1

Survey of Security Advances in Smart Grid: A Data

Driven Approach
Song Tan, Debraj De, WenZhan Song, Junjie Yang, Sajal K. Das

Abstract—With the integration of advanced computing and cyber infrastructure, which are indispensable to all aspects
communication technologies, Smart Grid is considered as the of smart grid. On the other hand, the cyber vulnerabilities
next-generation power system, which promises self healing, may also enable adversaries to manipulate meter measure-
resilience, sustainability and efficiency to the energy critical
infrastructure. The Smart Grid innovation brings enormous ments, system parameters and price information, and even
challenges and initiatives across both industry and academia, in intrude and acquire direct access to these critical routines, to
which the security issue emerges to be a critical concern. In this destabilize the grid in unpredictable ways. In the roadmap to
paper, we present a survey of recent security advances in Smart secure control system proposed by Department of Energy and
Grid, by a data driven approach. Compared with existing related Department of Homeland security [2], energy control systems
works, our survey is centered around the security vulnerabilities
and solutions within the entire lifecycle of Smart Grid data, which are subject to targeted cyber attacks. Potential adversaries
are systematically decomposed into four sequential stages: data have pursued progressively devious means to exploit flaws
generation, data acquisition, data storage and data processing. in system components, telecommunication methods, and com-
Moreover, we further review the security analytics in Smart Grid, mon operating systems with intent to infiltrate and sabotage
which employs data analytics to ensure Smart Grid security. vulnerable control systems. Sophisticated cyber attack tools
Finally, an effort to shed light on potential future research
concludes this survey. require little technical knowledge to use and can be found
on the Internet, as can manufacturers’ technical specifications
Index Terms—Data-Driven, Security, Smart Grid, Survey for popular control system equipment. As mentioned in [3],
security issues are considered as one of the highest priorities
I. I NTRODUCTION for the smart grid design. Therefore, the cyber security in smart
grid has become a key concern with increasing urgency for the
The electrical power grid is the most fundamental and
research community.
complex artificial system in modern society. With the recent
As a result, a tremendous amount of efforts have been put
advancement in monitoring, sensing, control and communi-
into the research of security issues in smart grid. Various
cation, plus the ever increasing penetration of renewable and
reactive (acting against the past) and proactive (acting in
distributed energy resources, the legacy power grid is now
anticipation) methodologies are proposed to reduce the risk
evolved along the journey to smart grid, which is envisioned
of threats, increase the ability to detect and identify system
to achieve self healing, resilience, sustainability and efficiency.
anomalous behavior, and initiate mitigation countermeasures
The smart grid vision is being realized through the imple-
quickly to restore the system operations. Since the nature
mentation of cyber infrastructure overlaying the legacy power
of threats and vulnerabilities are constantly changing, the
network. The cyber infrastructure enables the collection and
applications of current best security practices are necessary
analysis of data from millions of various distributed end-
but not sufficient. To greatly facilitate ongoing and future
points such as smart meters, phasor measurement units, and
research of security technologies in smart grid, comprehensive
circuit breakers, etc. As suggested in [1], smart grid is literally
surveys about previously efforts are essential and valuable,
exploding into the largest example of internet-of-things, which
such as [4] [5] [6] [7] [8]. We notice that this line of
will inevitably converge to something called Enernet.
works usually organize the survey from the perspective of
However, the beauty of the smart grid innovation comes
communication architectures and network layers, and the at-
with its danger: the integration and dependency upon cyber
tacks and countermeasures described are centered around the
infrastructure would exceedingly increase the chances of cyber
requirements listed in [9], such as integrity, confidentiality,
threats and attacks. On the one hand, critical control processes
availability, authenticity, authorization, and non repudiation,
such as state estimation, economic dispatch, load aggregation
etc. For example, the attacks, such as man-in-the-middle and
and demand response, etc, all rely on a secure and robust
DoS attacks, and the countermeasures, such as authentication
This research is supported by NSF-1125165, NSF-1135814, NSF-1303359, and key management protocols, have all been discussed in
NSF-1442630, NSF-1066391, NSFC-61202369, NSF CNS-1545037 and NSF each of the aforementioned works.
CNS-1545050. In this paper, we are motivated to investigate and survey the
Song Tan, Wen-Zhan Song are with College of Engineering, University of
Georgia, [email protected] and [email protected]. security advances of smart grid from a different perspective:
Debraj De and Sajal K. Das are with Department of Computer Science, Mis- a data driven approach. We believe that the goal of cyber
souri University of Science and Technology, [email protected] and [email protected]. security is to protect data, both in transit and at rest. Therefore,
Junjie Yang is with Department of Electrical and Information Engineering,
Shanghai University of Electric Power, China, [email protected]. our survey is centered around the security issues within the
entire lifecycle of smart grid data, which can be systematically
 2

decomposed into four sequential stages [10]: data generation, future directions and give the conclusions in section IX, X,
data acquisition, data storage and data processing. To capture respectively.
the wide spectrum of technologies concerning each area, we
summarize the previous related efforts, structure comparisons
II. R ELATED WORKS
and provide insights for remaining challenges. In addition,
we further review the security analytics in smart grid, which Cyber security issues in Smart Grid have received great
employ the big data analytics to ensure smart grid security. attention from research community for a while. Therefore,
Our approach renders extra values in comparison with previous there are quite a few of survey papers related to this topic.
survey works by explicitly bridging the security issues with big In this part, we review the existing survey works to have a
data technologies in smart grid domain. Specifically, we have good knowledge of previous efforts.
striven to cover the following aspects of smart grid security The first line of works intend to cover the security issues of
advances: entire Smart Grid system. In [6], Wang et al. extensively exam-
ine the communication networks within both transmission sub-
• Data generation security: We first summarize various data
system and distribution subsystem of Smart Grid, including the
sources in Smart Grid system, and categories them into
wide-area network (SCADA) and local-area network (AMI).
power generation, power transmission and distribution,
The authors first introduce the network architecture, features
and load management. Then the security challenges for
and protocols of Smart Grid communication network and
each category are further discussed.
explicitly compare those with the ones of Internet. Afterwards,
• Data acquisition security: The data acquisition process
they classify the potential threats and attacks within each
relies on the underling communication protocols to gather
layer of the communication network and employ a series
the data from data sources to data storage. Therefore,
of key uses cases of Smart Grid communication networks
we first present the general communication protocols for
in [9], in order to further uncover the network vulnerabil-
data acquisitions in Smart Grid and then address the
ities. Finally, the corresponding countermeasures based on
issues of secure data collection and privacy-preserving
networking and cryptography are presented. Similarly, Line
data sharing.
et al. in [11] compare the security requirements between
• Data storage security: Large-volume and reliable data
Smart Grid communication network and telecommunication
storages are indispensable for Smart Grid data streams.
networks. Then they list the overall cyber security challenges
In this part, we describe the different data storage mecha-
such as connectivity, trust models, security management, soft-
nisms for Smart Grid and review the related works about
ware vulnerabilities, consumers’ privacy, and human factors.
data storage security.
Solutions to these challenges are also suggested. Yan et
• Data processing security: The Smart Grid data are even-
al. in [4] further suggest the cyber security requirements,
tually processed within certain applications to deliver
vulnerabilities and solutions for Smart Grid communication
their values. It is essential to emphasize the security
networks. The security protocols adopted at each networking
mechanisms of Smart Grid applications. In this section,
layer are given. In [7], Baig et al. classify the Smart Grid cyber
we discuss the security aspects of two well known smart
attacks and countermeasures through five categories: SCADA,
grid applications-demand response and state estimation.
Smart Meter Attacks, Physical Layer Attacks, Data Injection
• Security analytics: From the security perspective, data
and Replay Attacks and Network-based Attacks, which span
could be both the problem and the solution. In other
home area networks, neighborhood networks, and wide area
words, data analytics could also provide promising so-
networks.
lutions to ensure security. Thus, we summarize the data
Another line of works focus on the security of a particular
sources, data analysis methods as well as data visualiza-
subsystem with Smart Grid. In [12], Cleveland et al. addresses
tion approaches for security analytics in Smart Grid.
the security requirements specifically for Advanced Metering
We survey all together 180 papers from conferences and Infrastructure (AMI), which include confidentiality, integrity,
journals, spanned mainly from 2010-2015. Our work not only availability and non-repudiation. Then the threats that may
comprehensively discusses the state-of-the-art technologies, undermine these requirements are presented. In [13], Zhu et al.
but also is complementary to the coverage of existing survey present a taxonomy of cyber attacks on SCADA system. It first
papers. It is our humble expectation that this work can server introduces the security requirements of SCADA system. Then
as a first stop for general audiences and domain experts to categorize the attacks into attacks on hardware, attacks on
search for information and guideline upon their specific needs software and attacks on communication stack. In [14], Deng et
regarding security solutions of smart grid. al. survey the vulnerabilities and countermeasures specifically
The rest of this paper is organized as follows. In section for the transmission subsystem within Smart Grid. It focuses
II, we summarize the existing survey works about cyber on the vulnerabilities of Phasor Measurement Units (PMUs)
security in smart grid. In section III, we present an overview and Wide Area Measurement System (WAMS) technology. It
of smart grid and its key subsystems. From section IV to divides the attacks into: denial of service attack, malicious data
section VII, we introduce the security issues within each phase injection attack, traffic analysis attack, and high-level applica-
of smart grid data: data generation, data acquisition, data tions attack. Then as countermeasures, the authors introduce
storage and data processing. Then in section VIII, we discuss the principles of PMU and state estimation with PMU, and
the security analytics in smart grid. Finally, we identify the how that can be used to counter attacks. Similarly, Beasley et
 3

al. in [15] focus the survey of cyber security vulnerabilities on • The end-user systems and related distributed-energy re-
PMU network. The attacks are classified into four classes as in sources, such as renewable resources, loads, storage, and
[16]: interruption, interception, modification, and fabrication. electrical vehicles, etc.
All the recent attacks against PMU network are grouped into • The communication networks, such as remote measure-
the four categories. The countermeasures for each category ment and control networks, inter- and intra-enterprise
of attacks are described. More recently, Komninos et al. networks, and the Internet and Home Area Networks
in [8] present a survey of smart grid security issues with (HAN), etc.
a strong emphasis on the smart home environment and its • The management system at various levels of generation
interactions with the smart grid environment. The security and delivery infrastructure, such as transmission and dis-
objectives of smart grid and smart home are also illustrated, tribution control centers, regional reliability coordination
including integrity, confidentiality, availability, authenticity, centers, national emergency response centers and smart
authorization, and non repudiation. Based on these objectives, metering management system, etc.
the attacks against smart home, smart grid and the interactions • The financial and regulatory environment, such as stock
between the two are categorized. The countermeasures are also and bond markets, government incentives, regulated and
classified based on their abilities to ensure these objectives. non-regulated rate of return, etc.
The related works are summarized in Table I. We notice
that both lines of works usually organize the paper from the
perspective of communication architecture and network layers, A. Overall architecture
and the attacks and countermeasures described are centered
around the requirements listed in [9], such as integrity, con- Currently, the design architectures and implementation mod-
fidentiality, availability, authenticity, authorization, and non els for smart grid are still evolving and not finalized. One
repudiation, etc. For example, the attacks, such as man-in- of the most well known common reference models of smart
the-middle attack and DoS attacks, and the countermeasures, grid was proposed by the U.S National Institute of Standards
such as authentication and key management, have almost been and Technology (NIST) in [18]. A conceptual view of the
discussed in each of the above works. NIST’s smart grid reference model is depicted in Figure 1.
The NIST’s model is composed of seven domains: generation,
transmission, distribution, customers, markets, operations, and
TABLE I
R ELATED SURVEYS OF CYBER SECURITY IN S MART G RID service providers. The two-way electrical flows are moving
across the top four domains (power generation, transmission,
Ref. No Objective System Key facets distribution, and customer), which are controlled and managed
Transmission system
[4]
Distribution system
Requirements and solutions by the bottom three domains (market, operations, and service
Transmission system providers) through communication flows. In addition, three
[6] Attacks and countermeasures typical customers are listed: Home Area Network (HAN),
Distribution system
Transmission system Building Area Network(BAN) and Industrial Area Network
[7] Attacks and countermeasures
Distribution system (IAN), where the Advanced Metering Infrastructure (AMI)
[8] Smart homes Attacks and countermeasures
takes place to monitor and manage the power and information
Transmission system
[11] Requirements and solutions flows through smart meters.
Distribution system
[12] AMI Requirements and attacks
[13] SCADA Attacks
[14] Transmission system Attacks and countermeasures
[15] PMU network Attacks and countermeasures

III. S MART G RID OVERVIEW

A smart grid is an electrical grid that uses information
and communications technology to gather and act on data to
improve the efficiency, reliability, and sustainability of electric
power. It is characterized by the two-way communications of
data and control signal, large scale penetrations of renewable
energy, and the complex interactions of distribution systems
with distributed generators, energy markets, and customer
behaviors. Specifically, a smart grid covers the following
aspects of the power system [17] [18] [19]:
• The delivery infrastructure, such as circuit breakers,
transmission and distribution lines, transformers, smart Fig. 1. NIST reference model for smart grid
substations and sensors, etc.
 4

B. Key subsystems • Control Servers: hosting control software and accessing

1) Advanced Metering Infrastructure (AMI): AMI is subordinate control modules.
• Human-Machine Interface (HMI): the platform that al-
viewed as a fundamental subsystem for smart grid and it is
an integration of multiple technologies (smart meters, com- lows operators to monitor the system states, change
munication networks, and information management systems) control settings, and manually override automatic control
that provides intelligent connections between consumers and operations in the event of an emergency.
• Remote Terminal Unit (RTU): the field devices with
system operators [20]. The deployment of AMI solutions are
beneficial to both energy suppliers and end-use customers wireless radio interfaces to conduct data acquisition and
[21]. For the energy suppliers, AMI enables more efficient control.
• Programmable Logic Controller (PLC): the field devices
meter reading, less cost, and accurate outage localization.
For the end-use customers, it provides the opportunity to to perform the logic control functions executed by elec-
reduce energy cost by participating real-time market pricing trical hardware.
• Intelligent Electronic Devices (IED): a smart sensor and
and demand response.
actuator to acquire data, communicate to other deives,
The key technology of AMI is smart meter, which is a solid
and perform local processing and control.
state programmable devices that can read real-time energy
consumption as well as other operational data, such as voltage, As shown in Figure 3, the control center holds the control
phase angles, and frequencies, etc [22]. Consisting of smart server, the HMI, engineering workstations, and the data histo-
meters, AMI enables automated bidirectional data transfer be- rian, which are all connected by a LAN and exposed through
tween end-user meters and the grid operators, such that further a router. It collects measurements and logs information from
data analysis and processing can be conducted to facilitate the field devices, visualize them to the HMI, and may generate
market pricing and operational controls. A conceptual notion actions based upon detected events. The wide area networks
of hierarchy in AMI where data are collected, processed, and enable the communication protocols between the control cen-
analyzed to optimize smart grid benefits is depicted in Figure ter and the field sites, which are typically implemented using
2 [23]. power/telephone line, cable, radio microwave and satellite.

