A power grid is a complex system connecting electric power generators to consumers through power transmission and distribution networks across a large geographical area. System monitoring is necessary to ensure the reliable operation of power grids, and state estimation is used in system monitoring to best estimate the power grid state through analysis of meter measurements and power system models. Various techniques have been developed to detect and identify bad measurements, including interacting bad measurements introduced by arbitrary, nonrandom causes. At first glance, it seems that these techniques can also defeat malicious measurements injected by attackers.In this article, we expose an unknown vulnerability of existing bad measurement detection algorithms by presenting and analyzing a new class of attacks, called false data injection attacks, against state estimation in electric power grids. Under the assumption that the attacker can access the current power system configuration information and manipulate the measurements of meters at physically protected locations such as substations, such attacks can introduce arbitrary errors into certain state variables without being detected by existing algorithms. Moreover, we look at two scenarios, where the attacker is either constrained to specific meters or limited in the resources required to compromise meters. We show that the attacker can systematically and efficiently construct attack vectors in both scenarios to change the results of state estimation in arbitrary ways. We also extend these attacks to generalized false data injection attacks, which can further increase the impact by exploiting measurement errors typically tolerated in state estimation. We demonstrate the success of these attacks through simulation using IEEE test systems, and also discuss the practicality of these attacks and the real-world constraints that limit their effectiveness.

False data injection attacks against state estimation in electric power grids

A power grid is a complex system connecting electric power generators to consumers through power transmission and distribution networks across a large geographical area. System monitoring is necessary to ensure the reliable operation of power grids, and state estimation is used in system monitoring to best estimate the power grid state through analysis of meter measurements and power system models. Various techniques have been developed to detect and identify bad measurements, including the interacting bad measurements introduced by arbitrary, non-random causes. At first glance, it seems that these techniques can also defeat malicious measurements injected by attackers.In this paper, we present a new class of attacks, called false data injection attacks, against state estimation in electric power grids. We show that an attacker can exploit the configuration of a power system to launch such attacks to successfully introduce arbitrary errors into certain state variables while bypassing existing techniques for bad measurement detection. Moreover, we look at two realistic attack scenarios, in which the attacker is either constrained to some specific meters (due to the physical protection of the meters), or limited in the resources required to compromise meters. We show that the attacker can systematically and efficiently construct attack vectors in both scenarios, which can not only change the results of state estimation, but also modify the results in arbitrary ways. We demonstrate the success of these attacks through simulation using IEEE test systems. Our results indicate that security protection of the electric power grid must be revisited when there are potentially malicious attacks.

The development of a trustworthy smart grid requires a deeper understanding of potential impacts resulting from successful cyber attacks. Estimating feasible attack impact requires an evaluation of the grid's dependency on its cyber infrastructure and its ability to tolerate potential failures. A further exploration of the cyber-physical relationships within the smart grid and a specific review of possible attack vectors is necessary to determine the adequacy of cybersecurity efforts. This paper highlights the significance of cyber infrastructure security in conjunction with power application security to prevent, mitigate, and tolerate cyber attacks. A layered approach is introduced to evaluating risk based on the security of both the physical power applications and the supporting cyber infrastructure. A classification is presented to highlight dependencies between the cyber-physical controls required to support the smart grid and the communication and computations that must be protected from cyber attack. The paper then presents current research efforts aimed at enhancing the smart grid's application and infrastructure security. Finally, current challenges are identified to facilitate future research efforts.

Cyber–Physical System Security for the Electric Power Grid

Computer algebra systems are now ubiquitous in all areas of science and engineering. This highly successful textbook, widely regarded as the “bible of computer algebra”, gives a thorough introduction to the algorithmic basis of the mathematical engine in computer algebra systems. Designed to accompany oneor two-semester courses for advanced undergraduate or graduate students in computer science or mathematics, its comprehensiveness and reliability has also made it an essential reference for professionals in the area. Special features include: detailed study of algorithms including time analysis; implementation reports on several topics; complete proofs of the mathematical underpinnings; and a wide variety of applications (among others, in chemistry, coding theory, cryptography, computational logic, and the design of calendars and musical scales). A great deal of historical information and illustration enlivens the text. In this third edition, errors have been corrected and much of the Fast Euclidean Algorithm chapter has been renovated.

