Cyber Attacks and Defences

IET Cyber-Physical Systems: Theory & Applications
Review Article
ISSN 2398-3396
Cyber-physical attacks and defences in the Received on 20th October 2016
Revised on 8th November 2016
smart grid: a survey Accepted on 8th November 2016
doi: 10.1049/iet-cps.2016.0019
www.ietdl.org
Haibo He ✉, Jun Yan

Department of Electrical, Computer, and Biomedical Engineering, University of Rhode Island, Kingston, RI 02881, USA
✉ E-mail: he@ele.uri.edu
Abstract: The smart grid is arguably one of the most complex cyber-physical systems (CPS). Complex security challenges
have been revealed in both the physical and the cyber parts of the smart grid, and an integrative analysis on the cyber-
physical (CP) security is emerging. This paper provides a comprehensive and systematic review of the critical attack
threats and defence strategies in the smart grid. We start this survey with an overview of the smart grid security from
the CP perspective, and then focuses on prominent CP attack schemes with significant impact on the smart grid
operation and corresponding defense solutions. With an in-depth review of the attacks and defences, we then discuss
the opportunities and challenges along the smart grid CP security. We hope this paper raises awareness of the CP
attack threats and defence strategies in complex CPS-based infrastructures such as the smart grid and inspires
research effort toward the development of secure and resilient CP infrastructures.
1 Introduction is able to provide inclusive understandings and solutions without