Markets Operations

Transmission
Substation

Distribution
Substation

Feeders Fig. 3. SCADA system general layout

Smart
Meters
3) Wide Area Measurement system: The traditional
SCADA system use data from remote terminal units (RTUs) to
provide information to system operators. However, the mech-
anism used to retrieve data from the devices is asynchronous
Fig. 2. Hierarchical architecture of AMI data flow and relative low [28]. To be able to monitor, operate and
control power system in wide geographical area, Wide Area
2) Supervisory Control and Data Acquisition (SCADA): Measurement Systems (WAMS) are deployed. The overall
SCADA system is at the core of power grid system and capability of WAMS is that data of the entire system can
responsible for the real-time monitoring and control of power be obtained at the same time and the same place [29].
distribution [24]. It is deeply ingrained in the fabric of crit- WAMS use a GPS satellite signal to time-synchronize from
ical infrastructure sectors [13]. It is designed to have real- phasor measurement units (PMUs) at important nodes in the
time system-wide data acquisition capabilities, allowing the power system, send real-time phasor (angle and magnitude)
control centers to gather all sorts of analog measurements and data to a control center. The acquired phasor data provides
circuit breaker status data from the power system, in order dynamic information on power systems, which helps operators
to facilitate various security analysis, such as contingency to initiate corrective actions to enhance the power system
analysis, corrective real and reactive power dispatch, etc [25]. reliability. Table II shows a comparison between the RTUs
As the innovation of smart grid, the SCADA system is of SCADA and the PMUs of WAMS.
actively evolving, e.g, the smart grid control center is now
able to acquire the dynamic characteristics of transmission line
parameters and new vulnerabilities [26]. WAMS usually holds a hierarchical networked architecture
A typical SCADA system includes the following key com- [30] [31], as shown in Figure 4. In each area, a certain number
ponents [27]: of PMUs are installed in the bus substations of the power grid.
 5

TABLE II • Wind turbines convert wind’s kinetic energy into elec-

C OMPARISON BETWEEN RTU S AND PMU S trical energy. These can be installed in open fields with
ATTRIBUTE RTU PMU enough wind speed or near the shore in the sea. The wind
Measured Quantities Magnitude Magnitude and Phase Angel plants need long-term historical and short-term data about
Time Synchronization No Yes wind and wave parameters [34], [33].
Domain Local area Wide area • Hydroelectric plants continuously monitor silt content
(quantity and size in PPM) and the operating conditions
such as water level, temperature level, flow rate in order
In the middle level, there is a set of Phasor Data Concentrators
to diagnose the causes of fault or failure, and to determine
(PDCs). Each PDC can share information with the PDCs in
replacement measures or residual life [35].
neighborhoods through communication channels. In the top
• Marine turbines harness movement of the sea wave
level, there is a WAMS center which collects information from
to generate electricity. The various data measured and
PDCs supporting the system-wide monitoring task.
used for stable operation and maintenance include long-
term historical wave data from deep-water buoys as well
Communication WAMS as the power plant’s site specific short-term wave data
Channel
(measured using wave gauge that uses acoustic Doppler
current profiler), energy yield, mechanical and electrical
PDC PDC
integrity measurements. The wave data include wave
height, period, energy density, power per unit wave width
PMU PMU
[36].
2) Data sources in power transmission and distribution:
• Phasor measurement unit (PMU) [37] measures pha-
sor with respect to a highly precise and accurate time
PMU PMU PMU
reference. It is basically a solid-state relay or digital fault
recorder with GPS clock. PMUs generate data about the
Fig. 4. Hierarchical Architecture of WAMS in Smart Grid instantaneous voltage, current and frequency at specific
locations on the electrical grid. The measurements data
are sent to substation or control center and stored in
IV. DATA G ENERATION S ECURITY database at Phasor Data Concentrator (PDC) [37], [38].
The security and privacy of Smart Grid data sources are • Microgrids are local and decentralized electric grids that,
very crucial. In this section we focus on the security aspects based on situation (e.g. natural disaster), can disconnect
of data generation in Smart Grid. from traditional electric grid for autonomous operations.
Its measurement unit consists of interface circuit working
A. Data Sources in Smart Grid with PT (Power Transformer) and CT (Current Trans-
The numerous data generated in Smart Grids have various former), conversion circuit for analog signal to digital
types such as sensing or measurements data (e.g. energy data. The voltage and current measurements data at
consumption or generation measurements), command and con- consumer side is acquired and used to control power sys-
trol status information (e.g. power distribution or connection tem and calculate the electrical power consumption. The
status), social and economics related knowledge (e.g. energy Historical Information System (HIS) provides archive to
cost and pricing, demand).The data that get generated and store power system historical data. This data is utilized to
collected in Smart Grid ecosystem is huge in size, and from forecast both consumer load profile and power generation
a variety of data sources. The explosion in data reflects the [39] [40].
fact that Smart Grid involves a very wide range of intelligent • Fault detectors are critically important in Smart Grid for
devices and assets spread across its distributed architecture. finding faults and taking actions to control failure spread.
Overall the types of data sources in Smart Grid belong to the The devices consist of sensors to detect faults/problems
following three subsystem in Smart Grid: (i) power generation in power network, and intelligent switches to control the
system; (ii) power transmission and distribution system ; (iii) power flow in the network. The measurement data types
load management system. The overview of all these data include relay statistics, earth potential rise monitor data,
sources is summarized in Table III. soil thermal resistance monitor data, insulator leakage
current monitor data, transmission line sag monitor data
[41], [42].
1) Data sources in power generation: 3) Data sources in load management:
• Solar power plants incorporate automatically measured • Smart Meters measure energy consumption in real-time,
solar irradiation data to achieve high photovoltaic perfor- and communicate energy usage data between customers
mance. Data about plant status include yield reports about and their utility companies. By July 2014, the number of
individual component performance, tracking of inverters smart meter installations in the U.S. exceeded very large
or strings, alarm management [32], [33]. scale of 50 million. These covered more than 43% of the
 6

TABLE III
T YPICAL DATA SOURCES IN S MART G RID ECOSYSTEM .

Data Source Category Functionality Different Data Types

Solar plants Power generation Convert solar energy into electricity Measured and projected energy yield, solar irradiation data,
structural and electrical integrity measurements
Onshore and Power generation Convert wind kinetic energy into electricity Wind and wave parameters (such as wind speed, wave height),
offshore wind rated power generation information, vibration measurements
turbines
Hydroelectric Power generation Convert kinetic energy in flowing or falling Slit content monitoring data, water level, temperature level,
plants water into electricity flow rate, vibration measurements
Marine Power generation Convert movement of the sea wave (utilize Wave parameters (e.g. wave height, period, energy density,
turbines both tide and ebb) into electricity power per unit wave width), energy yield, mechanical and
electrical integrity measurements
Phasor Power transmission, Provides near-real-time snapshots of the sys- Phasor measurements of alternating current, GPS clock data
measurement distribution and control tem state across locations, and help contain for precise and accurate time reference
unit (PMU) or spread of power outage
Synchrophasor
Microgrid Power transmission Can disconnect from traditional electric grid Voltage and current measurements data at consumer side, local
and distribution for autonomous operations and prevent cas- power generation profile data
caded failure
Fault detectors Power transmission Finding faults in power distribution lines Relay statistics, earth potential rise monitor data, soil thermal
and distribution resistance monitor data, insulator leakage current monitor data,
transmission line sag monitor data
Smart Meters Load management Measure consumer side energy consumption in Electric usage readings, control command
real-time
Smart Load management Provide demand-response capability for resi- Energy consumption measurement, control commands to op-
Appliances dential loads erate load at different power states
Electric Load management Power consumption and storage with mobility Variety of vehicle measurements data such as battery current,
Vehicles (EVs) traction battery potential, ambient temperature, vehicle axle
pulse counts, genset current, genset voltage

U.S. homes, which is an increase from 46 million smart (private and industrial)”. The report by International Energy
meters from the year before [43], [44]. Smart Meters Agency (IEA) [49] has discussed renewable energy technolo-
record electric usage readings at least every hour or less gies and statistical analysis for assuring energy security. It is
(e.g. every 15 minutes in many cases). mainly focused on solutions to mitigate risks due to: physical
• Smart Appliances also play an essential role in demand security threats (can happen due to intentional attacks or
side management of Smart Grid. They allow flexible weather events), technical system failures (e.g. outage such
usage and operations in off-peak periods than peak hours, as blackouts and brownouts), energy market dynamics (due to
reducing peak and average electricity usage. Studies by economics, geopolitical and other factors). It assessed impacts
Federal Energy Regulatory Commission (FERC) [45] of these different categories of risks in hydropower, solar
[46] find that only 17% of U.S demand response potential photovoltaics (PV), concentrating solar power (CSP) plants,
is provided by residential customers. But with ongoing wind power, biomass combustion, geothermal power, and
wide adoption of Smart Meters and Smart Appliances, ocean energy.
the can be increased to 45%. The Smart Appliances A report in [50] has suggested detailed categorical measures
generate data regarding measured energy consumption, in designing cyber security capability at the State level for
and operate (among on, off or varied power level states) energy assurance in Smart Grids. The report also stressed
based on both user and the grid control commands. on the importance of information or data oriented security
• Electric Vehicles are bringing new perspectives for measures. According to the Energy Independence and Security
power consumption and storage in Smart Grid. The elec- Act of 2007 (EISA 2007), the first referenced characteristics
tric vehicle’s data acquisition system [47] continuously of smart grid security is “Increased use of digital information
measure and store varied data, such as: battery current, and controls technology to improve reliability, security, and
traction battery potential, ambient temperature, vehicle efficiency of the electric grid”. The work in [51] analyzes var-
axle pulse counts, etc. EVs are the emerging source of ious aspects of energy security for renewable energy systems.
large streams and archives of important and actionable Based on work in [52], this work has discussed an analytical
data in Smart Grid. framework to assess relationships between energy and security.
It is divided into two branches: (a) energy system as an object
B. Security in - Data Generation exposed to security threats, and (b) energy system as a subject
In this subsection we elaborate security aspects in the generating or enhancing insecurity. The first aspect include
discussed three categories of data sources in Smart Grid. security of supply and security of demand. The second aspect
1) Data Source Security in - Power Generation: Energy include economic and political risk factors, technological risk
security is defined in [48] by the European Commission (EC) factors, environmental risk factors.
as “uninterrupted physical availability of energy products on 2) Data Source Security in - Power Transmission and
the market, at a price which is affordable for all consumers Distribution: The existence of interacting embedded devices
 7

is prevalent in power transmission and distribution system. or alter a legitimate process. Such attack include PMU
From a general perspective, the work in [53] has addresses the specific insertion attacks such as malicious code injection and
overall security challenges in these embedded and hardware return-oriented programming. The fabrication attack involve
devices, which includes data provenance and integrity, trust creating fictitious asset or entity on the network, such as
management, identity management, and privacy. A generic sending fabricated data across network through data spoofing
layered Internet of Things (IoT) architecture is presented with and man-in-the-middle attacks. Also future research direction
the corresponding threat model. The threat model considers and opportunity is indicated through security gateway system
attacks on various layers: individual sensors, particular sensor that is capable of neutralizing these attacks. The security
nodes, actuators, gateway, federated infrastructure. For the gateway system can remove security vulnerabilities in the
data provenance and integrity, concept of Sensor Physical PMU - PDC - Super PDC network.
Unclonable Function (PUF) is employed that merges sensing
with cryptography. Unlike traditional PUF [54] (which Securing Microgrids. Microgrid is another key factor in
produces response based on the challenge), Sensor PUF increasing the electric grid reliability, the microgrid control
produces the response based on challenge as well as the systems are needed to be secure against adversarial attacks.
sensed physical quantity. Sensor PUF can also be used in The report in [57] has categorized the vulnerabilities in the
identity management by providing unique IDs. For trust microgrid control systems. There are two kinds of vulnerabil-
management in legacy as well as low-cost systems, usage ities: (i) vulnerabilities existing in traditional Internet Protocol
of hardware performance counters (HPCs) is suggested. The (IP) network (control communications of data in microgrid
hardware performance counters are registers that can monitor happen commonly over IP networks); and (ii) vulnerabilities
certain events occurring during the lifetime of a program. specific to Industrial Control System (ICS) systems. IP net-
Thus HPCs are present in all commodity processors. For work specific vulnerabilities include following attacks: Denial
privacy, light-weight encryption is suggested. In another of service (DoS), eavesdropping, man-in-the-middle (MITM),
work [55], different physical attacks against sensing devices masquerading, message modification, message replay, traffic
hardware are evaluated. The physical attacks are categorized analysis, unauthorized access. The ICS specific vulnerabilities
with decreasing severity as follows: (i) gaining complete include various attacks as follows: attacks on field devices;
read/write access to the microcontroller; (ii) reading out backdoor or malicious software installed on command and
RAM or flash memory, in whole or in part; (iii) influencing control network; database attacks; devices with few or no secu-
sensor readings; and (iv) manipulating radio communications. rity features; improper configuration of actors in ICS network;
In the following, we specifically investigate the data source improper cyber-security procedures or training for internal
security within two embedded systems: Phasor Measurement and external personnel; improper or no network perimeter
Unit(PMU) and Microgrid. definition; improper or non-existent patching of software and
firmware; insecure coding techniques; lack of ICS-specific
Securing PMUs. Phasor Measurement Unit (PMU) is one of mitigation technologies and security tools; lack of redundancy
the most critical measurement devices in power transmission for critical actors; unauthorized personnel having access to ICS
and distribution system. PMUs are prone to security and actors; vulnerabilities in common communication and control
privacy attacks. A recent work in [15] has surveyed relevant protocols in ICS. The report has then paired some national
works considering security vulnerabilities in PMU networks. incident scenarios with the combination of vulnerabilities from
The PMUs currently communicate typically with IEEE the ones described above. Here are few examples. (A) The
PMU communications standard C37.118 [56]. The protocol ICS operation was disrupted by delaying or blocking the flow
defines data conventions, measurement accuracies, and of data through corporate or control networks. This had led
communications formats for synchrophasors or PMUs. Since to denial of availability of the networks to operators and
the networked PMU data are reported to PDC through TCP/IP causing information transfer bottlenecks or denial of service
communication, it is prone to cyber-attacks. The attacks are by information technology (IT)-resident services (such as
generally classified into four categories as follows (based domain name resolution). This was caused by a combination of
on [16]): (a) interruption, (b) interception, (c) modification, DoS attack and improper or no network perimeter definition
and (d) fabrication. The authors have also discussed about vulnerability. (B) Another national incident was false infor-
corresponding countermeasure methods. The interruption mation being sent to ICS control operators either to disguise
attack include: physical attacks damaging the hardware or unauthorized changes or to initiate inappropriate actions by
infrastructure (e.g. cutting a network connection between system operators. This was a combination of a number of at-
the PMU and PDC, sabotaging PMU); software attacks that tacks/ vulnerabilities: database attack, improper or no network
affect hardware (e.g. Stuxnet); PMU Specific DoS or denial perimeter definition, MITM, message modification, message
of service attack (the realtime measurement data services replay. Finally a microgrid threat model is proposed, which
make PMU vulnerable to DoS attacks). The interception is more complete (i.e. not site or installation specific). This
attack can be either passive with packet sniffing or can threat model integrates an architecturally driven model with a
be active with man-in-the-middle attack. The side-channel generic threat profile that integrates information from cyber-
attack can also occur, extracting information by observing security issues and incidents in real-world control systems.
implementation artifacts. The modification attack tries to Based on work on generic threat matrix in [58], the threat
exploit some security vulnerabilities to corrupt, highjack levels (3 levels for high threat, 3 levels for medium threat, 2
 8

levels for low threat) are categorized based on indicators of TABLE IV

threat profile. The threat profile indicators are: intensity, stealth ACCOUNTS ACCESSED FOR POWER AND SERVICE CHARGES DURING
ELECTRICAL VEHICLES CHARGING TRANSACTIONS .
and time in “commitment” related issues; technical personnel,
cyber, kinetic and access in “resource” related issues. Location Service Credit Power Charge Debit
3) Data Source Security in - Load Management: Load HAN NIL Smart Grid
BAN Building Smart Grid
management is one of the key functionalities in smart grid, Host Host Host
enabled by the deployment of smart meters and electrical IAN NIL/ Company Company
vehicles. Different approaches such as trust model, policy Public Entity/ Service Entity/ Service
provider provider
making, key management, and authentication schemes are Station Station Smart Grid
employed to secure the data generation in these two devices.
TABLE V
Securing Smart Meters. The work in [59] addresses issue S UMMARY OF RELATED WORKS ON DATA GENERATION SECURITY IN
of cyber-attacks against connected smart meters by proposing S MART G RID
an independent, distributed and lightweight trust evaluation
Category Relevant works
model. The trust model is implemented in two levels Power
(individual smart meters and then collective nodes), which genera- • Assurance of energy supply and its security factors
tion [48], [50]
helps in detecting and isolating malicious nodes. The trust • Energy security for renewable energy systems [51]
management process is based on three features: composition • Analytical framework for relation between energy and
of trust components, aggregation of information from each security [52]
component, formation of overall trust from collective trust Power
components. The three major possible threats are considered: transmis- • Security challenges in embedded systems [53] - data
sion and provenance and integrity, trust management, identity
network availability, data integrity and information privacy. management, privacy
distribu-
Another work in [60] has presented the security issues tion • Cyber-attacks on PMUs [16] - interruption, intercep-
specifically for smart meters from the policy point of view. tion, modification, fabrication
• Vulnerabilities in microgrid [57] - IP network specific
The authors address the issues in electricity fraud, privacy, attacks and ICS specific vulnerabilities
strategic vulnerabilities and over-regulation, the conflict of
interests. Policies and economics issues about smart meters Load
manage- • Two level trust model regarding cyber-attacks against
in home area networks are listed. Key management system ment smart meters and three features of trust management
considerations for smart grid devices (including smart meters) process [59]
is presented in [61]. Smart Grid device manufactures are • Security policies for smart meters [60]
• Cryptosystem based security key management in Smart
increasingly deploying different encryption technologies to Grid devices [61]
provide valuable properties like Confidentiality/ Integrity/ • Security and privacy of communication and transac-
Availability (termed as CIA) of the data to ensure operations tions in electric vehicle infrastructure [62]
policy and compliance. Current vulnerability and threats to
smart grid devices (including smart meters) are categorized
as: consumer threats, naturally occurring threats (i.e. hazards), cal vehicles is delivered to its area via the distribution network,
individual and organizational threats, impacts on consumers, based on the seven domains structure model presented in
impacts on availability, financial impacts, and likelihood of [9]. But the location of electrical vehicles can be in any of
attack. There are various cryptosystems necessary to provide the following, referred to as Charging Points (CPs), Home
an end-to-end turnkey CIA services, covering all layers of Area Network (HAN), Building Area Network (BAN), Host,
the protocol stack as well as cyber-physical boundaries. For Industry Area Network (IAN), public infrastructure, and third
testing such numerous cryptosystems, example testbed of party power station. Then the main challenge is to provide
networked smart meters is discussed in this work. The unique secured authentication for such transactions of EV charging in
challenges in key management are presented as: effectively all those varied locations. This is complex because transactions
modeling security requirements and implementations, and in each of these location scenarios need to access a number
managing keys and key distribution process. of accounts for service credit and power charge debit. This is
illustrated in Table IV.

