Escolar Documentos
Profissional Documentos
Cultura Documentos
by
Deepjyoti Deka
2015
The Dissertation Committee for Deepjyoti Deka
certifies that this is the approved version of the following dissertation:
Committee:
Ross Baldick
Alexis Kwasinski
Lauren A. Meyers
Sainath Moorty
Analysis of the Power Grid:
Structure and Secure Operations
by
DISSERTATION
Presented to the Faculty of the Graduate School of
The University of Texas at Austin
in Partial Fulfillment
of the Requirements
for the Degree of
DOCTOR OF PHILOSOPHY
Special thanks are due to Michael Chertkov at The Los Alamos National Lab
for hosting me in two summers that have led to a continued fruitful collaboration.
I thank Joel Mickey and Sai for my summer internship at ERCOT that helped me
gather a close look at the functioning of the electricity market from within.
v
Ioannis, Kumar Appaiah, Hongbo, Srinadh, Sarabjot, Harpreet, Sharayu, Abhishek
Gupta, Joyce, Murat and several others. I am indebted to fellow UT Austin stu-
dents, Pravesh, Rashish, Yezhou, Mahdi, Duehee, Vaidy and Michael for several
thought provoking discussions regarding research and life. I have had an envi-
able group of close friends throughout my stay at Austin that I am thankful for.
I especially thank Vinay, Sid and Arindam, my first roommates and partners in
crime, for all the fun and discovery. I also thank my undergraduate friends for
their warmth and sarcastic encouragement through all these years.
The past and current administrative staff at WNCG - Janet Preuss, Karen
Little, and Lauren Bringle and Graduate Coordinator of ECE Department Melanie
Gulick deserve my heartfelt thanks for always taking care of my academic appoint-
ments, travel arrangements and important paperwork. I thank the administrative
offices of the Dean of Students for enabling me to hold student leadership posi-
tions in the University. Interacting with students of different departments through
the Graduate Student Assembly and Graduate Engineering Council have enriched
my university experience.
Every small and big experience in the past few years has been in the com-
pany of Columbia. I cannot thank her enough for her love and support. Last but
not the least, I express my deepest gratitude to my PhD. parents and my brother
Reepjyoti. Their encouragement and unconditional love have made this journey
possible.
vi
Analysis of the Power Grid:
Structure and Secure Operations
Power Grids form one of the vital backbone-networks of our society pro-
viding electricity for daily socio-economic activities. Given its importance, there
is a greater need to understand the structure and control of the power grid for fair
power market computations and efficient delivery of electricity. This work stud-
ies two problems associated with different aspects of todays power grid network
and combines techniques from network science, control theory and optimization
to analyze them. The first problem relates to understanding the common struc-
tural features observed in several power grids across the world and developing
a trackable modeling framework that incorporates these features. Such a frame-
work can lead to insights on structural vulnerability of the grid and help design
realistic test cases to study effects of structural and operational reinforcements as
the grid evolves with time. We develop a generative model based on spatial point
process theory that provably produces the distinct exponential degree distribution
observed in several power grids. Further, critical graph parameters like diameter,
eigen-spread, betweenness centralities and clustering coefficients are used to com-
vii
pare the performance of our framework in modeling the power grids in Western
USA and under ERCOT in Texas.
viii
Table of Contents
Acknowledgments v
Abstract vii
List of Figures xi
Chapter 1. Introduction 1
1.1 Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.2 Main Contributions . . . . . . . . . . . . . . . . . . . . . . . . . . 9
1.3 Dissertation Outline . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Chapter 2. Background 13
2.1 Modeling Large Power Grids . . . . . . . . . . . . . . . . . . . . . 13
2.2 Analysis of Adversarial Attacks on Power Grids . . . . . . . . . . 15
ix
Chapter 4. Data Injection Attacks on Power Grids 44
4.1 State Estimation, Bad-Data Removal & Adversarial Action . . . . . 46
4.2 Hidden Injection Attack . . . . . . . . . . . . . . . . . . . . . . . 51
4.3 Detectable Injection Attack . . . . . . . . . . . . . . . . . . . . . 67
4.4 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Bibliography 126
Vita 136
x
List of Figures
1.1 Schematic map of the U.S. electric grid and its interconnects [10] . 5
1.2 Schematic diagram of a generalized state estimator in the power grid 8
3.1 Observed node degree distribution p.d.f in power grids (a) Western
US (b) ERCOT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
3.2 Region of Influence represented by Voronoi region for a 20 nodes
system with K = 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
3.3 Fitting sum of shifted exponential p.d.f.s from Equation (3.12) to
the node degree distribution produced by generative model with
variable parameter K . . . . . . . . . . . . . . . . . . . . . . . . . 29
3.4 Node degree distribution in real power grid and corresponding
similar sized network given by generative model for (a) Western
US power grid (b) ERCOT power grid. . . . . . . . . . . . . . . . . 31
3.5 Diameter of the network v/s size of the power grid for (a) real
power grids (b) generative model networks. . . . . . . . . . . . . 32
3.6 Comparison between Western US power grid and similar sized net-
work given by generative model for (a) Node betweenness central-
ity (b) Edge betweenness centrality. . . . . . . . . . . . . . . . . . 35
3.7 Comparison between ERCOT power grid and similar sized net-
work given by generative model for (a) Node betweenness cen-
trality (b) Edge betweenness centrality. . . . . . . . . . . . . . . . 36
3.8 Comparison of clustering coefficient between real power grids and
generative model networks. (a) Western US power grid (b) ERCOT
power grid . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
3.9 Comparison of spread of eigenvalues between real power grids and
generative model networks. (a) Western US power grid (b) ERCOT
power grid . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
3.10 Comparison of SIS infection propagation in real power grids and
generative model networks. (a) Western US power grid (b) ERCOT
power grid . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
3.11 Comparison of SIR infection propagation in real power grids and
generative model networks. (a) Western US power grid (b) ERCOT
power grid . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
xi
4.1 State Estimator for a power system [25, 26] . . . . . . . . . . . . . 45
4.2 IEEE 14-bus test system [9] . . . . . . . . . . . . . . . . . . . . . . 47
4.3 Optimal Attack Vector Design Example: red buses have phasor
measurements, all lines have flow measurements. Measurements
on the starred lines are corrupted to attack state variables on buses
2 and 8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
4.4 Average size of optimal hidden injection attack vector on IEEE
30, 57 and 118-bus systems with flow measurements on all lines,
voltage measurements on 25% of the buses and fraction of mea-
surements randomly protected. k is the number of state variables
under attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
4.5 Average number of additional protections needed in IEEE (a) 30-
bus, (b)57-bus, and (c)118-bus test systems to prevent hidden in-
jection attack on a target set of 3 buses by an adversary. Initially,
the system has flow measurements on all lines, voltage measure-
ments on 25% of the buses and protection on a fraction of measure-
ments selected randomly. The maximum number of measurements
that the adversary can inject data is 10 for the 30-bus system and
15 in the other cases. . . . . . . . . . . . . . . . . . . . . . . . . . 65
4.6 Performance of Algorithm 4 and 5 for IEEE 14 bus test system with
flow measurements on all lines, phasor measurements on 60% of
the buses and protection on a fraction of measurements selected
randomly. (a) Average size of feasible attacks (b) Average fraction
of simulated test cases with no feasible attacks. 14 > 1 + bc/2c
where c is size of undetectable attack . . . . . . . . . . . . . . . . 77
c
5.1 Effect of jamming cost pSJ and data injection cost pI on the min-
imum detectable jamming attack C derived from a cut C with
c
nCS (< |C |/2) secure and nCS insecure edges. Secure edges in the cut
are colored red while untouched, jammed and injected insecure
edges are colored white, blue and green colors respectively. When
c
pSJ < pI /2, attack cost can be reduced by replacing one data injec-
tion with jamming two measurements as shown in the cuts on the
c
left of C. For pSJ pI /2, attack cost is reduced by replacing two
jammed measurements by one measurement with data injection
while leaving the other untouched as shown on the right side of
cut C. Optimal attacks C got from this replacement are given by
Theorem 9. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
xii
5.2 Average cost of optimal attacks (hidden injection, detectable in-
jection and detectable jamming) produced for different values of
(size of secure edge and ) on the IEEE 14 bus test system with
flow measurements on all lines, phasor measurements on 60% of
the buses and protection on a fraction of measurements selected
randomly. The bad-data injection cost (pI ) is taken as 1. For the de-
c
tectable jamming attack, the jamming costs (pSJ ) considered are
0, 1/4, 3/4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
5.3 Average cost of optimal attacks (detectable injection and detectable
jamming) produced for finite on the IEEE 57 bus test system with
flow measurements on all lines, phasor measurements on 60% of
the buses and protection on a fraction of measurements selected
randomly. The bad-data injection cost (pI ) is taken as 1. For the de-
c
tectable jamming attack, the jamming costs (pSJ ) considered are
0, 1/4(< pI /2), 3/4(> pI /2). . . . . . . . . . . . . . . . . . . . . . . 104
5.4 Average fraction of simulated configurations with no feasible hid-
den and detectable jamming attacks given by Algorithm 6 for
different values of in IEEE 14 and 57 bus test systems. Each test
system has flow measurements on all lines, phasor measurements
on 60% of the buses and protection on a fraction of measurements
selected randomly. . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
5.5 Separation of the range of relative costs for jamming secure (pSJ )
c
and insecure (pSJ ) measurements into intervals with distinct for-
mulations for optimal detectable generalized attack. Interval I
c c
denotes [pSJ pI /2] [pSJ pI /2], Interval II denotes [pSJ <
T
c c
pI /2] [pSJ + pSJ pI ] and Interval III denotes [pSJ < pI /2] [pSJ +
T T
c c
pSJ < pI ]. The fourth interval pSJ < pSJ is not permissible by As-
sumption 1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
5.6 Average cost of hidden injection, detectable injection and hid-
den generalized attacks (when hidden injection attack exists) pro-
duced by Algorithm 7 on the IEEE 14 and 57 bus test systems with
flow measurements on all lines, phasor measurements on 60% of
the buses and protection on a fraction of measurements selected
randomly. The cost of data injection (pI ) is taken as 1. The costs
c
of jamming an insecure measurement (pSJ ) and a secure measure-
ment (pSJ ) are taken as .25 and .5 respectively. . . . . . . . . . . . . 107
xiii
5.7 Average cost of detectable generalized (DG) and detectable jam-
ming (DJ) attacks (considering configurations in Cost Intervals I
and II, produced by Algorithm 8 (with finite ) on the IEEE 14 and
57 bus test systems with flow measurements on all lines, phasor
measurements on 60% of the buses. In Interval I and II, the costs
of jamming an insecure measurement are taken as .6 and .25 re-
spectively. The costs of jamming a secure measurement and data
injection are taken as .8 and 1 respectively in both intervals. . . . 108
xiv
Chapter 1
Introduction
The power grid is a complex interactive system that affects all other sectors
of the economy. As depicted in Figure 1.1, it is a vast network of several thousand
nodes (representing electric buses) and links (representing transmission lines), in-
volved in continuous transfer of electric power. The past decade has seen increased
research and commercial interest in the grid on account of two primary reasons:
(a) expanding renewable resources and (b) improvement in real-time measurement
and control devices. While the need for renewables like solar and wind has always
been stressed, their actual usage have increased in recent time due to large scale
production of solar panels, wind farms and other renewable based technologies as
well as a universal drive for cleaner and environment-friendly fuels. The increased
deployment of real-time monitoring and control equipment, often on the consumer
side, has been pushed by advancements in communication technology and device
engineering. On account of both of these factors, the power grids operation and
control have become more dynamic than ever before. For example, renewable en-
ergy resources like wind and solar power are inherently distributed and stochastic
in nature and hence vary with time and location unlike traditional generation re-
sources that rely on fossil fuels or nuclear energy. Using renewable energy based
generation resources on a large scale hence requires robust control techniques and
1
reserves as they may not be able to follow dispatch instructions from the power
grids controller. Similarly, new bidirectional measurement devices like phasor
measurement units (PMUs) [1] and smart meters provide consumers the ability to
change their demand based on pricing information. In addition, they make it pos-
sible for the grid controller to use controllable demand to mitigate transmission
constraints and generation losses. New measurement devices thus have improved
the observability in the grid and made dynamic control and distributed decision-
making in the grid feasible. Both renewable technologies and new metering de-
vices are part of power grid advancements that are collectively termed as Smart
Grid technologies.
2
demand and introduction of new generation resources, such test networks should
be flexible to growth that resembles the grids temporal evolution. This will help
understand future consequences of present technologies and alleviate impending
problems. To achieve this goal, this work develops a structural framework that
incorporates the distinguishing topological features of large electricity grids and
analytically explains the mechanism behind their evolution.
Large scale meter placement in the grid has empowered the grid controller
by enhancing grid observability and controllability. Such meters are often digi-
tal in nature and use modern communication pathways for bi-directional passage
of information between the user and the controller. These meters and their dig-
ital communication are thus exposed to adversarial action that can corrupt the
measurements on site or during transmission. Adversaries, often cyber in nature,
can coordinately change meter readings to produce an incorrect estimate of the
current system state at the grid controller. As the system state is vital for reli-
able and optimal electricity delivery, such data attacks can result in sub-optimal
price formation in the electricity market and worse, result in unobservable com-
ponent failures that can lead to cascading outages in the grid. The ill-effects of
incorrect data collection had received attention in the 2003 North-East blackout
where incorrect telemetry due to an inoperative state estimator was listed as one
of its principal causes [2]. Similarly, erroneous use or estimation of system pa-
rameters has resulted in reported inefficient prices in the ERCOT power market
[3]. Practicality of such adversarial attacks has been widely studied in research
(Aurora test attack [4], PMU timing attack [5]) and also reported in national me-
3
dia (cyberspying [6], foreign hacking [7], Dragonfly virus [8]). There has thus
been a surge in recent work aimed at reinforcing the reliability of grid operations
by preventing adversarial attacks. This work contributes to this vital research di-
rection by development of novel adversarial attack regimes, that helps understand
the vulnerability of measurements in the current grid as well as discusses practical
techniques to prevent their occurrence.