incorporating the other. Although many of the revealed attack
Cyber-physical systems (CPSs) are inducing profound changes in the threats are accompanied with protection, detection, or mitigation
modern society. Composed of computation, communication, and strategies, a large portion of the uncovered threats still remain to
physical systems and processes, CPS integrate, and coordinate be addressed. Furthermore, the ongoing developments and
heterogeneous components with increasing intelligent, interactive, deployments of CPS and technologies in the smart grid are
and distributed operations in the modern critical infrastructures. continuously unveiling new vulnerabilities and schemes; the
The emerging smart grid, being one of the most complex CPS known threats also merit prompt re-evaluation in line with the new
ever built in history, witnesses such transformations during the progresses. It has thereby become a task of paramount importance
ongoing integration of power and energy systems with information to keep up with the latest advances along this research frontier.
and communication technologies (ICTs) [1]. The fundamental To this end, this paper aims to provide a review on the
changes in this critical infrastructure are leading toward state-of-the-art of CP attack schemes and defence strategies in the
far-reaching impacts on not only the energy, but also a number of smart grid. Instead of enumerating all potential attack schemes,
critical interdependent sectors. this paper will focus on the most critical schemes, where attackers
The smart grid encompasses complex systems of power, energy, have the potential to significantly disrupt or damage power system
control, sensory, computing, and communication. The complexity operations. The victims emerge from the critical assets in generation
and heterogeneity in this architecture have underscored the and transmission systems as well as the field devices of distribution
potential challenges to its security and resilience. On one hand, systems and customers. As shown in this paper, the attack threats
the interconnection of bulk power systems is complicating the are substantial and prevalent, yet they may still just be the tip of the
protection against inherent physical vulnerabilities therein. On the iceberg. We hope to facilitate the understanding of existing and
other hand, the cyber-integration requires substantial investments emerging vulnerabilities and to inspire innovations and solutions for
on security designs and upgrades against unforeseen patterns and the security and resilience of the smart grid as well as other critical
threats from the cyberspace. The collective research effort on CPS infrastructures.
cybersecurity and physical security have been striding fast and In the rest of this paper, we first provide an overview of the CP
fostering a new area of CP security for the smart grid [2]. security problems in the smart grid in Section 2, which will
An essential and primary focus of CP security is the investigation introduce the smart grid as a CPS infrastructure and the need for
of complex attack schemes. Powered by the information and an integrative perspective of CP security. In Section 3, we will
computation resources in the cyberspace, malicious attackers can review the critical CP attack schemes revealed by extensive
conceive intrigue schemes to exploit both known and zero-day investigations. Section 4 reviews the defence strategies developed
vulnerabilities in the smart grid. Compared with traditional power against these revealed attack threats. Section 5 discusses the
system and communication network security, CP security is still in challenges and opportunities to address the security of smart grid
an ‘infancy’ period. However, existing investigations have already based on the existing attack schemes and defence strategies. The
revealed some catastrophic consequences that are largely conclusions are provided in Section 6.
unprepared by the government, industry, and public. The
assessments of vulnerability and resilience against the CP attacks
are providing the cornerstones for comprehensive defensive plans 2 CP perspective of smart grid security
and emergency responses for the critical electrical power
infrastructure. 2.1 Smart grid as a CPS
In the meantime, the investigations of attack threats and the
developments of defence strategies remain far from The smart grid is built on a monolithic physical infrastructure of
comprehensive. Inspections of cyber and physical security are electrical power systems which have been generally categorised
essential for the security of smart grid, but neither direction alone into generation, transmission, and distribution systems [3]. In the
IET Cyber-Phys. Syst., Theory Appl., 2016, Vol. 1, Iss. 1, pp. 13–27
This is an open access article published by the IET under the Creative Commons 13
Attribution License (http://creativecommons.org/licenses/by/3.0/)
traditional paradigm of power system operations, the electricity is systems. Distributed energy resources (DERs) allow customer-side
generated in power plants and delivered along the transmission power generation and management with more flexibility and
systems to customers in the distribution systems. Energy reliability, reshaping the existing patterns of power flows from
management systems (EMSs) located in control centres monitor unidirectional into bidirectional. The phasor measurement unit
and control this unidirectional process through supervisory control (PMU) utilises global positioning system (GPS) to provide more
and data acquisition (SCADA) systems. The SCADA systems are frequent, accurate, and reliable synchronised measurements in the
usually hosted on dedicated communication infrastructures transmission systems, enabling the implementation of wide-area
comprising wide-area networks, field area networks, and local area monitoring, protection, and control (WAMPAC) over high-speed
networks. Networked sensors in the system collect measurements, communication networks [8]. The advanced metering
e.g. voltage and currents, and transmit the data to the control infrastructure (AMI) systems with millions of smart meters in the
systems through remote terminal units (RTU) in the SCADA distribution systems provide innovative two-way, real-time (RT)
system. The RTU are also responsible for the operation of actuators communications in the smart grid, which promote numerous
to adjust topology and parameters of the dynamic system. The benefits from demand response, energy management, and
physical systems of generation, transmission, and distribution are consumer engagement. In addition, the increasing presence of
interconnected through transmission lines and substations deployed energy storage, electrical vehicles, and other emerging techniques
in the field. On top of these infrastructures, regional transmission are consistently introducing new changes to the generation,
organisations and independent system operators coordinate the transmission, and distribution of electricity.
system operations among service providers and consumers in the The information, computation, and communication systems in
electricity market. An overview of the entire smart grid smart grid have instituted a ubiquitous cyber infrastructure
infrastructure has been shown in Fig. 1, which contains seven interwoven with the PSs. Measurements and commands are
domains of generation, transmission, distribution, operation, constantly generated and transmitted between cyber and PSs. The
electricity markets, service providers, and customers, as defined by measurements from the PSs are primarily composed of status data
the National Institute of Standards and Technologies (NIST) [4]. and analogue data: the status data contain the topological
Innovative systems and technologies in the smart grid have been connectivity of power grid components; the analogue data are
transforming the traditional power systems in numerous areas measurements of the system dynamics. On the basis of the
[5–7]. The growing integration of renewable energy systems measurements, operators determine the optimal control policies
(RESs) improves the sustainability and economics of generation and issue the control commands to coordinate actuators in the PSs.
Fig. 1 Overview of the smart grid architecture based on the NIST framework
14 This is an open access article published by the IET under the Creative Commons
In the presence of a fault or disturbance, diagnostic logs are recorded operations in power systems also limit accurate and timely
by supplementary recording devices to support the location, evaluation of remotely located contingencies whose impact could
evaluation, mitigation, and restorations during emergencies. propagate through long distance at the speed of electromagnetic
Sensor measurements are processed by centralised and distributed waveform. Without sufficient wide-area coordination, multiple
computation devices deployed at different levels and locations in the local remedial actions may compete, instead of collaborate, with
smart grid. In the traditional centralised operations, critical each other, resulting in deteriorate impacts such as cascading
computations in EMS, including the state estimation (SE), optimal failures or blackouts [13].
power flow (OPF), economic dispatch (ED), and automatic Moreover, the cyber-integration introduces new challenges. Most
generation control (AGC), among others, are hosted in the control field devices and systems are not designed with sufficient security
centres. In pursuit of better efficiency, resiliency, and flexibility, features against malignant events, particularly from the cyberspace.
latest developments in intelligent electronic devices and As the cyber-integration exposes the system to access points and
programmable logic circuits have increased the utilisation of resources in the cyberspace, investigations have been revealing
distributed and localised computations in the smart grid. vulnerabilities, both unknown and zero-day, in the emerging smart
Communications in the smart grid have been primarily hosted on grid. The lack of sufficient protection against coordinated
proprietary SCADA systems and networks. Industrial protocols such cyber-attacks could be catastrophic, as illustrated in the
as IEC 61850 and DNP3 have been developed for communications cyber-attack on a Ukraine regional grid [14]. Intelligent and
between and within control centres and substations. New automated systems, which have been designed to enhance the
communication standards are being introduced in the smart grid to system security and reliability, maybe turned as weapons against
accommodate the integration of renewable energies, energy the smart grid itself. With all these emerging threats, the
storage, and PMUs. Meanwhile, with the increasing efficiency traditional power system security merits an in-depth overhaul in
requirements and cost pressures, the smart grid also increasingly the era of smart grid.
relies on public communication infrastructures. Industrial control
systems are accessing the Internet via ICT interfaces. Two-way 2.2.2 Cybersecurity: The cybersecurity has been identified as a
communications between service providers and customers are also major component in the development of smart grid [15]. Principles
widely established through the AMI system, allowing flexible of confidentiality, integrity, and availability (the CIA triad) have
demand response for reliability and economic benefits. been established for the information security in the system.
Intrusion detection systems (IDSs) and firewalls have been
2.2 CP security of the smart grid deployed to defend control centres and field devices against
external intrusions. Secure protocols have also protected the
Security challenges in the smart grid have been on the rise in both SCADA communications within and between control centres,
physical and cyber spaces [9, 10]. The power systems have substations, and actuators. Secured wired and wireless networks
inherent physical vulnerabilities that could result in massive have also provided trustworthy communications for the emerging
blackouts from a small number of contingencies [11]. The PMU and AMI systems.
integration of RES introduces non-linearity, uncertainty, Meanwhile, the cybersecurity for the smart grid also needs to
time-variance to existing power systems, and the new patterns further accommodate physical properties, requirements, and
from DER are inducing significant impacts on the stability [12]. dependencies of power systems. For instance, though it is common
The cyber-integration has imposed significant security challenges, to deny access to an account after a number of failed log-in
as tremendous threats arise from the attacker’s ability to launch attempts, it is mostly unacceptable in power system control
intrigue, remote, simultaneous, and/or coordinated attacks from the systems. Attackers may utilise the mechanism to lock operators
cyberspace. An informed attack scheme can exert disruptions and out of the system that will result in disastrous consequences.
damages ranging from service interruptions, power blackouts, Moreover, anomaly and signature-based IDSs also need to adapt to
economic losses, to life-threatening threats, where personal, emerging and diversifying patterns in the smart grid to effectively
societal, and national securities may all be affected. identify the malicious attempts. Last but not least, the RT data
The research on cyber-physical security of the smart grid streams in the smart grid also pose big data challenges to the
advances on a frontier of CPS, striving at the intersection of cybersecurity analysis. Similar to the physical security, there is an
physical security of power and energy systems and the urgent need to incorporate physical aspects into the cybersecurity
cybersecurity of information, computation, and communication of the smart grid.
systems [2]. Incorporation of the strengths of physical and
cybersecurity is an essential requirement for the security and 2.2.3 CP security: A secure smart grid is contingent on the
resilience of this critical infrastructure. In what follows, we will integrative security that combines the strength in both physical and
