectivity loss, cyber functional failure, power flow overload, and cross-layer impacts between cyber and physical systems. The robustness metrics for cyber-physical power systems that reflect the cascading failure risk, cascading failure duration, and the power outage size distribution are proposed. Finally, the proposed method is applied to evaluate the robustness of the cyber-coupled IEEE 118 bus system.

The rest of the paper is organized as follows. In Section 2, a dynamic hierarchical network model of CPPS is established, which takes into account the structural and dynamic properties of networks as well as the functions of network components. Then, in Section 3, a robustness assessment method composed of a probabilistic cascading failure model and two robustness metics is introduced. Specifically, the topological connectivity loss, power flow overload, cyber functional failures and cyber-physical dependence are considered in the cascading failure model. In Section 4, the proposed method is applied to investigate the robustness of several coupled systems generated by coupling the IEEE 118 bus system with communication networks, and the key findings were summarized. In Section 5, the conclusion is presented.

2. Network Model

The cyber-physical power system is the integration of CPS and power system, which utilizes technologies such as intelligent sensing, reliable communication, and automatic control to tightly couple the physical layer and cyber layer into a unified intelligent network [22]. The physical network senses physical parameters (such as voltage and current), convert continuous analog data into discrete digital data, and then transmit it via the cyber network. The cyber network, utilizing effective communication modes for reliable data transmission, sends the information to the control system for processing. The processed results or control commands are then fed back to the physical terminal for physical device control [23,24]. To accurately capture the multi-dimensional characteristics of CPPS, this paper proposes a coupled multi-layer network model.

2.1. Hierarchical Topology Modeling

Physical Layer: The physical layer characterizes the power grid topology with a weighted undirected graph G_p = (V_p, E_p, W_p), where the node set V_p distinguishes generators, busbars and loads, the edge set E_p describes the electrical connections between different nodes, and the weight W_p maps the line admittance parameters. In addition, due to the regional distribution nature of the power grid, the power network model can be regarded as a heterogeneous network containing multiple communities, each of which can include power generation nodes and load nodes. By setting the connection probability between different communities, the topological connection strength between actual regional power grids can be simulated.

Cyber Layer: The cyber network is constructed as a heterogeneous graph G_c = (V_c, E_c, A_v, A_e). The cyber nodes are functionally classified into routing nodes (PMU/RTU) and control nodes (local controller/SCADA). Attribute vectors A_v (node processing rate) and A_e (link bandwidth) are introduced to achieve the joint expression of functionality and structure of the cyber network. Taking into account the similarity between the topology distribution of cyber network and power network, cyber network can also be described as functional network containing multiple communities of different scales.

Cyber-Physical Interaction: The operational status of physical layer nodes (such as generators and loads) depends on the perception and decision-making capabilities provided by cyber layer nodes (such as control units and routing units). Specifically, cyber nodes achieve precise perception of the state of physical objects by parsing the data flow from physical layer sensors, and generate optimized control instructions. These instructions are then delivered to the execution nodes at the physical layer via the communication network, thereby altering the operating conditions of the physical system. Conversely, the functional effectiveness of cyber layer nodes fundamentally depends on physical layer nodes. The dynamic behavior of physical layer is the source of all data-driven actions in the cyber layer, and their physical laws and engineering constraints are the boundary conditions that cyber layer algorithm models must follow. Moreover, the operation of cyber layer nodes also depends on the power energy provided by the physical layer. The interaction relationship between the cyber layer and the physical layer can be described as dependency edges with different dependency intensities and attributes. Given the community structure attributes of power network and cyber network, the interdependence between networks is usually modular as well.