1.1 Motivation
It is well known that the structure of any network deeply influences the
connectivity and spread of commodities between its nodes. In the case of a power
grid, its structure plays a vital role, particularly in transfer of power between dif-
ferent zones and spread of cascading failures. The importance of the structure of
the grid is heightened by the finding that power grids across nations and regions
show several common characteristics. It is worth mentioning here that a majority
of traditional IEEE test bus systems [9] used for study are limited by their small
network sizes. To understand the impact of upcoming technologies, there is thus
a need to implement them on test cases that include the patterns observed in large
4
Figure 1.1: Schematic map of the U.S. electric grid and its interconnects [10]
power grids. Significant work in the past show the connection the performance of
the power grid with its topological structure represented by its adjacency matrix
or its degree distribution. Albert et al. [11] and others [12, 13] have measured the
robustness of the grid against random or directed attacks and established the im-
portance of the physical network of the power grid in determining its vulnerabil-
understanding the topological network associated with power grids. The struc-
5
ture of the power grid, like other network infrastructure, has evolved over time
due to the addition of new buses and transmission lines. It is noteworthy that
in spite of geographical diversity, power grids across the world show structural
nential tailed degree distribution for power grid graphs across the world. In this
growth component that intuitively explains the emergence of the specific degree
distribution in the grid from its temporal evolution. This is similar to research in
other networks, including social networks [22], the Internet [23] and population
models for spread of diseases [24], which have led to development of network
the Barabasi-Albert model develops networks that grow by the principle of the
rich gets richer - where a new node entering the graph connects with well con-
nected nodes of higher degree. This is indeed observed when new users join an
online social network. For the Barabasi-Albert model, developed models have a
real grids. Favourable comparison of other critical graph features with real-world
6
cases justify the modeling framework and quantify its performance.
Reliable real-time operations of the power grid and control of its various
components rely on accurate monitoring of the state of its different components,
including line currents and breaker statuses on transmission lines and voltage and
power consumption on buses. These measurements are relayed to the grids cen-
tral controller by Supervisory Control and Data Acquisition (SCADA) systems and
used in the state estimation and subsequently in stability analysis and electricity
price formation. In reality, measurements collected in the grid suffer from random
noise and probabilistic communication failures. State estimators are able to over-
come them through the use of statistical methods like weighted least-square crite-
rion [25, 26] that utilize the redundancy in the measurements. Further, presence of
bad measurements can be detected and correspondingly removed by the bad-data
detector and remover present in the state estimator. Such an estimator is shown in
Figure 1.2. However, an adversary can evade the resident bad-data checks at the
estimator without raising any alarm through a network based coordinated attack
on multiple meters. Such adversarial manipulation can include different strategies,
including but not limited to data injection into meters, changing breaker statuses
as well as jamming/blocking of measurement communication to the state estima-
tor. An intelligent use of these adversarial tools can lead to either an unobservable
hidden [27] attack or an uncorrectable detectable [28, 29] attack. The vulnera-
bility of state estimation to these adversarial manipulation presents harmful con-
sequences to the grid health and needs to be carefully studied.
This dissertation analyzes data attacks from both the objective of adversary
7
Topology
Correction
Breaker Topology
Statuses Estimation Bad
Bad Data
Detection Good
Measurement
Correction
Figure 1.2: Schematic diagram of a generalized state estimator in the power grid
and grid controller. From the adversarys viewpoint, construction of low cost data
attacks using minimum resources enables a correct quantification of the grid vul-
nerability. From the grid controllers perspective, studying the minimal placement
of secure/incorruptible measurements and hardening of existing measurements to
prevent data attacks help drive techniques to build grid resilience. The design of
optimal attacks and the related problem of preventing them can be formulated as a
graph-theoretic problem. This is not surprising given that voltage, current, breaker
status measurements in the grid are based on nodes and edges in the power grid
graph and provide a graph-based interpretation of system observability [30]. This
motivates the application of common graph-theoretic problems like determina-
tion of constrained minimum weight cuts, construction of spanning trees, optimal
8
set-cover and graph coloring [31] in the study of data attacks. We discuss graph-
based formulation of attack regimes that include both unconstrained attacks and
attacks on specific buses in the grid. Further, this dissertation introduces novel
attack regimes that include ones focussed specifically on changing topology esti-
optimal attacks and associated protection schemes that will enable a precise quan-
tion. For ease of presentation, they are classified under two broad areas.
itively explains the common topological trends observed in evolving grids and in
degree distribution given by our generative model and show that it fits degree dis-
tributions in simulated networks as well as real world grids, notably the Western
US [34] and the ERCOT grids [35]. To demonstrate the efficacy of our approach, we
also compare important features including diameter, node and edge betweenness,
spread of eigenvalues and graph clustering of our generative model with the real
grids. To the best of our knowledge, this is the first attempt to model the ERCOT
9
power grids topology. To demonstrate the performance of our model, we com-
versary that uses data injection to change the values of insecure meter measure-
ments in the grid without getting detected by the state estimator. We provide a
mine the optimal cost attack aimed at changing the state estimate at a specific tar-
get set of nodes. We discuss the problem of preventing such attacks and present
ters to achieve resilience [37, 38]. When the additional secure measurements com-
prise of phasor measurement units (PMUs) that measure both line currents and
set cover problem that can be solved approximately by a distributed belief propa-
gation based algorithm [36]. Next, we develop a new detectable injection attack
framework where the adversary conducts a change in state estimate despite get-
ting detected at the estimator [29]. We show that the optimal attack design in this
case is given by a constrained graph cut problem and present two approximate
to solve it. We show that the optimal detectable attack have cardinality less than
half of that of hidden attacks on average, while preventing them requires much
10
greater presence of secure measurements.
11
we prove that the optimal attack, if it exists, requires attacking just one breaker in
the system while jamming the necessary flow measurements to prevent detection.
The threat posed by the designed attack frameworks and the performance
of our design and protection algorithms are presented by simulations on IEEE test-
cases.
12
Chapter 2
Background
ing two problems: characterizing and modeling of power grid structures and data
teristics of a network has been an active area of research in different fields. For
large power grids. [19] reports the presence of exponential nodal degree distri-
bution while considering power plants, substations, and 115 - 765 kV power lines
of the North American power grid. The exponential degree distribution is also
reported for the Western US power grid in [20]. Hines et al. in [21] suggest an
in North America. A clear exponential tail distribution for the New York Indepen-
13
an exponential degree distribution for power grids in several European countries,
namely Italy, UK, Ireland, Portugal, and for the entire connected component in the
Union for the Co-ordination of Transmission Electricity, UCTE. It is thus fair to
state that despite differing geographical shapes and terrains, power grids across
America and Europe possess an exponential distribution or, in the least, an ex-
ponential tail for the nodal degrees. This distinguishes power grids from other
commonly studied large networks like social networks that tend to have power-
law/scale free distributions.
14
Albert model [22]. [45] presents a modified generative model based on the Barabasi-
Albert model for exponentially distributed networks. Here, new nodes enter the
network and gets connected to existing nodes either randomly or with a probabil-
ity that gives preference to nodes with higher degrees. This model is restrictive as
it uses the principle of the rich gets richer which clearly does not apply to power
grids. Further the aforementioned models do not describe the spatial nature of the
power grid with physical nodes distributed over a geographical area. Our gen-
erative framework described in the next section provides a tractable yet simple
framework for understanding the temporally evolving spatial network associated
with power grids.
15
designing the optimal attack-vector for the constrained adversary and counter-
measures using l 0 and l 1 recovery methods. Similarly, in [51], the authors study
the creation of the optimal attack vector as a mixed integer linear program. Ref-
erence [48] presents a graph partitioning problem for attack construction derived
The authors in [50] discuss conditions for feasible data attack on a Kalman-Filter
based estimator for AC power flow systems. The case of hidden attacks under
effects of data attacks on pricing in the power market is analyzed in [52]. For the
problem of detecting such hidden injection attacks, a heuristic based detector for
malicious data is presented in [47]. [46] provides greedy schemes to place secure
ments needed for protection against all hidden injection attacks is equal to the
size of the state vector [27]. A major section of research on preventing hidden
attacks have focussed on using secure phasor measurements units (PMUs). PMUs
were first developed in the Power Lab at Virginia Tech under a contract with BPA
both the bus voltage phasor as well as the power flows on all transmission lines
incident on that bus. The problem of placing minimum number of PMUs to en-
sure secure observability in the system is a integer program (IP) with or without
nonlinear constraints and is NP complete for general grid graphs. Multiple pa-
pers [14, 53, 59] use commercial integer programming packages, TOMLAB [55]
and Cplex [54] for arriving at the optimal solution. Similarly, [56], [57] and [58]
16
use exhaustive binary search, a particle swarm optimization and an iterated local
search metaheuristic respectively to search for the optimal solution.
Aside from the mentioned research on hidden attacks, a line of work has
analyzed detectable data injection attacks that affect state estimation despite fail-
ing bad-data detection checks. In this attack mode, the adversary focusses on the
bad-date remover instead (see Fig. 1.2) and changes meter readings intelligently
to prevent the bad-data remover from removing some/all of the tempered mea-
surements from the system. Reference [28] demonstrates the construction of a
basic detectable attack (termed data integrity attack) by using half of the mea-
surements in the optimal hidden injection attack, and by damaging the rest. The
state estimator here removes only the damaged measurements as bad-data while
the other half manipulated by the adversary passes the bad-data detection test and
causes the attack. Thus the number of injected measurements is reduced by 50%
over that in the optimal hidden attack leading to a reduction in attack cost.
Note that both hidden and detectable attack regimes discussed till now
use data injection as an adversarial tool to design optimal attacks. An adversary
can also jam measurements. By jamming, we refer to any adversarial action that
prevents the state estimator from receiving or using a particular measurement.
Jamming can be conducted by several practical techniques including wireless jam-
mers, GPS spoofers, coordinated Denial of Service attack [60] or even by physical
damage to the device, meter and communication equipment [61]. These techniques
are often easier to implement than data injection attacks where the adversary must
breach on-site security at the meters and change their readings to precisely format-
17
ted real values. Further, unlike data injection attacks jamming can be conducted
on both insecure and secure (encrypted) measurements. Though jamming attacks
have been implemented in research, we are not aware of any prior analytical study
regarding their impact on constructing adversarial attacks. Including jamming
into the optimal attack framework is an important focus of this dissertation.
While estimating grid state variables as shown in Fig. 1.2, the estimator
uses topological data collected from breakers on transmission lines, in addition
to meter readings. The breaker statuses indicate whether transmission lines are
open and closed, and help determine the network topology based on which the
remaining state estimate is derived. Most data attacks discussed in literature ig-
nore the topology estimation process from adversarial manipulation. The authors
of [62] look at hidden data attacks where attacks on breaker statuses are con-
sidered together with malicious data on meter measurements. Using both breaker
status corruption and standard data injection into meters, [62] describes optimal
state preserving undetectable attacks. Here the states comprising of nodal voltage
phasors are kept unchanged while power injection estimates are changed using
minimum number of corrupted locations. Topology attacks using breaker statuses
and jamming of flow measurements are introduced in [63] for grids with a specific
meter configuration - where line flow measurements can be considered as state
variables. This dissertation develops a novel hidden topology attack framework
using breaker status changes and jamming of flow measurements that is able to
change the state estimate in a general grid.
18
Chapter 3
A tractable modeling framework for large power grids can benefit grid re-
search in several ways. For one, it helps develop analytical expressions for network
processes like failure propagation and changes produced by network changes like
creation/removal of transmission line or buses. Secondly, it helps design scalable
and realistic test cases that resemble large grids in operation today. Such test cases
can in turn be used for understanding the scope of new technologies and help im-
prove operational decisions on problems like placement of buffers/batteries and
locations for grid reinforcement. The primary goal of this chapter is to provide a
spatio-temporal generative framework that intuitively explains the common topo-
logical trends observed in evolving grids and in particular, provides an analytical
expression for the observed nodal degree distribution. Note that analytical models
like ours, unlike detailed modeling and simulation tools, do not lead to an exact
match for all characteristics but provide an accurate approximation with the addi-
tional benefit of mathematically tractability for important network measures [64].
To demonstrate the performance of our model, we compare important features in-
cluding diameter, node and edge betweenness, eigenvalues and graph clustering
of generated networks with similar sized real grids. We highlight that the goal is
to model the grid topology alone. Addition of electrical properties to our modeling
19
framework is a potential extension that will greatly aid its practical usage.
Structurally, the power grid is a graph with nodes representing the buses
in the grid and edges representing the transmission lines connecting the buses.
As mentioned in the Introduction, power grids across the world have been re-
ported to have node degree distributions that have exponential tails. We consider
20
two power grids here, and evaluate the node degree distributions of their repre-
sentative networks. Fig. 3.1(a) shows the node degree distribution of the reduced
Western US electrical power grid, which has 4941 nodes and 6594 edges [34]. The
second network we consider is the power grid in Texas that is under the Electric
Reliability Council of Texas (ERCOT) [35]. The connected graph has 5514 nodes
and 6522 edges and its node degree distribution is presented in Fig. 3.1(b).
We observe that for either power grid, the pd.f. of the degree distribution
has a significant exponential tail. Additionally, we note that each considered de-
gree distribution increases in value over a short interval preceding the exponential
tail. The same trend has been reported for the NYISO power grid in [44], where the
increase at the beginning has been called a kink. We also confirm the presence
of a kink and exponential tail in the Polish grid, whose network data is avail-
able with Matpower [65]. Due to the presence of this initial interval of increase,
the node degree distribution in the power grid deviates from an exact exponential
function. As elucidated in Figs. 3.1(a) and 3.1(b), the empirical degree distribution
X dki
pd f (d ) = wi e K
I(d ki ) (3.1)
i
where d denotes the degree of a node, K its mean and wi and ki are normalizing
constants and degree shifts associated with each exponential. In the next section,
we present our generative model that produces temporally evolving networks with
21
0
10
fitting sum of two exponentials
degree distribution of US Western Power Grid
1
10
p.d.f.
2
10
3
10
4
10
0 5 10 15 20
degree of nodes
(a)
0
10
fitting sum of exponentials
degree distribution of ERCOT
1
10
2
10
p.d.f.
3
10
4
10
5
10
0 2 4 6 8 10 12 14 16
degree of nodes
(b)
Figure 3.1: Observed node degree distribution p.d.f in power grids (a) Western US
(b) ERCOT
3.2 Generative Model for Power Grid Network
22
and I(.) the indicator function.
We show in the previous section that power grids possess an degree distri-
bution that can be represented by a sum of shifted exponentials. Our goal here is to
explain it using a temporally-evolving generative model based on the framework
of 2-D spatial point process theory. In our model, Ntotal nodes are placed one at a
time in space according to a two dimensional Poisson point process P with den-
sity . Here, edges/links between nodes are formed when a new node is placed into
the system. The new node connects to K of its nearest pre-existing nodes in the
network, where K is a parameter given by an integer-valued random variable with
known distribution. The growth step captures the expansion of power grids over
time due to the creation of new buses and resulting transmission lines. The param-
eter K here represents the tendency of new nodes to form multiple connections to
build robustness against failures in the physical network. The selection of nearest
neighbors for edge formation minimizes the costs of building transmission lines
which require significant investment in real estate and copper. We now, prove that
our model of network growth provides the appropriate shifted-exponential degree
distribution observed in real power grids.
