H. ZHANG ET AL.

: CYBER-PHYSICAL ATTACK AND DEFENSE 1

Smart Grid Cyber-Physical Attack and Defense: A

Review
HANG ZHANG1 , Student Member, IEEE, BO LIU1 , Student Member, IEEE, HONGYU WU1 ,SENIOR
MEMBER, IEEE

Abstract—ecent advances in the cyber-physical smart grid of CPSs. The interconnection of bulk physical layer compo-
(CPSG) have enabled a broad range of new devices based on nents is challenging the protection against inherent physical
the information and communication technology (ICT). However, vulnerabilities therein. On the other hand, cyber-integration,
these ICT-enabled devices are susceptible to a growing threat of
cyber-physical attacks. This paper performs a thorough review which relies on network communication and the internet of
of the state-of-the-art cyber-physical security of the smart grid. things (IoT) based devices, requires extraordinary investments
By focusing on the physical layer of the CPSG, this paper in security designs and upgrades against unanticipated threats
provides an abstracted and unified state-space model, in which from cyberspace [2]. A cyber-physical attack is defined as a
cyber-physical attack and defense models can be effectively security breach in cyberspace that adversely affects the phys-
generalized. The existing cyber-physical attacks are categorized
in terms of their target components. We then discuss several ical space of a CPS. [3]. Cyber-physical attacks compromise
operational and informational defense approaches that present the confidentiality, integrity, and availability of information
the current state-of-the-art in the field, including moving target by coupling cyber and physical spaces in a CPS. In the past
defense, watermarking, and data-driven approaches. Finally, we decades, several noteworthy cyber-physical attacks have been
discuss challenges and future opportunities associated with the reported in the industry, facilitating synergistic efforts from
smart grid cyber-physical security.ecent advances in the cyber-
physical smart grid (CPSG) have enabled a broad range of new industry practitioners and research communities towards a
devices based on the information and communication technology new CPS security era [4]. The first proclaimed cyber-physical
(ICT). However, these ICT-enabled devices are susceptible to a attack dated back to 1982 in the Siberian wilderness, where
growing threat of cyber-physical attacks. This paper performs a attackers manipulated the pipeline control software, which led
thorough review of the state-of-the-art cyber-physical security of the valves’ control to misbehave, resulting in severe crossing
the smart grid. By focusing on the physical layer of the CPSG, this
paper provides an abstracted and unified state-space model, in of pressure limits and eventually a massive explosion [5].
which cyber-physical attack and defense models can be effectively In 2003, the Slammer worm invaded the control system of
generalized. The existing cyber-physical attacks are categorized the David-Besse nuclear plant in Ohio through a contractor’s
in terms of their target components. We then discuss several network, which disabled the supervisory system for 5 hours
operational and informational defense approaches that present [6]. In June 2010, a cyber worm dubbed Stuxnet struck the
the current state-of-the-art in the field, including moving target
defense, watermarking, and data-driven approaches. Finally, we Iranian nuclear fuel enrichment plant by utilizing four zero-
discuss challenges and future opportunities associated with the day vulnerabilities and digitally signed certificates to bypass
smart grid cyber-physical security.R intrusion detection. The targets were the programmable logic
Index Terms—Cyber-physical power system, cyber-physical controllers in the supervisory control and data acquisition
security, false data injection, dynamic watermarking, moving (SCADA) system [7]. The Stuxnet maliciously alternated the
target defense. frequency of electrical current powering the centrifuges and
then switched them between high and low speeds at intervals
I. I NTRODUCTION for which the machines were not designed [8]. In December
2015, a coordinated cyberattack compromised three Ukrainian
YBER-PHYSICAL systems (CPSs) are smart systems
C that include engineered interacting networks of physi-
cal and computational components [1]. The comprehensively
electric power distribution companies. Thirty substations suf-
fered blackout for about three hours, resulting in wide-area
power outages affecting approximately 225,000 customers.
interconnected and integrated systems contribute new func- BlackEnergy3 malware was used to steal the authorized users’
tionalities to enable technological development in critical in- virtual private network credentials, and a telephonic denial-
frastructures, such as electric power systems, water networks, of-service (DoS) attack was executed to frustrate reports of
transportation, home automation, and health care. A CPS en- outages [9].
compasses complex systems of control, awareness, computing, The smart grid landscape, arguably one of the most com-
and communication. The complexity and heterogeneity have plex CPSs in history, is undergoing a radical transformation.
indicated the potential challenges to the security and resilience Particularly, increased renewable energy resources, demand
1 The Mike Wiegers Department of Electrical and Computer Engineering, diversification, and integration of information and commu-
Kansas State University, Manhattan, KS 66506 USA nication technologies (ICTs) [10]. The cyber-physical smart
This material is based upon work supported in part by the U.S. National grid (CPSG) that has organized a universal cyberinfrastructure
Science Foundation under Grant No. 1929147, and in part by the U.S.
Department of Energy under Award No. DE-EE0008767. interwoven with the bulk physical systems is susceptible to
Corresponding author: Hongyu Wu (e-mail: [email protected]). cyber-physical attacks. A wide variety of motivations exist
Digital Object Identifier: 10.1109/ACCESS.2021.3058628