Securing Electric Vehicles. The electric vehicles are both C. Summary on Security of Data Generation
opportunities and challenges of the Smart Grid system dynam- Finally we have summarized some of the key works about
ics. One challenge is the security and privacy concern. In this data generation security in Table V.
regard, the work in [62] proposes two authentication schemes
to address the security and privacy issues of electric vehicles.
The first authentication scheme is between the EV and a V. DATA ACQUISITION S ECURITY
trusted Smart Grid server directly, while second authentication With such a large range of data sources and data types
scheme is via a non-trusted third party entity with a robust in Smart Grid ecosystem, the data acquisition process is
privacy-preserving agenda. The electric power for the electri- also complex and varied. There are various communication
 9

technologies, protocols and standards being used for data Number), Link Layer PDU, and CRC (Cyclic Redundancy
acquistion at different levels in Smart Grid. Usually inside the Check).
home or other local facilities, there is ZigBee communication
protocol for data collection. Then these facilities are connected
to the internet or the aggregator via wireless mesh networks
(WMN), internet protocol (IP) or powerline communication
(PLC). Aggregator acts as collector of information about
consumer loads demand and availability of distributed small-
scale energy supplies, and then offering these distributed
energy resources to the energy consumers. In another commu-
nication mode, the substations in Smart Grid connect to the Fig. 6. ZigBee packet structure.
internet or the aggregator via internet protocol (IP), powerline
communication (PLC), or IEC (International Electrotechnical
Commission) standard protocol such as IEC 61850 [63]. These Wireless Mesh Networks (WMN) communication protocol
are illustrated in Figure 5. In this section we present these is used in Smart Grid for wireless metropolitan area network
methods and standards for data acquisition in Smart Grid, with applications. WMN form a wireless communication backbone
a focus on security issues. with interconnection among WiFi (IEEE 802.11 family of
a, b, g, n etc.) or WiMax (IEEE 802.16 family of d and
e) routers. WMN can be connected to the internet or other
external networks through gateway router. The IEEE 802.16
d/e WiMAX provides fixed (wireless local loop), portable, and
mobile high data rate wireless service at speeds of up to 72
Mbps and direct reach up to 6 miles. The MAC Convergence
sub-layer in IEEE 802.16 receives IP, Ethernet packets from
upper layer and outputs it to MAC SDU (Service Data Unit).
Then the MAC common part and privacy sub-layer receives the
SDU from the MAC convergence layer and outputs to MAC
PDU (Protocol Data Unit). Finally the PHY layer receives
the MAC PDU and outputs the IEEE 802.16 frame. The WiFi
Fig. 5. Communication methods in Smart Grid. IEEE 802.11 a/ b/ g/ n respectively provide typical throughput
of upto 25/ 7/ 14/ 100 Mbps and outdoor range of upto
100/ 300/ 300/ 600 ft. The PHY layer in IEEE 802.11 is of
four types: 802.11a 5 GHz, 802.11b 2.4 GHz, 802.11g 2.4
A. Communication Methods for Data Acquisition in Smart GHz, and 802.11n 2.4 and 5 GHz PHY. Overall the report
Grid in [67] has surveyed the wireless communication technologies
based on following performance requirements in Smart Grid
ZigBee communication protocol [64] [65] [66] is used in data collection: latency, data rate, resilience, security, distance,
Smart Grid for wireless personal area network (WPAN) ap- scalability.
plications. It follows the IEEE 802.15.4 standard, and is
designed for relatively low data rate communication among IEC 61850 [68] [69] is a object-oriented communication
low-power devices in a small local area such as inside the protocol defining communication across Intelligent Electronic
home or building. Zigbee protocol stack consists of four layers: Devices (IEDs). It is mainly focused on communication for
physical (PHY) sub-layer and the medium access control electric substation automation. IEC 61850 provides a compre-
(MAC) sub-layer defined by IEEE 802.15.4, then the network hensive model for enabling easy organization of data in power
layer and application layer. ZigBee has two device classes: full system devices, with the support of consistency across device
function device (FFD), and reduced function device (RFD). types and plug-and-play capability. The core parts of IEC
FFD can perform all the tasks defined by ZigBee, while RFD 61850 include following: Substation Configuration Language
can perform only limited tasks. FFD can form any topology (SCL), Abstract Communications Service Interface (ACSI)
and become a network coordinator (responsible for overall and base types, Common Data Classes (CDC), Logical Nodes,
network management). RFD is limited to star topology and Specific Communications Service Mappings (SCSM) with
consume low power. ZigBee has following components or MMS and ethernet, sampled values over ethernet, conformance
entities defined: coordinator, end device, router, ZigBee trust testing. The standard has defined data types to be transmitted
center (ZTC), and ZigBee gateway. The packet frame structure for each logical device, with object name, data class name
in IEEE 802.15.4/ ZigBee communication is illustrated in (data structure), data description, mandatory/ optional prefer-
Figure 6. The preamble consists of 32 bits for synchronization ence.
purpose. The PSDU (PHY Service Data Unit) size ranges
from 0-127 Bytes and consists of PC (for addressing mode Power Line Communication (PLC) [70] [71] is wired com-
flags), ADDR (for address information), DSN (Data Sequence munications technology that uses power transmission con-
 10

ductor line to transmit data. It provides lower cost than This feature removes the requirements of trusted or honest-
wireless communication modes because it utilizes already but-curious data collectors from the data collection model.
existing power line infrastructure. There are 3 classes of PLC The authors further extend this work in [76] by coupling
communication technology: broadband, narrowband, and ultra the secure data collection requirements with objective of
narrowband. The broadband provides up to 200 Mbps data rate time minimization, such that the total data collection time is
and is applicable to residential AMI (advanced metering infras- reduced while ensuring confidentiality of data. In [77], the
tructure)/ AMR (automatic meter reading), but not suitable for time minimization objective is specifically studied within a
sub-stations. The narrowband provides up to 500 kbps data rate tree-based smart grid data collection environment. Another
and is applicable to sub-station communications. The ultra- work in [78] has proposed a secure data transmission scheme
narrowband provides up to 100 bps and is applicable to AMI, based on compressive sensing. Only simple linear operations
AMR, Demand Response (for direct load control purpose). are required in the encryption process. The proposed scheme
In summary, the U.S. Department of Energy (DoE) report can achieve perfect secrecy under certain conditions.
[72] has suggested communication parameter needs for var- 2) Privacy preserving data collection and sharing: A num-
ious Smart Grid functionalities. This is illustrated in Table ber of works have proposed and designed privacy-preserving
VI. There also exist other communication technologies and frameworks and policies for data sharing in Smart Grid. As the
standards for Smart Grid data collection and aggregation, business model in Smart Grid gets a transformation, business
such as: IEC 61970 and IEC 61969 for energy manage- other than utilities might even sell electricity or collect energy
ment systems, IEC 60870-6/ TASE.2 for inter-control center usage/ production data directly from consumers [79]. Utilities
communications, IEEE P2030 for customer-side applications, may also get into new services outside traditional power
IEEE P1901 for in-home Smart Grid applications, OpenADR distribution and provision. This motivations increasing risks
for load control in Demand Response, BACnet in building of privacy violation within Smart Grid. The work in [80] has
automation, Z-Wave as alternative to ZigBee for home area summarized privacy policies, laws, regulations and standards
networking, etc. in this regard. The corresponding privacy-enhancing schemes
such as encryption, steganography, aggregation methodologies,
de-identification methodologies, access control systems, and
privacy seals for websites are discussed. The newest privacy
conduct code from the U.S. Department of Energy (DoE) is
B. Security in - Data Acquisition
available in [81].
Data Acquisition is a very essential function in Smart First, the work in [82] has proposed a privacy-protected
Grid for monitoring varied states of entities such as power smart meter data collection scheme. The original data are
consumption, load balancing, resource allocation, etc. The homomorphic encrypted to protect users’ privacy. Proposed
Smart Grid data are collected very frequently to support smart scheme is able to check the correctness of the collected
electricity distribution, consumption and management. But this data by directly examining the homomorphic-encrypted ones
also introduces new security and privacy challenges. instead of the original ones, such that the users’ privacy is
1) Secure data collection and aggregation: The non-IP preserved while data correctness is ensured. Another work in
based networks deployed in utility power grids are limited in [83] addresses the issue of privacy protection where individual
communication and security capability. The largely distributed smart meter measurements are kept secret from outsiders
data generating sensors around Smart Grid architecture are (including the utility provider itself), while processing private
typically constrained (in terms of computation, memory, com- measurements under encryption. The authors first list the
munication bandwidth), requiring scalable and secure trans- involved parties in a smart meter scenario and the smart
port and data collection protocols design. The work in [73] metering architecture. Then they use total energy consumption
has proposed SSTP, a scalable and light-weight transport as the aggregation function, and compare different privacy-
protocol over power grid wide area network. It supports preserving approaches to implement the aggregation function.
lifetime-lived, secure and reliable sensor data delivery, by Finally, challenges related to hardware limitations, security
exploiting the notion of state-token. The state-token is issued cryptographic protocols and signal processing are discussed.
with each server message and attached to corresponding client Moreover, grid users and standardization committees usu-
message subsequently delivered to the server. The work has ally prevent the utilities and third parties from collecting
also compared different transport protocol based on differ- aggregated meter data at the household granularity. Data
ent features. SSTP has been proved to significantly reduce perturbation is a technique used to provide a trade-off between
computation and memory overhead, compared to the existing the privacy of individuals and the precision of the aggregated
transport protocols.Secure and scalable data collection proto- measurements. The work in [84] presents an interesting deci-
col for Smart Grid is proposed in [74] and [75], containing sional attack on aggregation with data perturbation. It shows
a hierarchical architecture consisting of measurement devices, that it is possible to detect the presence or absence of an
data collectors, and power operator. The measurement devices individual’s data inside an aggregate by exploit the temporal
encrypt generated data, the data collectors relay those data correlation within the measurements. Similarly, the work in
from the measurement devices to power operator. While the [85] has considered a decisional attack on data aggregation
data collectors can verify the data integrity, they cannot access with data-perturbation, showing that a curious entity can
the content of the data, thus preserving data confidentiality. exploit the temporal correlation of Smart Grid measurements
 11

TABLE VI
N ETWORK COMMUNICATION REQUIREMENTS IN DIFFERENT APPLICATIONS OF S MART G RID

Application Bandwidth Latency Reliability Security Backup power

AMI 10 - 100 kbps per node, 2 - 15 sec 99-99.99% High Not necessary
500 kbps for backhaul
Demand-Response 14 - 100 kbps per node/ 500 ms - several min- 99-99.99% High Not necessary
device utes
Wide Area Situational 600 - 1500 kbps 20 ms - 200 ms 99.999-99.9999% High 24 hour supply
Awareness
Distribution Energy 9.6 - 56 kbps 20 ms - 15 sec 99-99.99% High 1 hour
Sources and Storage
Electric Transportation 9.6 - 56 kbps, 100 kbps 2 sec - 5 min 99-99.99% Relatively Not necessary
is a good target high
Distribution Grid Man- 9.6 - 100 kbps 100 ms - 2 sec 99-99.999% High 24-72 hours
agement

to detect presence or absence of individual data generated

by a specific user, inside the aggregate. Another work in
[86] has proposed an efficient and privacy-preserving data TABLE VII
aggregation scheme, by using a superincreasing sequence to S UMMARY OF RELATED WORKS ON DATA ACQUISITION SECURITY IN
S MART G RID
structure multidimensional data and encrypting the structured
data by the homomorphic paillier cryptosystem. For data Category Relevant works
communications from user to Smart Grid operation center, Secure
data col- • Data confidentiality with hierarchical architecture: [74]
data aggregation is performed directly on ciphertext at local lection and [75]
gateways, without decryption. and ag- • Data collection time and overhead minimization: [73]
gregation [76]
Finally, there are also relevant works in the literature for • Decisional attack on data aggregation: [84], [85]
assuring privacy while sharing smart meter data. The work in
[87] has proposed a privacy-preserving data sharing method to Privacy
preserv- • Summary of privacy policies, laws, regulations and
prevent stakeholders from obtaining identifiable smart meter- ing data standards [80]
ing data, while still enabling them to perform their respective collec- • Smart Grid data privacy - U.S. Department of Energy
tion (DoE) [81]
functions. The authors first introduce a data sanitization-based • Data and user privacy [82], [83]
mechanism to protect sensitive information before sharing data
for external usage. Then they present solutions based on secure Privacy
preserv- • Privacy preserving sharing of data - Third parties
multi-party computing to enable the third parties to perform ing data performing aggregation [87]; Analysis of sensor data
aggregation operations on smart metering data in a privacy- sharing in Smart Home [88]
preserving manner. Another work in [88] presents a privacy-
preserving framework for the analysis of sensor data from
smart homes. The authors propose an approach to achieve
data privacy throughout the complete data cycle including: data
generation, transfer, storage, processing and sharing. The main
objective of the privacy preservation is to ensure that private
information remains protected, while processing or releasing
data.
The key discussed works about data acquisition security are
summarized in Table VII.

VI. DATA STORAGE SECURITY IN S MART G RID

Data storage is one of the most vital components in the

Smart Grid ecosystem for assuring a number of services and
functionalities (such as grid failure detection - isolation -
restoration, demand-response, prediction of energy generation,
micro-grids, customer analysis and billing etc.). The data from
very broad range of sources are needed to be stored in a
systematic manner for efficient and contextual retrieval. These Fig. 7. Different components in cloud-based Smart Grid data storage.
data are needed to be queried and retrieved meaningfully for
processing and analysis for intelligence extraction.
 12

A. Methods and Practices for Data Storage Different database designs and configurations need to be
aware of data types and operations specific to the application
Cloud-based data storage and analysis has become largely
domain. In this regard the work in [90] has presented a survey
popular in Smart Grids due to advantages like performance,
of Smart Grid data operations in cloud-based system. Specific
scalability, availability and interoperability, facilitating data
properties of Smart Grid data are discussed: heterogeneity
analysis both in real-time and long-term historical. As il-
of device types, interfaces and capabilities; time-stamped;
lustrated in Figure 7 the different components of cloud-
high data generation rate; unboundedness of data streams;
based data storage systems for Smart Grid are: data center
evolving nature with temporal locality and structural breaks;
facilities, data storage arrays, storage area network, server
unordered data streams (not always following the order of
platforms, database, and virtualization of server or storage
data generation). Smart Grid stream data analysis in the cloud
or network devices. While a number of these components
requires following basic set of operations: storage, indexing,
are infrastructure or maintenance related, the database is
aggregation, clustering, sampling, searching, and auditing.
very important component requiring more design efficiency
Now we briefly discuss some application/ service specific
and security protection. The maintenance and operations in
data management system in Smart Grid. The work in [91] has
Smart Grid database consists of standard data management
addressed a series of system architectures to store and process
operations such as: schema or format creation, data insertion
smart meters reading data. These different data management
with update and delete routines, data query and contextual in-
architectures are classified based on following components:
formation retrieval, performance optimization of data retrieval,
Concentrator Node (CN) and Central Data Processing Node
data access control, backup and recovery.
(CDPN). The Concentrator Node (CN) gathers, stores and re-
turns electricity consumption information from multiple smart
meters. The Central Data Processing Node (CDPN) manages
the CNs. While operations of CNs are more passive (receiving
and executing queries), CDPNs are active with highest level
of control. CDPNs are responsible for managing and coordi-
nating tasks assigned to CNs, and also calculating electricity
consumption statistics and monthly billing information. Now
based on configuration of CNs and CDPNs, there are following
four architectures for smart meter data storage and manage-
ment: (i) single relational database (one CDPN, a set of CNs,
and one Relational Database Management System or RDBMS
located at the CDPN); (ii) distributed relational database (an
RDBMS per CN for parallel database access); (iii) key-value
distributed database (storing all monthly readings for each
household into a single row, instead of writing a database
row per smart meter; the single row of readings consist of
Fig. 8. Different database types for Smart Grid data storage. a household identifier and an xml structured string); and (iv)
hybrid storage (combination of one CDPN with a single
For more traditional database management system (DBMS) RDBMS database and a set of CNs with their local File
in Smart Grid, different relational database are popular such Systems). Another work in [92] has presented the IBM storage
as: Oracle (proprietary), Microsoft SQL Server (proprietary), infrastructure for smart grid data management. The work also
IBM DB2 and Informix (proprietary), SAP Sybase (propri- emphasizes data security issues and compliance with the North
etary), MySQL (open source), PostgreSQL (open source). American Electric Reliability Corporations’s (NERC) Critical
But recently NoSQL (Not only SQL) based post-relational Infrastructure Protection (CIP) program.
database systems are being adopted for Smart Grid database,
such as: document-oriented database (e.g. MongoDB), XML B. Security in - Data Storage
database (e.g. BaseX), graph database (e.g., InfiniteGraph), 1) Security factors for cloud-based data storage: Large-
key-value store (e.g., Apache Cassandra), multi-value database scale spatial temporal data storage in Smart Grids mostly
(e.g., OpenQM), object-oriented database (e.g., db4o), RDF require and use cloud-based distributed architecture. Therefore
(resource description framework) database (e.g., Meronymy Smart Grid data storage also has those fundamental security
SPARQL), tabular database (e.g., BigTable), tuple database and privacy challenges as in cloud-based data storage. The
(e.g., Jini), column-oriented database (e.g., c-store). Moreover, work in [93] has surveyed existing works for following data
the parallel and distributed file systems are getting increasingly storage security objectives within cloud-based platform: data
popular in Smart Grid database design, due to large-scale, integrity, data confidentiality, and data availability. Another
distributed and geographically scattered nature of Smart Grid work in [94] has analyzed security and privacy issues in
resources. Most popular distributed file system include Apache Smart Grids software architecture operating on different cloud
Hadoop and Google MapReduce. These database types are environments. Due to various services in Smart Grids there
also illustrated in Figure 8. Database management for Smart is much less opportunity to compress information through
Grids is discussed in detail in [89]. aggregation, before storing them, causing data bloat.
 13