23
process described in Section 3.2, it is clear that a new node born at time t connects
to an existing node a present in R if its location (chosen randomly) lies within as
Region of Influence (Rat ) - the area within R at time t such that for every point
b within that area, node a is amongst the K nearest neighbors of b. As shown in
Fig. 3.2.1, for K = 1 (new nodes link to their nearest neighbors), the region of
influences of existing nodes are given by a first order Voronoi tessellation [66] in
the disk R.
20
15
10
10
15
20
20 15 10 5 0 5 10 15 20
Figure 3.2: Region of Influence represented by Voronoi region for a 20 nodes sys-
tem with K = 1
24
This technique involves replacing the dynamics of a single node at each step with
the average dynamics of the entire system.
We first consider the case where K (number of links formed by the new
node) is a constant at k. Note that due to creation of k edges, each new node gets a
degree of k. Let N (m, t ) denote the average number of nodes of degree m at time t.
At time t +1, N (m, t ) increases if the new node born into the system connects with
nodes of degree m 1, and decreases if the new node links with nodes of degree
m. Now the probability of forming an edge to a node of degree m is proportional
to the cumulative volume under regions of influence of nodes of degree m. Note
that at each time step, the expected volumes of the k th order Voronoi-regions of
all existing nodes depend only on their positions (which are selected randomly)
and not on the order of their arrival into the system. Subsequently, each existing
node has the same expected volume of region of influence. Thereby the expected
cumulative volume of the regions of influence of nodes with degree m is propor-
tional to the fraction of nodes with degree m. The average increase in the number
of nodes of degree m at a time step is thus given by the following relation
N (m 1, t )k N (m, t )k
N (m, t + 1) N (m, t ) = (3.2)
t t
+ (m = k )
N (k, t ) 1
= (3.3)
t 1+k
25
N (m1,t )k
For m , k, we have N (m, t + 1) = N (m, t )(1 kt ) + t . For large t, again
using Lemma 4.1.2 in [67], we obtain
N (m1,t )
N (m, t ) limt t k k (mk ) 1
= =( ) (3.4)
t 1+k 1+k 1+k
The average fraction of nodes n(d ) with degree less than d, where d k, is given
by
1 1 k 1 k (dk1)
n(d ) = + + ... + ( )
1+k 1+k 1+k 1+k 1+k
1 + k (kd ) dk
n(d ) = 1 ( ) 1 e k (3.5)
k
N (m 1, t ) N (m, t )
N (m, t + 1) N (m, t ) = K K + (m = k 1 ) + (m = k 2 )
t t
(3.6)
N (k 1 , t ) K
N (k 1 , t + 1) N (k 1 , t ) = + .
t
26
For large t, using (3.3), this becomes
N (k 1 , t )
= (3.7)
t 1 + K
N (k 2 , t ) K (k2 k1 )
=( ) + (3.9)
t 1 + K 1 + K 1 + K
Finally, for m > k 2 , for large t, using the same method we get:
Using Equations (3.7), (3.8), (3.9) and (3.10), the fraction of nodes n(d ) with degree
less than d is given by
dk 1 dk 2
n(d ) (1 e K
)I(d > k 1 ) + (1 e K
)I(d > k 2 ) (3.11)
27
model. We first construct a random variable Z (m, t ) to represent the actual number
of nodes of degree m at time t. Let the locations of incoming nodes in the system be
given by y1 , y2 etc. beginning with the first node. We can then obtain a martingale
Zi (m, t ) as follows:
Zi (m, t ) = E (Z (m, t )|y1 , y2 ..., yi ) (3.13)
Note that the average number of nodes of degree m at time t, N (m, t ) = Z 0 (m, t ) =
E (Z (m, t ), while Z (m, t ) = Zt (m, t ). Further, |Zi (m, t ) Zi1 (m, t )| 2kmax where
kmax is the maximum value that K can take. Using the Azuma-Hoeffdings inequal-
ity [67] for martingale convergence, we have
x2
P (Z (m, t ) N (m, t ) x ) e 8k 2 t
28
0
10
generative model network
fitting sum of exponentials
1
10
2
10
p.d.f.
3
10
4
10
of Poission distribution = .8
K = number of links per new node
5
P(K=3) = .5, P(K=4) = .3, P(K= 5) = .2
10
0 5 10 15 20 25
degree of nodes
(a)
Figure 3.3: Fitting sum of shifted exponential p.d.f.s from Equation (3.12) to the
node degree distribution produced by generative model with variable parameter
K
We look at the two power grid networks described in Section 3.1 and model
them using our generative framework. To model the Western US electric power
grid (4941 nodes and 6594 edges), the parameter K in the generative model is
given values of 1, 2 and 12 with probabilities .54, .45995 and .00005 respectively.
Fig. 3.4(a) shows the comparison between the degree distribution of the Western
US electric power grid and the average degree distribution of a network with equal
number of nodes simulated using our generative model. Similarly, we model the
ERCOT power grid (5514 nodes and 6522 edges) using our generative model where
parameter K takes values of 1, 2 and 12 with probabilities .75, .24994 and .00006
respectively. Fig. 3.4(b) shows the comparison of degree distributions for this case.
29
Note that in either case, the support of K has a size of 3, where K takes the largest
value (> 10) with very lower probability (< 103 ). This large value in Ks support
models the few critical nodes in the grid that have degrees much greater than the
remaining nodes.
The preceding theoretical analysis, simulation results and fitting with real
grid data signify that our intuitive generative framework is able to model the dis-
tribution of nodal degrees while preserving mathematical tractability. Next we
look at other important parameters that affect the grids functioning and security
and compare their trends seen in real data with our generative model.
The diameter of a graph is the length of the longest route between any
two nodes in the graph. In power grids, the diameter affects the probability of
fragmentation following a directed or random adversarial attack on the network
nodes and edges [19, 70]. This is observed as diameter of the network is related to
the prevalence of nodes with high degree critical for connectivity in the grid. In
general, the scaling of the diameter of the power grid network with the number of
nodes is hard to quantify due to varying topological constraints and geographical
boundaries that affect connectivity in the network. Fig. 3.5(a) presents the aver-
age diameter observed in power grids with comparable average nodal degree as
presented in [21, 44]. Note that the average diameter of the network scales with
the logarithm of the number of nodes. The diameter of networks given by our
generative model for different values of N (number of nodes) and K (number of
30
0
10
Western US power grid network
generative model network
1
10
p.d.f.
2
10
3
10
4
10
0 2 4 6 8 10 12 14 16 18
degree of nodes
(a)
0
10
ERCOT network
generative model network
1
10
2
10
p.d.f.
3
10
4
10
0 5 10 15 20
degree of nodes
(b)
Figure 3.4: Node degree distribution in real power grid and corresponding similar
sized network given by generative model for (a) Western US power grid (b) ERCOT
power grid.
31
20
14
12
10
2 1 2 3 4
10 10 10 10
N (number of nodes in the network)
(a)
30
k=1
k=2
25 k=3
k=4
diameter of the network
k=5
20 k=6
k=7
k=8
15
10
0 2 3
10 10
N (number of nodes in the network)
(b)
Figure 3.5: Diameter of the network v/s size of the power grid for (a) real power
grids (b) generative model networks.
32
3.5 Betweenness Centrality of the Generative Model
33
We plot the p.d.f.s of node and edge betweenness centralities (L) for West-
ern US power grid in Figs. 3.6(a) and 3.6(b). For each betweenness centrality mea-
sure, we also plot the average p.d.f. obtained from a similar sized network given
by our generative model. It is evident from the plots that our generative model
accurately predicts both the node and edge betweenness centralities for the West-
ern US power grid. Next we consider the ERCOT power grid. We show the p.d.f.s
of its edge and node betweenness centralities in Figs. 3.7(a) and 3.7(b) respectively
and compare them with the corresponding centrality measures of networks given
by our generative model. We observe that our generative model induces centrality
characteristics that closely resemble that of the ERCOT grid. Note that, to model
the two power grids, our generative model uses values of parameter K mentioned
in Section 3.3.
34
0
10
Western US power grid network
generative model network
1
10
P(lnode L)
2
10
3
10
4
10 4 3 2 1 0
10 10 10 10 10
normalized node betweenness (L)
(a)
0
10
1
10
2
10
3
P(ledge L)
10
4
10
6
10
7
10 4 3 2 1 0
10 10 10 10 10
normalized edge betweenness (L)
(b)
Figure 3.6: Comparison between Western US power grid and similar sized network
given by generative model for (a) Node betweenness centrality (b) Edge between-
ness centrality.
35
0
10
ERCOT network
generative model network
1
10
2
10
P(lnode L)
3
10
4
10
4 3 2 1 0
10 10 10 10 10
normalized node betweenness (L)
(a)
0
10
ERCOT network
generative model network
1
10
2
10
P(ledge L)
3
10
4
10
4 3 2 1 0
10 10 10 10 10
normalized edge betweenness (L)
(b)
Figure 3.7: Comparison between ERCOT power grid and similar sized network
given by generative model for (a) Node betweenness centrality (b) Edge between-
ness centrality.
36
edges that can be formed using is neighbors. Clearly, i is given by di (di 1)/2
where di is the degree of node i. The maximum value of the clustering coefficient
is 1, and attained for nodes that form cliques (complete clusters) with their neigh-
bors. Fig. 3.8(a) shows the distribution of clustering coefficients in the Western US
power grid and that obtained on average for similar sized networks produced by
our generative model. The comparison for the clustering coefficient distribution of
the Texas power grid under ERCOT is given in Fig. 3.8(b). Note that the clustering
coefficient given by our generative model is similar to that observed in real grids,
though the performance is more pronounced for the ERCOT power grid.
eter. Among others, the eigen-spread controls network processes like SIS infection
propagation [71, 72] which have been used to study the propagation of frequency
the vulnerability of the grid to topological failures [29] and failures in interdepen-
dent networks [42]. Here, we plot the magnitude of the largest five largest eigen-
values of the adjacency matrix of power grid networks and compare them with
Though the general trend is similar, we note that our model needs further improve-
ment in simulating the largest eigenvalue in the considered power grids. We plan
37
0.9
Western US power grid network
generative model network
0.8
0.7
0.6
0.5
p.d.f
0.4
0.3
0.2
0.1
0
.5 1 .5 2.5 3.5 4.5 5.5 6.5 7.5 8.5 9.5 10.5
Clustering coefficient value
(a)
1
ERCOT network
0.9 generative model network
0.8
0.7
0.6
p.d.f.
0.5
0.4
0.3
0.2
0.1
0
.5 1.5 2.5 3.5 4.5 5.5 6.5
Clustering coefficient value
(b)
Figure 3.8: Comparison of clustering coefficient between real power grids and gen-
erative model networks. (a) Western US power grid (b) ERCOT power grid
6
Eigenvalue
2
1 2 3 4 5 6
Relative position
(a)
6
4
Eigenvalue
1 ERCOT network
generative model network
0
1 1.5 2 2.5 3 3.5 4 4.5 5
Relative position
(b)
Figure 3.9: Comparison of spread of eigenvalues between real power grids and
generative model networks. (a) Western US power grid (b) ERCOT power grid
the grid to random and intentional attacks by disruptive agents. Such attacks can,
in principle, disrupt the secure operation of the grid and delivery of electricity to
39
end users. In extreme cases, even a small disturbance inserted in the system from
outside can propagate to the rest of the network and cause a cascading outage.
Our interest lies in understanding if our generative model is capable of simulating
failure propagation in real grids.
40
works generated by our generative model. The similarity between the infection
propagation curves in real and generated networks highlights the potential use of
our generative model in designing grid resilience measures.
3.9 Summary
41
0.9
Western US power grid network
generative model network
0.8
0.7
Infected
fraction of nodes 0.6
0.5
0.4
0.3
0.2 Susceptible
0.1
0 200 400 600 800 1000
time
(a)
0.9
ERCOT network
generative model network
0.8
0.7
Infected
fraction of nodes
0.6
0.5
0.4
0.3
Susceptible
0.2
0.1
0 200 400 600 800 1000
time
(b)
Figure 3.10: Comparison of SIS infection propagation in real power grids and gen-
erative model networks. (a) Western US power grid (b) ERCOT power grid
42
1
Western US power grid network
0.9 generative model network
0.8
Removed
0.7
fraction of nodes
0.6
0.5
0.4
Susceptible
0.3
0.2
Infected
0.1
0
0 200 400 600 800 1000
time
(a)
1
ERCOT network
0.9 generative model network
0.8
Removed
0.7
fraction of nodes
0.6
0.5
0.4 Susceptible
0.3
0.2
Infected
0.1
0
0 200 400 600 800 1000
time
(b)
Figure 3.11: Comparison of SIR infection propagation in real power grids and gen-
erative model networks. (a) Western US power grid (b) ERCOT power grid
43
Chapter 4
Definition 1.
Hidden attack [27]: This attack is not detected by the bad-data detector.
Detectable attack [28, 29]: This attack initially fails the bad-data detection test but
passes it by deceiving the bad-data remover into labeling uncorrupted measurements
as bad data.
44
Bad Data
Detection
Good
Meter Bad
Measurements State Estimation
Measurement
Correction
Note that topology estimation as shown in Fig. 1.2 is not represented in the
estimator in Fig. 4.1 as we do not consider manipulation of breaker statuses in this
chapter. Attacks on topology estimation will be considered in Chapter 6. Follow-
ing [46], we define the adversarys objective as constructing an attack involving
minimum number of meter injections in order to produce a non-zero change in
the estimated state vector. In this context, we discuss algorithms to design the
optimal attack of each type and present counter-measures to prevent them. Our
approach does not require the knowledge of transmission line parameters used in
state estimation and only uses the adjacency matrix of the associated measurement
graph.
45
geting specific state variables in the grid. We formulate the problem of preventing
hidden attacks on the grid and discuss its hardness. We provide greedy algorithms
to secure existing measurements and a belief-propagation based algorithm to place
additional PMUs in the grid to hinder adversarial hidden attacks.
The power grid represents a graph G with set V of n buses (nodes) con-
nected by a set E of nE transmission lines (directed edges). As an example, the
IEEE 14 bus test system [9] is given in Figure 4.2.
Measurement Model: We use the DC power flow model [26] for the grid.