2169-3536 c 2021 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.
See http://www.ieee.org/publications standards/publications/rights/index.html for more information.
H. ZHANG ET AL.: CYBER-PHYSICAL ATTACK AND DEFENSE 2

Fig. 1: Illustration of cyber-physical attacks on smart grid. This paper focuses on reviewing attacks that target either the EMS
within the control center or physical devices in the field. Defense mechanisms against those attacks are also discussed.

for launching such an attack in the smart grid, ranging this paper surveys the most recent publications, including 78 in
from economic reasons, to terrorism, to a grudge (a dis- the last five years (i.e., 2016-2020) 49 of which were published
gruntled employee [11]). A large body of recent work has in the past three years (i.e., 2018-2020). A thorough review
been dedicated to addressing the cyber-physical security of of the cutting-edge defense approaches such as data-driven
smart grids, with many warnings becomes prominent [12]– machine learning, moving target defense, and watermarking
[15] and new vulnerabilities are continuously unveiled [16]. is provided. Finally, the challenges and opportunities of future
Regarding cyber and physical security, neither of them alone CPSGs are discussed, which may shed light on cyber-physical
can provide broad solutions without incorporating the other. security issues that the next-generation smart grid needs to
In this regard, the investigations of the cyber-physical attacks tackle.
and the developments of effective defense strategies are still The remainder of this paper is organized as follows. The
incomprehensive. Thereby, it has become paramount to keep unified cyber-physical security model of the smart grid is
up with the latest progress along the research frontier of smart proposed in Section II. The current state-of-the-art in attack
grid security, especially from a joint perspective of cyber and models and defense mechanisms are surveyed in Sections III
physical security. and IV, respectively. The challenges and opportunities with
This paper tries to bridge this gap by providing a compre- respect to the cyber-physical security of the smart grid are
hensive review of cyber-physical threat models and defense discussed in Section V. The concluding remarks are drawn in
mechanisms. Over the last five years, several survey and Section VI.
review papers on the cyber-physical security of the smart grid
have been published. Table I lists a comparison between this II. S MART G RID C YBER -P HYSICAL S ECURITY
paper and other works in terms of the publication year, smart
grid models, attack taxonomy, technological focus, challenges A. State-space representation of power grid control model
and opportunities, and the review scope. A CPSG is a monolithic system with electricity genera-
The contributions of this paper, as illustrated in Table 1, tion, transmission, and distribution sectors [27]. The physical
are four-fold. First, a discrete-time nonlinear time-invariant systems are interconnected through transmission lines and
system is proposed to represent a CPSG by using the state- substations deployed in the field. The integration and coordina-
space representation. Such a high-level abstraction is a useful tion of heterogeneous components require reliable capabilities
strategy to form the foundation and generalize a defense on information, computation, and communication. These re-
analysis across all attack types. Second, the state-of-the- quirements rely on a ubiquitous cyberinfrastructure interwoven
art cyber-physical attack models are summarized based on with the physical systems. Measurements and commands are
the proposed abstraction and categorized according to the constantly generated and transmitted through communication
control-feedback loop segment each attack involves. This new channels. A CPSG consists of physical devices, actuators,
taxonomy provides the grid operator with intuitive situational sensors, communication channels, and a centralized control
awareness on how to enhance the system’s cyber-physical center equipped with a state estimator, a bad data detector,
security. Third, cyber-physical security of the smart grid is and an energy management system (EMS), as shown in Fig.
an extremely hot research topic, and a lot of good works have 1.
been published every year. Therefore, it is a much needed We describe the CPSG as a discrete-time nonlinear time-
effort to keep up with the progress and furnish a concise invariant system by using a state-space representation as
summary and a clear categorization for readers to understand follows:
the current state-of-the-art. In order to provide a timely review, xt+1 = A(xt ) + B (ut ) + wt (1)
H. ZHANG ET AL.: CYBER-PHYSICAL ATTACK AND DEFENSE 3