briefly discuss the strengths and weaknesses of physical and cybersecurity analysis against both inadvertent and malignant
cybersecurity for the smart grid and highlight the importance of events. Vulnerabilities and contingencies shall be investigated on a
CP security. broader spectrum. The causes, processes, and consequences across
the CP spaces shall be comprehensively analysed with
consideration of the interdependence and interoperability therein.
2.2.1 Physical security: The physical security of power systems Smart grid operators should be aware of the risks of measurements
has been protected through the screening and assessment of and commands corrupted by attackers externally and internally.
contingencies. The contingency analysis (CA) evaluates the power Mitigation and restoration effort need to be guided with adequate
system security after credible inadvertent contingencies on a security awareness to avoid secondary damages in the post-attack
selection of operating points [11]. Typically, the CA covers faults, systems.
disturbances, and planned outages, among others. In security analysis, critical vulnerabilities are often revealed
Contingency-related security constraints are subsequently through scenarios where attackers are characterised with feasible
established by the CA to ensure the survivability of power systems resources, knowledge, and objectives. The investigation of attack
with minimal interruptions to the delivery of electricity. Both the schemes often serves as the first step to establish security in a
steady-state and transient security analysis of power systems serve vulnerable system. While it is impractical to exhaust all potential
as the foundation of CP security for the smart grid. attack schemes, the worst-case analysis is of practical meaning to
However, the interconnected power systems and the emerging understand the feasibility and impact of a potential attack threat.
CPS have presented challenges to the physical security analysis. The extensive investigations into the smart grid security have
The complexity and cost of the CA increase dramatically when the revealed a significant number of attack schemes that could exploit
system scales, rendering it difficult to conduct multi-CA or critical vulnerabilities with severe disruptions and damages. The
implement N − k security in bulk power systems. The understanding of these schemes is critical to establish and enhance
heterogeneity and complexity of hardware, software, and the CP security of the existing systems and technologies in the
smart grid; it will also help direct the effort to discover new concealing the occurrence of disturbances or mislead control
vulnerabilities and solutions for the emerging CPS in this critical actions by reporting non-existing contingencies. Both types of
infrastructure. attacks are within the scope of CP attacks discussed in this paper.
Two types of factors are commonly considered in the design of a
critical attack scheme: the cost of the attacker and the cost of the
defender. For the attacker, the costs typically include the resources
3 CP attacks on the smart grid and knowledge required to launch the attack; in many cases, the
risk of being detected is also included. For the defender or
3.1 Overview operator, the costs typically comprise from equipment damages,
power outages, and economic losses. The rest of this section will
In this paper, we refer to CP attack as the intrigue schemes exploiting unfold the attack schemes on generation, transmission, distribution,
the vulnerabilities in the CP structure of the smart grid. Although and electricity markets, respectively.
dedicated attacks on either cyber or PSs also pose threats to the
system, investigation on the integrative CP attacks is an emerging
yet critical topic that remains largely unclear. The interconnection 3.2 Generation system attacks
of millions of field devices has created a huge attack surface while
associated vulnerabilities be remotely located across the CP Interconnected power systems are managed by corresponding
domains; moreover, the interfaces in-between the CP structures are control areas, among which redundant power generated in one area
also vulnerable to attacks launched from both domains. flow along the tie-lines into another. The power generation in each
Fig. 2 illustrates a typical CP structure of smart grid. The CP loop control area is required to meet the dynamic load demand and the
of information and operations can be compromised at the control net interchanges so the load-generation balance can be maintained.
centres and systems, two-way communication channels, and the To this end, the AGC has been widely implemented in modern
physical power systems. The vulnerability of this structure has generation systems. A functional diagram of the AGC is illustrated
been illustrated in the recent incidence of Ukraine power grid in Fig. 3.
attack in 2016 [14]: malware injected from the communication An AGC system consists of two major functions: (i) the
channels allowed the attacker to obtain illegal access to the control load-frequency control (LFC) that maintains the load-generation
centres. The information was collected subsequently to determine power balance and system frequency; (ii) the ED that distributes
the critical lines in the regional grid. Malicious commands were the generation among generators with minimal operating costs
then sent to trip these lines that led to a widespread power subject to stability and security constraints. Since ED does not
blackout. The control system was further hacked to delay the directly issue control commands to the system, we will focus on
restoration process. the LFC-related attack schemes herein.
Knowledgeable attackers can directly exploit vulnerabilities of The LFC uses a primary controller to govern turbine speeds and
control systems to exert immediate and significant impacts in the adjust the generator outputs. In addition, a supplementary/
smart grid. Depending on the target systems or policy, the impact secondary controller is employed to maintain system frequency
of control-based attacks ranges from transient voltage and based on the area control error (ACE). The ACE is obtained as a
frequency instability, steady-state line overloading and load function of inter-area power interchanges DPTL and system
shedding, to massive blackouts resulting from cascading failures. frequency deviations Df
An introduction to the control systems in smart grid and their
attack-resilience can be found in [16], and a generalised
control-attack model has been developed in [17]. ACE = DPTL − bDf (1)
Measurement-based attacks pose another critical threat in the smart
grid. Instead of directly manipulate control signals, attackers can where b is a scale factor. In normal operations, the value of ACE in
compromise the measurements to weaken situation awareness by each control area should be minimised toward zero.
Fig. 2 Typical CP structure in the smart grid: an integrative system with cyber and physical parts
Fig. 3 Functional modules in the AGC control loop based on [18]
The Aurora attack is a test scheme that exploits the vulnerability in the interdiction analysis has been formulated as
the primary controller of AGC [19]. In the original test conducted by
the Idaho National Lab, an assumed cyber-attacker applies fast max min cT P
opening and closure of the circuit breakers of a generator. When d[D P
the actions are conducted within a critical time window, the s.t. g(P, d) ≤ b (2)
generator became desynchronised and was ultimately destroyed.
The impacts of the Aurora attack range from a short-term power P ≥ 0.
outage to a long-term generation deficiency. An Aurora-like CP
attack with incomplete information of the power system has been where an attacker leverages the interdiction to maximise the system
subsequently developed [20]. operator’s minimal costs of operation and load shedding. g(P, d) are
CP attacks on the input of secondary controller have also the OPF constraint functions with an upper-bound vector b, c is a
demonstrated feasible impacts on power system frequency vector of linearised cost factors, and P are the power system
stability. Four typical manipulations on the AGC input, i.e. dynamics subjected to physical constraints. The inner minimisation
scaling, ramping, pulse, and random attack, have been investigated solves an OPF problem in normal operations, and the outer
in [21]. The investigation has demonstrated that the attacked inputs maximisation solves the optimal interdiction as a binary vector d
have effectively misled the LFC to incorrectly perform in the complete interdiction set D. The solutions can be obtained
under-frequency load shedding in response to a fake frequency by mixed-integer bi-level programming [28, 29], greedy search
deviation. In addition, a malicious attacker can also induce [30], game theory [31], and generalised Benders decomposition
substantial instability in the generation system by exerting [32]. An interdiction scheme targeting wind farms in the smart
significant loss [22] or delay [23, 24] of the measurement packets grid through vulnerabilities the SCADA/EMS system has been
sent to the AGC. recently proposed [33].
A reachability analysis has revealed that malicious control signals While interdiction has been modelled as multiple concurrent
sent by the LFC will cause inter-area power swinging in the system tripping in the above investigations, sequential attack schemes
[25]. The swinging will mislead protective relays to trip generation have revealed the risks of blackout resulting from multi-line
units from the grid, leading to power shortages and/or outages as interdiction [34, 35]. As the timing and order of interdiction are
in the Aurora attack. Further investigation has proposed a non-trivial challenges to the formulation of an optimisation
malicious control policy that is robust against incomplete problem [34, 35], data-driven approach based on reinforcement
information and model uncertainty [26]: the incomplete learning [36] and heuristic approach based on risk graph [37] have
information can be addressed by Markov chain Monte Carlo been proposed to search for the critical attack sequence. Both
simulations and the model uncertainty is addressed by the sequential schemes have identified effective schemes to exploit the
feedback linearisation. cascading failure vulnerability that leads to massive blackouts.
3.3 Transmission system attacks 3.3.2 Complex network (CN)-based attacks: A notable
number of investigations have been developed based on CN
Transmission systems are responsible for the delivery of generated theories [38]. In general, the CN-based attacks have employed the
power across long distance through transmission lines and interdiction as the means of attack; however, it is commonly
substations. In the meantime, voltage regulations are also operated assumed that the attacker does not possess the knowledge of the
in transmission systems. Protective relays and circuit breakers are RT operational information (the analogue measurements); instead,
deployed to cut off overloaded lines, generators, and load demands the attacker can only access the information of system topology
in emergent situations. The multitude and criticality of the (the status measurements). Interconnected power grids are
transmission systems have inspired a large number of modelled as graphs of nodes (substations) and edges (lines) with
investigations on the potential CP attack schemes targeting the designated physical properties. Topological and structural
control and monitoring systems for power transmission. information are then utilised to identify the most-vulnerable
components in the transmission system, which can be further
3.3.1 Interdiction attacks: The interdiction analysis is among visualised intuitively [39, 40]. A comparison has been summarised
the earliest investigations of power transmission system in Table 1 and illustrated examples on the IEEE 39-Bus New
vulnerability under large-scale malicious attacks [27]. An England Test System have been provided in Fig. 4.
interdiction refers to the tripping of lines, transformers, generators, The merit of investigations on CN-based attacks is two-fold: (i)
buses, and/or substations in the transmission grid. In practise, the the information required to launch a fully informed attack maybe
interdiction can be conducted directly by manipulated control inaccessible or incomplete; the obtained information may also
commands or indirectly by false measurements. On the basis of a become obsolete; (ii) a devastating attack does not necessarily rely
steady-state model, a bi-level max–min optimisation problem for on the full knowledge of the system dynamics; publicly and
Table 1 Comparison of attacker’s knowledge in different CN-based transmission lines. A report from the Federal Energy Regulatory
models Commission has suggested that, while there were over 55,000
Categories System Basic information Vulnerability metrics substations in operation across the USA, the entire interconnected
models transmission system could suffer a major blackout when
coordinated attacks had been launched on as few as nine
topological undirected connectivity degree, centrality transmission substations [54].
graphs betweenness An early investigation on substation network security has
structural hybrid/CNs capacity of lines electrical and
impedance extended
demonstrated that an attacker is capable of penetrating multi-layers
betweenness of firewalls and password protections to gain full control of a
operational power grids voltage/frequency stability margin load substation [55]. Credible impacts of multi-substation intrusions
power flow shedding have been subsequently evaluated in [56], and the potential risks
given consideration of cascading failures under multi-substation
attacks have been demonstrated in [57]. As shown in Fig. 5, the
commercially available data can be used to construct effective clustering-based vulnerability analysis can effectively identify the
schemes that cause catastrophic blackouts. most-vulnerable victims in a bulk power grid.