There are a number of federal and state regulations (e.g. TABLE VIII
guidelines in [95]) regarding Smart Grid data storage, in order S UMMARY OF SOME RELATED WORKS ON DATA STORAGE SECURITY IN
S MART G RIDS .
to protect consumer data and assure transparency about energy
pricing. Long-term analysis of historical data in Smart Grids Category Relevant works
need longer duration of data preservation. But this brings Cloud based
data storage • Data integrity, confidentiality and availability in
a number of unique challenges such as: security codes and cloud-based platforms [93]
privacy policies evolving over time; large-scale data migration • Federal and state regulations for assuring secure
data storage in Smart Grid [95] [102]
between cloud vendors when original vendor is unable to
continue service (also bringing issues in migrating security Data storage on
field deployed • Malware protection with secure software devel-
and privacy policies); simultaneous local and global context opment and secure software upgrade [96]
grid devices
bringing multiple jurisdiction issues in protecting data and
enforcing mechanisms. Access control
and authentica- • User role based access control [98]
2) Security factors for data storage on field deployed tion • public key cryptography [99] [100]
devices: Malware protection and secure access issues for • Vulnerability to unauthorized access and ma-
field deployed devices in Smart Grid are discussed in [96]. licious modifications to stored grid data [101]
[103]
Importance of both secure software development and secure
software upgrade are discussed. The predominant method for
secure storage is use of keying mechanism for validation.
Typically the device is configured with public key of a secure and data measured from SCADA system. The interruption in
signing server. With this key, the device can validate any newly power systems due to the malicious modification of Smart Grid
downloaded software prior to running it or new batch of data stored data is discussed in [103]. A method based on Principle
access. This proactive approach can provide higher levels of Component Analysis (PCA) is proposed to detect anomalies
assurance. relevant to this kind of attacks. This method is applied in IEEE
3) Access control and authentication: The different access benchmark test systems and has shown significant impact on
control and authentication mechanisms in Smart Grid are false alarm reduction.
discussed in [97]. Role-based access control (RBAC) can
enhance the system reliability and can eliminate potential C. Summary on Security of Data Storage
security threats. The different user roles in Smart Grid include
operators, engineers, technicians, managers, etc. These roles Finally in Table VIII we have summarized some of the key
have different access privileges to grid devices, the stored data, discussed works on Smart Grid data storage security.
and system functionalities. The work in [98] has proposed
smart-grid role-based access control (SRAC) model. In the VII. DATA PROCESSING SECURITY IN S MART G RID
model, users role hierarchy and role constraints are predefined.
In this section, we focus on security challenges within data
An XML-based security policy managing method is designed.
processing phase, where the data are actually used for ap-
For authentication, the work in [99] has proposed a lightweight
plications. Specifically, we investigate the security issue from
two-step mutual authentication protocol by combining the pub-
the perspectives of three well known Smart Grid applications:
lic key encryption scheme and Diffie-Hellman key agreement
demand response, state estimation and energy theft detection.
scheme. The works in [99] and [100] are based on public
key cryptography. Public key infrastructure (PKI) is a classic
public key management system, where users obtain certificates A. Demand Response
(including public keys) from pre-defined certificate authorities Demand Response (DR) is a fundamental aspect of smart
(CAs), and the CAs belong to a hierarchical structure. In Smart grid that gains relevance when smart metering and advanced
Grid with PKI, each grid device obtains a certificate from a communications infrastructures among different elements of
local CA. Two grid devices belonging to the same regional the grid are in place. In smart grids, a demand response
network may have their certificates issued by different CAs, management strategy utilizes smart metering data and pricing
and they will not recognize each other’s certificate. signals, and alters the energy consumption patterns of end-
Another work in [101] has discussed how unauthorized user customers in timing or level, in response to changes in
access and malicious codes can affect Smart Grid data storage the price of electricity over time [104]. For utility companies,
security. In the U.S., there are requirements, policies and demand response motivates changes in electricity use and
regulatory issues pre-defined by the NERC, NIST and DOE induces lower system load at times when grid reliability is
[102]. But there are alarming evidence that an adversary can jeopardized, and helps to stabilize volatile electricity prices in
manage to get critical access to the network data stored in regions with centrally organized wholesale electricity markets.
a Smart Grid related database and can even manipulate the For end-use customers, demand response enables them not
stored data [101] [103]. These can lead to compromise and only to reduce their bills, but also use energy more efficiently
failure spread in Smart Grid infrastructure. In this regard the by turning off and on an appliance in accordance with the
Optimal Power Flow (OPF) is a power system analysis tool environmental requirements. Demand response basically falls
which is widely adopted in the control centres. The OPF into two categories: load control techniques and pricing poli-
operations are highly dependent on network configuration data cies. In load control approach, the residential users agree to
 14

transfer their energy consumption control to the utility, while billing and personal information, demographic data, etc.
pricing policies provide incentives for the users to adjust their Confidentiality ensures that these data is encrypted during
energy usage according to a global optimization constraints. the network transmission as well as in the storage, to
1) OpenADR: OpenADR, developed by the OpenADR prevent unauthorized access and privacy violation.
Alliance, is a set of standards and open data exchange models • Integrity: Demand response requires accurate energy
to facilitate the automated demand response between service consumption, price signals and event information. The
provides and consumers [105]. The OpenADR specifications manipulations of these data could result in grid instability
defines various XML-based messages that can be exchanged and even blackout. The integrity of these data should be
over any IP-based network using protocols such as HTTP, protected during communications.
SOAP or XMPP [106]. It is expected to be a dominating • Availability: Demand response, especially fast-DR, re-
mechanism for at least next 10 years, contributing to lower quires timely information sharing between utility compa-
product development costs [107]. Figure 9 is a generic Ope- nies and end-use customers. Thus, the real time availabil-
nADR architecture [108]. It consists of the Demand Response ity of information like energy demand, is crucial.
Automation Server (DRAS) and the DRAS Client. As shown, • Authentication: It has to guarantee that only an legiti-
mate party can issue DR event signals.
• Non-repudiation: Verifiable evidences about the trans-
Utility
DRAS actions between utility companies and end-use customers
should be kept.
2 • Auditing and Logging: Reliable auditing has to be
Operators Information
systems
1 conducted by employing the secure logs of events and
sensitive operations.
Internet 3) Secure demand response schemes: In this part, we
3
overview the existing schemes to enhance demand response
4 Aggregated Loads security.
Simple Client Smart Client
DRAS Client We first address the works that intend to preserve privacy.
5 EMCS Control Networks
In [109], Liang et al. apply homomorphic encryption to the
Control Networks
L L L Gateway demand aggregation process within the proposed dynamic
L L L Electric loads Control Networks pricing scheme to achieve privacy-preserved demand response.
Electric loads Similarly, in [110], Li et al. present EPPDR, another privacy-
L L L
Electric loads
preserving demand response scheme. This scheme also em-
ploys a homomorphic encryption to the energy demand ag-
Fig. 9. Generic Open Automated DR Interface Architecture gregation process. Differently, an adaptive key evolution tech-
nique is further incorporated such that the privacy preservation
the data flow in OpenADR architecture is typically in five of forward secrecy of users’ session keys and the evolution of
steps [108]: users’ private keys, are also implemented. The computation
and communication overhead to achieve forward secrecy in
• The utility company defines DR event and price signals
EPPDR are evaluated to demonstrate its better performance
to send to DRAS.
in comparison with existing techniques. As an alternative
• DR event and price services are published on DRAS.
approach, Zhu in [111] formulates demand response games for
• DRAS clients, which can be either a client and logic
demand allocation and shedding, and propose corresponding
with integrated relay (CLIR) or a web service will request
distributed privacy preserving algorithms based on secure
event data from the DRAS every minute.
multi-party computation. The existence of Nash equilibrium
• Preprogrammed DR strategies determine action based on
and the algorithms’ convergence are presented. The authors
event and price.
consider the privacy preserving against semi-honest adver-
• Facility Energy Management Control System (EMCS)
saries, who attempt to infer private information from the
carries out load reduction based on DR event signals and
received messages. Both proposed algorithms are resilient
strategies.
against at most N-2 adversaries, which means that in a game
2) Security issues and requirements: In [106], the general with N players, even if there are as many as N-2 adversary
security guidelines specifically for demand response process players, the private information of the left 2 legitimate players
are listed: can still be protected.
• Confidentiality: Demand response is naturally a dis- Preserving grid stability is another key concern for se-
tributed decision making problem, in which each of cure demand response. Maharjan et al. in [112] formulate a
the utility companies and customers only has partial Stackelberg game between utility companies and consumers
information of the entire decision making problem and to achieve distributed and dependable demand response man-
they need to negotiate with one another to reach a global agement. First, the intrinsic distributed nature of the proposed
consensus. The negotiations among the decision makers algorithm is resilient to the failure or noncooperation of any
are through sharing and exchanges of privacy-sensitive player, such that the global equilibrium can always be achieved
data, which may include: smart meter measurements, to maximize each one’s benefit. Second, the authors shows that
 15

the algorithm will converge to the global equilibrium with and the centralized online data processing is even practically
only local information available, which means each player infeasible due to the communication bottleneck. Therefore,
doesn’t have to expose private sensitive energy consumption new state estimation methods should be proposed not only
and generation information to others. Last but not least, the just as countermeasures against false data injection attacks,
paper is the first to study and evaluate the impact of cyber but also as new approaches to process the measurement
attacks on demand response management system, from the data in more timely and robust way. In this section, recent
perspectives of both the economic aspect and the physical resilient state estimation methods are presented, which can
aspect. The attacker intends to create monetary and physical be categorized into two major classes: methods employing
damage by manipulating the price information between the distributed architecture, and methods adopting new models.
utility companies and consumers. Countermeasure based on Figure 10 gives the taxonomy of resilient state estimators we
individual reserve power and common reserve power are have covered.
proposed to avoid the physical damage. In [113], Nguyan et
al. illustrate the error-prone nature of collaborative demand
response, due to users’ erratic behavior, limited commitments, New problem
Weighted Least
device insecurity, and possible misconfigurations. To assure
the safety of demand response under these contingencies, the Square formulations
propose approach incorporates a real-time secure assessment Kalman Filter
module before the load management process, which adopts Least Absolute [129], [130]
Distributed State Value Kernel Ridge
times-to-being-unsafe (TTBU), the minimum remaining time Estimation [128] Regression
until the grid becomes unsafe as the safety metric. As a result, [131]
Minimax
the load management process is divided into two phases to [119] [120][121][122] Optimization Factor Graph
assure the safety: a load curtailment phase and a load shedding [133] [132]
phase. When TTBU drops below a warning threshold, the
system enters the load curtailment phase to induce customers
to decrease consumptions collaboratively. If the curtailment is Static Estimator Dynamic Estimator
not fully realized by the customer and the TTBU drops to an
emergent threshold, the system enters the load shedding phase, Fig. 10. A Taxonomy of Resilient State Estimators
which simply shutdown a subset of loads to prevent further
failures. 1) Distributed state estimation: Distributed state estimators
mainly still employ the traditional static WLS formulation.
Differently, they partition the power network into several
B. State Estimation control regions, and distribute the computation and bad data
State estimation is a key system monitoring process de- detection requirements among these local control centers, to
ployed in power system control center to estimate the system increase the online measurement processing capabilities and
unknown state variables based on the collected meter measure- bad data detection sensitivity. Each local control center only
ments [25]. The outputs of state estimation lay the foundation has knowledge of local measurements and network structure,
for a series of subsequent critical control processes, such as and iteratively coordinate the local state estimates with other
contingency analysis, security constrained economic dispatch, control centers to achieve the global state convergence.
and real-time pricing in electrical market, etc. Therefore, the Pasqualetti et al. [119] employs the traditional centralized
safety of state estimation process is a key concern in Smart WLS state estimation model and distribute the computation
Grid cyber security. Traditionally, the state estimation process among local control centers using two interaction structures:
is formulated as a static weighted-least-square (WLS) problem the incremental interaction and the diffusive interaction. In
and solved in a centralized control center, which need to incremental interaction, the estimated result flows in a sequen-
collect all the measurements through SCADA system across tial manner from one control center to another. In diffusive
the entire network [25]. In [114], Liu et al. first introduce the interaction, each control center communicates with all its
concept of false data injection attacks against state estimation, neighbors. Although both interaction structures have proofed
which opens up a brand new perspective to attack the process. convergence to the centralized WLS solution, local observabil-
Inspired by the work in [114], a series of further developments ity is required, which means the local Jacobian matrix after
are made in [115] [116] [117] [118], etc. This kind of attacks partition must be full rank. Xie et al. in [120] and Kekatos
mainly expose and rely on the vulnerabilities of the traditional et al. in [121] respectively propose distributed methods which
centralized weighted-least-square state estimation model and don’t require local observability. In [120], a first order adaptive
its corresponding bad data detection method. Meanwhile, diffusion-based algorithm is presented, which combines a
Smart Grid is characterized by the intermittent renewable local descent step with a diffusion step. In [121], the well
power generations and frequent grid topology changes, and the known alternating direction method of multipliers (ADMM)
unprecedentedly large amount of data generated in real time by is employed. As further improvement, [122] proposes a robust
the new measurement devices like phasor measurement units and fully decentralized adpative re-weighted state estimation
(PMUs). The traditional static WLS state estimation model scheme, which essentially a generalization of the Gossip based
is not suitable to capture the system dynamics in real time Gauss-Newton algorithm. It demonstrates faster convergence
 16

rate and is completely adaptable to measurement meter failures problem is linearized and LAV estimator would demonstrate
and communication network failures. competitive computational performance with WLS while pre-
All the above distributed state estimation methods are ac- serving its robustness.
companied by the corresponding distributed bad data detection The penetration of renewables and sudden changes in the
techniques. These distributed models decrease the chance load, generation and topology make the Smart Grid sys-
of success of false data injection attacks, since they can tem much more dynamic. To cope with such dynamics, a
incorporate more meter measurements and divide the whole new line of researches about dynamic state estimators are
network into smaller and more observable regions, but are motivated, to facilitate the major needs for robust online
not specifically designed for false data attack detections. In state estimation. One solution is to employ Kalman Filters.
[123], the authors particularly propose a false data injection Weng et al. in [129] propose a new Kalman filter based
attack detection scheme based on extended distributed state state estimation method, which first use historical data to
estimation (EDSE). The whole network is partitioned into sev- conduct maximum likelihood parameter estimation, then use
eral regions using graph partition algorithms and each region the estimated parameters with online measurements to esti-
also incorporates the adjacent buses and tie lines. By this mate the system state. The Kalman filter is employed in a
approach, the detection sensitivity is dramatically increased, physically meaningful kernel feature space, such that missing
such that the false data stands out distinctively from normal data can be tolerated. A similar approach is proposed in [130],
observation errors in the chi-square test. In [124], the authors which combines Kalman filters with real-time PMU data.
propose a decentralized false data injection detection scheme The authors introduce a novel state estimator, viz. adaptive
by creating Markov graph of the bus phase angles. Power Kalman Filter with inflatable noise variances, and suggest
network topology is learned by the conditional covariance its resilience against wrong system modeling and bad data
test. It shows that in normal conditions, the Markov graph injection through extensive simulations. To further improve
should be consistent with the power network topology, such the robustness of state estimator against topology changes,
that a discrepancy between the calculated Markov graph and bad data and malicious attacks, the authors in [131] introduce
the learned topology will indicate a false data injection attack. a robust data-driven state estimator. Specifically, the state
The set of the malicious meters can be determined without estimator first uses historical state and system topology to cope
any extra hardware resources. with topology changes, then historical data are employed to
Although distributed state estimators are proposed as the remove the bad data. Subsequently, to identify a malicious
future state estimation alternative to enhance performance attack, a maximum agreement algorithm is executed upon
as well as resilience, they are not flawless. Recent work in collected states. Finally, the resulting information is used in
[125] particularly addresses the security vulnerabilities within a kernel ridge regression process within Bayesian inference
distributed state estimation. The authors show that by compro- framework, which leads to a highly robust data-driven state es-
mising the communication links of a single control center in timator. However, this estimator suffers a large computational
a interconnected system, an attacker could launch a denial- overhead. To accommodate online data processing, dimension
of-service attack to blind the monitoring of every region. reduction and k-dimensional tree indexing are utilized to speed
In [126], false data injection attacking strategies are even up the process. As a most recent alternative approach, Chavali
specifically designed against distributed state estimation model et al. in [132] propose a dynamic robust state estimator based
in [121]. These indicate how to design a secure distributed using Factor Graphs. They model the power system as a
state estimation model is still quite challenging. factor graph, in which the state vectors corresponding to
2) New formulations for state estimation: Traditional static each area at each time are considered as factor nodes. The
WLS formulation for state estimation has the limitation in dependencies between state vectors and their neighbor area
the presence of bad data [127] and lacks the ability to vectors, and the dependencies between state vectors at different
produce real-time snapshot of the highly dynamic Smart Grid times, are captured into the factor graph. This state estimation
system. To overcome these issues, other formulations for state method is naturally distributed since the sum-product message
estimation problem are proposed. passing algorithm on factor graphs are distributed. Since the
Gol et al. in [128] present the feasibility of Least Absolute factor graph can capture the nonlinear relations, this state
Value (LAV) estimator for robust state estimation when PMU estimator introduces less errors than the traditional extended
measurements are employed. The least absolute value (LAV) Kalman filter based methods, in which nonlinear power system
estimator is traditionally known to be more robust than the measurement model is approximated as a linear model. The
WLS estimator in the presence of bad data, and the bad authors further suggest that the proposed method is more
data can be rejected automatically due to their produced robust to bad data, since once an area has bad data, the weights
large normalized residuals. However, since the traditional corresponding to the state samples in that area will become
measurements for state estimation only include bus power very small.
injections, branch power flows and bus voltage magnitudes, Another interesting idea we have found is in [133]. The
the formulated LAV estimator would require extremely high authors measure the robustness of the estimator by the worse
computational cost to find the solution. Therefore, the WLS es- case mean square error, and seek to construct an optimal
timator is widely adopted instead of LAV. In [128], the authors robust estimator based on the attackers’ ability to launch
suggest that with the help of PMU measurements, which are data integrity attacks. A Minimax Optimization problem is
the voltage and current phasor measurements, the estimation formulated, which intends to minimize the mean square error
 17