TABLE I: A Comparison of Related Literature

Challenge
Scope (attack
Ref.-Yr CPSG model Taxonomy Attack types and Technological focus
or defense)
opportunity
Conceptual Both attack
[17]-2015 N/A DoS Yes Informational
model and defense
Layers (physical,
Conceptual Both informational
[18]-2015 MAC, network, CIA triad attacks Yes Attack only
model and operational
application)
[19]-2016 N/A CPSG components CIA triad attacks No Attack only Informational
Security objectives
Both attack Both informational
[20]-2016 Abstract model (Confidentiality, CIA triad attacks No
and defense and operational
integrity, availability)
Layers
(communication, DoS, wrapping, Both informational
[21]-2016 N/A No Attack only
measurement, phishing attacks and operational
control)
Layers (generation,
Control, measurement Both attack Both informational
[2]-2016 Abstract model transmission, Yes
attacks and defense and operational
distribution)
[22]-2017 N/A N/A Malware Yes Attack only Informational
Technical and Both informational
[23]-2018 Abstract model Source of threats No Attack only
non-technical attacks and operational
Interruption,
interception, Both attack Both informational
[24]-2018 N/A Attack behavior No
modification, and defense and operational
fabrication attacks
Mathematical FDI, topology attack,
Spatial–temporal Both attack Both informational
[25]-2019 model (linear DoS, replay attack, No
hiddenness and defense and operational
time invariant) Stuxnet, dynamic attack
Security objectives
Conceptual Both attack
[26]-2020 (Confidentiality, CIA triad attacks Yes Informational
model and defense
integrity, availability)
Aurora, pricing attacks,
Mathematical Control and feedback AGC attacks, FDI,
This
model loop (control, Topology attacks, Both attack Both informational
paper- Yes
(nonlinear time measurement, GPS-spoofing, and defense and operational
2021
invariant) control-measurement) Line-outage masking,
Stuxnet-like attacks

yt = C (xt ) + vt (2) in Fig. 1, the communication networks are vulnerable to adver-

saries who can manipulate the control and measurement sig-
where xt ∈ Rn and yt ∈ Rm are system state and mea- nals. For countermeasures, the National Electric Sector Cyber-
surements at time interval t, respectively; m is the number security Organization Resource (NESCOR) has conducted im-
of measurements; n is the number of system states (usually pact analyses and assessment of data integrity attacks against
m ≥ n). Typically, system measurements include nodal net the wide-area monitoring, protection, and control (WAMPAC)
injections, line power flows, line current phasors, and bus systems [28], in which a dozen attack scenarios are discussed
voltage phases from the emerging phasor measurement units with the corresponding failure scenarios, including line trip,
(PMUs). System states include bus voltage magnitudes and improper synchronous closing, and control actions that create
angles. A (•) denotes a system state function; B (•) is a undesirable states. For instance, the WAMPAC.2 scenario
control function; C (•) is a nonlinear measurement function; indicated that the network equipment could be leveraging to
wx ∈ Rn and wy ∈ Rm are system operating noise and spoof WAMPAC messages [28]. A threat agent may perform
measurement noise, respectively. The measurement function a spoofing attack and inject messages in WAMPAC network
is reliant on the specific measurement type and involves the equipment (router, switch, etc.). The altered messages in-
power system network topology and parameters, such as line volve measurement that goes into the WAMPAC algorithms
impedance and transformer tap ratios. The noise is generally or control command to PMUs or phasor data concentrators
assumed to be Gaussian distributed with a covariance matrix (PDCs). The WAMPAC.4 scenario leverages the compromised
R ∈ Rm×m . The received sensor measurement data, which PDC authentication to manipulate the measurement data. Such
are called raw data, cannot be utilized directly by the EMS compromise may be due to a backdoor or network sniffing,
and must be processed by state estimation (SE) and bad data which allows the malicious introduction of false measurement
detection (BDD). data. The altered data can trigger actions when none are
necessary or fail to take action when needed. Meanwhile, The
WAMPAC.8 scenario shows an attacker can insert malware in
B. Cyber-physical security concerns
PMU/PDC firmware to alter measurements. When the altering
The wide-area field sensors and communication channels action is triggered, significant effort or cost is invested in
are exposed to an increased level of cyber threats. As shown
H. ZHANG ET AL.: CYBER-PHYSICAL ATTACK AND DEFENSE 4

troubleshooting the systems given the lack of measurement

consistency, followed by equipment replacement [28].
Figure 2 illustrates the cyber-physical attacks and their
corresponding targets. Following the WAMPAC scenarios pre-
scribed in [28], we summarize the cyber-physical attacks in
CPSGs in the following three categories:

