Abstract

Real power injections at loads and generators, and real power flows on selected lines in a transmission network are monitored and transmitted over a SCADA network to the system operator. These are used in state estimation algorithms to make dispatch, re-balance and other energy management system [EMS] decisions. Coordinated cyber attacks on power meter readings can be designed to be undetectable by any bad data detection algorithm. These unobservable attacks present a serious threat to grid operations. Of particular interest are sparse attacks that involve the compromise of a modest number of meter readings. An efficient algorithm to find all unobservable attacks [under standard DC load flow approximations] involving the compromise of exactly two power injection meters and an arbitrary number of power meters on lines is presented. This requires O(n <sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">2</sup> m) flops for a power system with n buses and m line meters. If all lines are metered, there exist canonical forms that characterize all 3, 4, and 5-sparse unobservable attacks. These can be quickly detected with O(n <sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">2</sup> ) flops using standard graph algorithms. Known-secure phasor measurement units [PMUs] can be used as countermeasures against a given collection of cyber attacks. Finding the minimum number of necessary PMUs is NP-hard. It is shown that p+1 PMUs at carefully chosen buses are sufficient to neutralize a collection of p cyber attacks.