This paper introduces new analytical techniques for performing vulnerability analysis of state estimation when it is subject to a hidden false data injection cyber-attack on a power grid's SCADA system. Specifically, we consider ac state estimation and describe how the physical properties of the system can be used as an advantage in protecting the power system from such an attack. We present an algorithm based on graph theory which allows determining how many and which measurement signals an attacker will attack in order to minimize his efforts in keeping the attack hidden from bad data detection. This provides guidance on which measurements are vulnerable and need increased protection. Hence, this paper provides insights into the vulnerabilities but also the inherent strengths provided by ac state estimation and network topology features such as buses without power injections.