According to the network topology and coupling characteristics of the CPPS, the network model of CPPS can be established based on the interdependent network theory. The adjacency matrix of the network topology of the modular coupled system can be expressed as:

$$A_{\mathrm{a}dj}=\left[\begin{array}{cc}{A}_C& A_{C-P}\\ {(A_{C-P})}^T& A_P\end{array}\right]=\left[\begin{array}{cccccc}{c}_{1,1}& \dots & c_{1,n}& a_{1,1+n}& \dots & a_{1,m+n}\\ ⋮& \ddots & ⋮& ⋮& \ddots & ⋮\\ c_{n,1}& \dots & c_{n,n}& a_{n,1+n}& \dots & a_{n,m+n}\\ a_{1+n,1}& \dots & a_{1+n,n}& c_{1+n,1+n}& \dots & c_{n+1,m+n}\\ ⋮& \ddots & ⋮& ⋮& \ddots & ⋮\\ a_{m+n,1}& \dots & a_{m+n,n}& c_{m+n,1+n}& \dots & c_{n+m,m+n}\end{array}\right]$$

(1)

where A_C and A_P are the adjacency matrices of cyber network and power network respectively, A_C−P is the coupling matrix between cyber network and power network. In the modular coupled network, c_ii represent the adjacency matrices of internal connections within each community, all of which are symmetric matrices, c_ij (i ≠ j) represents the connection matrix between community i and community j, with elements corresponding to nodes with bridge edges set to 1, otherwise set to 0, n and m represent the number of cyber network communities and power network communities respectively.

2.2. Dynamic Characteristics of Networks

The dynamic operational characteristics of the CPPS are essentially a temporal evolution process in which the continuous physical dynamics are deeply intertwined and interact with discrete information events. The system is a hybrid dynamic system driven by both electrical energy flow and information data flow. The dynamic process of power network follows strict electromagnetic and mechanical physical laws, and its state changes continuously over time. The dynamic process of cyber network is mainly characterized by the theory of discrete event systems, which is manifested as discrete event streams driven by data packet transmission and communication protocols.

Since failure propagation behavior is the focus of cascading failure analysis, the impact of cyber network performance on the robustness of the coupled system is the research emphasis in this study. Therefore, the power outage accidents caused by overload events in the power network are considered here. Taking into account the analysis scenarios of fast and large-scale calculations in cascading failure analysis, as well as the complex interaction process between the cyber layer and physical layer, the physical dynamic behavior of the power network is described by the common linearized DC power flow model [25], which is defined as follows:

$${\mathit{P}}_{bus}(t)={\mathit{B}}_{bus}\mathit{\theta }(t)+{\mathit{P}}_{c\to p}(t)$$

(2)

$$\mathit{F}(t)=(\mathit{b}\times \mathit{A})\cdot \mathit{\theta }(t)$$

(3)

$${\mathit{B}}_{bus}={\mathit{A}}^T\times \mathit{b}\times \mathit{A}$$

(4)

where P_bus(t) represents the injected active power vector of the node at time t, B_bus is the imaginary part of the node admittance matrix, θ(t) represents the phase angle vector of bus voltage at time t, P_c→p(t) represents the power regulation instruction vector issued by the cyber layer (such as generator regulation signal, load shedding instruction), b = diag (1/x₁, 1/x₂, … 1/x_m) represents the diagonal conductance matrix, and A: (A_l,k)_m×n is the incidence matrix of the node lines. If the line l is from node i to j, then A_l,i = 1, A_l,j = −1, and A_l,k = 0, k ≠ i, j.

Cyber network dynamics is modeled as a discrete packet transmission process [26]. The data packet is generated at the source node, and at each time step, the packet is sent to a neighboring cyber node according to the set routing strategy, repeating until the destination is reached. The transmission process follows FIFO (First-in-first-out) rules, namely, the packet at the head of a queue is placed at the tail of the selected neighbor’s queue. The model is defined as follows:

$$D_m(t_k)=〈Rule,\hspace{0.33em}I{D}_s,\hspace{0.33em}I{D}_{dest},\hspace{0.33em}Dat〉$$

(5)

where ID_s stands for source node, ID_dest stands for destination node, Dat represents the carried grid data, including voltage phase angle of bus and power flow of line, Rule represents the packet routing strategy. Here, a dynamic routing strategy that takes into account both static paths and dynamic traffic [27] is adopted, i.e.,

$$Rule:{\delta }_j=h{d}_j+(1-h)c_j\hspace{0.33em}\hspace{0.33em}j\in L_i$$

(6)

where d_j is the shortest path length from node j to destination, c_j is the packet queue length at node j, L_i is the set of neighbors of source node i, h is a constant, and 0 < h < 1. The node with the minimum score δ_j is selected for transmission at each step.