46
Bus 12 Bus 13
Bus 14
Bus 10
Bus 9
Bus 6
Bus 11
Bus 7
Bus 8
Bus 5 Bus 4
Bus 1 Bus 3
Bus 2
Here, voltage magnitudes are assumed to be constant at unity on all buses and the
state vector of the system comprises of all bus phase angles x Rn . Transmission
lines are assumed to be perfectly inductive (zero resistance) with a diagonal sus-
ceptance matrix B. We use xi to denote the phase angle at bus i and Bij to denote
the susceptance of line (i, j). We consider a m length measurement vector z Rm
that comprises of a) active power flows on lines and b) voltage phase angles on
buses, collected from conventional meters and phasor measurement units in the
grid. The relation between z and x is given by
z = Hx + e (4.1)
47
measurement noise vector with known covariance . If the k 1th and k 2th entries
(rows) in z (H ) measure the power flow on line (i, j) and the phase angle at node i
respectively, then the DC power flow gives
x
z = Hx = [H |h ] 0
Note that the augmented measurement matrix has the structure of a susceptance
weighted graph incidence matrix of rank n. From this point, we use x and H to
denote the augmented state vector and measurement matrices respectively.
State Estimation: The complete DC state estimator used here is given in Fig-
ure 4.1 [25, 26]. The true state estimate x is generated from measurement vector z
by a weighted least-square minimizer that minimizes the weighted residuals mag-
nitude given by J (x, z) = k.5 (z Hx )k2 over variable x. This step is followed by
48
a threshold () based bad-data detector that determines the presence of bad-data
by the following test:
If bad-data is detected, the bad-data remover is called to identify and remove bad-
data as described below.
Bad-data Removal: Using basic linear algebra [25, 26], it can be shown that the
residual vector r = z Hx = [I H (H T 1H ) 1H T 1 ]z. For cases with single
bad-data corruption, the optimal removal strategy is to remove the measurement
with the largest magnitude in r, where r is the normalized residual vector. For
the general case of multiple bad data entries (as in our case), the optimal strategy
for the estimator is to remove the minimum number of measurements such that the
residual produced by the remaining measurements passes the bad-data detection
test in (4.4). The removal of minimum measurements is based on the assumption
that bad data is more likely to have corrupted a smaller number of measurement
entries. Further, the estimator needs to ensure that the removed measurements
do not lead to a loss of rank in the measurement matrix as that will make the
system unobservable. The optimal bad-data removal procedure is formulated as
the following non-convex problem [25]:
J (x, zd ) d (4.6)
49
Here, Hd , zd , J (x, zd ) and d respectively denote the updated measurement ma-
NP-hard and hence iterative or greedy schemes are used in practice. Unless oth-
can suffer from bad-data arising from measurement noise. The remaining insecure
of jamming and associated notations to the next chapter. A feasible attack refers to
a successful attack; a feasible attack with minimum attack cost is called an optimal
attack (may not be unique). As attacks in this section are based on data injection
50
4.2 Hidden Injection Attack
We first consider hidden injection attacks. The authors of [27] show that
if a = Hc for some c Rn+1 , the residual calculated by the estimator doesnt
increase and an erroneous state vector estimate of x + c is produced without
raising any alarm. The optimal attack vector a is given as the solution of the
following optimization problem :
We now state and prove a theorem which will enable us to develop the
algorithm for determining the optimal attack vector.
Theorem 1. There exists a 01 vector copt for the optimal attack vector a for Problem
(H-I) such that ka k0 = kHcopt k0 .
Proof. Consider Problem (H-I). Let the optimal attack vector be given by a = Hc .
If c is a 0 1 vector, take copt = c . If c is not a 0 1 vector, construct vector copt
such that copt (i) = 1(c (i) , 0), i {1, n}. It follows from the structure of the
augmented H matrix (all measurements are flows) that kHcopt k0 kHc k0 . As a
is optimal, it follows that kHcopt k0 = kHc k0 = ka k0 .
51
if the susceptance Bij of every line in H is changed to 1. We, therefore, create a
matrix AH of size m x (n + 1) from H as follows:
It can be noted that AH represents the incident matrix for a graph with n + 1
nodes, with edges corresponding to flow measurements in H . We call this graph
G H . The (n + 1)th node in G H denotes the reference bus and is termed reference
node. Corresponding to secure and insecure measurements, we identify secure and
insecure edges in G H and denote their sets by S and S c respectively as well. The
main result, which gives the minimum attack vector for Problem (H-I) is included
in the following theorem.
Theorem 2. The optimal hidden injection attack in Problem (H-I) with measure-
ment matrix H is given by the minimum cardinality cut with no secure edges in
undirected graph G H with incidence matrix AH .
min kak0
c{0,1}n+1 ~0
s.t. a = AH c, c (n + 1) = 0, a(i) = 0 i S (S: Secure Set) (4.8)
This is the classical min-cut partition problem in graph theory. The min-
imum value of kak0 is, thus, given by the size of the min-cut in the undirected
graph G H with AH as incidence matrix, that contains no edges in S.
52
To ensure the non-inclusion of secure edges, we give them infinite weights
in G H and then compute its min-cut. Insecure edges are given unit weights.
We now add a further constraint to Problem H-I. We assume that the ad-
versary has a given target set Satck of state variables (phase angles at specific buses)
that need to be corrupted. An optimal attack vector is one that includes the min-
imum set of measurements that the adversary needs to inject data into to change
the state variables in the set Satck . The minimum cardinality attack vector a for
c (i) , 0 i Satck
It can be clearly observed that Problem (H-II) separates the nodes of G H (given by
the incidence matrix AH ) into two groups, one containing the nodes corresponding
to Satck and the other containing the reference node (n+1th node). Following The-
orem 2, we formalize the optimal attack vector construction for targeted attacks
Theorem 3. The optimal hidden injection attack in Problem (H-II) is given by the
minimum cut of the undirected graph G H which separates nodes in Satck from the
reference node and does not include any secure edges in set S.
53
It is noted that the secure and insecure edges in G H have infinite and unit
weights respectively. Further, we add an additional (n + 2)th node (titled attack
node) in G H and link it by edges of infinite weight to the nodes in the set Satck . The
optimal attack vector is now given by the cut of minimum weight separating the
reference node ((n + 1)th node) and the attack node ((n + 2)th node). The steps
of optimal attack vector construction are listed in Algorithm 1.
54
flow measurements on all lines in the system and phasor measurements on buses
numbered 1, 5, 6, 7, 12 and 13. Let the set of buses to be attacked by the adversary
be {2, 8}. The optimal attack vector is shown by measurements with stars in Figure
4.3.
Bus 13
Bus 12
Bus 14
Bus 10
Bus 9
Reference
Bus 6
Bus
Bus 11
Bus 7
Bus 8
Bus 5 Bus 4
Bus 1 Bus 3
Bus 2
Attack Bus
Figure 4.3: Optimal Attack Vector Design Example: red buses have phasor mea-
surements, all lines have flow measurements. Measurements on the starred lines
are corrupted to attack state variables on buses 2 and 8
cardinality of the optimal attack vector and thereby make it harder for an adver-
sary to conduct a successful hidden injection attack. We discuss policies for in-
creased resilience against hidden attacks in greater detail in the following section.
55
4.2.2 Prevention of Hidden Injection Attacks by Protecting Insecure Mea-
surements
Consider now the graph G H with secure edges (set S) and insecure edges
(set S c ) of weights infinity and unity respectively. We define the cost of protecting
an edge in G H to be equal to the reciprocal of its edge weight. Thus, an insecure
edge has a unit cost, while a secure edge has zero cost of protection. The following
theorem gives the optimal protection of insecure measurements to provide immu-
56
nity against all hidden injection attacks.
Theorem 4.
1. The optimal measurements that need to be protected to secure set Satck in Problem
(H-II) against any hidden injection attack are given by the insecure edges in the
minimum cost path from the attack node to the reference node in G H , where cost
of an edge is given by the reciprocal of its edge weight.
2. If no target set is specified, the optimal measurements to protect are given by the
insecure edges in the minimum cost spanning tree in G H .
Proof. We prove the result in the first statement concerning targeted attacks. Us-
ing the max-flow min-cut theorem [77], we see that nodes in Satck are immune
to hidden data attacks if the minimum weight cut and hence the maximum flow
between the reference node and attack node in G H is infinite. It is sufficient to
show that protecting the insecure edges in the minimum cost path from the attack
node to the reference node is the cost-optimal way of increasing the maximum
flow between these two nodes to infinity. We prove this by contradiction. Let us
assume that there is a strictly cheaper selection of edges Stemp than the minimum
cost path, that can be protected to make the flow between the attack node and
reference node equal to infinity. By using existing protected edges and edges in
Stemp , we can then find a path between the attack node and reference node with
total path cost strictly less than the cost of the minimum cost path. This contradicts
the definition of minimum cost path in the graph. Hence Proved.
57
The proof of the second statement follows a similar argument. If protection
of lesser number of insecure measurements than stated can prevent all hidden
injection attacks on a system without a target set, a tree can be constructed to
span all nodes in G H with lower cost than the minimum cost spanning tree. This
is a contradiction.
The minimum cost path and the minimum cost spanning tree in G H needed
in Theorem 4 can be determined in polynomial time using Dijkstras algorithm [31]
and Kruskals algorithm [31] respectively.
Using Theorem 3 and the max-flow min-cut theorem [77], it can be shown that
Problem (4.10) belongs to the general class of network loading problems [76] and
is equivalent to the problem of protecting minimum number of measurements to
58
make the maximum flow between the reference node and the attack node in graph
G H greater than kmax . We first give its hardness in the following theorem:
Proof. It follows from the duality of max-flow and min-cut that the cardinality of
the optimal attack vector of the adversary is equal to the maximum flow between
the attack node and the reference node in graph G H . Now, any permissible flow
between the attack and reference nodes needs to satisfy the flow constraints
arising from the capacities of edges in G H . Note that the capacity is 1 for an edge
corresponding to an unprotected measurement and otherwise. We know that
protecting a measurement in the grid increases the capacity of its corresponding
edge in G H from 1 to , or equivalently, removes the flow constraint on the corre-
sponding edge in the calculation of the max-flow. The solution to Problem (4.10)
thus gives the smallest set of edge flow constraints which need to be removed (or
the largest set of edge constraints which can be satisfied) to make the maximum
flow between the attack node and the reference node greater than kmax . Here
kmax is the maximum number of measurements that the adversary can corrupt si-
multaneously. The associated decision problem form determines if a solution to
Problem (4.10) exists such that the set of protected measurements Sprot has a given
cardinality. This is at least as hard as the constraint satisfiability problem which
finds the maximum number of constraints which can be simultaneously satisfied
in a given set of constraints and is known to be NP-complete in general [79]. Hence
Proved.
59
Thus, the optimal solution to Problem (4.10) would required computation-
ally intensive brute-force techniques. To overcome that, we give here two approxi-
mate solutions using greedy algorithms. The first approach in this context is given
in Algorithm 2.
Algorithm 2 First Greedy Algorithm to select measurement set Sprot for Problem
4.10
Input: Graph G H , set of nodes under attack: Satck , existing protected measure-
ments: S, adversarys constraint: kmax
60
of a minimum cost path finding algorithm and modify the edge costs slightly by
small random perturbations in every iteration to get the different minimum cost
paths. The total number of measurements that are protected by Algorithm 2 is of
course upper bounded by the cost of the minimum cost path connecting the ref-
erence node and the attack node as protecting every edge in the shortest path
would provide protection against every hidden attack and not just a constrained
adversary.
Algorithm 3 First Greedy Algorithm to select measurement set Sprot for Problem
4.10
Input: Graph G H , set of nodes under attack: Satck , existing protected measure-
ments: S, adversarys constraint: kmax
61
cost paths, Algorithm 2 protects each additional edge depending on its relative
frequency of occurrence in minimum cuts between the reference node and the
attack node. This is motivated by the fact that edges which are a part of greater
number of different minimum cuts are more critical to increasing the value of the
minimum cut. The computation of all minimum weight cuts between the refer-
ence node and the attack node is approximate and uses a polynomial time ran-
domized algorithm like Kargers algorithm [80]. Another approximate approach
similar to the one discussed in Algorithm 3 can be designed based on random per-
turbations of edge weights and iterative min cut computations to determine all
min cuts between the reference node and the attack node. For cases where Satck
is not specified, a greedy algorithm for preventing hidden attacks can be formed
by slightly modifying Algorithm 3 and computing global minimum weight cuts
in Step 3 instead of that between attack and reference nodes. It is to be noted
that both these approximate algorithms for protecting additional measurements
are greedy and based on polynomial time computations. They are thus less com-
putationally intensive than brute force approaches.
62
k) is taken as 2 and 4 respectively. The state variables under attack are selected
randomly as well. The associated optimal attack vector of the adversary is given
by Algorithm 1. We observe that, as expected, the general trend in each case is
an increase in the average size of attack vector with an increase in the fraction
of protected measurements. It is, however, worth noting that the increase in the
size of the attack vector is not steep. This indicates that random protections, in
general, do not increase the size of the hidden attack vector significantly.
63
In each system, 25% of the buses selected randomly have phasor measurements
and all lines are equipped with flow measurements. The threshold on the maxi-
mum number of measurements that the adversary can corrupt is taken as 15, while
the size of the set of buses under attack is taken as 3. An interesting observation
in Figures 4.5(a), 4.5(b) and 4.5(c) is the small average number of measurements
necessary to provide full protection to the target set against all adversarial hid-
den attacks. This follows from the fact that graphs representing power grids have
short diameters (discussed in Chapter 3). Thus, the number of measurements in the
shortest path separating attack and reference nodes in the grid is significantly
lower than the total number of buses in the grid.
16
30 bus, k= 2
57 bus , k =2
118 bus, k =2
14 30 bus, k = 4
57 bus, k = 4
size of the optimal attack vector
118 bus, k= 4
12
10
4
0 5 10 15 20 25
percentage of meaasurements randomly protected
Figure 4.4: Average size of optimal hidden injection attack vector on IEEE 30, 57
and 118-bus systems with flow measurements on all lines, voltage measurements
on 25% of the buses and fraction of measurements randomly protected. k is the
number of state variables under attack
64
2.6 2.6
Algorithm 2 Algorithm 2
2.4 Algorithm 3 Algorithm 3
2.4
Brute Force Selection Brute Force Selection
2.2 Full Protection Full Protection
additional measurements protected
2
2
average number of
average number of
1.8
1.8
1.6
1.6
1.4
1.4
1.2
1.2
1
0.8 1
0.8
0 5 10 15 20 25 0 5 10 15 20 25
percentage of measurements with existing protection fraction of meaasurements with existing protection
(a) (b)
2.4
Algorithm 2
2.2 Algorithm 3
Brute Force Selection
2
additional measurements protected
Full Protection
1.8
average number of
1.6
1.4
1.2
0.8
0.6
0.4
0 5 10 15 20 25
percentage of measurements with existing protection
(c)
Figure 4.5: Average number of additional protections needed in IEEE (a) 30-bus,
(b)57-bus, and (c)118-bus test systems to prevent hidden injection attack on a
target set of 3 buses by an adversary. Initially, the system has flow measurements
on all lines, voltage measurements on 25% of the buses and protection on a fraction
of measurements selected randomly. The maximum number of measurements that
the adversary can inject data is 10 for the 30-bus system and 15 in the other cases.