Among the CN-based attacks, topological models have been Within a compromised substation, the voltage control loop of
proposed to analyse the risk of cascaded attacks [42–46]. On top flexible alternating current (AC) transmission system becomes
of the topological models, hybrid models have integrated vulnerable to malicious attacks [58]. Malicious messages can be
topological and electrical properties to integrate structural injected to manipulate the configuration of the voltage controllers
vulnerabilities in the transmission system [47–51]. Cascaded attack that results in voltage violations and oscillations in the system
schemes on substations and transmission lines based on the hybrid [59]. Detailed simulations of typical substation attacks have been
models have been proposed [52, 53]. conducted in [60], and the cybersecurity issues of substation
automation systems have been comprehensively analysed [61, 62].
3.3.3 Substation attacks: Transmission substations host
multiple measurement, control, and communication facilities. A 3.3.4 CP switching attacks: The switching attack is another
compromised or damaged substation often results in the family of CP attacks developed against the power transmission
simultaneous loss of the victim substation as well as its systems [63–66]. Circuit breakers can switch the transmission
Fig. 4 Knowledge of the transmission grid: from topological information to vulnerability analysis
a Topological information: Connectivity of the system is shown by its topology, where generation substations are highlighted as circles and distribution substations are shown in green,
respectively
b Structural information: Static generation and transmission parameters are included into the one-line diagram [41]
c Operational information: The per unit active power flows are included and shown in the three-dimensional contour map [41]
d Vulnerability visualisation: A risk graph is constructed to conduct sequential substation attacks [39]
Fig. 5 Self-organising map (SOM) based analysis of multi-substation attacks [57]. Distant substations from each of the coloured self-organised regions form a
critical victim set that could result in massive blackouts in the system
systems between complex discontinuous dynamics. Given 3.3.5 State estimation attacks: The SE is a core function in the
the system state x, the switching signal s(x, t), and two distinctive smart grid that has been shown to be vulnerable to a large number of
system dynamics f1 and f2 , the non-linear power system can be CP attack schemes. As shown in Fig. 6, SE is the entry function that
presented by the following variable structure system [67, 68] processes the raw measurements of system topology and dynamics to
obtain accurate estimation of the state variables for various
subsequent EMS applications [71]. In a linear direct-current (DC)
f1 (x, t) s(x, t) ≥ 0
ẋ = (3) model, the fundamental SE problem can be written as
f2 (x, t) s(x, t) , 0
z = Hx + n (4)
An informed attacker can issue malicious switching signals to
re-configure the power transmissions based on local structure
information, and the switched system is subsequently steered to a where z is the measurement vector, x is the state vector, n is a white
degraded or unstable operation states. With consideration of model Gaussian measurement noise, and H is the Jacobian matrix built on
errors and incomplete information, the investigation has shown system topology. The estimation problem is commonly solved by the
that single switching attack will cause frequency and voltage weighted least square (WLS) method. In practise, bad data from
instabilities in the system [67]. In addition, multi-switching attacks faulty sensor and missing data will degrade the estimation
on distributed circuit breakers are able to initiate a series of accuracy. Residual-based x2 -test and largest normalised residual
cascading failures [68]. Recently, it has been shown that the test have been employed in the bad data detection and elimination
switching attacks can also exploit the energy storage systems to (BDDE) process to remove such bad data from the measurements.
destabilise the transmission systems [69]. Some discussion The false data injection attack (FDIA) is a notorious family of CP
regarding the practical limitations of the switching attack have attacks targeting a vulnerability in the residual-based BDDE system.
been provided in terms of sampling, quantification, and Assume that a malicious attacker has the ability to inject a false data
signal-to-noise ratio [70]. vector a into the measurements, which in the form of za = z + a.
Fig. 6 SE and subsequent functions in the EMS
The FDIA scheme has revealed that, given the full knowledge of the 3.3.6 Load redistribution attacks: LR attack is a variant of
Jacobian H, an attack vector a undetectable by BDDE can be target-specific FDIA schemes [98, 99]. With the knowledge of
generated [72]. The stealth attack vector is given in the form of system topology and dynamics, the injected false data can be
a = Hc, where c is the false state vector. The sufficient and crafted intentionally to redistribute individual bus load in the
necessary condition of the existence of an undetectable attack system without changing the overall load demands. Both the
vector has been proved in [73]. While the scheme was originally location and the quantity of the stealth injection can be solved
proposed based on the DC model of SE, it has also subsequently precisely by the proposed schemes to induce immediate and
extended to the AC-based SE [74]. A recent survey [75] has delayed operational costs from the redistributed load demand. A
provided a summary of the state-of-the-art in FDIA, while this concept of attacking region has been proposed to construct an LR
paper would like to highlight three major objectives in the existing attack with incomplete information [100]. The attacking region can
FDIA schemes: be effectively localised into the vicinity of a target transmission
line [101]. The concept has also been utilised to identify attack
vectors in the AC SE with incomplete information [102]. A recent
Objective 1: Least-effort attacks: Find the sparsest attack vector with investigation has validated the non-negligible impact on the power
the least number of measurements to be compromised. system reliability from the LR attacks [103].
Objective 2: Least-information attacks: Find the attack vector with Investigations have demonstrated that the LR attacks can be
the least required information of system topology. utilised to construct coordinated multi-stage schemes [104–106].
Objective 3: Target-specific attacks: Find the attack vector toward a First, a designated scheme has been proposed to mask the
specific post-attack effect. occurrence of line outages to the system operator [104]. The
masking attack has been further utilised to conceal line outages
created by the LR attack. A bi-level optimisation problem has
For Objective 1, finding the least-effort attack is NP-hard problem been formulated for this combined scheme with consideration of
[76], and the solution is dependent on the system topology. To the defender’s responses [105]. The scheme has been further
effectively identify the minimal stealth attack, schemes have been developed into a tri-level optimisation problem against the security
developed based on heuristic [72], greedy [77, 78], graph theoretic constrained ED in the EMS [106]. It has been revealed that an
[79], and sparse optimisation [80, 81]. attacker is capable of identifying an effective scheme to create line
For Objective 2, investigations have revealed that an undetectable overloading in the system, even if the operator implements a
attack vector can be constructed without the complete information of dedicated multi-solution strategy against the LR attacks. These
H. Stealth FDIA schemes with incomplete information have been serial LR schemes have illustrated that CP attacks can be
developed based on graph method [82] and data-driven approaches orchestrated to compose sophisticated multi-stage schemes with
[83, 84]. Even without the knowledge of H, investigations have severe impacts.
shown that historic measurements can still be used to construct an
undetectable FDIA [85, 86].
For Objective 3, FDIA has been utilised to exert specific damages. 3.3.7 PMU attacks: Compared with the SCADA system, the
The maximal SE error can be obtained by solving a potential game PMUs are collecting more frequent and accurate measurements for
with a minimal detection rate [87]. Errors can be propagated into the the WAMPAC system [107]. Communications with GPS satellites
OPF solutions through customised FDIA schemes [88, 89]. Line provide time stamps to all PMUs, so that their measurements can
overloading can be further induced the erroneous OPF solution be synchronised for significantly enhanced situation awareness in
[90]. Target-specific FDIA schemes have also been developed interconnected power systems. However, recent investigations have
systematically to induce load redistribution (LR) in the revealed that the dependence of GPS signals for synchronised
transmission systems and transmission congestion in the electricity measurements can render PMUs vulnerable under spoofing attacks
markets to induce operational costs and obtain financial arbitrages, [108, 109].
respectively. Detail introductions on both families of FDIA Spoofing is the malicious impersonation of a trusted device in the
schemes will be provided later in this section. system, which has been used to provide fake time stamps to the
Other than the FDIA schemes, it is notable that (4) also reveals PMUs [108]. Two types of errors induced by corrupted time
other SE vulnerabilities. Instead of the measurement vector, the stamps have been identified: the phase angle error and the time of
Jacobian matrix H can also be compromised to forge a false data arrival (TOA) error. The phase angle error will mislead fault
[91]. Attacking the line impedance alone will also induce detection and location of transmission lines with an amplitude
misinformed voltage deviations and load shedding [92]. A modulation and create false stability margins with incorrect
two-stage optimisation for undetectable state-and-topology attack Thevenin equivalents; the TOA error will result in miscalculation
has been developed in [93], which has effectively increased the of disturbance event locations that delays or misleads mitigation
risk of line outages. and restoration effort. The spoofing can also alter the clock offset
In contrast to the construction of undetectable attack vectors, of a receiving PMU to increase both false alarms and false
malicious attackers can also intentionally create detectable false negatives in voltage stability monitoring systems [109].
data to reduce the availability of measurements. As the BDDE
consistently removes bad data from the measurements, an attacker 3.4 Distribution system/customer-side attacks
can manipulate the measurements to frame good data so they
would be incorrectly removed [94]. In contrast to the FDIA Millions of smart meters have been installed in the AMI systems
schemes, framing requires no information on the topology or across the USA and more are on the way. These smart meters
parameters of the system; a subset of the measurements provides provide RT two-way communication between customers and the
sufficient information to manipulate the normal data into bad data. utility. In general, the AMI system is composed of smart meters,
The scheme effectively increases the SE error by an arbitrary data concentrators/aggregators, and AMI head-ends, which has
degree while the number of measurements to be corrupted has been hierarchically deployed from customers to the distribution
been significantly reduced. systems [110]. Owing to budget and hardware limitations, smart
An advanced jamming strategy has been proposed to obtain an meters only carry limited or light-weight security mechanisms
optimal scheme in the presence of protected measurements based against malicious attacks [111, 112]. This makes them vulnerable
on recursive min-cut [95]. Further investigation has indicated that and frequent targets of CP attacks. Although each meter has
the jamming attack is effective unless all measurements have been limited impacts on the system stability when compromised, the CP
secured [96]. In addition, the availability of status data can also be threat of AMI attacks is not negligible, particularly when a cluster
reduced by the jamming attack, in which attacking a single circuit of smart meters has been attacked [113].
breaker on a transmission line could effectively perturb the SE To date, energy thefts [114, 115] and information/privacy
without corrupting any measurements [97]. leakages [116–119] have been identified as the most prominent
threats to the AMI system. The former will result in economic losses attack schemes and facilitate the development of security
at various scales, while the latter maybe exploited to infer customer enhancements [138–144]. A framework has also been developed
behaviours and personal information. In addition, the threat of to evaluate the exposure of physical components in the cyberspace
denial-of-service attacks is also a critical issue in the smart grid, as [145].
it limits the availability of reliable and available measurements Meanwhile, a number of attack-specific protections can be
[120]. By compromising any smart meters, an attacker can exploit implemented strategically to reduce or erase certain CP attack
the ubiquitous two-way communication to flood the AMI system threats. The threat of FDIA schemes can be effectively reduced or
with malicious packets, which may effectively paralyse the eliminated by the protection of a few critical measurements, as the
metering networks [121, 122]. stealthiness is dependent on the number of measurements being
compromised. The protection can be achieved by the installation
of secured or encrypted devices on critical locations so the
3.5 Electricity market attacks
protected measurements are immune to the injections. To identify
In the smart grid, the price of electricity is determined by the these locations, greedy algorithms have been proposed to