3. Failure Propagation and Robustness Assessment

Based on the network model proposed in Section 2, this section analyzes the failure triggering mechanism of CPPS from the topological and functional levels, and proposes a probabilistic cascading failure model for CPPS. In addition, the comprehensive robustness metrics for evaluating the robustness of cyber-coupled power systems are proposed in this section.

3.1. Failure Triggering Mechanism

This section proposes a novel framework for assessing the robustness of CPPS. It introduces a probabilistic failure propagation analysis model for the coupled cyber-physical power system that integrates topological connectivity, cyber functional failure, and power flow overload. The framework quantifies the cross-layer impact of cyber network failure on the physical layer and combines topological robustness with functional robustness.

Here, it is assumed that the evolution of the cascading failure is triggered by the initial disturbance at the physical layer. The cascading failure propagates through a dual-path of topological connectivity collapse and functional dynamic instability, and ultimately forms a positive feedback loop under the effect of cyber-physical dependencies. A typical CPPS architecture is shown in Figure 1.

At the topological level, after the initial disturbance, the power grid may split into multiple connected components. If a connected component lacks generator node, its load nodes will lose power supply and be cut off, resulting in the failure of the entire connected component. Meanwhile, due to the the voltage loss at the substations in this area, cyber nodes (such as RTUs and PMUs) that rely on station power will lose power supply [28]. However, considering the role of backup power, the cyber node that loses the station power will not directly fail, but will fail with a certain probability. Unlike the strong deterministic network interaction mechanism used in previous studies [8,12,13,29], the universal probabilistic dependency model takes into account the influence of the backup power supply and allows for the inclusion of some probabilistic events that may lead to the start-up failure or power supply failure of the backup power source. To describe the uncertain dependency relationships between networks, “dependency intensity” is introduced to describe the probability that a node failure in one network triggers a node failure in another network [14]. That is, the failure of a node in one network has a certain probability of spreading to the node in another network.

Here, the failure of power nodes may directly disrupt the topology of the cyber network. Therefore, the dependence of cyber nodes on power nodes can be defined as topological dependence, and σ_i is set as the dependency intensity of the cyber node i on the coupled power node. Topological dependence means that the failure of a node in one network may directly lead to a node failure in another network, thereby altering the topological structure of that network. Similarly, the failure of cyber nodes leads to the disconnection of the cyber network. If there is a lack of control nodes in a connected component, the entire component will fail due to the loss of control instruction interaction. Unlike topological dependencies, the failed cyber node cannot effectively monitor and control the coupled power node, and will not directly cause power node failures and lead to changes in the grid topology. However, the functional failure of cyber network increases the failure risk of power network. The probabilistic dependency model can describe the uncertainty of the dependency of power nodes on cyber nodes and can describe the impact of cyber node failures on the operational risk of power nodes under different circumstances. Thus, the dependence of power nodes on cyber nodes can be defined as functional dependence, and the dependency intensity is set as μ_i. Compared with topology-based dependency models [11,13,29], the heterogeneous dependency mechanism (i.e., topological dependence and functional dependence) can accurately characterize the complex topological and functional dependencies among the various components of cyber-physical power systems, revealing the internal mechanism of the interactive dependencies between the cyber layer and the physical layer.