resulted from the most destructive attack. A very important of detection. In [140], the authors propose a new threat
issue we have captured from this work is: for state estimators, model that could be used either by adversarial classification
the concept of robustness and security should be distinguished and adversarial learning, and evaluate the threat model on
from each other. In other words, a robust estimator may not several detectors including Average Detector, ARMR-GLR,
necessarily be secure. This suggests that future research about nonparametric satistics, unsupervised learning (Local Outlier
state estimators should have clear definitions of robustness Factor). In [141], the smart meter data are integrated within the
and security, and the corresponding assessment standards and state estimation process, and the amount of energy stolen by
methodologies would also be indispensable. a smart meter is modeled as a measurement bias. As a result,
a weighted least square based state estimation approach can
C. Energy Theft Detection be applied to detect the energy thefts, in which a zero bias
Energy theft is a notorious security problem in power sys- represents a truthful smart meter.
tems, which causes significant economic losses and threatens 2) Multiple data sources: Recently works about energy
grid stability. Due to the ease of intrusion and economic bene- theft detection tend to employ the data from multiple data
fits [134], energy theft is a widespread practice. In developing sources, which are the multiple data source based approaches.
countries, up to 50 percent of electricity is acquired via theft [142] proposes AMIDS, an AMI intrusion detection system
[135]. In United States, the utility companies lose approxi- that uses information fusion to combine the sensors and
mately six billion dollars per year due to this problem [136]. consumption data from smart meters to detect energy theft.
Energy theft can be caused by physical and cyber attacks, such AMIDS combines meter audit logs of physical and cyber
as directly connecting loads to the electricity distribution lines, events with consumption data to model and detect energy theft.
hacking and reprogramming smart meters, etc. The detection It differs previous works by evaluating multiple AMI data
of energy theft has traditionally been addressed through phys- sources under a combination of techniques. It uses an attack
ical checks of tamper-evident seals by field personnel with graph based information fusion technique to combine collected
balance meters [137]. As the high-resolution data collection information from three data sources: cyber-side network and
from smart meters in AMI, utility companies are now able host-based intrusion detection system, on-meter anti-tampering
to timely gather more data from these devices and employ sensors, and power measurement-based anomalous consump-
analytics to turn these data into actionable information, such tion detectors. [143] proposes a temperature dependent predic-
as detecting energy theft and abnormal consumption trends. tive model which uses both smart meter data and data from
The authors in [138] specifically summarize the energy theft distribution transformers to detect electricity theft. Load profile
detection schemes by detectors, such as classification based, analysis of customers to detect abnormal energy consump-
state estimation based and game theory based. Here we adopt tion pattern. These methods cannot be used where there is
the data-driven perspective, which categorize the approaches complete bypass of meters. Technical losses and energy theft
into single data source based, multiple data source based are accurately calculated using the energy balance between
and privacy-preserving data source based. Figure 11 gives the energy supplied from the distribution transformer and the
the taxonomy of energy theft detection approaches we have energy consumption reported by the users. Another work in
covered. [144] presents a novel consumption pattern-based energy theft
detector (CPBETD), which leverages the predictability prop-
erty of customers’ normal and malicious consumption patterns.
Energy Theft Detection By employing transformer meters as well as smart meters,
the total consumption of each neighborhood is measured, and
is compared with the total amount of energy consumption
reported by the smart meters. If energy theft is detected at this
level, for each customer in the suspicious area, a multiclass
Single Data Source Multiple Data Privacy-Preserving support vector machine is trained using historic data as well as
[139][140][141] Sources Data Sources synthetic attack data set.T he classifier is then used to decide
[142][143][144] [145][146] whether a new sample reported by the customer is tampered
or not.
Fig. 11. A Taxonomy of Energy Theft Detection Approaches 3) Privacy-preserving data sources: Since the smart meter
data contain sensitive users’ energy profile information, con-
1) Single data source: The single data source based ap- ducting energy theft detection while preserving data source
proaches only employ the smart meter data in AMI. In [139], privacy draws great attention to another line of research works
the authors use the fine-grained anomaly detection from smart recently. [145] is the first to investigate the energy theft
meters and formulate the problem as a game between the detection problem considering users’ privacy issues. Previous
electric utility and the electricity thief. The Nash equilibrium schemes all require users to send their private information,
of the game is a probability density function that both parties e.g., load profiles or meter reading at certain times to the
have to choose when reporting AMI measurements. The goal utility companies, which invades users’ privacy. This paper
of the electricity thief is to steal a predefined amount of utilizes peer-to-peer computing, and propose three distributed
electricity while minimizing the likelihood of being detected, algorithms to solve a linear system of equations (LSE) for
while the electric utility wants to maximize the probability user’s honesty coefficients. The users’ privacy can be preserved
 18

because they do not need to disclose any of their energy

consumption data to others. The propose privacy-preserving
distributed LU and QR decomposition to solve a linear system
of equations, which adaptively account for both constant and
variable honesty coefficients. The work in [146] also achieves
privacy preserving by proposing a centralized energy theft
detection scheme using the Kalman filter, called SEK. Based
on SEK, it develops a privacy-preserving distributed energy Fig. 12. Evolution of Data Analytics in Security
theft scheme called PPBE, which privately finds the energy
thieves by decomposing the Kalman filter into two parallel and
• Big data infrastructure: employing a fast and scalable
loosely coupled filters. The main idea is to model the amount
infrastructure to conduct real time and long term analysis.
of energy stolen by a smart meter as a measurement bias, and
• High performance analytics engine: being capable of
use optimal state estimation techniques to solve for all the
processing large volumes of data in real time to detect,
meters’ biases. A zero bias indicates a faithful meter. One filter
investigate and prioritize threats.
(bias-ignorant filter) estimates the state variable vector and
• Integrated intelligence: supporting recommendations and
the other filter (bias filter) estimate the bias vector. The bias-
decision making.
ignorant filter first conducts state estimation in a private and
• Comprehensive visibility: visualizing the trends and
distributed manner, such that users’ measurements are hidden
events effectively with appropriate normalization.
from the system operators to preserve privacy. The resulted
residual will be further employed by the system operator In this section, we review the start-of-art works in security
to carry out bias filter. The privacy preserving energy theft analytics in Smart Grid. Specifically, we first discuss the po-
detection would be a promising research direction in the future. tential data sources for security analytics, and then analyze the
corresponding feasible data analysis methods and visualization
methods.
VIII. S ECURITY A NALYTICS IN S MART G RID
From the security perspective, data in Smart Grid are both A. Data sources for security analytics
the problem and the solution. On one hand, as suggested in
previous sections, the security and privacy of the big data TABLE IX
in Smart Grid are among the most challenging issues for E XAMPLE DATA SOURCES FOR SECURITY ANALYTICS IN S MART G RID
Smart Grid innovation. On the other hand, big data analytics
Source Data
also holds the big promises for solving Smart Grid security Remote Terminal Unit Node voltage and branch flow magnitudes
problems. By exploiting the historical and real time data in Standardized frequencies,
Smart Grid, system operators are able to uncover hidden Phasor measurement Unit node voltage magnitudes and phase angles,
Branch flow magnitudes and angles
relationships, improve situational awareness, discover patterns Generation and transmission outages,
and facts about security threats, and predict and even prevent Maintenance logs,
Planning and operations
the potential new issues before they occur. All these related Equipment operating limits,
Load forcasts
techniques are called security analytics, i.e., the application Historical LMPs, price forecasts,
of big data analytics techniques to cyber security [147]. As Transmission reservations,
Transactions
suggested in [148], in the next three to five years, security Energy sales and purchases,
Transmission loading relief incidents
analytics will disrupt the status quo in most information Traffic data, operating system logs,
security product segments and evolve to enable a wide range Networking devices User activity logs, firewall rule sets,
of security intelligence with advanced predictive capabilities DNS events
Current and voltage waveforms,
and automated real-time controls, which are also called data- Status of input and output contacts,
driven security or intelligence-driven security. Digital protective relay
Internal protection and control elements,
The applications of data analytics for power system security Relay settings
User load consumption,
is not new [149]. However, in Smart Grid, as the massive Smart meters Appliance setting points,
amounts of data generation and increasingly sophisticated Billing and identity information
cyber attacks, the traditional security solutions are rapidly Data concentrators Aggregation of smart meter data
rendered obsolete. For example, traditional security solutions AMI Headend Aggregation of data concentrator data
are not working since 97% of breaches led to compromise
within days or less, of which 72% leading to data exfiltration in
the same time [150]. Figure 12 describes the evoluation of data As the integration of cyber infrastructure within smart grid, the
analytics in security [150]. Specifically, the security analytics security related data expands considerably and a multitude of
in Smart Grid should meet the following requirements [148] potential data sources become available. The security analytics
[150]: in smart grid collect and integrate a wide variety of new data
• Diverse data sources: leveraging multiple data sources for analysis and investigation. These new data mainly comes
and creating a synergistic learning effect as new security- from an increasing number of new enhanced systems [151]:
related information becomes available. • Advanced Metering Infrastructure (AMI)
 19

• Meter Data Management Systems (MDMS) system (IDS). The IDS essentially leverages a device config-
• Outage Management Systems (OMS) uration based stochastic model checking technique. Another
• Distribution Management Systems (DMS) important aspect of the work is that a real-world dataset of
• Enterprise Asset Management Systems (EAS) thousands of meters collected at the AMI of a leading utility
Specifically, we summarize both the traditional and new data provider is used in the evaluation process, which significantly
sources in literature [152] [153] [148] [154] [155] in Table improves the soundness of the proposed method.
IX.
TABLE X
B. Data analysis SECURITY DATA ANALYSIS METHODS IN S MART G RID

Data analysis is the most important part of security ana- Ref. No Objective System Method Data set
Skewness, kurtosis estimators,
lytics, the goal of which is to extract insights, detect and [156] Distributed generations Synthetic
CUSUM
recognize patterns, derive conclusions and support decision- [157] SCADA CCT, Markov graph Synthetic
[158] AMI Markov chain Real
making. In smart grid, due to the great diversity of data [159] Power plant
Feature extraction, UDC,
Synthetic
property and objective systems, the data analysis methods for QDC, LDC, TREEC, PARZENC
[155] Transmission system Rule-based expert system Real
security analytics differ significantly. In [151], according to the [160] Transmission system Common path mining Synthetic
depth of analysis, the authors classify the general data analysis Hoeffiding tree with major
class and naive Bayes,
method into the following three categories: [161] AMI Hoeffiding tree with naive Bayes, Real
Hoeffiding decision tree,
• Descriptive analytics: extracts the what have occurred and Adaptive size Hoeffding Tree
current system status.
• Predictive analytics: predicts the future trend and fore-
casts the potential risks.
• Prescriptive analytics: supports decision making and
2) Data mining methods: Hurst et al. in [159] achieve in-
problem prevention. depth defense of a nuclear power plant against cyber threats
by using behavior observations and data analysis. Specif-
The above classification captures the functional features of
ically, feature extraction and data classification techniques
different methods.
are employed to evaluate data sets and detect changes in
As an alternative approach, the authors in [10] classify the behavioral patterns. In the training mode, features are ex-
data analysis methods from a technical perspective: tracted to form feature vectors for both normal and abnormal
• Statistical analysis: is to model randomness and uncer- behavior. Once all the required data processed, the feature
tainty by probability theory. vectors are sent to the evaluation process, where specific data
• Data mining: is the computational process of discovering classification techniques are applied, including uncorrelated
patterns and relationships in data sets. normal density based classifier (UDC), quadratic discrimi-
• Data visualization: is to represent data through pictorial nant classifier (QDC), linear discriminant classifier (LDC),
and graphical format. decision tree (TREEC), and parzen classifier (PARZENC).
In this subsection, we adopt this technical perspective and The performances and accuracy of the above classifiers are
focus on the smart grid security analysis methods using listed and compared. In [155], Popovic et al. implement
statistical analysis and data mining. Data visualization based a fault analysis platform for power transmission system by
methods are discussed in detail in next subsection. particularly focusing on the practical use of digital protective
1) Statistical analysis methods: In [156], Moreno et al. relays (DPR) data. An rule-based expert system is employed
present a safe and intelligent management platform for the to conduct the data analysis for fault detection. Recently, Pan
distributed generations in smart grid. In particular, in order to et al. [160] develop a hybrid intrusion detection system in
detect power quality events, such as sags, swells, and transient smart grid, which learns temporal state-based specifications
faults, etc, the system integrates the skewness and kurtosis for power system scenarios, such as normal control operations,
statistical estimators, as well as a real-time cumulative sum disturbances, and cyber attacks. The common path mining
(CUSUM) algorithm. The CUSUM algorithm directly uses all technique is employed to learn patterns for those scenarios
the samples in sequence and plots the cumulative sums of the from a fusion of PMU data, and system audit logs. In [161],
deviations of the sample values from a target value. In [157], data stream mining is used to enhance the security of AMI
Sedghi et al. propose an attack detection scheme for SCADA through intrusion detection. Based on the difference in data
system in smart grid, based on Markov graph of bus phase stream properties, individual intrusion detection technique is
angles. Using convential and PMU measurements, Conditional specifically designed for each part of AMI, including smart
Covariance Test (CCT) is adopted to learn the structure of the meter, data concentrator and AMI headend. Moreover, to
power network. Ali et al. in [158] propose the configuration- explore the performance and accuracy, seven implementations
based intrusion detection system for advanced metering in- of data stream classifiers from massive online analysis (MOA)
frastructure. The authors employ event logs collected at smart data stream mining framework, are evaluated using the realistic
meters and model them by fourth order Markov Chain to KDD Cup 1999 data set. Besides MOA, more data stream
demonstrate deterministic and predictable behavior of AMI, mining implementations can be found in [90].
which can be used accurately to develop intrusion detection The above data analysis methods for smart grid security
 20