locational marginal prices (LMPs) from the day-ahead and RT heuristically search for the critical subsets of measurements [77,
markets, which are both obtained by solving respective OPF 146]. Mixed-integer linear programming optimisation [147, 148]
problems. Recall that in Fig. 6, the solution of OPF is dependent and game-theoretic approach [149] have been proposed with
on the network topology and estimated system states; as a result, consideration of the costs of attackers and defenders, respectively.
the LMP is also vulnerable to SE attacks [123]. The optimal locations can also be obtained by graph-based
CP attack schemes exploit the RT LMP vulnerability in the approaches, which also provide suboptimal solutions for situations
transmission congestion management. A transmission congestion where the complexity is a major concern [150]. Protection
occurs when the power flow on transmission lines reach the line strategies for critical measurements against the FDIA-based LR
capacity (i.e. the thermal rating limit). To meet the electricity attacks have also been proposed in [98, 99].
request under congested conditions, generators in the vicinity will Alternatively, protection against FDIA can be achieved through
be temporarily dispatched, which are often considerably more the preservation or rearrangement of crucial information in the
costly. As a result, the price of electricity is affected dramatically system. Covert power network topological information can
on an imminent congestion. An attacker can leverage this effectively enhance the security of SE when a subset of the line
mechanism to gain illegal profit from the price margin before and reactance has been preserved from the attacker’s knowledge [151].
after the attack or induce frequent transmission congestion to Re-configuration of the topological information in the cyberspace
impose expensive operations to the system. can also eliminate the risk of FDIA in large-scale distribution
Investigations have identified several feasible schemes targeting systems [152]. Recent development of distributed SE systems has
the RT markets. Attacks schemes have been developed based on also exhibited promising attack-resilience for the protection of SE
vulnerabilities in virtual bidding mechanism [124], system measurements [153].
topology information [73], generation ramping limits [125], and For the AMI systems, secure key management and distribution
distributed energy management [126]. The sensitivity of LMP to mechanisms have been developed as the most effective protection
the corrupted sensor data has been investigated in [127], and an against unauthorised accesses to smart meters [154–156]. In
index to quantify the impacts of electricity market attacks has been addition, game-theoretic approach for the optimal deployment of
proposed [128]. Instead of manipulating the line flow in the encrypted smart meters with limited budget [157] and Markov
measurements, the line ratings can also be attacked to induce decision process (MDP)-based preventative maintenance strategy
transmission congestion [129]. The RT pricing system is also [158] have both been developed for the protection of smart meters.
vulnerable under data integrity attacks, e.g. scaling and delay
attacks, which will cause demand/price fluctuations as well as
increase system operating costs [130]. A stealth scheme to 4.2 Detection
generate arbitrary pricing signals has been further proposed in
[131]. In addition to the impacts on the control and management Despite the protection effort, an attacker will still have the advantage
side, the hijacked pricing information can alter the load demand of to initiate attacks on poorly protected components. In case of such
customers, which will retroactively create overloading and protection failures, IDSs are employed as the major defence
instabilities in the system [132]. mechanisms at the second stage. Signature- and anomaly based
IDSs have been developed against known and unknown attack
threats, respectively, which are deployed at various layers and
locations to detect the traces of imminent attacks. These early
4 Defence against CP attacks warnings allow system operators to react with proper
countermeasures and/or emergency plans so the attack impacts can
The extensive investigations on potential CP attack schemes have be minimised.
allowed grid operators to establish various defence mechanisms, At the control centres, generic detection mechanisms have been
which have been commonly orchestrated in three stages: developed and integrated into CPS control systems. Both
protection, detection, and mitigation. In this section, we will model-based [159] and game-theoretic [160] approaches have been
review the generic and attack-specified defence strategies against developed to provide effective security enhancement against the
the CP attacks as follows. CP attacks. Physical watermarking of control inputs is a promising
technique to authenticate the integrity of control systems [161].
4.1 Protection With the physical watermarking, an artificial control noise known
only by the operator is injected to produce predictable
Generic protection against CP attacks relies on the establishment of measurement outputs from the controlled systems. Since the noise
secured communication, the preservation of critical information, and is unknown to the attacker, the pattern between the noisy-input
the alleviation of exposed vulnerabilities. Since the early discussion and predicted output will be altered and subsequently detected in
on the challenges of cybersecurity in power systems [133], the presence of an attack. A run-time semantic analysis has also
innovative systems, protocols, and technologies have been been developed to provide early warnings on altered control
developed for the protection of smart grid security. These effort commands in the SCADA system [162]. With an efficient
have been reiterated in a number of comprehensive reviews look-ahead power flow analysis, the semantic analysis simulates
[134–137]. The secure communication in smart grid can the execution consequence of control packets to issue alerts if the
effectively dissolve a majority of the CP attack threats. While it is execution would result in unfavourable impacts such as line outages.
difficult to conduct field tests on the operating power systems, A model-based IDS has been developed against the input attacks
dedicated security testbeds have been developed to validate the on the AGC system [21]. The IDS utilises RT load forecast to predict
the ACEs over time, and their performances are compared with that interactive scenarios, mitigation strategies are commonly modelled
of the actual ACEs obtained. With statistical and temporal and solved by bi-level optimisation or game-theoretic approaches.
characterisations of these performance, anomaly detection in the An attacker–defender game has been developed against generic
IDS is able to detect scaled and ramped inputs before they are sent attacks on power system components [188], and a zero-sum game
into the AGC system. between an informed cyber-attacker and a system operator has
Interdiction in the transmission system maybe observed by been proposed under different network configurations [189]. To
effective online contingency screening [163]. The nature of these deceive an attacker with misinformation so the attack damage can
tripping can be further examined by IDSs deployed at substations. be reduced, a zero-sum Markov game has been proposed in [190],
A standard-specific IDS for automated substations has been based on which a scalable solution has been further developed [191].
proposed in [164]. A dedicated IDS has been developed to For mitigation against interdiction, a tri-level optimisation has
identify temporal anomalies induced by multi-substation attacks been developed, which introduces countermeasures of the defender
[56]. Host-based and network-based IDSs have been integrated in in a third-level minimisation into the problem [192]. Alternatively,
an innovative strategy against simultaneous multi-substation line switching has been proposed as an effective strategy to
intrusions [165]. mitigate the interdiction, which is introduced directly in the lower/
While the threat of PMU attacks has only been revealed recently, inner-level of the bi-level optimisation. The solutions with the
detection mechanisms have been developed against both minimal cost of the operator can be obtained by genetic algorithm
manipulation and spoofing attacks on PMU. Innovative IDSs have [193], Benders decomposition [194], and single-level
been proposed against generic manipulations of PMU data based reformulation [195]. In addition, MDP has also been integrated to
on whitelist/behaviour [166], network topology [167, 168], and model the attack-defence interaction in a substation intrusion
data mining [169]. A comprehensive IDS across both physical and [196]. By modelling a successful intrusion as a probabilistic event,
cyber layers has been developed to identify the PMU data attacked the investigation has formulated a competition to gain access of
by the GPS spoofing [170]. multiple substations between the attacker and the operator. The
Hierarchical IDSs have been developed against CP attacks on the optimal solution is obtained with consideration of system
AMI systems based on behaviour rules [171] and data stream mining parameters, the attacker’s resources, and the operator’s budgets.
[172]. A distributed multi-layer IDS has been proposed in [173], and A coordinated mitigation framework for the mitigation against FDIA
an early warning system has been developed in [174]. Active has been developed in [197]. Security metrics have been proposed
inspections by the service providers and mutual inspections within the framework to evaluate the importance of substations and
between the providers and the customers have been developed to measurements. Strategies in both the network layer and the
effectively detect attacked smart meters [175, 176]. To hold a application layer have been developed to mitigate the threat of
malicious meter accountable in home area networks and attacks. Game-theoretic approach has also been applied to achieve an
neighbourhood area networks, an effective peer-review strategy optimal equilibrium given the resources and costs of attackers and
has been developed in [177]. To detect energy thefts, an defenders [149], where a notable strategy has been identified for the
evaluation of IDSs has been conducted in [178], while multi-attacker scenario: the defender can use the game-theoretic
machine learning-based IDSs have been recently developed in approach to achieve a critical equilibrium, at which the impacts from
[179, 180]. multiple attackers can be cancelled even when the operator has no
Detection mechanisms against the FDIA schemes have been knowledge of the attacker’s intentions. The zero-sum game approach
developed along multiple directions. An integrative Kalman has also been applied for the mitigation of attacks on electricity
filter-based detector against both bad data and false data has been market where the attacker is given limited resources [198].
developed in [181]. Instead of a WLS estimator, a Kalman
estimator has been implemented in this innovative mechanism. A
x2 -detector is then used to detect the bad data and an Euclidean 5 Opportunities and challenges
detector is used to detect the false data. High-performance FDIA
detectors have been proposed based on adaptive cumulative The smart grid encompasses a vast diversity of devices and facilities
sum detection [182] and quickest detection [183]. An online that are vulnerable under CP attacks. Despite the extensive research
anomaly detection considering load forecasts, generation effort reviewed in this paper, the vulnerability and security of a large
schedules, and synchrophasors has also been developed in [184]. portion of components in the smart grid remain to be carefully
Furthermore, machine learning approaches have been proposed to examined in the presence of a potential attacker. Critical
identify the false data based on statistic information. Both mechanisms such as the unit commitment, demand response, and
supervised distributed support vector machine based on alternating distributed intelligence may also become targets of malicious
direction method of multipliers and semi-supervised anomaly attacks, for which the potential damages remain unknown to date.
detection based on principal component analysis have been Large-scale integration of DER including energy storage,
developed recently to classify the false data from the normal data distributed generations, and electrical vehicles will have strong
even with incomplete measurements [185]. A variety of supervised impacts on the stability that can be exploited. In addition to the
and semi-supervised classifiers have also been evaluated in [186], expansion of vulnerability screening and assessment, we would
which have displayed robust performances in both online and also like to highlight four critical opportunities and challenges in
offline scenarios. Using historic data, generalised likelihood ratio the future investigation of CP attacks as follows.
detector can provide the optimal detection against weak FDIA
schemes when the attacker could not compromise the minimal
required number of measurement to construct undetectable FDIA 5.1 Influence of interdependence
schemes [79, 187].
Interdependence is a driving force behind the development of smart
grid security. To date, the majority of CP attack schemes have
exploited the interdependence to launch attacks in the cyberspace
4.3 Mitigation and induce damages to the PSs. Meanwhile, the physical attacks
targeting cybersecurity have been less investigated, but the threats
When signs of an attack have been confirmed, mitigation efforts are can be nevertheless devastating when the dependence of PSs is
made by the system operator to minimise the potential disruptions exploited. Most cybersecurity mechanisms have assumed the
and damages. If the attack has been cleared from the system, availability and reliability of electrical power to operate designated