As shown in Figure 2a, the initial failure node n_p1 is set in the power network. The failure of the initial node n_p1 leads to the power network to split into two connected subsets, and each subset contains generation node and load node, meeting the operating conditions of the power grid. As shown in Figure 2b, given the topological dependence of the cyber node on the power node (dependency intensity is set as σ_i), assuming r₁ is a random number between (0,1), if r₁ < σ_i, the failure of the power node will not cause the failure of the cyber node, and output state 1. If r₁ > σ_i, the failure of the power node will lead to the failure of the cyber node n_c1, and output state 2. As shown in Figure 2c, the failure of the cyber node n_c1 leads to the cyber network split into two connected subsets. Then, the subset 2 in cyber network loses the information interaction function due to its inability to connect with control nodes, and output state 3 as shown in Figure 2d. The functional dependency intensity of the power node on the cyber node is set as μ_i, and the failure of the cyber node leads to the inability to effectively monitor and control the coupled power node, increasing the failure probability of the power node in subset 1, as shown in Formula (13).

At the functional level, when the congestion occurs in the cyber network, transmission delays and data loss may cause the control center to be unable to receive data packets in a timely manner. In this paper, queuing theory model is employed to describe the data transmission in cyber networks. The essence of congestion failure in cyber networks is the probability that the data traffic load exceeds the processing capacity of nodes. Here, we extract the main influencing factors of packet transmission congestion in the cyber network, including cache packet length, transmission link bandwidth, and node processing rate. The failure probability of cyber nodes is directly proportional to the congestion level of the cyber network [30]. The longer the packet queue at a cyber node, the higher the probability of data loss and delay, and the worse the performance of the cyber network. Moreover, for a given packet cache, the probability of congestion in cyber networks decreases with the increase of transmission link bandwidth and node processing rate. It has shown that the failure probability of cyber network nodes follows an exponential distribution with the congestion degree of cyber network [27]. Thus, the failure probability of a cyber network node can be set as

$${\beta }_i=\left\{\begin{array}{l}1-e^{-\alpha \cdot {\displaystyle \frac{n_i-\min (C,n_p)}{\min (C,n_p)}}},\hspace{0.33em}\hspace{0.33em}{n}_i>\min (C,n_p)\\ 0\hspace{0.33em},\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em} n_i\le \min (C,n_p)\hspace{0.33em}\end{array}\right.$$

(7)

where α is a scaling factor, reflecting the severity of the network environment. A large α value indicates that packet transmission congestion is more likely to cause failure. It can be calibrated based on historical system data to ensure the accuracy of the model. n_i is the packet queue length at node i, n_p is the node’s maximum processing rate, and C is the bandwidth of the next-hop transmission link. The minimum value of bandwidth or processing rate determines the maximum packet throughput, and if the length of the cached packet queue at a cyber node is less than min(C, n_p), it indicates that the node cannot process the cached packets in a timely manner. Unlike the existing deterministic models based on data transmission [13,14], the proposed model describes the probability of node failure (transmission delays and data loss) under the risk of cyber network congestion, allowing for the description of the impact of actual cyber network performance (such as packet processing rate and transmission bandwidth) on failure propagation.

Similarly, after the power grid is disconnected, it triggers a redistribution of power flow in the power network. When the load rate of the power line rises to the carrying limit, it causes the line to trip. The overload failure rate of a power line is usually directly proportional to the overload level [31]. Here, the quantitative relationship between the power flow overload level and the failure rate is described as:

$${\chi }_i(t)={\chi }_0\left[{\displaystyle \frac{s_i(t)-c_i}{c_i}}{\displaystyle \frac{1+\mathrm{sgn}(s_i(t)-c_i)}{2}}\right]$$

(8)

where χ₀ is the base failure rate under rated conditions, s_i(t) represents the actual power flow of the line at time t, c_i represents the line carrying capacity.

Here, the failure rate of power lines is standardized. To avoid the phenomenon of long tail distribution, logarithmic transformation method is used to normalize the line failure rate. The normalized line failure rate can be expressed as:

$${\gamma }_i(t)={\displaystyle \frac{\ln ({\chi }_i(t)/{\chi }_{\min })}{\ln ({\chi }_{\max }/{\chi }_{\min })}}$$

(9)

where χ_min and χ_max represent the minimum and maximum line failure rates, respectively.

