The Impact of Stealthy Attacks on Smart Grid Performance: Tradeoffs and Implications

The smart grid is envisioned to significantly enhance the efficiency of energy consumption, by utilizing two-way communication channels between consumers and operators. For example, operators can opportunistically leverage the delay tolerance of energy demands in order to balance the energy load over time, and hence, reduce the total operational cost. This opportunity, however, comes with security threats, as the grid becomes more vulnerable to cyber-attacks. In this paper, we study the impact of such malicious cyber-attacks on the energy efficiency of the grid in a simplified setup. More precisely, we consider a simple model where the energy demands of the smart grid consumers are intercepted and altered by an active attacker before they arrive at the operator, who is equipped with limited intrusion detection capabilities. We formulate the resulting optimization problems faced by the operator and the attacker and propose several scheduling and attack strategies for both parties. Interestingly, our results show that, as opposed to facilitating cost reduction in the smart grid, increasing the delay tolerance of the energy demands potentially allows the attacker to force increased costs on the system. This highlights the need for carefully constructed and robust intrusion detection mechanisms at the operator.Comment: Technical report - this work was accepted to IEEE Transactions on Control of Network Systems, 2016. arXiv admin note: substantial text overlap with arXiv:1209.176

Protection Against Graph-Based False Data Injection Attacks on Power Systems

Graph signal processing (GSP) has emerged as a powerful tool for practical network applications, including power system monitoring. By representing power system voltages as smooth graph signals, recent research has focused on developing GSP-based methods for state estimation, attack detection, and topology identification. Included, efficient methods have been developed for detecting false data injection (FDI) attacks, which until now were perceived as non-smooth with respect to the graph Laplacian matrix. Consequently, these methods may not be effective against smooth FDI attacks. In this paper, we propose a graph FDI (GFDI) attack that minimizes the Laplacian-based graph total variation (TV) under practical constraints. In addition, we develop a low-complexity algorithm that solves the non-convex GDFI attack optimization problem using ell_1-norm relaxation, the projected gradient descent (PGD) algorithm, and the alternating direction method of multipliers (ADMM). We then propose a protection scheme that identifies the minimal set of measurements necessary to constrain the GFDI output to high graph TV, thereby enabling its detection by existing GSP-based detectors. Our numerical simulations on the IEEE-57 bus test case reveal the potential threat posed by well-designed GSP-based FDI attacks. Moreover, we demonstrate that integrating the proposed protection design with GSP-based detection can lead to significant hardware cost savings compared to previous designs of protection methods against FDI attacks.Comment: This work has been submitted to the IEEE for possible publication. Copyright may be transferred without notice, after which this version may no longer be accessibl

Malicious data detection and localization in state estimation leveraging system losses

In power systems, economic dispatch, contingency analysis, and the detection of faulty equipment rely on the output of the state estimator. Typically, state estimations are made based on the network topology information and the measurements from a set of sensors within the network. The state estimates must be accurate even with the presence of corrupted measurements. Traditional techniques used to detect and identify bad sensor measurements in state estimation cannot thwart malicious sensor measurement modifications, such as malicious data injection attacks. Recent work by Niemira (2013) has compared real and reactive injection and flow measurements as indicators of attacks. In this work, we improve upon the method used in that work to further enhance the detectability of malicious data injection attacks, and to incorporate PMU measurements to detect and locate previously undetectable attacks