65
4.2.3 Prevention of Hidden Injection Attacks by PMU placement
1
if there is a PMU at bus i
ri =
0
otherwise
1 if i = j
Aij = if there is a line between buses i and j
1
0 otherwise
This is the classical set-cover problem. Presence of existing secure flow and pha-
sor measurements can be incorporated into the model to relax observability con-
straints over yi . Set cover is not solvable in polynomial time. However, it has been
seen that distributed approximate algorithms based on belief propagation give op-
timal results for several IEEE test-cases [36].
66
In the next Section, we discuss detectable attacks that are distinct from
hidden attacks discussed so far in this chapter.
We now analyze a new regime of data attacks that changes state estimation
despite getting detected by the estimators bad-data checks. Consider a data injec-
tion vector a that fails the bad-data detection test. For the bad- data identification
scheme given in (4.5), this data attack can nonetheless change the state estimate
if:
a) removal of k < kak0 measurements satisfies the bad-data detection test, and
b) removal of the k measurements maintains system observability.
For any Hc , 0, an injection vector a can be constructed by including more
than half of the non-zero entries in Hc and replacing the rest by 0. Observe that
kak0 > kHc ak0 . If removal of the non-zero terms in (Hc a) does not reduce sys-
tem observability, they are identified as bad-data instead of a and a feasible attack
is conducted. The optimal measurements to inject data is given by the non-zero
terms in optimal d of the following [29, 40]:
min kd k0 (D-I)
d{0,1}m ,cRn+1 ~0
s.t. c (n + 1) = 0, d (i) = 0 i S
67
b, while aspty denotes the sparsity pattern in vector a. In the rank constraint (4.14),
D is a 0 1 diagonal matrix with value of 0 for removed measurements. We now
describe graph-theoretic solutions for attack construction of this attack type. Un-
like Problem H-I, here a does not lie in the column space of H as certain entries
in the attack vector are deleted by the binary vector d. Condition (4.13) ensures
that the estimator incorrectly identifies uncorrupted elements of z corresponding
to non-zero data entries in (1 d ) (Hc) as bad-data. Note that after removal of
bad data, the attack vector a = d (Hc) passes the bad-data detection test as it
lies in the column space of the updated measurement matrix DH . Condition (4.14)
ensures system observability after removal of bad-data. Using the derivation of
Problem 4.8 from Problem H-I, we can generate the following equivalent formula-
tion of Problem D-I in terms of the incidence matrix AH of graph G H with secure
and insecure edge sets S and S c respectively.
min kd k0 (D-II)
d{0,1}m ,c{0,1}n+1 ~0
s.t. c (n + 1) = 0, d (i) = 0 i S
68
in the following theorem.
Theorem 6. The optimal detectable injection attack in Problem D-II is given by any
b1 + |C |/2c insecure edges in C , where C denotes the minimum cardinality cut in
G H with a minority of secure edges (|C S | < |C |/2).
Proof. We first show feasibility of the attack. Let d denote a m length 0 1 vector
with non-zero entries corresponding to b1 + |C |/2c edges in C S c . Thus kd k0 is
greater than |C |/2 and condition (4.15) is satisfied. The edges of C excluded from
d are removed as bad-data by the estimator. Here d preserves system observabil-
ity if graph G H stays connected after the estimator removes bad-data. Notice that
removing all edges in cut C always disconnects the graph. If the graph becomes
disconnected after the estimator removes bad-data, it follows that a proper subset
of the removed edges along with the edges corresponding to non-zero values in d
form a smaller graph-cut C 1 in G H of cut-size |C 1 | < |C |. Since non-zero values in
d belong to set S c and kd k0 > |C 1 |/2, it implies that the number of cut edges of
set S in C 1 is less than half of its cardinality. This contradicts the definition of C .
Thus vector d satisfies condition (4.16) by maintaining connectivity in G H . Note
that cuts of cardinality less than |C | contain lesser number of edges of S c than that
of S and cannot provide feasible attack vectors. The optimality of the attack con-
struction hence follows as d gives the minimum cardinality attack among feasible
attacks for graph-cut C .
69
Lemma 1. Let ah (hidden injection attack) and ad (detectable injection attack)
respectively be the optimal attack vector designs for Problem H-I and Problem D-II,
kah k0
formulated for the same system. Then the following holds: kad k0 b(1 + 2 )c
Lemma 2. The set of system conditions with feasible data attacks for Problem D-II
is larger than that for Problem H-I.
70
Corollary 1. An attack vector for Problem D-I always exists if less than half of the
measurements in the system are incorruptible.
71
cut exists in G H is equivalent to establishing the existence of a ratio-cut of value
less than .5 in G 1 , a known NP-complete problem [81]. Thus, Problem D-II is NP-
hard in general.
We now discuss two approximate schemes to find the optimal solution for
Problem D-II. The first scheme uses a SDP [82] based randomized approach as
shown below:
(a) SDP approach: Our SDP based technique builds upon the well-known
randomized solution for max-cut given by Goemans and Williamson [83]. From
Theorem 6, it is clear that we need the minimum cardinality cut in G H that con-
tains more edges of set S c than set S. The following is a SDP relaxation to find the
optimal feasible cut in G H .
Here, S n+1 is the space of positive semidefinite matrices of size (n +1). L1H is
the standard Laplacian matrix for graph G H with edge-weights unity, while, L2H is
a modified Laplacian for G H where edges in S and S c are given weights of 1 and 1
respectively. The original problem tries to label nodes in G H with values in {1, 1}
hL2H ,xx T i
so that hL1H , xx T i/2 represents the cut-size. Similarly, 4 1 ensures that
the cut contains greater number of edges of S c than of S. Following the work in
[83], we give randomized Algorithm 4 for Problem D-II.
72
Algorithm 4 SDP Relaxation for Problem D-II
1: Solve Problem P-4 to get X . Generate X = BT B by Cholesky decomposition.
2: Randomly pick a vector w Rn+1 .
3: for i = 1ton + 1 do
4: x (i) = 1(hB(i, :), wi 0) 1(hB(i, :), wi < 0)
5: end for
6: if hL2H , xx T i < 0 then
Output optimal attack as subset of 1 + b cut-size c
7: 2 c edges of S in cut defined by
x.
8: end if
We can also design another iterative min-cut algorithm that finds feasible
cuts by increasing edge-weights for secure edges in S instead of reducing inse-
cure edge-weights as done in Algorithm 5. In fact, the next chapter uses such an
iterative approach in Algorithm 6 for designing detectable attacks with jamming.
73
Algorithm 5 Iterative Min-cut based solution for Problem D-II
1: Give edge weight 1 in S c . Compute min-cut C in G H .
2: c |C |, cS iC 1(i S ), b 1
P
3: while (c < , 2cS c) do
4: if 2cS b + c then
5: 1 b (cS + b b(c + b 1)/2c) 1
6: Give edge weight in SSc , get min-cut C 1 in G H .
7: if |C | = |C 1 | then
8: b b+1
9: else
C C 1 , c |C |, cS iC 1(i S ), b 1
P
10:
11: end if
12: else
13: Randomly pick edge i C S, give weight.
14: 1 . Give weight of to S c . Compute min-cut C in G H .
c |C |, cS iC 1(i S ), b 1.
P
15:
16: end if
17: end while
18: if |C | , then
19: Output optimal attack as 1 + b c2 c edges of S c in C.
20: end if
74
and flow measurements on all lines. Figure 4.6(a) shows the average sizes of the
best detectable attack vectors constructed by our proposed Algorithms 4 and 5.
As expected, the size of the attack vector increases with increase in the number
of incorruptible measurements (S) in the system. Moreover, we plot the average
size of hidden attacks in the same figure to show the significant improvement in
cardinality offered by our attack regime; the improvement being greater for Algo-
rithm 5 than Algorithm 4. Next, Figure 4.6(b) plots the rise in the average fraction
of cases resilient to data attacks with number of incorruptible measurements (set
S). Observe that, unlike undetectable attacks that increasingly become infeasible
at higher levels of secure measurements, feasible attacks of our proposed model
are still designed by Algorithm 4 and 5. Thus, total resilience against attacks of
our regime requires greater placement of secure measurements than that needed
for protection against undetectable attacks. Both these figures validate our claim
that data attacks with detection are far more potent than previously studied un-
detectable attacks.
4.4 Summary
75
jection attacks that on average require less than half the number of manipulated
measurements needed for hidden attacks, and also demand greater presence of
secure measurements for prevention. We discuss the complexity of designing opti-
mal detectable attacks and present two approximate algorithms for it. Simulation
results on IEEE test systems help elucidate the performance of our designed algo-
rithms for attack construction. In the next chapter, we add measurement jamming
as a adversarial tool and analyze its effect on attack construction.
76
Undetetable attack
2.3 Detectable attack (Algorithm 4)
Detectable attack (Algorithm 5)
2.1
14
2
1.9
1.8
1.7
1.6
0.1 0.15 0.2 0.25 0.3 0.35 0.4 0.45 0.5 0.55
fraction of incorruptible measurements (S)
(a)
0.16
Undetectable attack
average fraction of cases with no feasible attack
0.12
0.1
0.08
0.06
0.04
0.02
0
0.1 0.2 0.3 0.4 0.5 0.6
fraction of incorruptible measurements (S)
(b)
Figure 4.6: Performance of Algorithm 4 and 5 for IEEE 14 bus test system with
flow measurements on all lines, phasor measurements on 60% of the buses and
protection on a fraction of measurements selected randomly. (a) Average size of
feasible attacks (b) Average fraction of simulated test cases with no feasible attacks.
14 > 1 + bc/2c where c is size of undetectable attack
77
Chapter 5
technically less resource intensive than data injection where meter readings have
are secure against data injection, it is noteworthy that they are jammable as well
(Eg. though meter damage), though at a cost higher than that of insecure mea-
surements Through these two techniques, we design novel attacks that generalize
Main Results: We consider two jamming strategies, one where the ad-
adversary can jam both secure and insecure measurements. In either case, the
the design of the optimal detectable jamming attack differs significantly from the
optimal detectable injection attack design only if the jamming cost per insecure
78
measurement is less than half the cost of data-injection. In contrast, we show that
for hidden jamming attacks, the optimal attack design is given by a simple attack
strategy independent of the jamming cost. For the regime where jamming is per-
mitted for all measurements, we design hidden and detectable generalized attacks
by an adversary incurring distinct costs for (a) jamming and (b) data injection in
insecure measurements, and (c) jamming of secure measurements. We show that
for detectable generalized attacks, the range of permissible costs for jamming
(secure and insecure measurements) and data injection can be divided into three
intervals based on their relative values (Fig. 5.5). In each cost interval, the optimal
generalized attack is constructed by solving at most two minimum weight con-
strained graph-cut problems specific to that interval. More importantly, we show
that generalized attacks are feasible even in systems with only one insecure mea-
surement and preventing them requires extending security to all measurements.
We design polynomial time approximate algorithms for attack vector construction
for both jamming and generalized regimes and demonstrate their performance
through simulations on IEEE test systems.
Notation for Adversarial Tools and Costs: We use the same notation
as the last chapter for variables in state estimation. Data injection is denoted by
an additive vector a that modifies the measurement vector to z + a. As secure
measurements are immune to data injection, a(i) = 0 i S. In contrast, jamming
c
is represented by removal of the jammed measurements from z. pI , pSJ and pSJ
denote the costs of data injection, jamming insecure measurements, and jamming
secure measurements respectively. Further, a permissible set of costs are assumed
79
to follow:
c
Assumption 1: 0 pSJ pSJ pI
The relations are based on the fact that jamming secure measurements is at least as
costly as jamming insecure measurements, while data injection is more resource
intensive than jamming. We use injection attacks to refer to attacks discussed
in the last chapter that use data injection alone. For attacks that additionally use
jamming of insecure measurements, we use the phrase jamming attacks. Attacks
that allow jamming of all measurements are termed generalized attacks. We
consider hidden and detectable attack types as defined in the last chapter.
Here the adversary can jam and remove insecure measurements at a cost
c
pSJ in addition to injecting data at cost pI . Note that for a non-zero change in state
estimate, adversary should inject data into at least one insecure measurement.
Theorem 2 states that the optimal hidden injection attack is given by the
minimum cardinality cut in measurement matrix G H that does not include any
c
secure edge of set S. Using pSJ pI , it is clear that the optimal hidden jamming
attack is derived from the optimal hidden injection attack and is given by the
following theorem.
c
Theorem 8. The optimal hidden jamming attack for all permissible pI and pSJ is
constructed by injecting data into one edge and jamming the remaining edges in the
80
minimum cardinality cut in G H with no secure edges.
The optimal cut in this case can thus be determined in polynomial time by
running Algorithm 1 with no target set.
81
is a decreasing function of k CJ . Therefore, the minimum cost attack for feasible
c
cut C is obtained by jamming nCS nCS 1 (the maximum permissible number of)
insecure edges. The remaining nCS + 1 insecure edges, greater than the number of
secure edges by one, are injected with bad-data. The attack cost thus reduces to
c c
pC = pSJ (nCS nCS 1) + pI (nCS + 1)
c c c c
= (pI pSJ )nCS + pSJ nCS + (pI pSJ ) (5.2)
c
Ignoring constant (pI pSJ ), this equals Cs cut-weight if secure and insecure edges
c c c
are given weights of (pI pSJ ) and pSJ respectively. Thus, if pSJ < pI /2, the optimal
detectable jamming cut corresponds to the feasible cut C with lowest cut-weight
c c
in G H , where secure and insecure edges have weights of (pI pSJ ) and pSJ respec-
tively.
c
Next consider interval B (pI /2 < pSJ pI ). In Eq. (5.1), if k CJ is reduced by 2,
the (|C | k CJ ) mod 2 term remains unchanged and the overall cost pC decreases.