1) Control signal attacks: By relying on the ability to

bypass the data authentication and integration examina-
tions, control signal attacks aim at acquiring the physical
device authority and then operate it at the attacker’s
will. This type of attack is usually designed to target
mission-critical devices in power systems such as auto-
matic generation control (AGC), relays, smart inverters,
flexible AC transmission system (FACTS) devices, and
circuit breakers. To achieve the adversaries’ malicious
goals effectively, adversaries likely have the knowledge Fig. 2: Cyber-physical attacks and their targets reviewed in
about the target device (e.g., inverter P -Q setpoints, this paper.
generator ramping limits, line flow limits). Despite the
study of N -1 contingency for loss of a generator or
transmission line, researchers show that by exploiting while the measurement attacks such as replay attacks can
the clustering-based vulnerability, simultaneous attacks disguise the ongoing control signal attack. The manipu-
against the elaborately identified, most vulnerable de- lated measurements can pass existing anomaly detection
vices may cause cascading failures [29]. Control attacks mechanisms in the system. Existing research revealed
can achieve significant consequences in a short period. that attackers might utilize the control-measurement-
However, the lack of coordinated masks in the feedback loop attack [31] (e.g., line outage masking attacks,
measurement makes the attacks unhidden to detection Stuxnet attacks) to enhance the stealthiness of control
methods. signal attacks by masking the attack consequences as
2) Measurement attacks: These attacks focus on manipu- well as deceiving the attack detection and mitigation
lating the sensor measurement data transferred through mechanism. For instance, the notorious Stuxnet attack
the communication channels or falsifying the remote [32], [33] targeted the SCADA systems and caused
terminal units (RTU) in the field. Physical communi- substantial damage to the centrifuge of a nuclear plant.
cation links are usually compromised to deliver falsified A Stuxnet attack can compromise the programmable
messages (e.g., false data injection attacks, GPS spoof- logic controllers and give unexpected commands while
ing, and replay attacks). Depending on the attackers’ returning normal operation system measurements to the
capabilities, they may change the firmware of devices, SCADA.
eavesdrop measurements for reconnaissance, and con-
trol sensors for reporting tampered measurements. For III. C YBER -P HYSICAL ATTACKS
example, an attacker may change the Domain Name Analyzing vulnerabilities of a CPSG has attracted increasing
Systems (DNS) server of the device gateway to an attention in the last few years. The general approach is to
attacker-controlled DNS server [30]. By doing this, DNS study specific attacks against a particular system component.
hijacking attacks can be implemented to control the A CPSG consists of information technologies (IT) and op-
device-remote server interactions. Once an attacker con- erational technologies (OT). IT refers to the application of
trols the communication between the gateway and the networks that deal with the data and the flow of digital
remote server, all the measurement reports are going to information. In contrast, OT refers to technology that monitors
be sent to the malicious server instead of the legitimate and controls specific devices such as the SCADA system. IT
server. In addition, traditional DoS or a Black Hole can and OT are merging together, known as IT-OT convergence,
block the packets in the network, decreasing the system’s and the boundary between them has become blurry. This paper
situational awareness. This type of attack may disable primarily focuses on the OT attacks and defense approaches in
the system operator’s situational awareness to cover a smart grid. Several attack behaviors against the IT systems
intrusions or induce inappropriate operations according of a CPSG are briefly reviewed in Subsection A. Then, the
to the falsified system state based on the manipulated OT attacks are discussed in greater detail in the rest of this
measurements. section. Figure 2 shows the attacks and their targets surveyed
3) Control-signal-measurement attacks: This type of at- in this paper.
tack is also called control-measurement-loop attacks, in
which adversaries launch coordinated attacks on both the A. Data Availability Attacks
control signals and measurements. The control signal at- Since wireless communication is commonly used in a
tack may cause immediate physical layer consequences, CPSG, adversaries can launch attack schemes against the com-
H. ZHANG ET AL.: CYBER-PHYSICAL ATTACK AND DEFENSE 5