Data transmission congestion does not directly damage the components in the CPPS, but the congested cyber nodes will cause time delays or data loss in the upload of real-time monitoring data and the issuance of control signals. The operational status of these power nodes affected by data transmission congestion is undetectable, and they continue to execute the control instructions received before the time delay or data loss occurs. In this situation, some events with potential threats to the power network may occur. Specifically, when the cyber node controlling a power line fails, it may lead to the failure of the protection and control of the power line, thereby increasing the probability of power line failure. That is to say, the comprehensive failure probability of a power line is not only related to its own failure rate, but also to the operational status of the cyber nodes that monitor the power line. Due to the complex impact of information congestion on the power network, it is difficult to quantify all failure scenarios individually. Here, probability theory is utilized to describe the cyber-physical coupling mechanism. Let C_i be the set of coupled cyber nodes corresponding to the power nodes connected to power line i. The probability that there is no node fails in C_i is

$$P={\displaystyle \prod _{j\in C_i}(1-{\beta }_j{\mu }_j)}$$

(10)

where β_j is the failure probability of cyber node j, and μ_j represents the dependency intensity of power node on the coupled cyber node, indicating the extent to which the failure of the cyber node affects its coupled power node. Note that the failure probability of cyber nodes that do not meet topological connectivity is 1.

Then, the probability of a failure occurring in C_i is

$$Q=1-P=1-{\displaystyle \prod _{j\in C_i}(1-{\beta }_j{\mu }_j)}$$

(11)

Suppose the failure rate of power line i is γ_i, then the additional failure rate of the power line caused by the failure of the cyber nodes monitoring this power line is

$${\lambda }_i^{c\to p}=(1-{\gamma }_i)\cdot Q=(1-{\gamma }_i)\cdot \left[1-{\displaystyle \prod _{j\in C_i}(1-{\beta }_j{\mu }_j)}\right]$$

(12)

Therefore, the comprehensive failure rate of power line i taking into account the influence of cyber coupling can be expressed as

$${\lambda }_i={\gamma }_i+{\lambda }_i^{c\to p}={\gamma }_i+(1-{\gamma }_i)\cdot \left[1-{\displaystyle \prod _{j\in C_i}(1-{\beta }_j{\mu }_j)}\right]$$

(13)

The proposed model realizes the integrated modeling of the cross-layer failure propagation in coupled systems by integrating structural connectivity and dynamic functional behaviors. It effectively unifies the assessment criteria of topological and functional robustness, providing theoretical support for the security defense strategies of CPPS.

In power systems, operational failure often results from protective tripping caused by power flow overload. The failure rate of such components is closely related to their overload level [31]. For this purpose, a stochastic method can be adopted to simulate the time intervals between failure events, and the failure components can be randomly selected based on the overload conditions. The extended Gillespie algorithm [32] is used to infer the time of the next failure occurrence. Suppose the probability of no component failure within the time interval (t, t + τ) is expressed as Q(τ), that is

$$Q(\tau )=P[s(t+\tau )=s_1\left| s(t)=s_1\right.]=1-{\displaystyle \sum _{i\in {\Omega }_0}{\chi }_i(t)\tau }$$

(14)

where s(t) represents the network state at time t, Ω₀ is the set of components with failure rate greater than 0. Likewise,

$$Q(\tau +\Delta t)=P[s(t+\tau +\Delta t)=s_1\left| s(t+\tau )=s_1\right.]Q(\tau )=\left(1-{\displaystyle \sum _{i\in {\Omega }_0}{\chi }_i(t)\Delta t}\right)Q(\tau )$$

(15)

Taking the infinitesimal Δt to 0, and from (15), we can get

$${\displaystyle \frac{dQ(\tau )}{d\tau }}=\underset{\Delta t\to 0}{\lim }{\displaystyle \frac{Q(\tau +\Delta t)-Q(\tau )}{\Delta t}}=-{\displaystyle \sum _{i\in {\Omega }_0}{\chi }_i(t)Q(\tau )}$$