analytics are summarized in Table X. We explicitly list the topological and geographical levels, and it is highlighted by
data set used in the evaluation of each proposed method since the seamlessly integration of the geographical and topological
they are critical to the validity of data analysis methods. layers, allowing to understand a single node’s contribution
to the security of entire system from different perspectives.
As the most recent work, [167] demonstrates in-progress
C. Data visualization
applications of large scale data processing technologies for
Visualization is the most direct and effective approach to security visualization in Smart Grid. By using a distributed
demonstrate and inspire ideas to human [162]. It would be data processing model, both data from smart meter profiles and
greatly beneficial to leverage visualizations to address the AMI networks are streamed and spatiotemporally visualized
security issues in smart grid. Data visualization is an essential in real-time, in order to facilitate cyber attacks identification,
part of security analytics [163]. The smart grid innovation alert and response.
enables the generation of more and more data from both Another line of works are focused on the visualizations of
infrastructures as well as applications, such as logs and some particular security aspect in smart grid. In [168], Yan et
measurements. With the ever changing threat landscape and al. present an integrated visualization platform for smart grid,
dynamic infrastructure configurations, visualization of these specifically for demonstrating the cascading failures in power
data enables individuals to uncover hidden patterns, detect at- transmission system caused by cyber attacks. The system
tacks, identify emerging risks and vulnerabilities, and respond employs ESRI ArcGIS software as visualization platform and
decisively with countermeasures that are far more likely to implement its interface with MATLAB, where the attacks and
succeed than conventional approaches, which is an essential defense algorithms are simulated. In [169], Matuszak et al.
part of future actionable security intelligence. In this section, describe the design of CyberSAVe, a visualization tool for
we present the existing works about security visualizations cyber trust for SCADA system in Smart Grid. The authors first
in smart grid, and identify the research challenges for future define the mathematical model of cyber trust, which consists
work. of availability, detection and false alarm trust values, as well
1) Existing security visualization works: As an early work, as a model of predictability. By employing an aggregation
Klump et al. in [152] visualize the security threats of algorithm for all these models, CyberSAVe incorporates and
power system by displaying data from phasor measurement visualizes the aggregated trust, which could be used by the
units(PMUs) and SCADA data sources simultaneously. The system operator to detect, identify, and mitigate various attacks
SCADA data sources provide a comprehensive capture of on Smart Grid system.
system states but at a slow refresh rate. As a comparison, the
PMU measurements can capture the system transient dynamics
TABLE XI
and generate data at a much higher rate. The integration S UMMARY OF SECURITY DATA VISUALIZATION
of SCADA data and PMU data for visualization can help
Ref. Objective Layout Implementation Key features
directly identify the security threats in the system. The pro- Distributed data
posed platform characterizes the properties of PMU data and [152] Transmission system Geographical Powerworld sources with different
generating rate
addresses specifically the challenges of employing distributed Communication,
[164] Generation system Geographical From scratch power network,
data sources with different data generating rate. PowerWorld and weather data
is employed to provide dynamic geographical view. Physical dynamics,
[165] Transmission system 3D AVS Express
3D visualization
Recently, [164] presents a general visualized monitoring [168] Transmission system Geographical ArcGIS, Matlab
Cascading failure
demonstration
tool for distributed power generations in smart grid. The [169] SCADA system Geographical Open API, GIS
Mathematical trust
model visulization
visualization tool uses an expert system to filter and analyze Geographical, Both geographical
[166] Transmission, SCADA GeoViz
real-time measurements from the smart meters at transformer topological and topological
Apache flume,
stations of the distribution grid, and generate diagnosis for Big data processing
[167] AMI system Charts, lines Kafka, Storm,
for visualization
Kibana, Jquery
failures and recommendation corresponding actions. It pro-
vides a geographic based main view for the current state of
the grid, as well as the additional views to highlight details
about the particular points of interests on demand. The status 2) Remaining challenges: The properties and comparisons
of communication network and weather are also integrated. between the above works are summarized in Table XI. We can
Another work in [165] is promising since it presents a 3D see the visualization tools are mostly for the transmission sys-
visualization scheme for contingency and security in smart tems with a geographical display. Moreover, since these works
grid. In this work, the proposed approach employs Advanced mainly leverage the existing visualization tools, the application
Visual Systems Express 7.3 software, and is devoted to visu- of advanced visualization techniques, such as 3D visualization,
alizing the physics of power grids. Specifically, the system is still rare. Through our studies, we find that even though a
real-time dynamics when a generator fails are visualized. tremendous amount of research have examined visualizations
The implementation consists of large data transfer program, for cyber security, the works specifically addressing the se-
numerical analysis program, visualization program, visualiza- curity of smart grid are surprisingly limited. As mentioned
tion matrix, data acquisition and data segmentation functions. in [154], data visualization for smart grid security remains
Instead of just providing geographic layout, the work in [166] extremely elementary, dominated by pie charts, graphs, and
deals with the different hierarchical layers that exist at both Excel spreadsheet pivot tables. The smart grid data has its
 21

own features and dimensions, more efforts should be made to

Security Testbed Security Analytics
advance the security visualization in smart grid system.
Machine Statistical Security
Based on our studies, we identify a number of remaining Simulation Emulation Physical
Learning Analysis Visualization
challenges in visualization as the following:
• The objectives of security visualization can be expanded.
Instead of limiting to transmission system, SCADA and
AMI, more efforts should be made for power distribution Cloud-based Infrastructure
system, smart buildings and energy management system, Data Data Stream Interactive
etc, where lies higher security risks due to extensive user Storage processing Query
involvements.
• The security visualization tools should address the di-
Fig. 13. Data-driven cyber security research framework
versity of heterogeneous data sources, such as data
generating rate, geographical locations, and duty cycles,
etc. Customized visualization will also be desirable to B. Potential future research
highlight particular interests on demand.
• Advanced implementation techniques for visualization,
Many challenges in the smart grid security still need more
such as cloud based large scale data sanitation, 3D repre- research attentions in the future. Below, we list some of the
sentations and human interactions, should be integrated to identified open issues:
facilitate the capabilities of real-time security monitoring • Security of plug-in electric vehicles (PEVs): The large
and analysis. scale integration of PEVs is listed as the top seven key
• Predictive functions and models can be implemented functions of Smart Grid [170], which could significantly
within visualization to illustrate potential security risks. increase the use of renewable energy resources, provide
energy storage to ameliorate peak load demands, and
IX. L ESSONS L EARNED AND F UTURE RESEARCH dramatically reduce the carbon footprint. As suggested
In this section, we present our learned lessons throughout in [171], the potential security issues related to PEVs
the process of conducting our survey works and identify include privacy of movement, security payment, and
several potential future research directions. integration security with critical infrastructure, etc. From
our survey, most existing authentication systems merely
A. Lessons learned apply security schemes directly to the smart grid, leaving
In this paper, we have adopted a data-driven approach to gaps of the PEVs protection, except the most recent work
survey the existing related works about cyber security in Smart in [172]. Also, more future work should look into the
Grid. Even though it is really difficult to draw insights about attack detection and vulnerability assessment methods
the relations from the huge amount of research publications, [173]. The recent project about PEVs from European
we find following the trace of data (generation, acquisition, Network for Cyber Security [174] shows an increasing
storage and processing) is a straightforward and efficient urgency about this research topic.
approach to systematically organize and analyze. Based on • Security of transactive energy: Transactive energy is a
this, we believe it would be also beneficial to conduct future system of economic and control mechanisms that allows
security research in a data-driven way, which is a data-driven the dynamic balance of supply and demand across the
cyber security research framework. The framework itself entire electrical infrastructure using value as a key oper-
should strive to bring security, big data analytics and cloud ational parameter [175]. As an integral part of the pacific
computing technologies all together, and capture the entire northwest smart grid demonstrate project [176], transac-
lifecycle of data in cyber security research. As shown in tive energy is a new concept that provides an approach to
Figure 13, the research framework could consist of cyber maintain the reliability and security of the power system.
security testbeds (data generation), cloud-based infrastructure It increases efficiency by coordinating the behaviors of
(data storage and processing), and security analytics (data a large number of distributed energy resources, which
application). The security testbed incorporates software sim- embraces both the economics and engineering of smart
ulation, emulation and physical hardware to conduct cyber grid system. The implementation of transactive energy
security analysis, which provides an experiment environment requires massive distributed controls and interactions
to validate cyber security strategies while generating data such between independent entities, which would impose a sig-
as system traces and logs, etc. The security testbed stores nificant of amount of security challenges. Sophisticated
generated data in the Cloud-based Infrastructure for Security cyber-physical attacks against transactive energy could
Analytics, while retrieves required data from the Cloud-based lead to serious unstable power operating conditions or
Infrastructure when conducting the validation about Security even blackout. Future research should particularly explore
Analytics. These three components work together to facilitate the security solutions for this scenario.
the future cyber security research in a data-driven way. This • Security assessment tools: As the emerging of various
kind of full-stack approach would be also applicable to future design and implementation of security architectures for
security research in other general cyber-physical systems, such smart grid, it is essential to formally evaluate the strength
as smart transportation system and smart buildings. and weakness of each security solution, when the se-
 22

curity assessment tools would come into the picture. [2] D. of Energy and D. of Homeland security, “Roadmap to secure control
Even though there exists quite a few of theories about systems in the energy sector,” Tech. Rep., 2008.
[3] G. Ericsson, “Cyber security and power system communication
the assessment of smart grid security, which include 2014;essential parts of a smart grid infrastructure,” Power Delivery,
probabilistic risk assessment, graph based assessment and IEEE Transactions on, vol. 25, no. 3, pp. 1501–1507, July 2010.
security metric based assessment [6], the implemented [4] Y. Yan, Y. Qian, H. Sharif, and D. Tipper, “A survey on cyber security
for smart grid communications,” Communications Surveys Tutorials,
available tools are still rare. One of the leading in- IEEE, vol. 14, no. 4, pp. 998–1010, Fourth 2012.
progress efforts is from [177], which applies formal and [5] J. Liu, Y. Xiao, S. Li, W. Liang, and C. L. P. Chen, “Cyber security
systematic analysis of different types of security assess- and privacy issues in smart grids,” Communications Surveys Tutorials,
ment techniques to provide an integrative tool for large- IEEE, vol. 14, no. 4, pp. 981–997, Fourth 2012.
[6] W. Wang and Z. Lu, “Cyber security in the smart grid: Survey and
scale real-world smart grid systems security assessment. challenges,” Comput. Netw., vol. 57, no. 5, pp. 1344–1371, Apr. 2013.
Future research should focus on the implementations and [Online]. Available: http://dx.doi.org/10.1016/j.comnet.2012.12.017
evaluations for security assessment tools, especially with [7] Z. Baig and A.-R. Amoudi, “An analysis of smart grid attacks and
countermeasures,” Journal of Communications, vol. 8, no. 8, Aug 2013.
a real-time interactive paradigm. [8] N. Komninos, E. Philippou, and A. Pitsillides, “Survey in smart grid
• Security architectures and frameworks in context of and smart home security: Issues, challenges and countermeasures,”
Internet-Of-Things: Security architectures and frame- Communications Surveys Tutorials, IEEE, vol. 16, no. 4, pp. 1933–
1954, Fourthquarter 2014.
works are the full-stack models from a global perspective
[9] “Guidelines for smart grid cyber security,” NIST Smart Grid Interop-
and provides a complete security solution to smart grid erability Panel, NISTIR 7628 Cyber Security Working Group, 2010.
system. As shown in our previous works, most of the [10] H. Hu, Y. Wen, T.-S. Chua, and X. Li, “Toward scalable systems for
works about cyber security in smart grid are concentrated big data analytics: A technology tutorial,” Access, IEEE, vol. 2, pp.
652–687, 2014.
on particular scenarios and specific contexts. As the con- [11] M. Line, I. Tondel, and M. Jaatun, “Cyber security challenges in smart
vergence of smart grid system with Internet-Of-Things, grids,” in Innovative Smart Grid Technologies (ISGT Europe), 2011
these security solutions should not be isolated and there 2nd IEEE PES International Conference and Exhibition on, Dec 2011,
pp. 1–8.
should be a overall view to organize all the solutions. [12] F. Cleveland, “Cyber security issues for advanced metering infrasttruc-
[178] firstly presents a security architecture model for ture (ami),” in Power and Energy Society General Meeting - Conversion
smart grid communication network, which incorporates and Delivery of Electrical Energy in the 21st Century, 2008 IEEE, July
2008, pp. 1–5.
subsystems including AMI, demand response (DR), elec-
[13] B. Zhu, A. Joseph, and S. Sastry, “A taxonomy of cyber attacks
tric vehicles, distributed resources and energy storage on scada systems,” in Internet of Things (iThings/CPSCom), 2011
systems, and distribution grid management. [179] also International Conference on and 4th International Conference on
presents the security framework, security policies and Cyber, Physical and Social Computing, Oct 2011, pp. 380–388.
[14] Y. Deng and S. Shukla, “Vulnerabilities and countermeasures: A survey
countermeasures for IoT in smart grid, or called power on the cyber security issues in the transmission subsystem of a smart
internet of things. The proposed security framework con- grid,” Journal of Cyber Security and Mobility, vol. 1, pp. 251–276,
sisting of three layers: perception layer, network layer and 2012.
[15] C. Beasley, X. Zhong, J. Deng, R. Brooks, and G. Kumar Venayag-
application layer. [180] presents the security requirements amoorthy, “A survey of electric power synchrophasor network cyber
and architectures for IoT and specifically analysis of security,” in Innovative Smart Grid Technologies Conference Europe
security architecture in smart home applications. Future (ISGT-Europe), 2014 IEEE PES, Oct 2014, pp. 1–5.
[16] W. Stallings, Network and Internetwork Security: Principles and Prac-
works should consider the general IoT architecture and tice. Upper Saddle River, NJ, USA: Prentice-Hall, Inc., 1995.
its corresponding security challenges, then emphasize on [17] U. Department of Energy, “Smart grid system re-
the End-to-End security through a bottom-up approach. port 2009,” Tech. Rep., 2009. [Online]. Available:
For example, how to implement security control at each http://energy.gov/sites/prod/files/2009SmartGridSystemReport.pdf
[18] “Nist framework and roadmap for smart grid interoperability standards,
level of IoT architecture, such as device level, network release 1.0,” National Institute of Standards and Technology, 2010.
level, and system level. [Online]. Available: http://dx.doi.org/10.6028/NIST.SP. 1108r1
[19] D. of Energy and U. K. Climate Change, “Smart grid vision and
routemap,” Tech. Rep., 2014.
X. C ONCLUSION [20] D. Hart, “Using ami to realize the smart grid,” in Power and Energy
In this paper, we present the recent security advances in Society General Meeting - Conversion and Delivery of Electrical
Energy in the 21st Century, 2008 IEEE, July 2008, pp. 1–2.
Smart Grid. By adopting a data driven approach, we char-
[21] R. Habash, V. Groza, D. Krewski, and G. Paoli, “A risk assessment
acterize the security vulnerabilities and solutions within the framework for the smart grid,” in Electrical Power Energy Conference
entire lifecycle of Smart Grid data, including data generation, (EPEC), 2013 IEEE, Aug 2013, pp. 1–6.
data acquisition, data storage and data processing. Moreover, [22] U. S. NETL, “Advanced metering infrastructure,” Tech. Rep., 2008.
[Online]. Available: http://www.smartgrid.gov/white papers
security analytics for Smart Grid are described and discussed. [23] S. Uludag, s. Zeadally, and B. Mohamad, “Techniques, taxonomy,
Finally, potential research directions for Smart Grid security and challenges of privacy protection in the smart grid,” Computer
are identified. This data-driven security analysis brings new Science, Engineering and Physics, May 2015. [Online]. Available:
http://deepblue.lib.umich.edu/handle/2027.42/111644
and promising perspectives and methodologies to future re- [24] A. Metke and R. Ekl, “Smart grid security technology,” in Innovative
search in Smart Grid. Smart Grid Technologies (ISGT), 2010, Jan 2010, pp. 1–7.
[25] A. Abur and A. Expósito, Power System State Estimation: Theory and
Implementation, 2004.
R EFERENCES
[26] U. Department of Energy, “Smart grid sys-
[1] S. Collier, “The emerging enernet: Convergence of the smart grid with tem report 2014,” Tech. Rep., 2014. [Online].
the internet of things,” in Rural Electric Power Conference (REPC), Available: http://energy.gov/sites/prod/files/2014/08/f18/SmartGrid-
2015 IEEE, April 2015, pp. 65–68. SystemReport2014.pdf
 23