munication channel. In this paper, we classify the attacks that [40]. The physical damage to the generator is caused by the
impede data availability as IT attacks. For example, Byzantine variation of electrical power output from the generator and
attacks against communication networks such as cognitive the incremental generator rotating speed during the aurora
radio networks and mobile Adhoc networks were discussed in attack. Each time the breakers are re-closed, the difference
[34], [35]. These attacks are launched by compromised insider of frequency and phase angle between the main grid and the
nodes to affect the trusted routing, which in turn reduces generator may result in high torque and currents, which can
the overall network performance. After intrusion, a selfish ultimately damage the generator [41].
sensing node can report falsified channel sensing results and A scoring methodology with vulnerability ranking criteria to
increase its own gains at the cost of performance degradation find the most vulnerable breakers for an aurora attack has been
of other honest nodes. Typically, attackers intentionally launch presented in [42]. In [43], modeling and an impact analysis of
Byzantine attacks for two attack objectives. The first objective aurora attack targeting microgrid point of common coupling
is vandalism, where attackers report channel vacancy when the (PCC) and synchronous generator breakers were examined.
sensing results indicate that the channel is busy. The second The classic sync-check relays for coping with aurora attacks
objective is exploitation, where attackers can access the idle can lead to unintentional islanding in a microgrid, which
channel exclusively by sending channel busy information when is forbidden by the IEEE 1547 Standard [44]. The authors
their sensing results indicate that the channel is idle. Attackers demonstrated that an attacker could successfully damage the
can pursue attack utility maximization of the above objectives microgrid synchronous generator by attacking the PCC breaker
[36]. of a microgrid connected to the main grid.
Compared with Byzantine attacks that hinder the data 2) Pricing attacks: Demand-response programs have been
availability by degrading the communication channel, DoS is drawing more attention from retail-markets to increase the
another notorious attack that blocks the normal data transfer efficiency of the power grid. In a basic form, demand-response
by occupying the communication channel with junk data. In a is a control mechanism where the control signals are the
CPSG, the objective of a DoS attack is to disrupt the communi- incentives. Tan et al. [45] introduced a pricing attack by
cation between a control center and sensors or actuators in the performing scaling (sending the scaled value of the true price)
field. DoS attackers are not required to have the knowledge of and delay (sending old prices) attacks on the price signals.
the CPSG configuration or the ability to manipulate the control Giraldo et al. [49] further improved the attack by modeling
or measurement data in the communication channel. The attack an attacker who aims to increase the mismatch between the
consequence is that system operators can easily notice the generated and the consumed power by compromising the
attack due to the loss of measurement data. However, the communication channel and deploying an attack time series
operators cannot mitigate the attack since they cannot send to manipulate the price signal. In contrast to one-snapshot
control signals to the actuators. An example of the DoS attacks attacks, where the attackers inject malicious data only once,
is the incident of the Ukrainian electric power companies Maharjan et al. [47] considered attacks capable of injecting
discussed earlier. In [37], Qin et al. considered how to damage false pricing information at any moment and repeatedly over
the system performance most severely when launching a DoS a long-time duration. The power mismatch caused by the long-
attack against the state estimation over the packet-dropping term attacks can lead to over-generation, economic losses, and
network environment. They presented an optimal attack sched- poor power quality. To quantify the impact of the repeated
ule that maximizes the trace of the average expected estimation attacks, the authors proposed a sensitivity analysis method.
error covariance. In [38], Zhang et al. proposed a scenario that In their analysis, the authors utilized a z-transform sensitivity
a DoS attacker with attack cost constraint jams the sensor-to- function to model the dynamics of the system.
estimator communication channel. The authors formulated an Zhang et al. [46] analyzed the vulnerabilities in transactive
optimization problem that balances the destruction on the cost energy systems. In such a system, the home controllers at the
of system control and the cost of attack in an infinite time end-user react to the price signal sent by the transactive market
horizon concurrently. and return bid information automatically. Data exchanged
between the prosumer and the market agent can be manip-
ulated by attackers. The authors extended the pricing attack
B. Control Signal Attacks using malware to inject both malicious bidding prices and
1) Aurora attacks: The aurora generator vulnerability was quantities from prosumers. Under these attacks, the market-
originally tested by the Idaho National Laboratory, where clearing price was manipulated, and the energy consumption
a hypothetical attacker maliciously opens and re-closes the of each individual prosumer was affected, which in turn
circuit breaker of a generator by injecting a series of com- adversely influenced the overall demand on the distribution
promised control commands [39]. When disconnected from feeders. Two attack scenarios were studied in [46], where
the power grid, the generator becomes desynchronized. The the first scenario aimed at compromising the reliability of the
aurora attack is designed to re-close the breaker when the system by manipulating the bid price to some extreme values,
system and generator slip out of synchronism before the while the second scenario aims at making profits over time
protection system responds to the attack. Since generator by manipulating the bid price within limits to avoid being
protection elements are intentionally delayed preventing un- detected. Note that prosumers know these bid limits from the
necessary tripping, attackers typically get a 15-cycle window service agreement. If the attacker manipulates the signals such
to re-close the breaker before any protection device kicks in that they are out of the limits, the manipulation will become
H. ZHANG ET AL.: CYBER-PHYSICAL ATTACK AND DEFENSE 6