Hence the optical attack for cut C corresponds to either k CJ = 0 or k CJ = 1, otherwise
the attack cost can be reduced further. Checking the contribution of (|C | k CJ )
mod 2 term, we note that the optimal attack for cut C is given by (k CJ = 0, kIC =
(1 + |C |)/2) for odd |C |, and (k CJ = 1, kIC = |C |/2) for even |C |. In either case, the
attack cost pC is an increasing function of the cut-size |C | as expressed below.
c
pC = pSJ (1 |C | mod 2) + pI b(1 + |C |)/2c (5.3)
82
Theorem 9. The minimum cost detectable jamming attack for measurement graph
c
G H with jamming cost pSJ and bad-data injection cost pI per insecure measurement
is constructed as follows.
c c c
pSJ < pI /2: Give weights of pI pSJ and pSJ to secure and insecure edges
respectively in G H and find the minimum weight feasible cut C with nCS secure
edges. Use (nCS + 1) insecure measurements for bad-data injection and jam the
rest.
c
pSJ pI /2: Find the minimum cardinality feasible cut C in G H . Use b(1 +
|C |)/2c insecure measurements for bad-data injection and jam (1|C | mod 2)
measurement.
The main argument is also elucidated through the example in Fig. 5.1. To
conclude, the range of permissible costs for jamming insecure measurements is
thus separable into two intervals with distinct designs for optimal detectable jam-
ming attack.
Note that the conditions necessary for feasible detectable jamming and
injection attacks are identical. The comparison of attack costs in detectable jam-
ming attacks with that of detectable injection attacks is given by the following.
c
Theorem 10. Let cut C with nCS secure and nCS insecure edges correspond to
the optimal detectable attack (no jamming). The cost of optimal detectable
jamming attack satisfies the following bounds.
83
< : Feasible cut
Secure
Insecure
c
Figure 5.1: Effect of jamming cost pSJ and data injection cost pI on the mini-
mum detectable jamming attack C derived from a cut C with nCS (< |C |/2) secure
c
and nCS insecure edges. Secure edges in the cut are colored red while untouched,
jammed and injected insecure edges are colored white, blue and green colors re-
c
spectively. When pSJ < pI /2, attack cost can be reduced by replacing one data
injection with jamming two measurements as shown in the cuts on the left of C.
c
For pSJ pI /2, attack cost is reduced by replacing two jammed measurements by
one measurement with data injection while leaving the other untouched as shown
on the right side of cut C. Optimal attacks C got from this replacement are given
by Theorem 9.
c
For pSJ < pI /2, the cost of the optimal detectable jamming attack is less than
c
c nCS nCS
that of the optimal detectable attack cost by at least (pI 2pSJ ) b 2 c +
c
pSJ (1 |C | mod 2).
c
For pSJ pI /2, the cost of the optimal detectable jamming attack is less than
84
c
that of detectable attack by pI pSJ (if |C | is even), and equal otherwise.
c
Proof. For pSJ pI /2, using Theorem 6 and Theorem 9, it follows that the optimal
cuts for detectable and detectable jamming attacks are identical. The difference
in costs follows immediately from the attack construction using the optimal cut C
c
in either case. For pSJ < pI /2, note that the minimum-cost detectable jamming
attack for feasible cut C is given by injecting bad-data into nCS + 1 edges and
jamming the other insecure edges. The difference in cost between detectable
jamming attack and detectable attack for cut C is thus:
c
nS + nCS c c
= pI b1 + C c pI (nCS + 1) pSJ (nCS nCS 1)
2
c
nCS nCS
Sc c
= (pI 2p J ) b c + pSJ (1 |C | mod 2) (5.4)
2
Finally, the following statements holds for the case with minimum jam-
ming cost.
c
Corollary 2. For pSJ = 0 (minimum jamming cost), the optimal detectable
jamming attack corresponds to the cut C , which has the minimum number of
secure edges among all feasible cuts.
c
For pSJ = 0, if a hidden attack exists, optimal detectable jamming and hid-
den jamming attacks corresponds to the same cut C .
85
5.1.3 Algorithms for Construction of Optimal Detectable Jamming At-
tack
Note that for = , in the worst case, there are |S | min-cut computations
(one for each secure edge) of complexity O (|V ||E| + |V | 2 log |V |) each, giving the
algorithm a computational complexity of O (|S ||V ||E| + |S ||V | 2 log |V |). However,
as the algorithm is approximate, it might not return a solution in every case. We
86
Algorithm 6 Detectable Jamming Attack Construction
Input: Graph G H with secure and insecure edge sets S, S c weighted based on
c
pSJ , pI , thresholds ,
87
feasible hidden attacks), and Fig. 5.2(b) (for configurations that are resilient to
hidden attacks). To demonstrate the efficacy of our approach, we compare the
trends with average costs of constructing hidden and detectable injection at-
tacks. Note that while the average detectable jamming attack cost is way below
half of the average hidden injection cost in Fig. 5.2(a), it is observed to eventually
decrease with increasing secure measurements in the system. This trend results
from the fact that system configurations resilient to attacks that increase with in-
creasing secure measurements are not accounted for in the plotted average attack
costs. Further, it is apparent that changing the value of does not affect the perfor-
mance of Algorithm 6 much. Similarly, Fig. 5.3 includes the average cost trends for
the 57 bus system, with in Algorithm 6 being taken equal to the weight of secure
measurements. Finally, Fig. 5.4 plots the increase in number of completely resilient
operating regimes (no feasible attack possible) with an increase in the number of
secure measurements in the system. This is similar to the finding in Fig. 4.6(b) in
the last chapter. It is easily evidenced in Fig. 5.4 that contrary to hidden attacks,
the number of secure operating regimes in detectable jamming attacks hardly
increases with an increase in the number of secure measurements. In the next
section, we present our generalized attack framework that allows jamming (not
data injection) of secure measurements by the adversary.
The adversary in this case has three tools (jamming secure measurement,
jamming insecure measurement, and data injection in insecure measurement) with
88
c
distinct costs per measurement (pSJ , pSJ , and pI ). From Assumption 1, we have
c
0 pSJ pSJ pI . The introduction of jamming of secure measurements creates
Theorem 2 and 8 states that feasible cuts for hidden injection and jam-
ming attacks cannot include any secure edge. With the capability to jam secure
measurements, this is no longer necessary. Consider a cut C with nCS secure and
c
nCS > 0 insecure edges. If all secure edges are removed by jamming, the remaining
cut can provide a hidden attack where one insecure edge is used for data injec-
c c c
tion and the rest are jammed. The total attack cost is pSJ nCS +pSJ nCS + (pI pSJ ). The
c
Theorem 11. Give weights of pSJ and pSJ to secure and insecure edges respectively
in G H and find the minimum weight cut C with non-zero number of insecure edges.
The optimal hidden generalized attack is constructed by using one insecure edge in
It is worth mentioning that the optimal attack design does not depend on
the relative values of the jamming and injections costs in this case. Next, we look
89
5.2.2 Detectable Generalized Attacks
This step ensures that after removal of jammed secure measurements, the
remaining cut has a majority of insecure edges. Following the approach in The-
orem 9, we aim to determine the optimal detectable generalized attack strategy
c
over different range of costs for pI , pSJ and pSJ . We begin with the following cost
interval.
c
Cost Interval I:[pSJ pI /2] [pSJ pI /2]
T
Let the adversary initially jam kCS secure edges in a cut C with non-zero insecure
c
edges, where kCS follows Lemma 3. Using Theorem 9 for pSJ pI /2, the mini-
mum cost attack using the remaining edges is constructed by injecting data into
1+|C |kCS
b 2 c and jamming (1 (|C | kCS ) mod 2) insecure edges. The total cost is
given by:
1 + |C | kCS c
pC = pSJ kCS + pI b c + pSJ (1 (|C | kCS ) mod 2) (5.5)
2
90
As pSJ pI /2, we note that pC is increasing with kCS . Using Lemma 3, the minimum
c c
cost is achieved at kCS = [nCS nCS + 1]+ . For Case A (nCS < nCS ), this gives kCS = 0 (no
jamming of secure measurement), and the optimal attack is identical in structure
c
to the optimal detectable jamming attack for [pSJ pI /2] in Theorem 9. For Case
c c
B (nCS nCS ), the optimal kCS equals nCS nCS + 1. The attack cost thus reduces to
c c
pC = pSJ (nCS nCS + 1) + pI nCS (using Eq. (5.5))
c
= pSJ nCS + (pI pSJ )nCS + pSJ (5.6)
Excluding the constant term, the optimal attack cost for C in Case B is equal to its
cut-weight if secure and insecure edges are given weights pSJ and pI pSJ respec-
tively.
As G H has cuts in both Case A and Case B, the optimal generalized at-
tack selects the minimum cost one among the optimal cuts of both cases. This is
summarized below:
Theorem 12. The optimal detectable generalized attack in G H for the cost interval
c
[pSJ pI /2] [pSJ pI /2] is given by the minimum cost attack among the optimal
T
Problem I-A. Find the minimum cardinality feasible cut C in G H with a minority
of secure edges. Use b(1 + |C |)/2c insecure edges for bad-data injection and jam
(1 |C | mod 2) insecure edges.
Problem I-B. Give weights of pSJ and pI pSJ to secure and insecure edges respectively
in G H and find the minimum weight cut C with (nCS |C |/2) secure edges and
91
c c
(nCS > 0) insecure edges. Inject data into all insecure edges and jam (nCS + 1 nCS )
secure edges.
c
Next we analyze cut C with nCS secure and nCS > 0 insecure edges in the
second cost interval.
c c
Cost Interval II: [pSJ < pI /2] [pSJ + pSJ pI ]
T
c
By Lemma 3, the adversary initially jams kCS [nCS nCS + 1]+ secure cut-edges
c c
leaving (nCS kCS ) secure and nCS insecure edges. As pSJ < pI /2, the minimum
cost attack constructed from the remaining edges includes data injection into nCS
kCS + 1 measurements and jamming the rest of the insecure measurements (see
Theorem 9). This gives an attack cost of:
c c
pC = pSJ kCS + pI (nCS kCS + 1) + pSJ (nCS nCS + kCS 1)
c c c c
= (pSJ + pSJ pI )kCS + (pI pSJ )(nCS + 1) + pSJ nCS (5.7)
c
As pSJ +pSJ pI , the attack cost in Eq. (5.7) increases with kCS . The minimum attack
c c
cost is thus attained for Case A (nCS < nCS ) at kCS = 0, and for Case B (nCS nCS ) at
c
kCS = nCS nCS + 1. The corresponding attack costs are given by:
c c c
pC = (pI pSJ )(nCS + 1) + pSJ nCS (for Case A) (5.8)
c
pC = pSJ (nCS + 1) + (pI pSJ )nCS (for Case B) (5.9)
Observe that in either case, ignoring additive constants, the optimal attack cost is
given by the cut-weight of C with distinct weights for secure and insecure mea-
surements. We can thus determine the optimal detectable generalized attack in
this interval as follows:
92
Theorem 13. The optimal detectable generalized attack in G H for the cost interval
c c
[pSJ < pI /2] [pSJ +pSJ pI ] is given by the minimum cost attack among the optimal
T
Problem II-B. Give weights of pSJ and pI pSJ to secure and insecure edges respectively
in G H and find the minimum weight cut C with (nCS |C |/2) secure edges and
c c
(nCS > 0) insecure edges. Inject data into all insecure edges and jam (nCS + 1 nCS )
secure edges.
c
As pSJ < pI /2 constraint is common to Interval II, the preliminary analysis here
is identical to the discussion preceding Eq. (5.7) and leads to the following attack
cost:
c c c c
pC = (pSJ + pSJ pI )kCS + (pI pSJ )(nCS + 1) + pSJ nCS (5.10)
c
where kCS [nCS nCS + 1]+ is the number of jammed secured measurements. Ob-
serve that the attack cost decreases on increasing kCS in this interval. The minimum
attack cost is thus obtained when kCS = max kCS = nCS for both Cases A and B. The
optimal attack cost for cut C is given by:
c c c
pC = pSJ nCS + pSJ nCS + (pI pSJ ) (for Cases A, B) (5.11)
93
which is an additive constant away from C cut-weight if secure and insecure edges
c
are given weights pSJ and pSJ respectively. The optimal detectable generalized
attack design is given by the following theorem.
Theorem 14. The optimal detectable generalized attack in G H for the cost interval
c c
[pSJ < pI /2] [pSJ + pSJ < pI ] is given by the optimal solution of the following graph
T
optimization problem:
c
Problem III. Give weights of pSJ and pSJ to secure and insecure edges respectively in
G H and find the minimum weight cut C with non-zero insecure edges. Inject data
into one insecure edge and jam all other secure and insecure edges.
1. Problems I-A and II-A pertaining to Case A in Intervals I and II are identical
to the sub-problems for designing optimal detectable jamming attacks in
Theorem 9.
2. Problems I-B and II-B pertaining to Case B in Intervals I and II are identical.
94
c
The first two observations arise from the constraint pSJ + pSJ pI in Intervals I
and II. This constraint restricts the optimal number of jammed secured measure-
ments at the minimum necessary for feasible attack construction, which is 0 for
cuts with majority of insecure edges. Thus Problems I-A and II-A are similar to
the ones in Theorem 9 where feasible cuts have a majority of insecure edges. For
c
Interval III, the constraint pSJ + pSJ < pI implies that the attack cost can be reduced
by replacing data injection at one measurement with jamming of a pair of insecure
and secure measurements or jamming two insecure measurements. Thus, the op-
timal detectable generalized attack in Interval III includes only one measurement
with data injection and is identical to the optimal hidden generalized attack in
Theorem 11.
Theorem 15.
2. Addition of new secure measurements in the system does not prevent generalized
attacks.
Proof. Consider the graph G H . As mentioned in Theorems 11, 12, 13 and 14, a
95
feasible generalized attack requires a cut in G H with non-zero number of insecure
edges. Such a cut does not exist only if all measurements are secure. Hence the first
statement holds. Addition of new secure measurements can increase the attack
cost of a cut but does not change its feasibility. Hence the second statement holds.
Consider the graph G H with sets S and S c of secure and insecure edges re-
spectively. The costs associated with jamming an insecure measurement, jamming
a secure measurement and injecting data into an insecure measurement are given
c
by pSJ , pSJ and pI respectively. We first discuss algorithm for designing hidden
generalized attacks.
96
type is given by the minimum weight cut C with non-zero insecure edges in G H ,
c
where secure and insecure edges have weight pSJ and pSJ respectively. Algorithm
7 outputs the optimal attack.