[27] K. Stouffer, J. Falco, K. Scarfone, K. Stouffer, J. Falco, and K. Scar- [54] G. E. Suh and S. Devadas, “Physical unclonable functions for device
fone, “Guide to supervisory control and data acquisition (scada) and authentication and secret key generation,” in In Proceedings of the 44th
industrial control systems security,” in in SPIN, 2006. annual Design Automation Conference, 2007, pp. 9–14.
[28] M. Mynam, A. Harikrishna, and V. Singh, “Synchrophasors redefining [55] A. Becher, Z. Benenson, and M. Dornseif, “Tampering with Motes:
scada systems,” Tech. Rep., 2013. Real-World Physical Attacks on Wireless Sensor Networks,” Proceed-
[29] M. Shahraeini and M. H. Javidi, “Wide area measurement ings of the 3rd International Conference on Security in Pervasive
systems,” in Advanced Topics in Measurements. InTech, Inc, 2012. Computing (SPC), pp. 104–118, 2006.
[Online]. Available: http://www.intechopen.com/books/advanced- [56] e. a. K.E. Martin, “Exploring the ieee standard c37.118?005 syn-
topics-in-measurements/wide-area-measurement-systems chrophasors for power systems,” IEEE Transactions on Power Delivery,
[30] M. Larsson, P. Korba, and M. Zima, “Implementation and applications vol. 23, no. 4, pp. 1805–1811, 2008.
of wide-area monitoring systems,” in Power Engineering Society Gen- [57] R. by Sandia National Laboratories, “Microgrid cyber security refer-
eral Meeting, 2007. IEEE, June 2007, pp. 1–6. ence architecture,” Tech. Rep., July 2013.
[31] V. Terzija, G. Valverde, D. Cai, P. Regulski, V. Madani, J. Fitch, [58] S. N. Laboratories, “Categorizing threat: Building and using a generic
S. Skok, M. Begovic, and A. Phadke, “Wide-area monitoring, pro- threat matrix,” Tech. Rep., September 2007.
tection, and control of future electric power networks,” Proceedings of [59] A. Alnasser and N.-E. Rikli, “Design of a trust security
the IEEE, vol. 99, no. 1, pp. 80–93, Jan 2011. model for smart meters in an urban power grid network,” in
[32] I. F. C. (IFC), “Utility scale solar power plants - a guide for developers Proceedings of the 10th ACM Symposium on QoS and Security
and investors,” Tech. Rep., 2012. for Wireless and Mobile Networks, ser. Q2SWinet ’14. New
[33] M. R. Patel, Wind and Solar Power Systems: Design, Analysis, and York, NY, USA: ACM, 2014, pp. 105–108. [Online]. Available:
Operation, Second Edition. CRC Taylor and Francis, 2006. http://doi.acm.org/10.1145/2642687.2642703
[34] T. report by National Renewable Energy Laboratory (NREL), “In- [60] R. Anderson and S. Fuloria, “Smart meter security: a survey,” Tech.
stallation, operation, and maintenance strategies to reduce the cost of Rep., 2014.
offshore wind energy,” Tech. Rep., 2013. [61] R. Abercrombie, F. Sheldon, H. Aldridge, M. Duren, T. Ricci,
[35] A. Kumar, T. Schei, A. Ahenkorah, R. C. Rodriguez, J.-M. Devernay, E. Bertino, A. Kulatunga, and U. Navaratne, “Secure cryptographic
M. Freitas, D. Hall, . Killingtveit, and Z. Liu, Cambridge University key management system (ckms) considerations for smart grid devices,”
Press, Cambridge, United Kingdom and New York, NY, USA, 2011, ch. in Proceedings of the Seventh Annual Workshop on Cyber Security
Hydropower. and Information Intelligence Research, ser. CSIIRW ’11. New
[36] S. report prepared for the city and county of San Francisco, “Wave York, NY, USA: ACM, 2011, pp. 59:1–59:1. [Online]. Available:
power feasibility study report,” Tech. Rep., December 2009. http://doi.acm.org/10.1145/2179298.2179364
[37] M. Adamiak, W. Premerlani, and B. Kasztenny, “Synchrophasors: [62] H. Nicanfar, P. TalebiFard, S. Hosseininezhad, V. C. Leung, and
Definition, measurement, and application,” Tech. Rep. M. Damm, “Security and privacy of electric vehicles in the smart
[38] R. by North American Electric Reliability Corporation (NERC), “Real- grid context: Problem and solution,” in Proceedings of the Third
time application of synchrophasors for improving reliability,” Tech. ACM International Symposium on Design and Analysis of Intelligent
Rep., October 2010. Vehicular Networks and Applications, ser. DIVANet ’13. New
[39] H. jae Yoo, J.-W. Seo, M.-C. Shin, and H. seok Suh, “Study of York, NY, USA: ACM, 2013, pp. 45–54. [Online]. Available:
data acquisition and communication equipment for micro-grid system,” http://doi.acm.org/10.1145/2512921.2512926
in Consumer Electronics, 2009. ISCE ’09. IEEE 13th International [63] M. Adamiak, D. Baigent, and R. Mackiewicz, “Iec 61850 communica-
Symposium on, May 2009, pp. 671–675. tion networks and systems in substations: An overview for users,” in
[40] R. by Siemens, “Deep dive on microgrid technologies,” Tech. Rep., Proc. of Syst. Protection Seminar, 2004.
March 2015.
[64] P. Yi, A. Iwayemi, and C. Zhou, “Developing zigbee deployment
[41] R. I. Monitoring, A. S. G. Measurement Report, and S. C. trial, “Grid
guideline under wifi interference for smart grid applications,” Smart
applications stream: Fault detection, isolation and restoration,” Tech.
Grid, IEEE Transactions on, vol. 2, no. 1, pp. 110–120, March 2011.
Rep., 2012.
[65] M. Armel, “Zigbee overview, lecture notes, the george washington
[42] S. G. I. G. P. Report by U.S. Department of Energy (DOE), “Reli-
university,” Tech. Rep., 2007.
ability improvements from the application of distribution automation
technologies - initial reults,” Tech. Rep., December 2012. [66] S. C. Ergen, “Zigbee/ieee 802.15.4 summary, technical report, univer-
[43] A. o. E. I. C. A. Whitepaper by Edison Electric Institute (EEI) and sity of california - berkeley,” Tech. Rep., 2004.
U. T. C. (UTC), “Smart meters and smart meter systems: A metering [67] B. Akyol, H. Kirkham, S. Clements, and M. Hadley, “A survey
industry perspective,” Tech. Rep., March 2011. of wireless communications for the electric power system, a report
[44] T. E. F. Report by Institure for Electric Innovation (IEI), “Utility-scale prepared for the u.s. department of energy,” Tech. Rep., 2010.
smart meter deployments: Building block of the evolving power grid,” [68] Y. Liang and R. H. Campbell, “Understanding and simulating the iec
Tech. Rep., September 2014. 61850 standard, a technical report,” Tech. Rep., 2008.
[45] A. report prepared as part of the EIE project: Smart Domestic Appli- [69] T. Kostic, O. Preiss, and C. Frei, “Understanding and using the iec
ances in Sustainable Energy Systems (Smart-A), “Synergy potential of 61850: a case for meta-modelling,” Computer Standards and Interfaces,
smart appliances,” Tech. Rep., 2008. vol. 27, no. 6, pp. 679 – 695, 2005.
[46] R. by Pike Research, “Executive summary: Smart appliances,” Tech. [70] S. Galli, A. Scaglione, and Z. Wang, “Power line communications and
Rep., 2012. the smart grid,” in Smart Grid Communications (SmartGridComm),
[47] M. Svendsen, M. Winther-Jensen, A. Pedersen, P. Andersen, and 2010 First IEEE International Conference on, Oct 2010, pp. 303–308.
T. Sorensen, “Electric vehicle data acquisition system,” in Electric [71] M. Yigit, V. C. Gungor, G. Tuna, M. Rangoussi, and
Vehicle Conference (IEVC), 2014 IEEE International, Dec 2014, pp. E. Fadel, “Power line communication technologies for smart
1–7. grid applications: A review of advances and challenges,” Computer
[48] B. COM(2000) 769 final, European Commission, “Green paper - Networks, vol. 70, pp. 366 – 383, 2014. [Online]. Available:
towards a european strategy for the security of energy supply,” Tech. http://www.sciencedirect.com/science/article/pii/S1389128614002369
Rep., 2000. [72] R. by The U.S. Department of Energy, “Communication requirements
[49] I. P. by International Energy Agency (IEA), “Contribution of renew- of smart grid technologies,” Tech. Rep., 2010.
ables to energy security,” Tech. Rep., 2007. [73] Y.-J. Kim, V. Kolesnikov, H. Kim, and M. Thottan, “Sstp: A scalable
[50] R. by National Association of State Energy Officials, “Smart grid and and secure transport protocol for smart grid data collection,” in Smart
cyber security for energy assurance,” Tech. Rep., 2011. Grid Communications (SmartGridComm), 2011 IEEE International
[51] B. Johansson, “Security aspects of future renewable energy systemsa Conference on, Oct 2011, pp. 161–166.
short overview,” Elsevier Energy Journal, vol. 61, pp. 598 – 605, 2013. [74] G. Dan, K.-S. Lui, R. Tabassum, Q. Zhu, and K. Nahrstedt, “Selinda:
[52] J. B., “A broadened typology on energy and security,” Elsevier Energy A secure, scalable and light-weight data collection protocol for smart
Journal, vol. 53, 2013. grids,” in Smart Grid Communications (SmartGridComm), 2013 IEEE
[53] A. Kanuparthi, R. Karri, and S. Addepalli, “Hardware and embedded International Conference on, Oct 2013, pp. 480–485.
security in the context of internet of things,” in Proceedings of the [75] S. Uludag, K.-S. Lui, W. Ren, and K. Nahrstedt, “Practical and
2013 ACM Workshop on Security, Privacy: Dependability for Cyber secure machine-to-machine data collection protocol in smart grid,” in
Vehicles, ser. CyCAR ’13. New York, NY, USA: ACM, 2013, pp. 61– Communications and Network Security (CNS), 2014 IEEE Conference
64. [Online]. Available: http://doi.acm.org/10.1145/2517968.2517976 on, Oct 2014, pp. 85–90.
 24

[76] ——, “Secure and scalable data collection with time minimization in networks,” in Power and Energy Society General Meeting - Conversion
the smart grid,” Smart Grid, IEEE Transactions on, vol. PP, no. 99, and Delivery of Electrical Energy in the 21st Century, 2008 IEEE, July
pp. 1–1, 2015. 2008, pp. 1–7.
[77] H. Jin, S. Uludag, K.-S. Lui, and K. Nahrstedt, “Secure data collection [99] M. Fouda, Z. Fadlullah, N. Kato, R. Lu, and X. Shen, “A lightweight
in constrained tree-based smart grid environments,” in Smart Grid Com- message authentication scheme for smart grid communications,” Smart
munications (SmartGridComm), 2014 IEEE International Conference Grid, IEEE Transactions on, vol. 2, no. 4, pp. 675–685, Dec 2011.
on, Nov 2014, pp. 308–313. [100] Q. Li and G. Cao, “Multicast authentication in the smart grid with
[78] G. Li and Y. Wang, “A compressive sensing based secure data transmis- one-time signature,” Smart Grid, IEEE Transactions on, vol. 2, no. 4,
sion scheme,” in Green Computing and Communications (GreenCom), pp. 686–696, Dec 2011.
2013 IEEE and Internet of Things (iThings/CPSCom), IEEE Interna- [101] A. Anwar and A. Mahmood, “Cyber security of smart grid infrastruc-
tional Conference on and IEEE Cyber, Physical and Social Computing, ture,” in The State of the Art in Intrusion Prevention and Detection.
Aug 2013, pp. 1272–1275. CRC Press, Taylor & Francis Group, USA, 2014, pp. 449–472.
[79] J.-F. M. Jess Rodrguez-Molina 1, Margarita Martnez-Nez and W. Prez- [102] D. Dolezilek and L. Hussey, “Requirements or recommendations?
Aguia., “Business models in the smart grid: Challenges, opportunities sorting out nerc cip, nist, and doe cybersecurity,” in 64th Annual
and proposals for prosumer profitability,” in Energies, Sep 2014. Conference of Protective Relay Engineers, 2011.
[80] R. Herold and C. Hertzog, Data Privacy for the Smart Grid. Auerbach [103] J. Valenzuela, J. Wang, and N. Bissinger, “Real-time intrusion detection
Publications, Jan. 2015. in power system operations,” Power Systems, IEEE Transactions on,
[81] “Data privacy and the smart grid: A voluntary code of conduct (vcc),” vol. 28, no. 2, pp. 1052–1062, May 2013.
Department of Energy, United States, Jan 2015. [104] F. Rahimi and A. Ipakchi, “Demand response as a market resource
[82] N. Yukun, T. Xiaobin, C. Shi, W. haifeng, Y. Kai, and B. Zhiyong, “A under the smart grid paradigm,” Smart Grid, IEEE Transactions on,
security privacy protection scheme for data collection of smart meters vol. 1, no. 1, pp. 82–88, June 2010.
based on homomorphic encryption,” in EUROCON, 2013 IEEE, July [105] “Openadr 2.0 profile specification,” OpenADR Alliance, 2013. [Online].
2013, pp. 1401–1405. Available: http://www.openadr.org/specification-download
[83] Z. Erkin, J. Troncoso-Pastoriza, R. Lagendijk, and F. Perez-Gonzalez, [106] A. Paverd, A. Martin, and I. Brown, “Security and privacy in
“Privacy-preserving data aggregation in smart metering systems: an smart grid demand response systems,” in Smart Grid Security,
overview,” Signal Processing Magazine, IEEE, vol. 30, no. 2, pp. 75– ser. Lecture Notes in Computer Science, J. Cuellar, Ed. Springer
86, March 2013. International Publishing, 2014, vol. 8448, pp. 1–15. [Online].
[84] C. Rottondi, M. Savi, D. Polenghi, G. Verticale, and C. Krauss, “A Available: http://dx.doi.org/10.1007/978-3-319-10329-7 1
decisional attack to privacy-friendly data aggregation in smart grids,” in [107] A. Mohan and D. Mashima, “Towards secure demand-response systems
Global Communications Conference (GLOBECOM), 2013 IEEE, Dec on the cloud,” in Distributed Computing in Sensor Systems (DCOSS),
2013, pp. 2616–2621. 2014 IEEE International Conference on, May 2014, pp. 361–366.
[85] ——, “A decisional attack to privacy-friendly data aggregation in smart [108] S. Kiliccote, M. Piette, and J. Dudley, “Open automated
grids,” in Global Communications Conference (GLOBECOM), 2013 demand response for small commercial buildings,” Ernest Orlando
IEEE, Dec 2013, pp. 2616–2621. Lawrence Berkeley National Laboratory, 2009. [Online]. Available:
[86] R. Lu, X. Liang, X. Li, X. Lin, and X. Shen, “Eppa: An efficient and http://drrc.lbl.gov/sites/all/files/lbnl-2195e.pdf
privacy-preserving aggregation scheme for secure smart grid commu- [109] X. Liang, X. Li, R. Lu, X. Lin, and X. Shen, “Udp: Usage-based
nications,” Parallel and Distributed Systems, IEEE Transactions on, dynamic pricing with privacy preservation for smart grid,” Smart Grid,
vol. 23, no. 9, pp. 1621–1631, Sept 2012. IEEE Transactions on, vol. 4, no. 1, pp. 141–150, March 2013.
[87] L. Yang, H. Xue, and F. Li, “Privacy-preserving data sharing in smart [110] H. Li, X. Lin, H. Yang, X. Liang, R. Lu, and X. Shen, “Eppdr: An
grid systems,” in Smart Grid Communications (SmartGridComm), 2014 efficient privacy-preserving demand response scheme with adaptive
IEEE International Conference on, Nov 2014, pp. 878–883. key evolution in smart grid,” Parallel and Distributed Systems, IEEE
[88] A. Chakravorty, T. Wlodarczyk, and C. Rong, “Privacy preserving data Transactions on, vol. 25, no. 8, pp. 2053–2064, Aug 2014.
analytics for smart homes,” in Security and Privacy Workshops (SPW), [111] M. Zhu, “Distributed demand response algorithms against semi-honest
2013 IEEE, May 2013, pp. 23–27. adversaries,” in PES General Meeting — Conference Exposition, 2014
[89] “Database systems for the smart grid,” in Smart Grids, ser. Green IEEE, July 2014, pp. 1–5.
Energy and Technology, A. B. M. S. Ali, Ed., 2013. [112] S. Maharjan, Q. Zhu, Y. Zhang, S. Gjessing, and T. Basar, “Dependable
[90] A. Bere, B. Genge, and I. Kiss, “A brief survey on demand response management in the smart grid: A stackelberg game
smart grid data analysis in the cloud,” Procedia Technology, approach,” Smart Grid, IEEE Transactions on, vol. 4, no. 1, pp. 120–
vol. 19, no. 0, pp. 858 – 865, 2015, 8th International 132, March 2013.
Conference Interdisciplinarity in Engineering, INTER-ENG 2014, [113] H. H. Nguyen, R. Tan, and D. K. Y. Yau, “Safety-assured
9-10 October 2014, Tirgu Mures, Romania. [Online]. Available: collaborative load management in smart grids,” in ICCPS ’14:
http://www.sciencedirect.com/science/article/pii/S2212017315001243 ACM/IEEE 5th International Conference on Cyber-Physical Systems
[91] M. Arenas-Martinez, S. Herrero-Lopez, A. Sanchez, J. Williams, (with CPS Week 2014), ser. ICCPS ’14. Washington, DC, USA:
P. Roth, P. Hofmann, and A. Zeier, “A comparative study of data IEEE Computer Society, 2014, pp. 151–162. [Online]. Available:
storage and processing architectures for the smart grid,” in Smart Grid http://dx.doi.org/10.1109/ICCPS.2014.6843719
Communications (SmartGridComm), 2010 First IEEE International [114] Y. Liu, P. Ning, and M. K. Reiter, “False data injection attacks against
Conference on, Oct 2010, pp. 285–290. state estimation in electric power grids,” in Proceedings of the 16th
[92] “White paper: Storage infrastructure for smart grid data management,” ACM Conference on Computer and Communications Security, 2009.
IBM Systems and Technology: Energy and Utilities, 2012. [115] O. Kosut, L. Jia, R. Thomas, and L. Tong, “Malicious data attacks
[93] C.-T. Huang, L. Huang, Z. Qin, H. Yuan, L. Zhou, V. Varadharajan, on smart grid state estimation: Attack strategies and countermeasures,”
and C. Kuo, “Survey on securing data storage in the cloud,” APSIPA in Smart Grid Communications (SmartGridComm), 2010 First IEEE
Transactions on Signal and Information Processing, vol. 3, 2014. International Conference on, 2010, pp. 220–225.
[94] Y. Simmhan, A. Kumbhare, B. Cao, and V. Prasanna, “An analysis [116] S. Cui, Z. Han, S. Kar, T. Kim, H. Poor, and A. Tajer, “Coordinated
of security and privacy issues in smart grid software architectures data-injection attack and detection in the smart grid: A detailed look
on clouds,” in Cloud Computing (CLOUD), 2011 IEEE International at enriching detection solutions,” Signal Processing Magazine, IEEE,
Conference on, July 2011, pp. 582–589. vol. 29, no. 5, pp. 106–115, 2012.
[95] “Guidelines for smart grid cyber security: Privacy and the smart [117] A. Giani, E. Bitar, M. Garcia, M. McQueen, P. Khargonekar, and
grid,” NIST Smart Grid Interoperability Panel, Cyber Security Working K. Poolla, “Smart grid data integrity attacks,” Smart Grid, IEEE
Group, 2010. Transactions on, vol. 4, no. 3, pp. 1244–1253, 2013.
[96] A. Metke and R. Ekl, “Security technology for smart grid networks,” [118] Y. Huang, M. Esmalifalak, H. Nguyen, R. Zheng, Z. Han, H. Li,
Smart Grid, IEEE Transactions on, vol. 1, no. 1, pp. 99–107, June and L. Song, “Bad data injection in smart grid: attack and defense
2010. mechanisms,” Communications Magazine, IEEE, vol. 51, no. 1, pp.
[97] X. Li, X. Liang, R. Lu, X. Shen, X. Lin, and H. Zhu, “Securing smart 27–33, 2013.
grid: cyber attacks, countermeasures, and challenges,” Communications [119] F. Pasqualetti, R. Carli, and F. Bullo, “A distributed method for state
Magazine, IEEE, vol. 50, no. 8, pp. 38–45, August 2012. estimation and false data detection in power networks,” in Smart
[98] H. Cheung, A. Hamlyn, T. Mander, C. Yang, and R. Cheung, “Role- Grid Communications (SmartGridComm), 2011 IEEE International
based model security access control for smart power-grids computer Conference on, Oct 2011, pp. 469–474.
 25