existing mitigation and restoration mechanisms can effectively electronic devices. Under physical attacks, these devices can be
resume the secure and reliable power system operations. However, damaged or disabled by intentional surges and outages of
if the attack threat has not been resolved, the operator needs to electricity. Such vulnerabilities should also be integrated into the
consider persisting malicious attempts in the system. In such investigation of the CP security in the smart grid.
Fig. 7 Example of interdependent sectors vulnerable under CP attacks on the smart grid
It should also be noted that vulnerability of CP interdependence Assumptions of the worst-case scenario usually include the full
maybe exploited frequently and interactively by complex intrigue access of resource, knowledge, and/or control of the system as
schemes. Assume that an attacker has launched an attack and well as a well-defined intention of the attack objective. These
successfully induced a power outage: during this outage, the ‘perfect attacks’ are crucial to reveal the maximal damages an
security mechanism on some critical field devices can be attacker may induce in the system.
compromised, and the parameters and data stored therein maybe However, in terms of practical and usable security, a perfect attack
manipulated. Once the power has been restored, the attacker can is usually infeasible. The attacks that an operator may face more
either utilise the compromised device to access more information frequently are the imperfect attacks, some of which could be
from the cyberspace or induce further damages into the physical completely uninformed. While incomplete information,
system. To date, there are still limited investigations into this kind hierarchical information, and limited resources have been
of schemes that repeatedly exploit the vulnerability of the CP considered in some of the investigations, the evaluation of system
interdependence. vulnerability under imperfect attacks need to be incorporated as a
On a broader sense, the interdependence does not only exist standard feature to investigate and grade the threats of all feasible
between the cyber and physical spaces within the smart grid. attack attempts. More specifically, the level of security should be
Through cyber and physical interconnections, other critical evaluated with respect to the level of resource, knowledge, and
infrastructures are also vulnerable under CP attacks on the smart control compromised by the attackers, so that corresponding level
grid, as illustrated in Fig. 7. Investigations on the cross- of warnings and responses can be effectively developed.
infrastructure interdependence have largely remained to be conducted.
5.2 Temporal vulnerability 5.4 Attack-resilient designs
CP attacks are largely equipped with the ability to launch multiple As it is impossible to enumerate or eliminate every potential attack
remote and coordinated intrusions. While most of the multi-target threats for a perfectly secured smart grid, the concept of
schemes reviewed in this paper have constructed the attacks in a attack-resilience should be integrated against the permanent
simultaneous manner, time has been less frequently considered as presence and evolution of threats. Additional security features and
a relevant factor mostly due to the complexity of time-domain mechanisms against the most common attacks should be
analysis. However, the timing of multiple attacks, particularly for incorporated into the design of measurement and control systems.
those launched in a sequential manner, is critical to the potential The costs of attack-resilient designs should be balanced with that
impacts of CP attacks in a realistic scenario. of emergent situations, so that a proper trade-off between
For instance, attacks launched during the peak load and the normal economic concerns and broader impacts can be achieved.
load will most likely result in different impacts on system stability, Meanwhile, security analysis should be aware that the
which shall be responded with different levels of attack awareness. development and deployment of advanced and distributed
In addition, when an attack vector is successfully injected into the intelligence are double-edged: the intelligent systems are both
system, the duration it remains undetected and uncleaned will also targets of CP attacks as well as tools to defend against them.
have a substantial influence of the damage it can exert in the Along with the upgrades being made in generation [199],
system, as discussed in the feasibility of Aurora attack [19]. In transmission [200], and distribution systems [201, 202] of the
addition, as revealed in the sequential interdiction on transmission smart grid, security analysis should integrate the impacts of these
lines and automated substations [35–37], the timing and ordering upgrades, enhance their resilience against potential attacks, and
of coordinated sequential attacks will also play an important role utilise their potentials to improve the security.
in the eventual blackouts. With a proper timing, not only will
concurrence be removed as a stringent condition of attack
feasibility, but the early warnings of an imminent large-scale 6 Conclusions
attack can be diluted. Nevertheless, informed sequential attacks
have still demonstrated the ability to cause greater damages than CP security is at the core of modern CPS. In this paper, we focus
the concurrent counterparts. specifically on the CP attacks and defences in the smart grid by
providing a comprehensive and systematic review of the
5.3 Imperfect attacks state-of-the-art in the field, ranging from security foundations,
attack schemes, defence strategies, to a wide range of opportunities
Investigations of CP attacks are often conducted in the worst-case and challenges. As smart grid has become one of the key
scenario to fully evaluate their impacts on the system. technological and economic developments around the globe, this
survey provides critical insights into enhancing energy security by 30 Bier, V.M., Gratz, E.R., Haphuriwat, N.J., et al.: ‘Methodology for identifying
maintaining the integrity of smart grid under complex CP attacks. near-optimal interdiction strategies for a power transmission system’, Reliab.
Eng. Syst. Saf., 2007, 92, (9), pp. 1155–1161
31 Holmgren, A.J., Jenelius, E., Westin, J.: ‘Evaluating strategies for defending
electric power networks against antagonistic attacks’, IEEE Trans. Power Syst.,
2007, 22, (1), pp. 76–84
7 Acknowledgment 32 Salmeron, J., Wood, K., Baldick, R.: ‘Worst-case interdiction analysis of
large-scale electric power grids’, IEEE Trans. Power Syst., 2009, 24, (1),
pp. 96–104
We gratefully acknowledge the support from the National Science 33 Zhang, Y., Xiang, Y., Wang, L.: ‘Power system reliability assessment
Foundation through grants CNS 1117314 and ECCS 1053717. incorporating cyber attacks against wind farm energy management systems’,
IEEE Trans. Smart Grid, 2016, PP, (99), pp. 1–15 (early access), DOI:
10.1109/TSG.2016.2523515
34 Zhu, Y., Yan, J., Tang, Y., et al.: ‘The sequential attack against power grid
8 References networks’. Proc. 2014 IEEE Int. Conf. on Communications (ICC), 2014,
pp. 616–621
1 Farhangi, H.: ‘The path of the smart grid’, IEEE Power Energy Mag., 2010, 8, (1), 35 Yan, J., Tang, Y., Zhu, Y., et al.: ‘Smart grid vulnerability under cascade-based
pp. 18–28 sequential line-switching attacks’. Proc. 2015 IEEE Global Communications
2 Sridhar, S., Hahn, A., Govindarasu, M.: ‘Cyber–physical system security for the Conf. (GLOBECOM), 2015, pp. 1–7
electric power grid’, Proc. IEEE, 2012, 100, (1), pp. 210–224 36 Yan, J., He, H., Zhong, X., et al.: ‘Q-learning based vulnerability analysis of
3 Wood, A.J., Wollenberg, B.F.: ‘Power generation, operation, and control’ (John smart grid against sequential topology attacks’, IEEE Trans. Inf. Forensics Sec.,
Wiley & Sons, Hoboken, NJ, 2012, 3rd edn.) 2017, 12, (1), pp. 200–210
4 National Institute of Standards and Technologies (NIST): ‘Framework and 37 Zhu, Y., Yan, J., Tang, Y., et al.: ‘Resilience analysis of power grids under the
roadmap for smart grid interoperability standards – release v3.0’ (NIST Special sequential attack’, IEEE Trans. Inf. Forensics Sec., 2014, 9, (12), pp. 2340–2354
Publication, Gaithersburg, MD, 2014) 38 Cuadra, L., Salcedo-Sanz, S., Del Ser, J., et al.: ‘A critical review of robustness in
5 Gungor, V.C., Sahin, D., Kocak, T., et al.: ‘Smart grid technologies: power grids using complex networks concepts’, Energies, 2015, 8, (9),
communication technologies and standards’, IEEE Trans. Ind. Inf., 2011, 7, (4), pp. 9211–9265
pp. 529–539 39 Zhu, Y., Yan, J., Sun, Y., et al.: ‘Revealing cascading failure vulnerability in
6 Fang, X., Misra, S., Xue, G., et al.: ‘Smart grid – the new and improved power power grids using risk-graph’, IEEE Trans. Parallel Distrib. Syst., 2014, 25,
grid: a survey’, IEEE Commun. Surv. Tutor., 2012, 14, (4), pp. 944–980 (12), pp. 3274–3284
7 Yan, Y., Qian, Y., Sharif, H., et al.: ‘A survey on smart grid communication 40 Hines, P., Dobson, I., Rezaei, P.: ‘Cascading power outages propagate locally in
infrastructures: motivations, requirements and challenges’, IEEE Commun. an influence graph that is not the actual grid topology’, IEEE Trans. Power Syst.,
Surv. Tutor., 2013, 15, (1), pp. 5–20 2016, PP, (99), pp. 1–1 (early access), DOI: 10.1109/TPWRS.2016.2578259
8 Bertsch, J., Carnal, C., Karlson, D., et al.: ‘Wide-area protection and power 41 Yan, J., Tang, Y., He, H., et al.: ‘Cascading failure analysis with DC power flow
system utilization’, Proc. IEEE, 2005, 93, (5), pp. 997–1003 model and transient stability analysis’, IEEE Trans. Power Syst., 2015, 30, (1),
9 Govindarasu, M., Hann, A., Sauer, P.: ‘White paper: cyber–physical systems pp. 285–297
security for smart grid’. 2012
42 Motter, A.E., Lai, Y.-C.: ‘Cascade-based attacks on complex networks’, Phys.
10 Mo, Y., Kim, T.H.J., Brancik, K., et al.: ‘Cyber–physical security of a smart grid
Rev. E, 2002, 66, (6), p. 065102
infrastructure’, Proc. IEEE, 2012, 100, (1), pp. 195–209
43 Holme, P., Kim, B.J., Yoon, C.N., et al.: ‘Attack vulnerability of complex
11 Morison, K., Wang, L., Kundur, P.: ‘Power system security assessment’, IEEE
networks’, Phys. Rev. E, 2002, 65, (5), p. 056109
Power Energy Mag., 2004, 2, (5), pp. 30–39
44 Rosas-Casals, M., Valverde, S., Solé, R.V.: ‘Topological vulnerability of the
12 Moslehi, K., Kumar, R.: ‘A reliability perspective of the smart grid’, IEEE Trans.
European power grid under errors and attacks’, Int. J. Bifurcation Chaos, 2007,
Smart Grid, 2010, 1, (1), pp. 57–64
17, (07), pp. 2465–2475
13 U.S.-Canada Power System Outage Task Force: ‘Final report on the August 14,
45 Wang, J.-W., Rong, L.-L.: ‘Cascade-based attack vulnerability on the US power
2003 blackout in the United States and Canada: causes and recommendations’.
grid’, Saf. Sci., 2009, 47, (10), pp. 1332–1336
2004
46 Buldyrev, S.V., Parshani, R., Paul, G., et al.: ‘Catastrophic cascade of failures in
14 The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT):
interdependent networks’, Nature, 2010, 464, (7291), pp. 1025–1028
‘Cyber-attack against Ukrainian critical infrastructure’. Alert (IR-ALERT-
47 Bompard, E., Napoli, R., Xue, F.: ‘Analysis of structural vulnerabilities in power
H-16-056-01), 2016. Available at url: https://www.ics-cert.us-cert.gov/alerts/IR-
ALERT-H-16-056-01 transmission grids’, Int. J. Crit. Infrastruct. Prot., 2009, 2, (1), pp. 5–12
15 National Institute of Standards and Technologies (NIST): ‘Guidelines for smart 48 Bompard, E., Napoli, R., Xue, F.: ‘Extended topological approach for the
grid cybersecurity’ (NIST Special Publication, Gaithersburg, MD, 2014). assessment of structural vulnerability in transmission networks’, IET Gener.
Available at url: http://www.dx.doi.org/10.6028/NIST.IR.7628r1 Transm. Distrib., 2010, 4, (6), pp. 716–724
16 Barreto, C., Giraldo, J., Cardenas, A.A., et al.: ‘Control systems for the power grid 49 Bompard, E., Pons, E., Wu, D.: ‘Extended topological metrics for the analysis of
and their resiliency to attacks’, IEEE Secur. Priv., 2014, 12, (6), pp. 15–23 power grid vulnerability’, IEEE Syst. J., 2012, 6, (3), pp. 481–487
17 Mo, Y., Sinopoli, B.: ‘On the performance degradation of cyber–physical systems 50 Bompard, E., Wu, D., Xue, F.: ‘Structural vulnerability of power systems: a
under stealthy integrity attacks’, IEEE Trans. Autom. Control, 2016, 61, (9), topological approach’, Electr. Power Syst. Res., 2011, 81, (7), pp. 1334–1340
pp. 2618–2624 51 Dwivedi, A., Yu, X.: ‘A maximum-flow-based complex network approach for
18 Kundur, P., Balu, N.J., Lauby, M.G.: ‘Power system stability and control’ power system vulnerability analysis’, IEEE Trans. Ind. Inf., 2013, 9, (1),
(McGraw-Hill, New York, 1994, 1st edn.) pp. 81–88
19 Zeller, M.: ‘Common questions and answers addressing the aurora vulnerability’. 52 Yan, J., He, H., Sun, Y.: ‘Integrated security analysis on cascading failure in
2011 complex networks’, IEEE Trans. Inf. Forensics Sec., 2014, 9, (3), pp. 451–463
20 Srivastava, A., Morris, T., Ernster, T., et al.: ‘Modeling cyber–physical 53 Zhu, Y., Yan, J., Tang, Y., et al.: ‘Joint substation-transmission line vulnerability
vulnerability of the smart grid with incomplete information’, IEEE Trans. assessment against the smart grid’, IEEE Trans. Inf. Forensics Sec., 2015, 10, (5),
Smart Grid, 2013, 4, (1), pp. 235–244 pp. 1010–1024
21 Sridhar, S., Govindarasu, M.: ‘Model-based attack detection and mitigation for 54 Tweed, K.: ‘Attack on nine substations could take down US grid’ (IEEE
automatic generation control’, IEEE Trans. Smart Grid, 2014, 5, (2), pp. 580–591 Spectrum, 2014). Available at url: http://www.spectrum.ieee.org/energywise/
22 Liu, S., Liu, X.P., Saddik, A.E.: ‘Denial-of-service (DoS) attacks on load energy/the-smarter-grid/attack-on-nine-substations-could-take-down-us-grid
frequency control in smart grids’. Proc. Innovative Smart Grid Technologies 55 Ten, C.W., Liu, C.C., Manimaran, G.: ‘Vulnerability assessment of cybersecurity
(ISGT), 2013 IEEE PES, 2013, pp. 1–6 for SCADA systems’, IEEE Trans. Power Syst., 2008, 23, (4), pp. 1836–1846