Modern computer algebra

It is often appealing to assume that existing solutions can be directly applied to emerging engineering domains. Unfortunately, careful investigation of the unique challenges presented by new domains exposes its idiosyncrasies, thus often requiring new approaches and solutions. In this paper, we argue that the “smart” grid, replacing its incredibly successful and reliable predecessor, poses a series of new security challenges, among others, that require novel approaches to the field of cyber security. We will call this new field cyber-physical security. The tight coupling between information and communication technologies and physical systems introduces new security concerns, requiring a rethinking of the commonly used objectives and methods. Existing security approaches are either inapplicable, not viable, insufficiently scalable, incompatible, or simply inadequate to address the challenges posed by highly complex environments such as the smart grid. A concerted effort by the entire industry, the research community, and the policy makers is required to achieve the vision of a secure smart grid infrastructure.

/pdf/cyber-physical-security-of-a-smart-grid-infrastructure-k72rknn16y.pdf

Cyber–Physical Security of a Smart Grid Infrastructure

This paper considers the two-user Gaussian interference channel in the presence of one or two adversarial jammers. Existing outer and inner bounds for the Gaussian interference channel are generalized in the presence of the jammer(s). We show that for certain problem parameters, precisely the same bounds hold, but with the noise variance increased by the received power of the jammer at each receiver. Thus, the jammers can do no better than to transmit Gaussian noise. For these problem parameters, this allows us to recover the half-bit theorem. Moreover, we show that, if the jammer has greater received power than the legitimate user, symmetrizability makes the capacity zero. The proof of the outer bound is straightforward, while the inner bound generalizes the Han-Kobayashi rate splitting scheme. As a novel aspect, the inner bound takes advantage of the common message acting as common randomness for the private message; hence, the jammer cannot symmetrize only the private codeword without being detected. We also prove a new version of a packing lemma for the Gaussian arbitrarily-varying channel.

The Gaussian interference channel in the presence of a malicious jammer

State estimation in a discrete-time linear dynamical system is considered in the presence of random process noise, in addition to a malicious adversary able to manipulate some measurements of the system. The adversary has access to only a subset of the measurements, but the particular subset is unknown, and it may adjust these measurements in an arbitrary fashion. A specific attack is proposed that gives a lower bound on the mean squared error for any estimator. Two estimators are proposed; one based on a non-convex optimization problem using sparsity constraints, the second a convex relaxation using a mixed l1/l2 norm. The performance of both estimators are studied using simulations.

Malicious data attacks against dynamic state estimation in the presence of random noise

The problem of cooperative fusion in the presence of Byzantine sensors is considered. An information theoretic formulation is used to characterize the Shannon capacity of sensor fusion. It is shown that when less than half of the sensors are Byzantine, the effect of Byzantine attack can be entirely mitigated, and the fusion capacity is identical to that when all sensors are honest. But when at least half of the sensors are Byzantine, they can completely defeat the sensor fusion so that no information can be transmitted reliably. A capacity achieving transmit-then-verify strategy is proposed for the case that less than half of the sensors are Byzantine, and its error probability and coding rate is analyzed by using a Markov decision process modeling of the transmission protocol.

Capacity of Cooperative Fusion in the Presence of Byzantine Sensors

Universal fixed-to-variable lossless source coding for memoryless sources is studied in the finite blocklength and higher-order asymptotics regimes. Optimal third-order coding rates are derived for general fixed-to-variable codes and for prefix codes. It is shown that the non-prefix Type Size code, in which codeword lengths are chosen in ascending order of type class size, achieves the optimal third-order rate and outperforms classical Two-Stage codes. Converse results are proved making use of a result on the distribution of the empirical entropy and Laplace's approximation. Finally, the fixed-to-variable coding problem without a prefix constraint is shown to be essentially the same as the universal guessing problem.

Asymptotics and Non-asymptotics for Universal Fixed-to-Variable Source Coding

Authentication in the presence of a malicious adversary consists of either recovering the legitimate transmission or declaring that the adversary has interfered with the transmission. In this work, we present a structured coding scheme for keyless authentication over a discrete memoryless binary-input, symmetric adversarial channel. Our scheme allows for coding rates up to the non-adversarial capacity of the underlying channel, as well as bounded-complexity decoding.

Oliver Kosut

Papers

The Gaussian interference channel in the presence of a malicious jammer

Malicious data attacks against dynamic state estimation in the presence of random noise

Capacity of Cooperative Fusion in the Presence of Byzantine Sensors

Asymptotics and Non-asymptotics for Universal Fixed-to-Variable Source Coding

Structured Coding for Authentication in the Presence of a Malicious Adversary