TABLE II: Control Signal Attack

Control
Mathematical
signal Target Objective Means Consequence
expression
attack
Generators in
Aurora Cause damage Intentionally Electromagnetic
power plants, Control
attack to generators, open and close torque and
microgrid command
[41], [44], motors, and a breaker or current
synchronous injection ua
t
[45] transformers PCC breaker fluctuations
generators
Mismatch System Price signal
Price signal, between the Manipulate the emergencies manipulation λat,
Pricing
transactive generated and price signal, (e.g., line and bid price
attack
energy systems the consumed bid prices and transformer manipulation bai,
[46]–[48]
bid signal power, bid quantities overload), bid quantity
profitability economic losses manipulation qia

obvious [47]. In contrast to the first scenario, the attack in and system frequency measurements to force ACE miscalcu-
the second scenario has a small impact on the total load, lation, forcing generators in the targeted area to ramp down.
which makes it difficult to be detected. Table II summarizes Meanwhile, the attacker ramped up its own generator, thereby
the existing works on the control signal attacks. generating more than the operating point suggested by SCED.
As an increased generation in the attacker’s area compensated
C. Measurement Attacks for a decrease in the targeted area, the system frequency was
1) AGC attacks: The Automatic generation control is a kept.
wide-area frequency control application in interconnected Similarly, the four types of attacks discussed above were
power grids. It ensures system frequency remains within the studied by Chen et al. [51] to implement the AGC attack
acceptable bounds and limits the tie-line power flow between strategy targeting explicitly at the load frequency control. Tan
adjacent control areas to their scheduled values. AGC relies et al. [48] considered that the grid frequency is a global
on power flow and frequency measurements from remote parameter that can be easily verified. They assumed there
sensors to calculate the area control error (ACE). The ACE exist upper and lower bounds, known by the attackers, as
represents the power exchange error and the system frequency stealthiness constraints for any injected attack vector to pass
error between the real system state and the scheduled state. the data quality checks. The stealthiness constraints limit
Based on the ACE, automated control commands on AGC the attack vector magnitude and make the attacker unable
generators are computed once every few seconds. However, to cause an unsafe frequency deviation in a single AGC
existing measurement validation techniques such as the state cycle. Thus, Chen et al. [51] focused on attacks on power
estimation typically run once every a few minutes, which can- flow measurements using a continuous false data injection
not accommodate the second-level frequency of AGC. There- attack over multiple AGC cycles to overcome the stealthiness
fore, the lack of measurement validation or attack detection constraints. They defined a metric to assess the effectiveness
mechanism makes AGC susceptible to measurement attacks. of their attacks, i.e., Time-to-Emergency (TTE), as the time
Moreover, AGC is a highly automated system that requires from the onset of an attack to the first time instant when
minimal supervision and intervention by system operators. the average frequency deviation of the system is out of the
Once compromised, it may rapidly cause a power imbalance threshold (e.g., 0.5 Hz) in their case study. They optimized
in the system [48]. their proposed attack by minimizing the TTE and satisfied the
Sridhar et al. [50] injected four adverse measurements, stealthiness constraints simultaneously; therefore, leaving the
i.e., scaling, ramp, pulse, and random attacks, to demonstrate shortest time period for the system to counteract.
their impacts on the physical system stability and the market 2) FDI attacks: False Data Injection (FDI) attacks against
operation. In scaling attacks, measurements are modified to state estimation, and bad data detection is one of the hottest
higher/lower values during the entire duration of the attack. topics in the smart grid. It was first presented by Liu et al. [52],
Ramp attacks gradually increase or decrease original measure- [53] with DC system models. The authors assumed that the
ments over time. Pulse attacks modify measurements through attacker knows the topology and network parameters of the
temporally spaced short pulses. Random attacks add random entire power system and has the capability of manipulating
values to true measurements. In an attack scenario to jeopar- the data measurements from the meters. An FDI attack can
dize system stability, the attacker’s goal is to cause a rapid cheat the power system state estimation, which is the basis of
decline in the system frequency to trigger under-frequency many power system applications, such as contingency analysis,
load shedding. In the other attack scenario to manipulate and economic dispatch [54], [55]. Falsified state estimation
the market operation and make a profit by generating more results could potentially mislead the operation and the auto-
power, the attack involves modification of generator operating control mechanism of the EMS. The consequences of such
points identified by the security-constrained economic dispatch attacks include economic loss, unstable system states, and even
(SCED). In this case, the attacker is a utility that wants to system voltage collapse [56]. Liang et al. [57] introduced an
generate more power than the dispatched schedule without FDI attack that can induce physical line overflows. By con-
being detected. The attacker injected fabricated tie-line power sidering the EMS sequential data processing functionalities,
H. ZHANG ET AL.: CYBER-PHYSICAL ATTACK AND DEFENSE 7