23 Sargolzaei, A., Yen, K., Abdelghani, M.: ‘Delayed inputs attack on load 56 Ten, C.W., Hong, J., Liu, C.C.: ‘Anomaly detection for cybersecurity of the
frequency control in smart grid’. Proc. Innovative Smart Grid Technologies substations’, IEEE Trans. Smart Grid, 2011, 2, (4), pp. 865–873
Conf. (ISGT), 2014 IEEE PES, 2014, pp. 1–5 57 Yan, J., Zhu, Y., He, H., et al.: ‘Multi-contingency cascading analysis of smart
24 Srikantha, P., Kundur, D.: ‘Denial of service attacks and mitigation for stability in grid based on self-organizing map’, IEEE Trans. Inf. Forensics Sec., 2013, 8,
cyber-enabled power grid’. Proc. Innovative Smart Grid Technologies Conf. (4), pp. 646–656
(ISGT), 2015 IEEE Power Energy Society, 2015, pp. 1–5 58 Phillips, L.R., Tejani, B., Margulies, J., et al.: ‘Analysis of operations and
25 Esfahani, P.M., Vrakopoulou, M., Margellos, K., et al.: ‘Cyber attack in a cybersecurity policies for a system of cooperating flexible alternating current
two-area power system: impact identification using reachability’. Proc. of the transmission system (facts) devices’. 2005
2010 American Control Conf., 2010, pp. 962–967 59 Sridhar, S., Manimaran, G.: ‘Data integrity attack and its impacts on voltage
26 Esfahani, P.M., Vrakopoulou, M., Margellos, K., et al.: ‘A robust policy for control loop in power grid’. Proc. 2011 IEEE Power and Energy Society
automatic generation control cyber attack in two area power network’. Proc. General Meeting, 2011, pp. 1–6
49th IEEE Conf. on Decision and Control (CDC), 2010, pp. 5973–5978 60 Dondossola, G., Szanto, J., Masera, M., et al.: ‘Effects of intentional threats to
27 Salmeron, J., Wood, K., Baldick, R.: ‘Analysis of electric grid security under power substation control systems’, Int. J. Crit. Infrastruct., 2008, 4, (1–2),
terrorist threat’, IEEE Trans. Power Syst., 2004, 19, (2), pp. 905–912 pp. 129–143
28 Motto, A.L., Arroyo, J.M., Galiana, F.D.: ‘A mixed-integer LP procedure for the 61 Hong, J.: ‘Cybersecurity of substation automation systems’. PhD thesis,
analysis of electric grid security under disruptive threat’, IEEE Trans. Power Syst., Washington State University, 2014
2005, 20, (3), pp. 1357–1365 62 Moreira, N., Molina, E., Lázaro, J., et al.: ‘Cyber-security in substation
29 Arroyo, J.M., Galiana, F.D.: ‘On the solution of the bilevel programming automation systems’, Renew. Sustain. Energy Rev., 2016, 54, pp. 1552–1562
formulation of the terrorist threat problem’, IEEE Trans. Power Syst., 2005, 20, 63 Liu, S., Feng, X., Kundur, D., et al.: ‘Switched system models for coordinated
(2), pp. 789–797 cyber–physical attack construction and simulation’. 2011 IEEE First Int.
Workshop on Proc. Smart Grid Modeling and Simulation (SGMS), 2011, 94 Kim, J., Tong, L., Thomas, R.J.: ‘Data framing attack on state estimation with
pp. 49–54 unknown network parameters’. Proc. 2013 Asilomar Conf. on Signals, Systems
64 Liu, S., Feng, X., Kundur, D., et al.: ‘A class of cyber–physical switching attacks and Computers, 2013, pp. 1388–1392
for power system disruption’. Proc.of the Seventh Annual Workshop on Cyber 95 Deka, D., Baldick, R., Vishwanath, S.: ‘Optimal data attacks on power grids:
Security and Information Intelligence Research, 2011, p. 16 leveraging detection & measurement jamming’. Proc. 2015 IEEE Int. Conf. on
65 Liu, S., Mashayekh, S., Kundur, D., et al.: ‘A smart grid vulnerability analysis Smart Grid Communications (SmartGridComm), 2015, pp. 392–397
framework for coordinated variable structure switching attacks’. Proc. 2012 96 Deka, D., Baldick, R., Vishwanath, S.: ‘Jamming aided generalized data attacks:
IEEE Power and Energy Society General Meeting, 2012, pp. 1–6 exposing vulnerabilities in secure estimation’. Proc. 2016 49th Hawaii Int. Conf.
66 Liu, S., Kundur, D., Zourntos, T., et al.: ‘Coordinated variable structure switching on System Sciences (HICSS), 2016, pp. 2556–2565
attack in the presence of model error and state estimation’. 2012 IEEE Third Int. 97 Deka, D., Baldick, R., Vishwanath, S.: ‘One breaker is enough: hidden topology
Conf. on Proc. Smart Grid Communications (SmartGridComm), 2012, attacks on power grids’. Proc. 2015 IEEE Power Energy Society General Meeting,
pp. 318–323 2015, pp. 1–5
67 Liu, S., Mashayekh, S., Kundur, D., et al.: ‘A framework for modeling cyber– 98 Yuan, Y., Li, Z., Ren, K.: ‘Modeling load redistribution attacks in power systems’,
physical switching attacks in smart grid’, IEEE Trans. Emerging Top. Comput., IEEE Trans. Smart Grid, 2011, 2, (2), pp. 382–390
2013, 1, (2), pp. 273–285 99 Yuan, Y., Li, Z., Ren, K.: ‘Quantitative analysis of load redistribution attacks in
68 Liu, S., Chen, B., Zourntos, T., et al.: ‘A coordinated multiswitch attack for power systems’, IEEE Trans. Parallel Distrib. Syst., 2012, 23, (9), pp. 1731–1738
cascading failures in smart grid’, IEEE Trans. Smart Grid, 2014, 5, (3), 100 Liu, X., Li, Z.: ‘Local load redistribution attacks in power systems with
pp. 1183–1195 incomplete network information’, IEEE Trans. Smart Grid, 2014, 5, (4),
69 Farraj, A.K., Kundur, D.: ‘On using energy storage systems in switching attacks pp. 1665–1676
that destabilize smart grid systems’. 2015 IEEE Power & Energy Society Proc. 101 Liu, X., Li, Z.: ‘Local topology attacks in smart grids’, IEEE Trans. Smart Grid,
Innovative Smart Grid Technologies Conf. (ISGT), IEEE, 2015, pp. 1–5 2016, PP, (99), pp. 1–10 (early access), DOI: 10.1109/TSG.2016.2532347
70 Farraj, A.K., Hammad, E.M., Kundur, D., et al.: ‘Practical limitations of 102 Liu, X., Li, Z.: ‘False data attacks against AC state estimation with incomplete
sliding-mode switching attacks on smart grid systems’. Proc. 2014 IEEE PES network information’, IEEE Trans. Smart Grid, 2016, PP, (99), pp. 1–10 (early
General Meeting – Conf. Exposition, 2014, pp. 1–5 access), DOI: 10.1109/TSG.2016.2521178
71 Abur, A., Exposito, A.G.: ‘Power system state estimation: theory and 103 Xiang, Y., Ding, Z., Zhang, Y., et al.: ‘Power system reliability evaluation
implementation’ (CRC Press, Boca Raton, FL, 2004, 1st edn.) considering load redistribution attacks’, IEEE Trans. Smart Grid, 2016, PP,
72 Liu, Y., Ning, P., Reiter, M.K.: ‘False data injection attacks against state (99), pp. 1–10 (early access), DOI: 10.1109/TSG.2016.2569589
estimation in electric power grids’, ACM Trans. Inf. Syst. Sec. (TISSEC), 2011, 104 Liu, X., Li, Z., Liu, X., et al.: ‘Masking transmission line outages via false data
14, (1), p. 13 injection attacks’, IEEE Trans. Inf. Forensics Sec., 2016, 11, (7), pp. 1592–1602
73 Kim, J., Tong, L.: ‘On topology attack of a smart grid: undetectable attacks and 105 Li, Z., Shahidehpour, M., Alabdulwahab, A., et al.: ‘Bilevel model for analyzing
countermeasures’, IEEE J. Sel. Areas Commun., 2013, 31, (7), pp. 1294–1305 coordinated cyber–physical attacks on power systems’, IEEE Trans. Smart Grid,
74 Hug, G., Giampapa, J.A.: ‘Vulnerability assessment of AC state estimation with 2016, 7, (5), pp. 2260–2272
respect to false data injection cyber-attacks’, IEEE Trans. Smart Grid, 2012, 3, 106 Liu, X., Li, Z.: ‘Trilevel modeling of cyber attacks on transmission lines’, IEEE
(3), pp. 1362–1370 Trans. Smart Grid, 2015, DOI: 0.1109/TSG.2015.2475701
75 Liang, G., Zhao, J., Luo, F., et al.: ‘A review of false data injection attacks against 107 Manousakis, N.M., Korres, G.N., Georgilakis, P.S.: ‘Taxonomy of PMU
modern power systems’, IEEE Trans. Smart Grid, 2016, PP, (99), pp. 1–1 (early placement methodologies’, IEEE Trans. Power Syst., 2012, 27, (2),
access), DOI: 10.1109/TSG.2015.2495133 pp. 1070–1077
76 Yang, Q., Yang, J., Yu, W., et al.: ‘On false data-injection attacks against power
108 Zhang, Z., Gong, S., Dimitrovski, A.D., et al.: ‘Time synchronization attack in
system state estimation: modeling and countermeasures’, IEEE Trans. Parallel
smart grid: impact and analysis’, IEEE Trans. Smart Grid, 2013, 4, (1), pp. 87–98
Distrib. Syst., 2014, 25, (3), pp. 717–729
109 Jiang, X., Zhang, J., Harding, B.J., et al.: ‘Spoofing GPS receiver clock offset of
77 Kim, T.T., Poor, H.V.: ‘Strategic protection against data injection attacks on
phasor measurement units’, IEEE Trans. Power Syst., 2013, 28, (3),
power grids’, IEEE Trans. Smart Grid, 2011, 2, (2), pp. 326–333
pp. 3253–3262
78 Hao, J., Piechocki, R.J., Kaleshi, D., et al.: ‘Sparse malicious false data injection
110 Li, H., Gong, S., Lai, L., et al.: ‘Efficient and secure wireless communications for
attacks and defense mechanisms in smart grids’, IEEE Trans. Ind. Inf.s, 2015, 11,
advanced metering infrastructure in smart grids’, IEEE Trans. Smart Grid, 2012,
(5), pp. 1–12
3, (3), pp. 1540–1551
79 Kosut, O., Jia, L., Thomas, R.J., et al.: ‘Malicious data attacks on the smart grid’,
111 Cleveland, F.M.: ‘Cybersecurity issues for advanced metering infrastructure
IEEE Trans. Smart Grid, 2011, 2, (4), pp. 645–658
(AMI)’. 2008 IEEE Proc. Power and Energy Society General Meeting –
80 Ozay, M., Esnaola, I., Vural, F.T.Y., et al.: ‘Sparse attack construction and state
Conversion and Delivery of Electrical Energy in the 21st Century, 2008, pp. 1–5
estimation in the smart grid: centralized and distributed models’, IEEE J. Sel.
Areas Commun., 2013, 31, (7), pp. 1306–1318 112 Grochocki, D., Huh, J.H., Berthier, R., et al.: ‘AMI threats, intrusion detection
requirements and deployment recommendations’. 2012 IEEE Third Int. Conf.
81 Liu, L., Esmalifalak, M., Ding, Q., et al.: ‘Detecting false data injection attacks on
power grid by sparse optimization’, IEEE Trans. Smart Grid, 2014, 5, (2), on Proc. Smart Grid Communications (SmartGridComm), 2012, pp. 395–400
pp. 612–621 113 Anwar, A., Mahmood, A.N., Tari, Z.: ‘Identification of vulnerable node clusters
82 Rahman, M.A., Mohsenian-Rad, H.: ‘False data injection attacks with incomplete against false data injection attack in an AMI based smart grid’, Inf. Syst., 2015, 53,
information against smart power grids’. Proc. Global Communications Conf. pp. 201–212. Available at url: http://www.sciencedirect.com/science/article/pii/
(GLOBECOM), 2012 IEEE, 2012, pp. 3153–3158 S0306437914001884
83 Anwar, A., Mahmood, A.N., Pickering, M.: ‘Data-driven stealthy injection 114 McLaughlin, S., Podkuiko, D., McDaniel, P.: ‘Energy theft in the advanced
attacks on smart grid with incomplete measurements’. Proc. Pacific-Asia metering infrastructure’. Proc. Int. Workshop on Critical Information
Workshop on Intelligence and Security Informatics, 2016, pp. 180–192 Infrastructures Security, 2009, pp. 176–187
84 Kim, J., Tong, L., Thomas, R.J.: ‘Subspace methods for data attack on state 115 McLaughlin, S., Holbert, B., Fawaz, A., et al.: ‘A multi-sensor energy theft
estimation: a data driven approach’, IEEE Trans. Signal Process., 2015, 63, detection framework for advanced metering infrastructures’, IEEE J. Sel. Areas
(5), pp. 1102–1114 Commun., 2013, 31, (7), pp. 1319–1330
85 Esmalifalak, M., Nguyen, H., Zheng, R., et al.: ‘Stealth false data injection using 116 Lisovich, M.A., Mulligan, D.K., Wicker, S.B.: ‘Inferring personal information
independent component analysis in smart grid’. 2011 IEEE Int. Conf. on Proc. from demand-response systems’, IEEE Sec. Priv., 2010, 8, (1), pp. 11–20
Smart Grid Communications (Smart-GridComm), IEEE, 2011, pp. 244–248 117 Mrmol, F.G., Sorge, C., Ugus, O., et al.: ‘Do not snoop my habits: preserving
86 Yu, Z.H., Chin, W.L.: ‘Blind false data injection attack using PCA approximation privacy in the smart grid’, IEEE Commun. Mag., 2012, 50, (5), pp. 166–172
method in smart grid’, IEEE Trans. Smart Grid, 2015, 6, (3), pp. 1219–1226 118 McKenna, E., Richardson, I., Thomson, M.: ‘Smart meter data: balancing
87 Esnaola, I., Perlaza, S.M., Poor, H.V., et al.: ‘Maximum distortion attacks in consumer privacy concerns with legitimate applications’, Energy Policy, 2012,
electricity grids’, IEEE Trans. Smart Grid, 2016, 7, (4), pp. 2007–2015 41, pp. 807–814
88 Rahman, M.A., Al-Shaer, E., Kavasseri, R.G.: ‘A formal model for verifying the 119 Sankar, L., Rajagopalan, S.R., Mohajer, S., et al.: ‘Smart meter privacy: a
impact of stealthy attacks on optimal power flow in power grids’. Proc. ICCPS’14: theoretical framework’, IEEE Trans. Smart Grid, 2013, 4, (2), pp. 837–846
ACM/IEEE Fifth Int. Conf. on Cyber-Physical Systems (with CPSWeek 2014), 120 McLaughlin, S., Podkuiko, D., Miadzvezhanka, S., et al.: ‘Multi-vendor
2014, pp. 175–186 penetration testing in the advanced metering infrastructure’. ACSAC ’10 Proc.
89 Rahman, M.A., Al-Shaer, E., Kavasseri, R.: ‘Impact analysis of topology of the 26th Annual Computer Security Applications Conf., Austin, TX, USA,
poisoning attacks on economic operation of the smart power grid’. 2014 IEEE 2010, pp. 107–116. Available at url: http://www.doi.acm.org/10.1145/1920261
34th Int. Conf. on Proc. Distributed Computing Systems (ICDCS), 2014, .1920277
pp. 649–659 121 Yi, P., Zhu, T., Zhang, Q., et al.: ‘A denial of service attack in advanced metering
90 Liang, J., Sankar, L., Kosut, O.: ‘Vulnerability analysis and consequences of false infrastructure network’. Proc. 2014 IEEE Int. Conf. on Communications (ICC),
data injection attack on power system state estimation’, IEEE Trans. Power Syst., 2014, pp. 1029–1034
2016, 31, (5), pp. 3864–3872 122 Yi, P., Zhu, T., Zhang, Q., et al.: ‘Puppet attack: a denial of service attack in
91 Chakhchoukh, Y., Ishii, H.: ‘Coordinated cyber-attacks on the measurement advanced metering infrastructure network’, J. Netw. Comput. Appl., 2016, 59,
function in hybrid state estimation’, IEEE Trans. Power Syst., 2015, 30, (5), pp. 325–332
pp. 2487–2497 123 Jia, L., Kim, J., Thomas, R.J., et al.: ‘Impact of data quality on real-time locational
92 Kim, T., Wright, S.J., Bienstock, D., et al.: ‘Vulnerability analysis of power marginal price’, IEEE Trans. Power Syst., 2014, 29, (2), pp. 627–636
systems’. Arxiv preprint arXiv:1503.02360, 2015 124 Xie, L., Mo, Y., Sinopoli, B.: ‘Integrity data attacks in power market operations’,
93 Zhang, J., Sankar, L.: ‘Physical system consequences of unobservable IEEE Trans. Smart Grid, 2011, 2, (4), pp. 659–666
state-and-topology cyber–physical attacks’, IEEE Trans. Smart Grid, 2016, 7, 125 Choi, D.H., Xie, L.: ‘Ramp-induced data attacks on look-ahead dispatch in
(4), pp. 2016–2025 real-time power markets’, IEEE Trans. Smart Grid, 2013, 4, (3), pp. 1235–1243