[120] L. Xie, D.-H. Choi, S. Kar, and H. Poor, “Fully distributed state estima- (CHINACOM), 2014 9th International Conference on, Aug 2014, pp.
tion for wide-area monitoring systems,” Smart Grid, IEEE Transactions 96–101.
on, vol. 3, no. 3, pp. 1154–1169, Sept 2012. [142] S. McLaughlin, B. Holbert, A. Fawaz, R. Berthier, and S. Zonouz, “A
[121] V. Kekatos and G. Giannakis, “Distributed robust power system state multi-sensor energy theft detection framework for advanced metering
estimation,” Power Systems, IEEE Transactions on, vol. 28, no. 2, pp. infrastructures,” Selected Areas in Communications, IEEE Journal on,
1617–1626, May 2013. vol. 31, no. 7, pp. 1319–1330, July 2013.
[122] X. Li and A. Scaglione, “Robust decentralized state estimation and [143] S. Sahoo, D. Nikovski, T. Muso, and K. Tsuru, “Electricity theft
tracking for power systems via network gossiping,” Selected Areas in detection using smart meter data,” in 2015 IEEE PES Innovative Smart
Communications, IEEE Journal on, vol. 31, no. 7, pp. 1184–1194, July Grid Technologies Conference (ISGT), Aug 2015.
2013. [144] P. Jokar, N. Arianpoo, and V. Leung, “Electricity theft detection in ami
[123] D. Wang, X. Guan, T. Liu, Y. Gu, C. Shen, and Z. Xu, “Extended using customers consumption patterns,” Smart Grid, IEEE Transactions
distributed state estimation: A detection method against tolerable false on, vol. PP, no. 99, pp. 1–1, 2015.
data injection attacks in smart grids,” Energies, vol. 7, no. 3, p. 1517, [145] S. Salinas, M. Li, and P. Li, “Privacy-preserving energy theft detection
2014. [Online]. Available: http://www.mdpi.com/1996-1073/7/3/1517 in smart grids: A p2p computing approach,” Selected Areas in Com-
[124] H. Sedghi and E. Jonckheere, “Statistical structure learning to ensure munications, IEEE Journal on, vol. 31, no. 9, pp. 257–267, September
data integrity in smart grid,” Smart Grid, IEEE Transactions on, vol. 6, 2013.
no. 4, pp. 1924–1933, July 2015. [146] S. Salinas and P. Li, “Privacy-preserving energy theft detection in
[125] M. Ozay, I. Esnaola, F. Vural, S. Kulkarni, and H. Poor, “Sparse attack microgrids: A state estimation approach,” Power Systems, IEEE Trans-
construction and state estimation in the smart grid: Centralized and actions on, vol. PP, no. 99, pp. 1–12, 2015.
distributed models,” Selected Areas in Communications, IEEE Journal [147] T. Mahmood and U. Afzal, “Security analytics: Big data analytics for
on, vol. 31, no. 7, pp. 1306–1318, July 2013. cybersecurity: A review of trends, techniques and tools,” in Information
[126] O. Vukovic and G. Dan, “Security of fully distributed power system Assurance (NCIA), 2013 2nd National Conference on, Dec 2013, pp.
state estimation: Detection and mitigation of data integrity attacks,” 129–134.
Selected Areas in Communications, IEEE Journal on, vol. 32, no. 7, [148] S. Curry, E. Kirda, E. Schwartz, W. Stewart, and A. Yoran, “Big data
pp. 1500–1508, July 2014. fuels intelligence-driven security,” RSA Security Brief, 2013. [Online].
[127] S. Tan, W.-Z. Song, M. Stewart, and L. Long, “Lpattack: Leverage Available: http://www.emc.com/collateral/industry-overview/big-data-
point attacks against state estimation in smart grid,” in Global Com- fuels-intelligence-driven-security-io.pdf
munications Conference (GLOBECOM), 2014 IEEE, Dec 2014, pp. [149] B. Thuraisingham, L. Khan, M. Masud, and K. Hamlen, “Data mining
643–648. for security applications,” in Embedded and Ubiquitous Computing,
[128] M. Gol and A. Abur, “Lav based robust state estimation for systems 2008. EUC ’08. IEEE/IFIP International Conference on, vol. 2, Dec
measured by pmus,” Smart Grid, IEEE Transactions on, vol. 5, no. 4, 2008, pp. 585–589.
pp. 1808–1814, July 2014.
[150] S. Porta, “Data analytics for a secure smart grid,” EMC Research Group
[129] Y. Weng, R. Negi, and M. Ilic, “Historical data-driven state estimation
Ireland COE, Feb 2015.
for electric power systems,” in Smart Grid Communications (Smart-
[151] S. Witt and A. Kapchonava, “Big data fuels intelligence-driven
GridComm), 2013 IEEE International Conference on, Oct 2013, pp.
security,” In-depth briefing in Smart Grid Update, 2014. [Online].
97–102.
Available: http://www.smartgridupdate.com/dataforutilities/pdf/data-
[130] J. Zhang, G. Welch, N. Ramakrishnan, and S. Rahman, “Kalman
2014.pdf
filters for dynamic and secure smart grid state estimation,”
[152] R. Klump, R. Wilson, and K. Martin, “Visualizing real-time security
Intelligent Industrial Systems, pp. 1–8, 2015. [Online]. Available:
threats using hybrid scada / pmu measurement displays,” in System
http://dx.doi.org/10.1007/s40903-015-0009-6
Sciences, 2005. HICSS ’05. Proceedings of the 38th Annual Hawaii
[131] “Robust data-driven state estimation for smart grid,” In submission
International Conference on, Jan 2005, pp. 55c–55c.
to IEEE transaction on Neural Networks and Learning. [Online].
Available: https://www.ml.cmu.edu/research/dap-papers/dap weng.pdf [153] A. A. Cardenas, “Big data analytics and security intelligence in
[132] P. Chavali and A. Nehorai, “Distributed power system state estimation smart grid applications,” IEEE conference on Innovative Smart Grid
using factor graphs,” Signal Processing, IEEE Transactions on, vol. 63, Technology, Feb 2013.
no. 11, pp. 2864–2876, June 2015. [154] R. Alguliyev and Y. Imamverdiyev, “Big data: Big promises for in-
[133] Y. Mo and B. Sinopoli, “Secure estimation in the presence of integrity formation security,” in Application of Information and Communication
attacks,” Automatic Control, IEEE Transactions on, vol. 60, no. 4, pp. Technologies (AICT), 2014 IEEE 8th International Conference on, Oct
1145–1151, April 2015. 2014, pp. 1–4.
[134] B. Krebs, “Fbi: Smart meter hacks likely to spread,” Tech. Rep., [155] T. Popovic, M. Kezunovic, and B. Krstajic, “Smart grid data analytics
2012. [Online]. Available: http://krebsonsecurity.com/2012/04/fbi- for digital protective relay event recordings,” Information Systems
smart-meter-hacks-likely-to-spread/ Frontiers, vol. 17, no. 3, pp. 591–600, 2015. [Online]. Available:
[135] W. Bank, “Reducing technical and non-technical losses in http://dx.doi.org/10.1007/s10796-013-9434-9
the power sector,” Tech. Rep., 2009. [Online]. Available: [156] I. Moreno-Garcia, A. Moreno-Munoz, F. Domingo-Perez, V. Pallares-
http://documents.worldbank.org/curated/en/2009/01/20382190/reducing- Lopez, R. Real-Calvo, and J. Gonzalez-de-la Rosa, “Intelligent elec-
technical-non-technical-losses-power-sector tronic device for smart grid: Statistical approach applied to event de-
[136] P. McDaniel and S. McLaughlin, “Security and privacy challenges in tection,” in IECON 2012 - 38th Annual Conference on IEEE Industrial
the smart grid,” Security Privacy, IEEE, vol. 7, no. 3, pp. 75–77, May Electronics Society, Oct 2012, pp. 5221–5226.
2009. [157] H. Sedghi and E. Jonckheere, “Statistical structure learning of smart
[137] E. de Buda, “System for accurately detecting electricity grid for detection of false data injection,” in Power and Energy Society
theft,” 2010, uS Patent App. 12/351,978. [Online]. Available: General Meeting (PES), 2013 IEEE, July 2013, pp. 1–5.
http://www.google.com/patents/US20100007336 [158] M. Q. Ali and E. Al-Shaer, “Configuration-based ids for advanced
[138] R. Jiang, R. Lu, Y. Wang, J. Luo, C. Shen, and X. Shen, “Energy-theft metering infrastructure,” in Proceedings of the 2013 ACM SIGSAC
detection issues for advanced metering infrastructure in smart grid,” Conference on Computer & Communications Security, ser. CCS
Tsinghua Science and Technology, vol. 19, no. 2, pp. 105–120, April ’13. New York, NY, USA: ACM, 2013, pp. 451–462. [Online].
2014. Available: http://doi.acm.org/10.1145/2508859.2516745
[139] A. Cardenas, S. Amin, G. Schwartz, R. Dong, and S. Sastry, “A game [159] W. Hurst, M. Merabti, and P. Fergus, “Big data analysis techniques
theory model for electricity theft detection and privacy-aware control in for cyber-threat detection in critical infrastructures,” in Advanced
ami systems,” in Communication, Control, and Computing (Allerton), Information Networking and Applications Workshops (WAINA), 2014
2012 50th Annual Allerton Conference on, Oct 2012, pp. 1830–1837. 28th International Conference on, May 2014, pp. 916–921.
[140] D. Mashima and A. Crdenas, “Evaluating electricity theft detectors in [160] S. Pan, T. Morris, and U. Adhikari, “Developing a hybrid intrusion
smart grid networks,” in Research in Attacks, Intrusions, and Defenses, detection system using data mining for power systems,” Smart Grid,
ser. Lecture Notes in Computer Science, D. Balzarotti, S. Stolfo, and IEEE Transactions on, vol. PP, no. 99, pp. 1–1, 2015.
M. Cova, Eds. Springer Berlin Heidelberg, 2012, vol. 7462, pp. 210– [161] M. Faisal, Z. Aung, J. Williams, and A. Sanchez, “Data-stream-based
229. intrusion detection system for advanced metering infrastructure in smart
[141] S. Salinas, C. Luo, W. Liao, and P. Li, “State estimation for energy theft grid: A feasibility study,” Systems Journal, IEEE, vol. 9, no. 1, pp. 31–
detection in microgrids,” in Communications and Networking in China 44, March 2015.
 26

[162] M. Kazerooni, H. Zhu, and T. Overbye, “Literature review on the Debraj De is a postdoctoral research associate in Department of Computer
applications of data mining in power systems,” in Power and Energy Science, Missouri University of Science and Technology. His current research
Conference at Illinois (PECI), 2014, Feb 2014, pp. 1–8. interests are in the areas of cyber security, smart healthcare, smart environ-
[163] R. W. Griffin, “Security analytics and smart grid security,” EMC ments, smart cities, machine learning, and wireless sensor networks. De has a
Corporation, Feb 2014. PhD in Computer Science from Georgia State University and MS from Ohio
[164] M. Steiger, T. May, J. Davey, and J. Kohlhammer, “Smart grid moni- State University.
toring through visual analysis,” in Innovative Smart Grid Technologies
Europe (ISGT EUROPE), 2013 4th IEEE/PES, Oct 2013, pp. 1–5.
[165] P. Chopade, K. Flurchick, M. Bikdash, and I. Kateeb, “Modeling and
visualization of smart power grid: Real time contingency and security
aspects,” in Southeastcon, 2012 Proceedings of IEEE, March 2012, pp.
1–6.
[166] M. Angelini, D. D. Santis, and G. Santucci, “Toward geographical
visualizations for hierarchical security data,” in Visualization for Cyber
Security (VizSec), 2014 IEEE Symposium on, Nov 2014.
[167] D. Gurugubelli, C. Foreman, and D. Ebert, “Achieving a cyber-secure
smart grid through situation aware visual analytics,” The Center for
Education and Research in Information Assurance and Security, 2015.
[168] J. Yan, Y. Yang, W. Wang, H. He, and Y. Sun, “An integrated
visualization approach for smart grid attacks,” in Intelligent Control and
Information Processing (ICICIP), 2012 Third International Conference
Wen-Zhan Song is now a professor in Department of Computer Science,
on, July 2012, pp. 277–283.
Georgia State University. His research mainly focuses on sensor web, smart
[169] W. J. Matuszak, L. DiPippo, and Y. L. Sun, “Cybersave: Situational
grid and smart environment where sensing, computing, communication and
awareness visualization for cyber security of smart grid systems,” in
control play a critical role and need a transformative study. His research has
Proceedings of the Tenth Workshop on Visualization for Cyber Security,
received 6 million+ research funding from NSF, NASA, USGS, Boeing and
ser. VizSec ’13. New York, NY, USA: ACM, 2013, pp. 25–32.
etc since 2005. He is an IEEE Senior Member.
[Online]. Available: http://doi.acm.org/10.1145/2517957.2517961
[170] “Nist framework and roadmap for smart grid interoperability standards,
release 3.0,” National Institute of Standards and Technology, Sep
2014. [Online]. Available: http://dx.doi.org/10.6028/NIST.SP. 1108r3
[171] “Smart grid cyber security potential threats, vulnerabili-
ties and risks,” Public Interest Energy Research (PIER)
Program INTERIM PROJECT REPORT, 2012. [Online].
Available: http://www.energy.ca.gov/2012publications/CEC-500-2012-
047/CEC-500-2012-047.pdf
[172] A.-F. Chan and J. Zhou, “Cyber-physical device authentication for the
smart grid electric vehicle ecosystem,” Selected Areas in Communica-
tions, IEEE Journal on, vol. 32, no. 7, pp. 1509–1517, July 2014.
[173] S. Abedi, A. Arvani, and R. Jamalzadeh, “Cyber security of plug-
in electric vehicles in smart grids: Application of intrusion detection
methods,” in Plug In Electric Vehicles in Smart Grids, ser. Power
Systems. Springer Singapore, 2015, pp. 129–147. Jujie Yang is currently an associate professor in Department of Electric and
[174] “European network for cyber security (encs) announces research Information Engineering, Shanghai University of Electric Power, China. His
project around electric vehicle (ev) smart charging with enexis and research areas are intelligent demand response in Smart Grid, remote and
elaadnl.” [Online]. Available: https://www.encs.eu/news/european- online monitoring of power substations, and wireless sensor networks. He
network-cyber-security-encs-announces-research-project-around- has a PhD from Shanghai jiao Tong University, China.
electric-vehicle-ev-smart-charging-enexis-and-elaadnl
[175] “Gridwise transactive energy framework version 1.0,” The
GridWise Architecture Council, 2015. [Online]. Available:
http://www.gridwiseac.org/pdfs/te framework report pnnl-22946.pdf
[176] “Pacific northwest smart grid demonstration project.” [Online].
Available: http://www.pnwsmartgrid.org/transactive.asp
[177] “The integrative security assessment of smart grid cyber infrastructure
at the advanced digital sciences center (adsc).” [Online]. Available:
http://publish.illinois.edu/integrative-security-assessment
[178] H. Lim, J. Ko, S. Lee, J. Kim, M. Kim, and T. Shon, “Security
architecture model for smart grid communication systems,” in IT
Convergence and Security (ICITCS), 2013 International Conference
on, Dec 2013, pp. 1–4.
[179] Y. Zhang, W. Zou, X. Chen, C. Yang, and J. Cao, “The security for
power internet of things: Framework, policies, and countermeasures,”
Sajal K. Das is the Chair of Computer Science and Daniel St. Clair Endowed
in Cyber-Enabled Distributed Computing and Knowledge Discovery
Chair at the Missouri University of Science and Technology. His current
(CyberC), 2014 International Conference on, Oct 2014, pp. 139–142.
research interests include wireless sensor networks, smart healthcare, cyber-
[180] M. Leo, F. Battisti, M. Carli, and A. Neri, “A federated architecture
physical systems, mobile and pervasive computing, security and privacy, and
approach for internet of things security,” in Euro Med Telco Conference
social networks. Das has a PhD in Computer Science from the University of
(EMTC), 2014, Nov 2014, pp. 1–5.
Central Florida. He is an IEEE Fellow.

Song Tan is currently a PhD student in Department of Computer Science,

Georgia State University. His current research is focused on the cyber-physical
security in Smart Grid system, which includes bad data detection, electrical
market security and design of cyber-physical security testbed for Smart Grid.
He has a MS from Georgia State University, and a BS from Northeast Normal
University, China,