(16)

Taking into account the probability of no component failure at time t = 0 is 1, i.e., Q(0) = 1. Then, by solving differential Equation (16), the general solution of Q(τ) can be obtained

$$Q(\tau )=Q(0)e^{-{\displaystyle {\sum }_{i\in {\Omega }_0}{\chi }_i(t)\tau }}=e^{-{\displaystyle {\sum }_{i\in {\Omega }_0}{\chi }_i(t)\tau }}$$

(17)

Define F(τ) as the probability of state transition occurring between t and t + τ, then,

$$F(\tau )=1-Q(\tau )=1-e^{-{\displaystyle {\sum }_{i\in {\Omega }_0}{\chi }_i(t)\tau }}$$

(18)

Furthermore, a random number z₁ is uniformly generated in (0,1), and let F(τ) = z₁. Based on Formula (18), the time interval between failure events can be obtained as

$$\tau =F^{-1}(z_1)={\displaystyle \frac{\ln (1-z_1)}{-{\displaystyle {\sum }_{i\in {\Omega }_0}{\chi }_i(t)}}}$$

(19)

3.2. Cascading Failure Process

Figure 3 illustrates the interaction process between power network and cyber network. Combining the failure triggering mechanisms at both the topological and functional levels, a probabilistic cascading failure propagation mechanism is proposed. The cascading failure process is shown in Figure 4.

Step 1: Initialization. Construct the CPPS model based on the network topology, physical operation and functional heterogeneity of the coupled system, and set an initial failure in the power network.

Step 2: Topological connectivity identification. Detect the connected subset formed in the power network. If there are no generation node in a power network subset, remove all the nodes in the subset and delete the coupled cyber nodes with topological dependency intensity σ_i. Then, detect the connected subset in the cyber network. If there are no control nodes in a cyber network subset, remove the nodes in the connected subset.

Step 3: Failure probability calculation of cyber nodes. Simulate the transmission dynamics of cyber networks using the discrete packet transmission model and dynamic routing model. Calculate the failure probability of cyber node using Equation (7) based on the queue lengths and network performance.

Step 4: Failure rate calculation of power lines. Perform dynamic power flow simulation and calculate the line failure rate based on the overload state using Equation (8), and normalize the failure rate using Equation (9). Then, consider the functional dependency intensity of power nodes on cyber nodes, and calculate the composite failure rate taking into account cyber coupling using Equation (13).

Step 5: Failure component identification. If there are new failure power lines, determine the occurrence time of the next failure based on failure rates using Equation (19), and select the failure line using a roulette wheel selection method, then return to Step 2. Otherwise, output the final network.

3.3. Robustness Metrics

The probabilistic failure propagation model takes into account the influence of topological structure and operational functions, providing an effective method for comprehensively evaluating the robustness of CPPS against cascading failure, covering both topological robustness and functional robustness of the coupled system. The robustness metrics of CPPS is defined as the relationship between the total power outage size of the system and its occurrence probability [33]. Here, the horizontal axis of the robustness curve is defined as the total topological failure rate T_i or load loss rate L_i after the occurrence of a cascading failure event, and the vertical axis represents the probability that the topological failure rate or load loss rate is larger than a given value after the cascading event occurrence, that is,

$$\left\{\begin{array}{l}P(T_{fail}>T_i)={\displaystyle \frac{N(T_{fail}>T_i)}{{\Omega }_{total}}}\hspace{0.33em}\hspace{0.33em}\\ P(L_{loss}>L_i)={\displaystyle \frac{N(L_{loss}>L_i)}{{\Omega }_{total}}}\end{array}\right.$$

(20)

where N(T_fail > T_i) or N(L_loss > L_i) is the number of samples whose topological failure rate T_i or load loss rate L_i is higher than the given value, Ω_total is the total number of samples.

Obviously, the lower the distribution of P(T_fail > T_i) or P(L_loss > L_i) for a specific T_i or L_i value, the stronger the robustness of the coupled system.