Working and Complexity: In each iteration of the While Loop (Step 2),
Algorithm 7 picks an insecure edge in S c and finds the minimum weight cut C that
contains it. The feasible cut C f is updated if the current cut C has lower weight. At
the end of the iteration, the optimal attack is constructed by injecting data into one
insecure edge and jamming the rest of the edges in C f . Since, minimum s t cut
can be computed using max-flow algorithm in O (|V ||E| log(|V | 2 /|E|)) time [84],
Algorithm 7 has polynomial time complexity of O (|S c ||V ||E| log(|V | 2 /|E|)).
We emphasize that hidden injection and jamming attacks also have poly-
nomial time-complexity, but involve only one min-cut computation. Next, we dis-
cus construction of detectable generalized attacks.
97
Detectable generalized attacks: The relative values of costs of jamming
and data-injection change the design of detectable generalized attacks. Attack
construction in Interval III is identical to that of hidden generalized attacks and
is given by Algorithm 7. Here, we discuss the construction for attacks in Intervals
c c c
I ([pSJ pI /2] [pSJ pI /2]) and II ([pSJ < pI /2] [pSJ + pSJ pI ]). Theorems 12
T T
and 13 state that in either interval, the optimal detectable generalized attack is
determined by solving two constrained graph-cut problems on G H . In each of
these problems (I-A, I-B, II-A and II-B), the constraint involves finding a cut C in
G H of Case A(nCS < |C |/2) or Case B(nCS |C |/2) where nCS is the number of secure
edges in the cut. Approximate algorithm (Algorithm 8) solves constrained graph-
cut problems of these form. Algorithm 8 is a generalization of Algorithm 6 used
in Section 5.1.3 and has additional constraints. The exact weights for secure and
insecure edges and constraint (Case A or B) in the algorithm are specified by the
particular problem being solved.
98
Algorithm 8 Detectable Generalized Attack Construction
Input: Graph G H , Set S and S c of secure and insecure edges respectively, edge
weights and Case (A or B) given by problem (I-A, I-B, II-A or II-B), ,
99
flow measurements on all lines and phase angle measurements on 60% (randomly
selected) of the system buses. We vary the fraction of secure measurements in the
system, and observe its effect on average cost of constructing data attacks. We first
consider Algorithm 7 that gives the optimal hidden generalized attack as well as
detectable generalized attack in Interval III. The cost of jamming an insecure mea-
injecting into a insecure measurement is taken as 1. Fig. 5.6 presents the trends in
attacks for the IEEE 14-bus and 57-bus test systems for configurations where hid-
den injection attacks are feasible. It is clearly observed that adding jamming to
the adversarial tools reduces the cost of hidden attacks greatly. In fact hidden
generalized attacks are less expensive than detectable injection attacks. Next we
(see Fig. 5.5). For Intervals I and II, the costs of jamming an insecure measurement
are taken as .6 and .25 respectively. The costs of jamming a secure measurement
and data injection into an insecure measurement are taken as .8 and 1 respectively
ments, we compare the average costs of detectable generalized (DG) attacks with
that of detectable jamming (DJ) attacks in each case. Fig. 5.7(a) presents the av-
erage DG and DJ attack costs for the IEEE 14-bus and 57-bus test systems in cases
with feasible hidden injection attacks. It can be observed that though jamming
of secure measurements reduces the average attack costs, its effect is more pro-
100
Similarly, Fig. 5.7(b) demonstrates the trends in average DG and DJ attack costs
for the same systems, but by considering only cases with feasible detectable in-
jections attacks. Even in this case, the cost improvement in DG over DJ attacks is
greater in Interval I.
Note that the rise in attack cost with increase in the fraction of secure
measurements in the system is greater in Fig. 5.7(b) than in Fig. 5.6 and Fig. 5.7(a),
where the slopes are flatter and even negative for some average cost curves. This
disparity is due to the way we compute average attack costs for the figures. In
Figs. 5.6 and 5.7(a), we only record attack costs for system configurations with
feasible hidden injection attacks. As the number of such configurations decreases
rapidly with increasing number of secure measurements, we end up averaging
over fewer configurations, many of which have small feasible graph-cuts leading
to lower recorded average attack costs. The number of feasible configurations for
detectable injection attacks does not decrease as rapidly, hence Fig. 5.7(b) has cost
curves with steeper slopes in general.
5.3 Summary
101
ments alone, we devise optimal hidden and detectable jamming attacks. We
show that for detectable jamming attacks, jamming significantly alters the opti-
mal attack only if the jamming cost is less than half the cost of bad-data injection.
For values of jamming cost greater than half the injection cost, detectable jam-
ming attacks correspond to the same optimal graph cut as detectable injection
attacks. For cases where jamming of secure measurements is allowed, we design
optimal hidden and detectable generalized attacks. We show that the optimal
hidden generalized attack is given by the minimum weight graph-cut where the
edge-weights for secure and insecure measurements are based on the costs of jam-
ming and data injection in the system. For detectable attacks, we show that the
entire range of relative costs for data injection and jamming of secure and in-
secure measurements can be divided into three separate intervals, with optimal
attack construction given by distinct constrained graph-cut formulations in each
interval. Significantly, we show that generalized data attacks are even feasible
for systems with a single insecure measurement and hence are not prevented by
adding new secure measurements. We present approximate algorithms that use it-
erative min-cut computations to determine the optimal jamming and generalized
attacks and present simulation results on their performance.
102
2.5 hidden attack
upper bound = (1+50%) hidden attack
detectable attack, finite
detectable attack, =
detectable jamming attack, pJ = 0, finite
detectable jamming attack, pJ = 0, =
detectable jamming attack, pJ <pI/2, finite
Average cost of optimal attack 2 detectable jamming attack, pJ < pI/2, =
when hidden attack possible
detectable jamming attack, pJ pI/2, finite
detectable jamming attack, p p /2, =
J I
1.5
1
0.5 0.55 0.6 0.65 0.7 0.75 0.8 0.85 0.9
Fraction of secure measurements in the system
(a)
2.2
2
when NO hidden attack possible
Average cost of optimal attack
1.8
1.6
(b)
Figure 5.2: Average cost of optimal attacks (hidden injection, detectable injec-
tion and detectable jamming) produced for different values of (size of secure
edge and ) on the IEEE 14 bus test system with flow measurements on all lines,
phasor measurements on 60% of the buses and protection on a fraction of mea-
surements selected randomly. The bad-data injection cost (pI ) is taken as 1. For
c
the detectable jamming attack, the jamming costs (pSJ ) considered are 0, 1/4, 3/4.
103
2.2
detectable attack, with hidden attack
det. jam. attack, p = 0, with hidden attack
J
det. jam. attack, pJ <pI/2, with hidden attack
2 det. jam. attack, p p /2, with hidden attack
J I
detectable attack, NO hidden attack
det. jam. attack, pJ = 0, NO hidden attack
Average optimal attack cost
1.6
1.4
1.2
1
0.5 0.55 0.6 0.65 0.7 0.75 0.8 0.85 0.9
Fraction of secure measurements in the system
Figure 5.3: Average cost of optimal attacks (detectable injection and detectable
jamming) produced for finite on the IEEE 57 bus test system with flow measure-
ments on all lines, phasor measurements on 60% of the buses and protection on
a fraction of measurements selected randomly. The bad-data injection cost (pI ) is
c
taken as 1. For the detectable jamming attack, the jamming costs (pSJ ) considered
are 0, 1/4(< pI /2), 3/4(> pI /2).
104
1
hidden attack, IEEE 14bus
detectable jamming attack, IEEE 14bus, finite
0.9 detectable jamming attack, IEEE 14bus, =
hidden attack, IEEE 57bus
0.8 detectable jamming attack, IEEE 57bus, finite
Fraction of system configurations
0.7
0.6
resilient against
0.5
0.4
0.3
0.2
0.1
0
0.5 0.55 0.6 0.65 0.7 0.75 0.8 0.85 0.9
Fraction of secure measurements in the system
105
1
.9
Interval I
c
.8
jamming cost in S/ injection cost in S
.7 Interval II
.6
.5
.4
.3
Not permissible
Interval III
.2
.1
.1 .2 .3 .4 .5 .6 .7 .8 .9 1
jamming cost in Sc/ injection cost in Sc
Figure 5.5: Separation of the range of relative costs for jamming secure (pSJ ) and
c
insecure (pSJ ) measurements into intervals with distinct formulations for optimal
c
detectable generalized attack. Interval I denotes [pSJ pI /2] [pSJ pI /2], In-
T
c c c
terval II denotes [pSJ < pI /2] [pSJ + pSJ pI ] and Interval III denotes [pSJ <
T
c c
pI /2] [pSJ + pSJ < pI ]. The fourth interval pSJ < pSJ is not permissible by Assump-
T
tion 1.
106
2.5 hidden injection attack, 14bus
detectable injection attack, 14bus
hidden generalized attack, 14bus
hidden injection attack, 57bus
detectable injection attack, 57bus
when hidden injection attack exists
1.5
1
0.5 0.55 0.6 0.65 0.7 0.75 0.8
Fraction of secure measurements in the system
Figure 5.6: Average cost of hidden injection, detectable injection and hidden
generalized attacks (when hidden injection attack exists) produced by Algorithm
7 on the IEEE 14 and 57 bus test systems with flow measurements on all lines,
phasor measurements on 60% of the buses and protection on a fraction of mea-
surements selected randomly. The cost of data injection (pI ) is taken as 1. The
c
costs of jamming an insecure measurement (pSJ ) and a secure measurement (pSJ )
are taken as .25 and .5 respectively.
107
1.65
1.3
1.25
1.2
1.15
0.5 0.55 0.6 0.65 0.7 0.75 0.8
Fraction of secure measurements in the system
(a)
1.9
Intervals I and II when detectable injection attack exists
1.5
1.4
1.3
1.2
1.1
0.5 0.55 0.6 0.65 0.7 0.75 0.8
Fraction of secure measurements in the system
(b)
Figure 5.7: Average cost of detectable generalized (DG) and detectable jamming
(DJ) attacks (considering configurations in Cost Intervals I and II, produced by
Algorithm 8 (with finite ) on the IEEE 14 and 57 bus test systems with flow mea-
surements on all lines, phasor measurements on 60% of the buses. In Interval I and
II, the costs of jamming an insecure measurement are taken as .6 and .25 respec-
tively. The costs of jamming a secure measurement and data injection are taken as
.8 and 1 respectively in both intervals.
108
Chapter 6
The previous two chapters describe data attacks where meter measure-
ments are modified to change the state estimate. This requires synchronously
through changes in breaker statuses used in state estimation as shown in Fig. 6.1.
We term these attacks as topology attacks. Here the adversary changes the sta-
tuses of a few operational breakers from 1 (closed) to 0 (open). Note that breaker
statuses, unlike meter readings, are binary in nature and fluctuate with lower fre-
quency as topology changes are slower than changes in power usage. In addition,
the adversary jams flow measurements on a subset of transmission lines in the grid.
Significantly, the adversary in this framework does not employ data injection in
any meter (non-breaker) reading in the system and hence can attack systems with
timation for any grid with line flow and nodal injection meters. The attack uses
breaker status changes and jamming of flow measurements but does not use me-
ter data injection. Injection meters are altogether untouched by the adversary. We
109
Topology
Correction
Breaker Topology
Statuses Estimation Bad
Bad Data
Detection Good
Measurement
Correction
use a novel graph-coloring based analysis to prove that under normal operating
conditions, a single breaker status change (with the necessary flow measurement
breakers, then an attack using only one break status change exists for the system
110
grid by graph G with set V of n buses/nodes connected by a set E of nE operational
transmission lines (directed edges). The set of binary breakers statuses for the
edges is denoted by the diagonal matrix D of size nE nE . We assume that all lines to
be initially operational (D is identity matrix) and ignore any non-operation line for
nE n. Each operational edge (ij) between nodes i and j has a corresponding row
Mij in M, where Mij = ei0 e j0. ei denotes the standard basis vector in Rn with
one at the i th location. The direction of flow on edge (ij) is taken to be from i to
j. Following the notation in Chapter 4, the state variables (bus phase angles) are
denoted by the n 1 vector x and the set of measurements is denoted by the vector
relies on the breaker statuses in D for topology estimation and then uses the meter
measurements z for estimating the state vector x. Note that in previous chapters,
with covariance matrix e . H is the measurement matrix and depends on the grid
structure and susceptance of transmission lines. Let the k 1th entry in z corresponds
to the flow measurement on line (ij). Then H (k 1 , :) (the k 1th row in H ) is given by
111
with the non-zero values at the i th and j th locations respectively. Bij is the sus-
ceptance of the line (ij). On the other hand, if the k 2th entry corresponds to an
injection measurement at node i, we have z(k 2 ) = r :(ir )E Bir (xi xr ). In matrix
P
112
status matrix, after attack, is denoted by D Da where diagonal matrix Da has a
value of 1 for attacked breakers. Similarly, the available flow measurements after
jamming are represented by T Ta , with diagonal matrix Ta having a value of 1
corresponding to jammed flows. We consider the cost of jamming a measurement
to be negligible compared to the cost of changing a breaker status. Let the new
state vector estimated after the topology attack be denoted by x + c, where c , 0
denotes the change. Note that if the flow measurement on a line is not jammed,
its value remains the same following the attack. Using (6.2), we have
(T Ta )BMx = (T Ta )BM (x + c)
(T Ta )BMc = 0 (6.4)
It follows immediately that if the breaker status on the r th line with flow measure-
ment is changed (Da (r , r ) = 1), to avoid detection, its flow measurement needs to
be jammed as well (Ta (r , r ) = T (r, r ) = 1). Thus,
Da (T Ta ) = 0 (6.5)
Consider the injection measurements (zinj ) now, which are not changed during the
attack. The breaker attack leads to removal of lines marked as open from Equation
(6.3), resulting in the following modification.
zinj = Minj
0
BMx = Minj
0
(D Da )BM (x + c)
Minj
0
Da BMx = Minj
0
(D Da )BMc
113
Equation (6.6) thus states that after the topology attack, for each injection mea-
surement, the sum of original flows contributed by lines with attacked breakers
(left side) needs to be accommodated by changes in estimated flows on lines (con-
nected to the same bus) whose breakers are intact but actual flow measurements
are not received (right side). Finally, for unique state estimation following the ad-
versarial attack (with one bus considered reference bus with phase angle 0) we
need
(T Ta )
" #
rank ( M 0 (D D ) BM ) = n 1 (6.7)
inj a
For our graph coloring based analysis, we use the following coloring scheme:
for any change c in the estimated state vector, neighboring buses with same value in
c are given same color. Using this, we now discuss a permissible graph coloring
corresponding to the requirements of a feasible attack discussed in the previous
section. Equation (6.4) states that if the flow on line (ij) between buses i and j is
not jammed, c (i) = c (j) (same color in our scheme). Thus, a set of buses con-
nected through lines with available flow measurements (not jammed) has
the same color.