126 Duan, J., Zeng, W., Chow, M.Y.: ‘Economic impact of data integrity attacks on 160 Vamvoudakis, K.G., Hespanha, J.P., Sinopoli, B., et al.: ‘Detection in adversarial
distributed DC optimal power flow algorithm’. Proc. North American Power environments’, IEEE Trans. Autom. Control, 2014, 59, (12), pp. 3209–3223
Symp. (NAPS), 2015, 2015, pp. 1–7 161 Mo, Y., Weerakkody, S., Sinopoli, B.: ‘Physical authentication of control
127 Choi, D.-H., Xie, L.: ‘Sensitivity analysis of real-time locational marginal price to systems: designing watermarked control inputs to detect counterfeit sensor
SCADA sensor data corruption’, IEEE Trans. Power Syst., 2014, 29, (3), outputs’, IEEE Control Syst., 2015, 35, (1), pp. 93–109
pp. 1110–1120 162 Lin, H., Slagell, A., Kalbarczyk, Z., et al.: ‘Runtime semantic security analysis to
128 Rangarajan, R.: ‘Quantifying the economic impacts of attacks on competitive energy detect and mitigate control-related attacks in power grids’, IEEE Trans. Smart
markets’. Proc. North American Power Symp. (NAPS), 2014, 2014, pp. 1–6 Grid, 2016, PP, (99), pp. 1–1 (early access), DOI: 10.1109/TSG.2016.2547742
129 Ye, H., Ge, Y., Liu, X., et al.: ‘Transmission line rating attack in two-settlement 163 Donde, V., Lòpez, V., Lesieutre, B., et al.: ‘Severe multiple contingency
electricity markets’, IEEE Trans. Smart Grid, 2016, 7, (3), pp. 1346–1355 screening in electric power systems’, IEEE Trans. Power Syst., 2008, 23, (2),
130 Tan, R., Krishna, V.B., Yau, D.K.Y., et al.: ‘Integrity attacks on real-time pricing pp. 406–417
in electric power grids’, ACM Trans. Inf. Syst. Sec. (TISSEC), 2015, 18, (2), 164 Premaratne, U.K., Samarabandu, J., Sidhu, T.S., et al.: ‘An intrusion detection
pp. 5:1–5:33 system for IEC61850 automated substations’, IEEE Trans. Power Deliv., 2010,
131 Giraldo, J., Crdenas, A., Quijano, N.: ‘Integrity attacks on real-time pricing in 25, (4), pp. 2376–2383
smart grids: impact and countermeasures’, IEEE Trans. Smart Grid, 2016, PP, 165 Hong, J., Liu, C.C., Govindarasu, M.: ‘Integrated anomaly detection for
(99), pp. 1–1 (early access) DOI: 10.1109/TSG.2016.2521339 cybersecurity of the substations’, IEEE Trans. Smart Grid, 2014, 5, (4),
132 Mohsenian-Rad, A.-H., Leon-Garcia, A.: ‘Distributed internet-based load altering pp. 1643–1653
attacks against smart power grids’, IEEE Trans. Smart Grid, 2011, 2, (4), 166 Yang, Y., McLaughlin, K., Sezer, S., et al.: ‘Intrusion detection system for network
pp. 667–674 security in synchrophasor systems’. IET Int. Conf. on Proc. Information and
133 Wei, D., Lu, Y., Jafari, M., et al.: ‘Protecting smart grid automation systems Communications Technologies (IETICT 2013), 2013, pp. 246–252
against cyber attacks’, IEEE Trans. Smart Grid, 2011, 2, (4), pp. 782–795 167 Pal, S., Sikdar, B.: ‘A Mechanism for detecting data manipulation attacks on PMU
134 Metke, A.R., Ekl, R.L.: ‘Security technology for smart grid networks’, IEEE data’. 2014 IEEE Int. Conf. on Proc. Communication Systems (ICCS), 2014,
Trans. Smart Grid, 2010, 1, (1), pp. 99–107 pp. 253–257
135 Yan, Y., Qian, Y., Sharif, H., et al.: ‘A survey on cybersecurity for smart grid 168 Pal, S., Sikdar, B., Chow, J.H.: ‘Detecting malicious manipulation of
communications’, IEEE Commun. Surv. Tutor., 2012, 14, (4), pp. 998–1010 synchrophasor data’. Proc. 2015 IEEE Int. Conf. on Smart Grid
136 Ma, R., Chen, H.-H., Huang, Y.-R., et al.: ‘Smart grid communication: its Communications (Smart-GridComm), 2015, pp. 145–150
challenges and opportunities’, IEEE Trans. Smart Grid, 2013, 4, (1), pp. 36–46 169 Morris, T., Pan, S., Adhikari, U., et al.: ‘Cybersecurity testing and intrusion
137 Wang, W., Lu, Z.: ‘Cybersecurity in the smart grid: survey and challenges’, detection for synchrophasor systems’, Int. J. Netw. Sci., 2016, 1, (1), pp. 28–52
Comput. Netw., 2013, 57, (5), pp. 1344–1371 170 Fan, Y., Zhang, Z., Trinkle, M., et al.: ‘A cross-layer defense mechanism against
138 Qiu, R.C., Hu, Z., Chen, Z., et al.: ‘Cognitive radio network for the smart grid: GPS spoofing attacks on PMUs in smart grids’, IEEE Trans. Smart Grid, 2015, 6,
experimental system architecture, control algorithms, security, and microgrid (6), pp. 2659–2668
testbed’, IEEE Trans. Smart Grid, 2011, 2, (4), pp. 724–740 171 Mitchell, R., Chen, I.R.: ‘Behavior-rule based intrusion detection systems for
139 Queiroz, C., Mahmood, A., Tari, Z.: ‘SCADASim–a framework for building safety critical smart grid applications’, IEEE Trans. Smart Grid, 2013, 4, (3),
SCADA simulations’, IEEE Trans. Smart Grid, 2011, 2, (4), pp. 589–597 pp. 1254–1263
140 Mallouhi, M., Al-Nashif, Y., Cox, D., et al.: ‘A testbed for analyzing security of 172 Faisal, M.A., Aung, Z., Williams, J.R., et al.: ‘Data-stream-based intrusion
SCA control systems (TASSCS)’. 2011 IEEE PES Proc. Innovative Smart Grid detection system for advanced metering infrastructure in smart grid: a
Technologies (ISGT), 2011, pp. 1–7 feasibility study’, IEEE Syst. J., 2015, 9, (1), pp. 31–44
141 Hahn, A., Ashok, A., Sridhar, S., et al.: ‘Cyber–physical security testbeds: 173 Zhang, Y., Wang, L., Sun, W., et al.: ‘Distributed intrusion detection system in a
architecture, application, and evaluation for smart grid’, IEEE Trans. Smart multi-layer network architecture of smart grids’, IEEE Trans. Smart Grid, 2011, 2,
Grid, 2013, 4, (2), pp. 847–855
(4), pp. 796–808
142 Ashok, A., Wang, P., Brown, M., et al.: ‘Experimental evaluation of cyber attacks
174 Fadlullah, Z.M., Fouda, M.M., Kato, N., et al.: ‘An early warning system against
on automatic generation control using a CPS security testbed’. Proc. 2015 IEEE
malicious activities for smart grid communications’, IEEE Netw., 2011, 25, (5),
Power Energy Society General Meeting, 2015, pp. 1–5
pp. 50–55
143 Sun, C.-C., Liu, C.-C., Xie, J.: ‘Cyber–physical system security of a power grid:
175 Xiao, Z., Xiao, Y., Du, D.H.C.: ‘Exploring malicious meter inspection in
state-of-the-art’, Electronics, 2016, 5, (3), p. 40
neighborhood area smart grids’, IEEE Trans. Smart Grid, 2013, 4, (1), pp. 214–226
144 Adhikari, U., Morris, T., Pan, S.: ‘WAMS cyber–physical test bed for power
176 Xiao, Z., Xiao, Y., Du, D.H.C.: ‘Non-repudiation in neighborhood area networks
system, cybersecurity study, and data mining’, IEEE Trans. Smart Grid, 2016,
for smart grid’, IEEE Commun. Mag., 2013, 51, (1), pp. 18–26
PP, (99), pp. 1–1 (early access), DOI: 10.1109/TSG.2016.2537210
177 Liu, J., Xiao, Y., Gao, J.: ‘Achieving accountability in smart grid’, IEEE Syst. J.,
145 Hahn, A., Govindarasu, M.: ‘Cyber attack exposure evaluation framework for the
2014, 8, (2), pp. 493–508
smart grid’, IEEE Trans. Smart Grid, 2011, 2, (4), pp. 835–843
178 Mashima, D., Cárdenas, A.A.: ‘Evaluating electricity theft detectors in smart grid
146 Deka, D., Baldick, R., Vishwanath, S.: ‘Data attack on strategic buses in the
power grid: design and protection’. Proc. 2014 IEEE PES General Meeting — networks’. Proc. Int. Workshop on Recent Advances in Intrusion Detection, 2012,
Conf. Exposition, 2014, pp. 1–5 pp. 210–229
147 Deng, R., Xiao, G., Lu, R.: ‘Defending against false data injection attacks on 179 Jindal, A., Dua, A., Kaur, K., et al.: ‘Decision tree and SVM based data analytics
power system state estimation’, IEEE Trans. Ind. Inf., 2015, PP, (99), pp. 1–1 for theft detection in smart grid’, IEEE Trans. Ind. Inf., 2016, 12, (3),
(early access), DOI: 10.1109/TII.2015.2470218 pp. 1005–1016
148 Liu, X., Li, Z., Li, Z.: ‘Optimal protection strategy against false data injection 180 Jokar, P., Arianpoo, N., Leung, V.C.M.: ‘Electricity theft detection in AMI using
attacks in power systems’, IEEE Trans. Smart Grid, 2016, PP, (99), pp. 1–1 customers’s consumption patterns’, IEEE Trans. Smart Grid, 2016, 7, (1),
(early access), DOI: 10.1109/TSG.2015.2508449 pp. 216–226
149 Sanjab, A., Saad, W.: ‘Data injection attacks on smart grids with multiple 181 Manandhar, K., Cao, X., Hu, F., et al.: ‘Detection of faults and attacks including
adversaries: a game-theoretic perspective’, IEEE Trans. Smart Grid, 2016, 7, false data injection attack in smart grid using Kalman filter’, IEEE Trans. Control
(4), pp. 2038–2049 Netw. Syst., 2014, 1, (4), pp. 370–379
150 Bi, S., Zhang, Y.J.: ‘Graphical methods for defense against false-data injection 182 Huang, Y., Tang, J., Cheng, Y., et al.: ‘Real-time detection of false data injection
attacks on power system state estimation’, IEEE Trans. Smart Grid, 2014, 5, in smart grid networks: an adaptive CUSUM method and analysis’, IEEE Syst. J.,
(3), pp. 1216–1227 2016, 10, (2), pp. 532–543
151 Bi, S., Zhang, Y.J.: ‘Using covert topological information for defense against 183 Li, S., Ylmaz, Y., Wang, X.: ‘Quickest detection of false data injection attack in
malicious attacks on DC state estimation’, IEEE J. Sel. Areas Commun., 2014, wide-area smart grids’, IEEE Trans. Smart Grid, 2015, 6, (6), pp. 2725–2735
32, (7), pp. 1471–1485 184 Ashok, A., Govindarasu, M., Ajjarapu, V.: ‘Online detection of stealthy false data
152 Talebi, M., Wang, J., Qu, Z.: ‘Secure power systems against malicious cyber– injection attacks in power system state estimation’, IEEE Trans. Smart Grid,
physical data attacks: protection and identification’. Proc. Int. Conf. on Power 2016, PP, (99), pp. 1–1 (early access), DOI: 10.1109/TSG.2016.2596298
Systems Engineering, 2012, pp. 11–12 185 Esmalifalak, M., Liu, L., Nguyen, N., et al.: ‘Detecting stealthy false data
153 Etemad, R.H., Lahouti, F.: ‘Resilient decentralized consensus-based state injection using machine learning in smart grid’, IEEE Syst. J., 2014, PP, (99),
estimation for smart grid in presence of false data’. Proc. 2016 IEEE Int. Conf. pp. 1–1 (early access), DOI: 10.1109/JSYST.2014.2341597
on Acoustics, Speech and Signal Processing (ICASSP), 2016, pp. 3466–3470 186 Ozay, M., Esnaola, I., Vural, F.T.Y., et al.: ‘Machine learning methods for attack
154 Liu, N., Chen, J., Zhu, L., et al.: ‘A key management scheme for secure detection in the smart grid’, IEEE Trans. Neural Netw. Learn. Syst., 2016, 27, (8),
communications of advanced metering infrastructure in smart grid’, IEEE pp. 1773–1786
Trans. Ind. Electron., 2013, 60, (10), pp. 4746–4756 187 Tang, B., Yan, J., Kay, S., et al.: ‘Detection of false data injection attacks in smart
155 Xia, J., Wang, Y.: ‘Secure key distribution for the smart grid’, IEEE Trans. Smart grid under colored Gaussian noise’. Arxiv preprint arXiv:1607.06015, 2016
Grid, 2012, 3, (3), pp. 1437–1443 188 Chen, G., Dong, Z.Y., Hill, D.J., et al.: ‘Exploring reliable strategies for
156 Tsai, J.L., Lo, N.W.: ‘Secure anonymous key distribution scheme for smart grid’, defending power systems against targeted attacks’, IEEE Trans. Power Syst.,
IEEE Trans. Smart Grid, 2016, 7, (2), pp. 906–914 2011, 26, (3), pp. 1000–1009
157 Ismail, Z., Leneutre, J., Bateman, D., et al.: ‘A game theoretical analysis of data 189 Chen, P.Y., Cheng, S.M., Chen, K.C.: ‘Smart attacks in smart grid
confidentiality attacks on smart-grid AMI’, IEEE J. Sel. Areas Commun., 2014, communication networks’, IEEE Commun. Mag., 2012, 50, (8), pp. 24–29
32, (7), pp. 1486–1499 190 Ma, C.Y.T., Yau, D.K.Y., Lou, X., et al.: ‘Markov game analysis for
158 Guo, Y., Ten, C.W., Hu, S., et al.: ‘Preventive maintenance for advanced metering attack-defense of power networks under possible misinformation’, IEEE Trans.
infrastructure against malware propagation’, IEEE Trans. Smart Grid, 2016, 7, Power Syst., 2013, 28, (2), pp. 1676–1686
(3), pp. 1314–1328 191 Ma, C.Y.T., Yau, D.K.Y., Rao, N.S.V.: ‘Scalable solutions of Markov games for
159 Mo, Y., Chabukswar, R., Sinopoli, B.: ‘Detecting integrity attacks on SCADA smart-grid infrastructure protection’, IEEE Trans. Smart Grid, 2013, 4, (1),
systems’, IEEE Trans. Control Syst. Technol., 2014, 22, (4), pp. 1396–1407 pp. 47–55
192 Yao, Y., Edmunds, T., Papageorgiou, D., et al.: ‘Trilevel optimization in power 197 Vukovic, O., Sou, K.C., Dan, G., et al.: ‘Network-aware mitigation of data
network defense’, IEEE Trans. Syst. Man Cybern. C, Appl. Rev., 2007, 37, (4), integrity attacks on power system state estimation’, IEEE J. Sel. Areas
pp. 712–718 Commun., 2012, 30, (6), pp. 1108–1118
193 Arroyo, J., Fernández, F.: ‘A genetic algorithm approach for the analysis 198 Esmalifalak, M., Shi, G., Han, Z., et al.: ‘Bad data injection attack and defense in
of electric grid interdiction with line switching’. 15th Int. Conf. on electricity market using game theory study’, IEEE Trans. Smart Grid, 2013, 4,
Proc. Intelligent System Applications to Power Systems, 2009. ISAP’09, 2009, (1), pp. 160–169
pp. 1–6 199 Bakken, D.E., Bose, A., Hauser, C.H., et al.: ‘Smart generation and transmission
194 Delgadillo, A., Arroyo, J.M., Alguacil, N.: ‘Analysis of electric grid interdiction with coherent, real-time data’, Proc. IEEE, 2011, 99, (6), pp. 928–951
with line switching’, IEEE Trans. Power Syst., 2010, 25, (2), pp. 633–641 200 Li, F., Qiao, W., Sun, H., et al.: ‘Smart transmission grid: vision and framework’,
195 Zhao, L., Zeng, B.: ‘Vulnerability analysis of power grids with line switching’, IEEE Trans. Smart Grid, 2010, 1, (2), pp. 168–177
IEEE Trans. Power Syst., 2013, 28, (3), pp. 2727–2736 201 Lasseter, R.H.: ‘Smart distribution: coupled microgrids’, Proc. IEEE, 2011, 99,
196 Chen, Y., Hong, J., Liu, C.C.: ‘Modeling of intrusion and defense for assessment (6), pp. 1074–1082
of cybersecurity at power substations’, IEEE Trans. Smart Grid, 2016, PP, (99), 202 Arritt, R.F., Dugan, R.C.: ‘Distribution system analysis and the future smart grid’,
pp. 1–1 (early access), DOI: 10.1109/TSG.2016.2614603 IEEE Trans. Ind. Appl., 2011, 47, (6), pp. 2343–2350

Cyber Attacks and Defences

Uploaded by

Copyright:

Available Formats

Cyber Attacks and Defences

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cyber Attacks and Defences

Uploaded by

Copyright:

Available Formats

IET Cyber-Physical Systems: Theory & Applications

Haibo He ✉, Jun Yan

1 Introduction is able to provide inclusive understandings and solutions without

Fig. 6 SE and subsequent functions in the EMS

5.2 Temporal vulnerability 5.4 Attack-resilient designs

You might also like

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.