Actually, the more severe the consequence of a faliure event, the faster the failure spreads, the weaker the system’s ability to resist disturbance events, and the worse its robustness. To quantify the impact of failure consequence and failure propagation rate on the robustness of the system, a robustness metric integrating power outage and failure propagation time is proposed, i.e.,

$$\left\{\begin{array}{l}R={\displaystyle {\sum }_{i=1}^N{P}_i\frac{H_i}{L_i}}\\ H_i={\tau }_i/{\tau }_{\max }, L_i=l_i/l_{total}\end{array}\right.$$

(21)

where R represents the comprehensive robustness metrics of the system, the larger the R, the better the robustness of the system, and N represents the total number of failure events. P_i represents the occurrence probability of failure event i, τ_i is the propagation time of failure event i, and τ_max is the maximum propagation time among all failure events, l_i is the load loss caused by failure event i, and l_total is the total load of the system. Compared with the robustness metrics based on failure consequence (such as topology loss or load loss) [1,10,15,34], the proposed robustness metric integrates failure consequence and failure propagation rate, which can more accurately measure the robustness of coupled systems. For instance, when the severity of failure consequences in different systems is similar, the system with a shorter failure propagation time has poorer robustness against failure propagation.

4. Results and Discussions

Based on the proposed model, the cascading failure propagation of the cyber-physical power system is analyzed, and the robustness of the coupled system is quantitatively evaluated. In this section, we investigated the impacts of cyber network performance and initial failure modes on the robustness of cyber-physical power systems. The default parameter settings of the coupled system are set as follows:

The base failure rate in power grid under rated conditions χ₀ is 0.21 min⁻¹, and the line carrying capacity c_i is set to 1.2 times the initial power flow. The scaling factor α is set to 1, the node’s maximum processing rate n_p is 20 packets per second, and the bandwidth C of the cyber link is set to 60 packets per second. The dependency intensities between the two networks are σ_i = 0.5 and μ_i = 0.5 respectively.

4.1. Impact of Functional Attribute of Cyber Network

The regionalized IEEE 118 bus system [35] is used to model the power grid, and the scale-free network algorithm is used to generate a modular cyber network containing control and routing nodes. The power nodes and routing nodes within each community are randomly coupled one-to-one. Assuming that the bandwidth of the cyber link in the cyber network has sufficient capacity to transmit data, and we investigate the failure propagation under different processing performance of cyber nodes. Figure 5 shows the failure propagation curves under different processing rates of cyber network. Here, n_p represents the processing rate of the cyber node, and the larger the value, the stronger the processing performance of the cyber network for data. As shown in Figure 5, it can be observed that the smaller the value of n_p, the lower the proportion of surviving components in the system, and the more severe the consequences of the cascading failure. The reason is that the smaller the value of n_p, the worse the ability of the cyber network to process data, and the higher the failure probability of cyber nodes, which reduces the probability of correctly monitoring and controlling the power grid and increases the failure rate of coupled power components. Conversely, when the value of n_p is large, the failure probability of cyber nodes decreases, the probability of issuing correct instructions to the power grid increases, enhancing the ability to monitor and control the power grid and resist external disturbances. As shown in Figure 6, the cumulative failure probabilities of cyber network under different processing performance can be observed. It can be found that the lower the processing rate of cyber nodes, the more severe the transmission congestion of cyber network, which in turn increases the failure rate of power components. This is consistent with our analysis.

Table 1. Robustness metric R of cyber-coupled IEEE 118 bus system under different processing rates of cyber network.

Number	Processing Rate np	Robustness Metric R
1	5	1.4435
2	20	1.8492
3	40	2.4423

shows the robustness metric R of cyber-coupled IEEE 118 bus system under different processing rates of cyber network. It can be observed that increasing the value of n_p can enhance the robustness of the system, which is consistent with the above results and further demonstrates the effectiveness of the proposed method.