their optimized attack vector resulted in line overload when the 3) Blind FDI attacks: Recently, FDI attacks with little to
false measurements cause generation re-dispatch. Elaborately no information inspired researchers to construct blind FDI
constructed attack vectors can bypass bad data detection by attacks without explicit knowledge of the power grid topology.
keeping consistent with physical laws like Kirchhoff’s circuit Some researchers proved that such attacks exist and can
laws. The construction of the FDI attack vector a in DC further decrease the attack cost. Kim et al. [65] presented the
models obey (3): subspace method to learn the system operating subspace from
a = H ẋ (3) measurements and launch attacks accordingly. Their subspace
method did not require any system parameter information and
where H is the measurement matrix; ẋ is the estimated state
depended on partial sensor measurements. In 2015, Yu et al.
deviation due to the attack; and x̂attack = x̂ + ẋ. Therefore,
[66] studied the problem of blind FDI attack which makes
the malicious measurements Za = Z + a will get the same
inferences from the correlations of the line measurements.
BDD residual r as the original measurements Z do.
The construction of the attack utilizes the principal component
Hug et al. further investigated the FDI attack in AC state
analysis (PCA) [67] approximation method to transform the
estimation [58]. Unlike the DC model, where the elements
observation vector (a set of possibly correlated measurement
in the measurement matrix H are constant, the relationship
variables z) into a set of linearly uncorrelated variables, x̃,
between the measurements and the states become non-linear
called principal components. In the proposed attack model
in AC systems. The attack vector is derived as:
[66], attackers first collect some historical measurement data
a = H(x̂ + ẋ) − H(x̂) (4) and run the PCA transformation. The PCA matrix, HP CA ∈
where x̂ is the estimated state; ẋ is the change in the estimated Rm×n , is introduced by the dimensionality reduction of PCA,
state. The BDD residual under such an attack is determined m is the number of measurements, and n is the number of
by the covariance matrix, the malicious measurements, and principal components. The attacker can generate the stealthy
the estimated states after the attack. Since the attack vector blind FDI attack vector a = HP CA ẋ with an arbitrary n × 1
is noiseless, the residual after the attack is not greater than non-zero vector ẋ. The attack was proven stealthy in the
the original residual; thus, the attack is hidden. Note that the noiseless condition, and the noise will slightly degrade the
construction of AC FDI attacks requires the estimated states, performance of the attack.
as shown in (4). In cases where attackers have the topology information
The state-of-the-art research on FDI attacks is on weakening needed, Rahman and Mohsenian-Rad [68] proved that an
the assumption that the attacker has the full knowledge of attack could estimate H by collecting offline topology data
the system network information (i.e., H and H(•) are known manually (e.g., getting access to the grid topology maps
to the attackers). However, the attacker has limited ability to through intruders or utility company employees), and online
hack into meters. In this case, the attacker can only access measurements data (deploying attacker’s sensors and PMUs).
some specific measurements due to the different physical Another approach exploits the relationship between the pub-
protection of the meters [59]. The limited access to meters licly available locational marginal prices (LMPs) and the
leads to a subset of research works generating attack vectors by Lagrange multipliers of the network-constrained economic dis-
minimizing the number of manipulated measurements. For an patch. Thus, LMPs components can unveil the topology infor-
attacker, minimizing the number of attacked meters, as shown mation. Kekatos et al. [69] developed a regularized maximum
in (5), can reduce the risk of being detected and the attack likelihood estimator (MLE) to recover the grid Laplacian from
cost. the LMPs. A convex optimization problem was solved using an
αk = min kHxk0 (5) iterative alternating direction method of multipliers (ADMM)
x based algorithm. In the scenario where the loads vary within
where αk denotes the minimum objective value, k•k0 is the a small range, the topology information can be embedded into
cardinality of a vector. Such a problem is proven to be NP-hard the correlations among power flow measurements. Esmalifalak
and non-convex; thus, it is often solved by mixed-integer linear et al. [70] proposed an independent component analysis (ICA)
programming (MILP) methods [60]. By exploiting the sparsity algorithm to speculate the matrix H from power flow mea-
of H in the power system on account of physical topology, Sou surements. Higgins et al. [71] proposed a data prepossessing
et al. [60] proposed a min-cut polynomial time approximate before the ICA process. The proposed data classification is
algorithm, which is faster but still as accurate as the MILP through T-distributed stochastic neighbor embedding (T-SNE)
method. Wang et al. [61] simplified the original problem for dimensional reduction. Despite of the above cases where
by solving the relaxed L1-norm problem for sparse attack attackers can obtain the topology information, attackers are
construction. Due to recent studies, the L0-norm minimization also able to construct FDI attacks with limited topology
can be relaxed to L1-norm minimization for sparse attack information. Deng et al. [72] demonstrated that the adversary
evaluation [62], [63]. Recall that the construction of a perfect could launch unobservable FDI attacks to modify the state
AC FDI attack requires the knowledge of estimated states. variable on a bus if they know the susceptance of every
In reality, however, an adversary cannot obtain the same transmission line that is incident to that bus.
estimated state as the operators. To close the gap, Zhao et Meanwhile, attackers can launch effective and unidentifiable
al. [64] provided a sufficient condition to an imperfect FDI FDI attacks based on data-driven strategies [73]. Data-driven
attack. By satisfying this condition, an imperfect attack vector methods, especially machine learning based approaches, are
can avoid being detected. an essential branch of cyber-physical attacks on the smart
H. ZHANG ET AL.: CYBER-PHYSICAL ATTACK AND DEFENSE 8