114
This implies that the grid buses, following a feasible attack, can be divided
into groups, each group having a distinct color. The lines between buses of differ-
ent groups do not carry any flow measurement or are jammed by the adversary. A
test example is illustrated in Figure 6.2. Observe the buses with injection measure-
ments, that are not corrupted by the adversary. For an interior bus k, (all neigh-
boring nodes have the same color as itself), the right side of Equation (6.6) equates
to zero. The left side becomes equal to zero, under normal operating conditions,
if breakers on lines connected to bus k are not attacked. Thus, a feasible graph
boundary bus is one that has neighboring buses of colors distinct from itself.
Now, consider the injection meter installed on any boundary bus. Such
buses can exist in two configurations: a) connected to lines with attacked breaker
(see bus a in Figure 6.2) or b) connected to only lines with correct breaker statuses
(node b if line (b f ) did not have a breaker attack). In either case, using (6.6), we
with all interior buses into one supernode of that color. Make boundary buses
with injection measurements into supernodes with the same color. Connect su-
115
Line (ae) Bus b
Line (bf)
Bus a
Bus f
Bus d
Figure 6.2: Feasible graph coloring scheme on IEEE 14 bus system [9] with flow
measurements on all lines and injection measurements at buses a, b and d. The
blue, green and black buses are divided into groups and have same value of change
c in estimated state vector. The dotted red lines represent jammed lines, solid black
lines represent operational lines. The grey lines with red bars represent the lines
(ae) and (b f ) with attacked breakers.
2. For each line with intact breaker between two buses of different colors, cre-
on lines with attacked breakers connected to them (positive for inflow, negative
for outflow). If no incident line has attacked breaker, make the injection equal to
116
b
a Line (ae)
Line (bf)
d
Figure 6.3: Reduced graph construction for the test case given in Figure 6.2. The
blue, green and black solid circles represent super nodes for buses a, b and d re-
spectively. The flow on the dotted red lines are not measured after attack. The
grey lines with red bars represent lines with attacked breakers, that influence the
injections at supernodes a and b.
0.
Figure 6.3 illustrates the reduced graph construction for the example in
Figure 6.2. Note that in the reduced graph G, original lines between buses of same
color are removed. The included lines exist between buses of different colors and
have jammed or unavailable flow measurements. Similarly, injection measurement
relation (6.6) at interior nodes are trivially satisfied by c and are ignored. The re-
duced system, thus, only includes constraints from boundary injection measure-
ments that are similar in form to equation (6.6) as shown below:
X
Bab (ca cb ) = zinj (a) (6.8)
b:(ab)E
Here, a and b are supernodes of different colors. The numeric value for the color
of supernode a is given by ca (not the ath entry in c). B and E are the suscep-
117
tance matrix and edge set corresponding to the reduced graph G. zinj (a) denotes
the injection measurement on supernode a with value given by Step 3 in the re-
duced graph construction. Note that equation (6.8) for the injection measurements
involves rows of the susceptance weighted Laplacian matrix for G. A unique so-
lution of c for G in turn provides a uniquely estimated c in G after the adversarial
attack. We now look at condition (6.7), necessary for unique state estimation af-
ter a feasible adversarial attack in terms of graph coloring. The reduced graph G
greatly simplifies our analysis here.
First, it is clear that each color must have at least one supernode or a neigh-
boring supernode (of different color) with injection measurement. Otherwise the
value of c for that color will not be in any injection constraint. This goes against
uniqueness of state estimation. Note that the number of degrees of freedom in
c (representing distinct values in c) is one less than the number of colors as one
color denotes the reference phase change of 0. Using G, we prove the following
result regarding permissible graph coloring for unique estimation.
Proof. Let the number of colored groups be k. Then the number of independent
entries in c is k 1 (one entry being 0). The total number of linear constraints in-
volving the numeric values in c is equal to the number of injection measurements
at the supernodes in G. For unique state estimation, the number of injection mea-
118
surements should thus be greater than or equal to k 1. We now show that exactly
k 1 injection measurements are needed to get a solution to state estimation. Con-
sider the reduced graph G. For real valued line susceptances and for cases where
the supernodes having injection measurements do not form a closed ring with
no additional branches (see Figure 6.3), the rank of k 1 rows is k 1 and we
have unique state estimation. If the reduced graph G contains a closed ring of
supernodes with injection measurements, then the measurements will represent
the entire susceptance weighted graph Laplacian of the ring, that is rank deficient.
However, the real valued entries in (zinj
) that exist on the right side of (6.8) and
are derived from flows on lines with attacked breakers, will not cancel out under
normal operating conditions. Further, the adversary designing the attack is un-
aware of the current system state and will be able to determine if they do. Hence
the k 1 injections measurements constraints will be linearly independent (the
adversary will expect this under normal operations). This gives an unique c and c
for a k distinct colored grid graph.
119
more resource draining than measurement jamming). If multiple attacks are pos-
sible using the minimum number of breaker changes, we select as optimal the at-
tack that requires the least number of flow measurement jams. Using the reduced
graph G, we present the following result for the minimum number of breaker
changes needed for a feasible attack under normal operating conditions (non-zero
real-valued bus susceptances and line flows that are distinct for different grid ele-
ments).
Theorem 17. If a feasible attack can be designed with k breaker status changes, then
a feasible attack exists such that all but one breaker statuses are changed back to their
original operational state (1), while keeping their line flow measurements jammed.
Proof. Construct the reduced graph G with its colored supernodes for the feasible
attack with k breakers and necessary flow measurement jams. Let the number of
colors in state estimation change c be r +1. The length of c is then r +1. By Theorem
16, there are r injection measurements at the supernodes that provide constraint
equations listed in (6.8). If we revert the breaker status of an attacked line back to
1 while keeping its flow measurement jammed, the only change in any constraint
equation (6.8) involving that line will be that the injection measurement on the in-
cident node (entry in z) will be reduced by the original flow on that line as noted in
the third step of the construction of the reduced graph. Since all but one breakers
are brought back to the operational state, at least one injection measurement in z
will still remain non-zero and the r constraint equations will still have linear inde-
pendence. Thus, state estimation will result in a different but non-zero c, leading
to a feasible attack.
120
b
a Line (ae)
Line (bf)
Figure 6.4: Reduced graph construction for IEEE 14 bus case given in Figure 6.2,
but with line (b f ) being changed to a dotted red line. The blue, green and black
solid circles represent super nodes for buses a, b and d respectively. The flow on
the dotted red lines are not received. The only grey line with red bar represents
the line (ae) with an attacked breaker.
For example, consider the case in Figure 6.2 where two breaker statuses are
attacked. If the breaker status on line (b f ) is changed back to 1 while keeping the
flow measurement jammed, the new reduced graph that will be derived is given in
Figure 6.4. As mentioned in Theorem 17, the coloring scheme is still feasible and
This is a very significant result and simplifies the search for an optimal at-
tack greatly. Since one breaker change is sufficient, the adversary can select each
line in turn (nE iterations), attack its breaker (change the corresponding entry in
(given by diagonal Ta ) to conduct a feasible attack. The breaker change that re-
quires the minimum number of measurement jams (or maximally sparse Ta ) will
then give the optimal attack. The selection of jammed measurements, after fixing
121
Da , is formulated as (6.9).
minimize kT Mc k0 (6.10)
c,0
subject to Minj
0
Da BMx = Minj
0
BMc
The rank constraint (6.7) is not included in the optimization framework and can
be checked manually after determining Ta , for consistency.
122
11
IEEE 14 bus
IEEE 30 bus
10
IEEE 57 bus
1
0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9
fraction of buses with injection measurements
Figure 6.5: Average number of flow measurements jammed for optimal topology
attacks on IEEE test systems. Injection measurements are placed on a fraction of
buses (selected randomly) and flow measurements are placed on all lines.
jammed increases with the number of injection measurements. This happens due
ment jams.
6.4 Summary
the breaker statuses of operational lines and marks them as open. The adversary
also jams flow measurements on certain lines to prevent detection at the state
123
estimator. The attack framework is novel as it does not involve any injection of
corrupted data into meters or knowledge of system parameters and current system
state. Thus, this attack regime explores adversarial attacks on systems where all
meter readings are protected from external manipulation. The most important re-
sult arising from our analysis is that optimal topology attacks exist that require a
single breaker status change. Finally, we discuss a l 0 l 1 based optimization frame-
work to determine the optimal topology attack that selects minimum number of
jammed flow measurements to prevent detection.
124
Chapter 7
Conclusion
125
Bibliography
[2] B. Liscouski and W. Elliot, Final report on the August 14, 2003 blackout in
the United States and Canada: Causes and Recommendations, A report to US
Department of Energy, 40, 2004.
[3] http://texaselectricnews.com/unraveling-the-mystery-of-ercot-markets-fake-profits/
[4] J. Meserve, Staged cyber attack reveals vulnerability in power grid, CNN,
2007. Available: http://www.cnn.com/2007/US/ 09/26/power.at.risk/index.html.
[5] Shepard, D. P., Humphreys, T. E., and Fansler, A. A., Evaulation of the Vulner-
ability of Phasor Measurement Units to GPS Spoofing, International Journal
of Critical Infrastructure Protection, 2012.
[6] S. Gorman, Electricity grid in U.S. penetrated by spies, Wall St. J., 2009.
[7] http://freebeacon.com/national-security/u-s-power-grid-being-hit-with-increasing-
hacking-attacks-government-warns/
[8] http://www.nytimes.com/2014/07/01/technology/energy-sector-faces-attacks-
from-hackers-in-russia.html
126
[9] R. Christie, Power system test archive, Available: http://www.ee.washington.edu/research/pstca.
[11] R. Albert, H. Jeong, and A.-L. Barabasi, Error and attack tolerance of complex
networks, Nature, vol. 406, 2000.
[12] P. Erdos and A. Renyi, On the evolution of random graphs, Akad. Kiado, 1960.
[15] J. Lavaei and S. Low, Zero duality gap in optimal power flow problem, IEEE
Trans. Power Systems, vol. 27, 2012.
127
[19] R. Albert, I. Albert, and G. L. Nakarado, Structural vulnerability of the North
American power grid, Physical Review E, vol. 69 (2), 2004.
[20] L.A.N. Amaral, A. Scala, M. Barthelemy, and H.E. Stanley, Classes of small-
world networks, Proc. National Academy of Sciences, vol. 97, 2000.
[23] L. Garber, Denial-of-service attacks rip the Internet, Computer, vol. 33, 2000.
[25] A. Monticelli, Electric power system state estimation, Proc. IEEE, vol. 88,
2000.
[26] A. Abur and A. G. Exposito, Power System State Estimation: Theory and
Implementation, New York: Marcel Dekker, 2004.
[27] Y. Liu, P. Ning, and M. K. Reiter, False data injection attacks against state es-
timation in electric power grids, Proc. ACM Conf. Comput. Commun. Security,
2009.
128
[28] J. Kim, L. Tong, and R. J. Thomas, Data Framing Attack on State Estimation
with Unknown Network Parameters, Asilomar Conference on Signals, Syst.,
and Computers, 2013.
[29] D. Deka, R. Baldick, and S. Vishwanath, Data Attacks on the Power Grid DE-
SPITE Detection, IEEE PES Innovative Smart Grid Technologies, 2015. Available
at: http://arxiv.org/abs/1505.01881
[32] D. Deka and S. Vishwanath, Generative Growth Model for Power Grids,
Complex Network Workshop, Ninth International Conference on Signal-Image
Technology and Internet-Based Systems (SITIS), 2013.
[33] D. Deka, S. Vishwanath, and R. Baldick Analytical Models for Power Net-
works: The case of the Western US and ERCOT grids, IEEE Trans. Smart Grid
(submitted). Available at: http://arxiv.org/abs/1204.0165
[35] http://www.ercot.com/.
129
[36] D. Deka and S. Vishwanath, PMU placement and error control using belief
propagation, IEEE SmartGridComm, 2011.
[42] S.V. Buldyrev, R. Parshani, G. Paul, H.E. Stanley, and S. Havlin, Catastrophic
cascade of failures in interdependent networks, Nature, vol. 464, 2010.
130
[44] Z. Wang, A. Scaglione, and R. Thomas, Generating statistically correct ran-
dom topologies for testing smart grid communication and control networks,
IEEE Trans. Smart Grid, vol. 1, 2010.
[46] T. Kim and V. Poor, Strategic Protection Against Data Injection Attacks on
Power Grids, IEEE Trans. Smart Grid, vol. 2, no. 2, 2011.
[47] O. Kosut, L. Jia, R. J. Thomas, and L. Tong, Limiting false data attacks on
power system state estimation, Proc. Conf. Inf. Sci. Syst., 2010.
131
[52] L. Xie, Y. Mo, and B. Sinopoli, False data injection attacks in electricity mar-
kets, Proc. IEEE SmartGridComm, 2010.
[58] M. Hurtgen and J.-C.Maun, Optimal PMU placement using Iterated Local
Search, Intl. Journal of Electrical Power and Energy Systems, vol. 32, 2010.
132
[61] R. Smith, Assault on California Power Station Raises Alarm on Potential for
[62] J. Kim and L. Tong, On topology attack of a smart grid: Undetectable attacks
and countermeasures, IEEE J. Select. Areas Commun., vol. 31, no. 7, 2013.
[63] D. Deka, R. Baldick, and S. Vishwanath, Attacking Power Grids with Se-
cure Meters: The Case for using Breakers and Jammers, IEEE Infocom CCSES
Workshop, 2014.
random graph (p ) models for social networks, Social Networks, vol. 29, 2007.
133
[70] G. A. Pagani and M. Aiello, Towards decentralization: A topological investi-
gation of the medium and low voltage grids, IEEE Transactions on Smart Grid,
vol. 2, 2011.
[71] R.M. Anderson and R.M. May, Infectious diseases of humans, Oxford Uni-
versity Press, 1991.
[75] M. Jackson, Social and economic networks, Princeton University Press, 2008.
[78] M. Stoer and F. Wagner, A simple min-cut algorithm, J. ACM, 44(4), 1997.
134
[79] V. Kumar, Algorithms for Constraint-Satisfaction Problems: A Survey, AI
Magazine, vol. 13, 1992.
[80] D. R. Karger and C. Stein, A new approach to the minimum cut problem,
Journal of the ACM, vol. 43, 1996.
135
Vita
LAT
EX is a document preparation system developed by Leslie Lamport as a special version of
Donald Knuths TEX Program.
136