4.2. Impact of Structural Attribute of Cyber Network

The topological attributes of cyber networks can also have an impact on the data packet transmission. Considering the regional nature of the actual power system, CPPS can be considered as a system composed of multiple communities. Here, the topological connectivity strength of cyber network is adjusted by setting the connection probability between communities. We describe the connectivity strength of cyber network through the average node degree (AND), and the larger the value of AND, the greater the topological connectivity strength of the cyber network.

Figure 7 shows the robustness curves for different connectivity strengths of cyber network, where Figure 7a shows the cumulative probability distribution of load loss rate and Figure 7b represents the cumulative probability distribution of topological failure rate. It can be found that a larger AND can reduce the severity of cascading failure in the coupled system. The reason is that a large AND increases the connectivity between nodes, providing more effective paths for data packet transmission, thereby enhancing the effectiveness of data packet transmission and increasing the robustness of the coupled system. Moreover, it can be found that under the same AND of the cyber network, the more data packets there are in the cyber network, the greater the probability of data transmission congestion, which in turn reduces the robustness of the power system. Figure 8 shows the average data packet transmission time under different connectivity strength of cyber network. It can be found that the larger the AND of the cyber network, the higher the efficiency of packet transmission, which is consistent with our analysis. Furthermore, comparing the average transmission time of data packets under different AND conditions, it can be found that as the number of data packets in the cyber network increases, the impact of network connectivity strength on data transmission becomes more significant.

4.3. Impact of Initial Failure Mode

The consequences of cascading failure events caused by different initial failures in the cyber-physical power system are often different [36]. Based on the proposed model, we analyzed the robustness of the cyber-coupled power system under different initial failure types. Three different failure modes are set here, namely random node failure (RNF), high-degree node failure (HDNF), and high-betweenness node failure (HBNF).

Figure 9 shows the robustness curves of cyber-physical power system under different initial failure types, where Figure 9a represents the cumulative probability distribution of load loss rate and Figure 9b represents the cumulative probability distribution of topological failure rate. As shown in Figure 9, the robustness curves under different failure modes indicate that HDNF and HBNF often lead to more severe cascading failure results. The reason is that high-degree nodes usually have more extensive connections in the topological structure and are often directly associated with more functional nodes, while high-betweenness nodes are typically located on multiple critical paths and play a significant role in the overall connectivity of the system. These two types of nodes play a more crucial role at both the structural and functional levels, and once they fail, they are more likely to trigger large-scale chain reactions. It can also be found that during the cascading failure propagation, weakening the functional dependence of power node on cyber node (i.e., the value of μ_i decreases from 1 to 0.5) can enhance the robustness of the system. Furthermore, compared to HBNF, the consequences of HDNF are more severe, indicating that high-degree nodes have higher vulnerability and their failures have a more significant impact on system stability. Therefore, special attention should be paid to the reliability of high-degree nodes in system resilience optimization.

5. Conclusions

This paper proposes a comprehensive robustness assessment framework for cyber-physical power systems, which captures the interdependence of structural topology, functional attributes, and dynamic behaviors across the cyber and physical layers. A probabilistic cascading failure mechanism incorporating topological connectivity loss, cyber functional failures, power flow overload, and cyber-physical dependence is established. The proposed model provides a quantifiable method for evaluating the robustness of coupled systems by combining both structural connectivity and functional performance metrics. Case studies conducted on standard test systems demonstrate the practical applicability of the framework. The key findings indicate that the enhanced cyber network performance, characterized by higher data processing rate and topological connectivity, significantly strengthens the CPPS robustness against cascading failures. Furthermore, the study reveals that the failure of high-degree nodes results in more severe systemic consequences compared to high-betweenness node failures, highlighting the critical role of highly connected components in maintaining system robustness.

The proposed model in this paper can be applied to the planning and operation evaluation of power systems, and is suitable for various scenarios such as robustness assessment of smart grid and cross-spatial vulnerability identification. The main research results can guide system operators to optimize the planning scheme of the cyber-coupled power system by strengthening the performance of information equipment and communication links, and enhance the robustness of the system by protecting the critical power nodes identified in this paper.