TABLE III: Measurement Signal Attack

Control signal Mathematical
Target Objective Means Consequence
attack expression
Automatic Rapid decline in
AGC attack [48], ACE Under-frequency Measurement
generation the system
[50], [51] manipulation load shedding injection yta
control frequency
State
Incorrect Measurement CPSG functional Measurement
FDI attack [52]–[61] estimation
estimated state manipulation failure injection yta
based BDD
Blind FDI attack State
Incorrect Measurement CPSG functional Measurement
[65], [66], [68]–[70], estimation
estimated state manipulation failure injection yta
[72]–[74] based BDD
State Realistic Realistic
Incorrect CPSG functional
LR attack [75]–[81] estimation measurement measurement
estimated state failure
based BDD manipulation injection yta
Incorrect
Topology attack Topology Measurement Incorrect Measurement
topology
[82], [83] estimation manipulation topology state injection yta
estimation
Manipulating
Spoofing attack [84], GPS signal Incorrect location Measurement
PMU PMU
[85] manipulation and time stamp injection yta
measurements

grid. Chen et al. [73] assumed an attacker who has little keeping the same phase angle variations at all boundary buses.
knowledge of the power system and is unable to estimate
important parameters from observations. The attacker can only Researchers have been recently focused on revealing the
perform attacks and online learning iteratively to search for specific attack consequences. Che et al. [78] analyzed the
an optimal strategy. The optimal attack strategy was modeled mechanism that the attacker can implicitly identify the targeted
as a partially observable Markov decision process (POMDP). initial contingency as a system weak point, then leverage such
Which, however, was impossible to be solved. Thus, the at- weak point to implement LR attacks to cause physical damages
tacker could obtain an approximately optimal strategy through to the system. Under the impact of the load attack vector, the
a Q-learning algorithm with the nearest sequence memories SCED enforces the line flow limits based on the incorrect
(NSM). Markwood et al. [74] proposed a measurement matrix power flow state. When the generators are following the
estimation attack, which was termed as a topology leaking dispatch commands sent from the SCED, severe transmission
attack. When the attacker knows the historical bus power overloads can be caused [86]. Xiang et al. [80] quantified the
injections and relative voltage phase angles, the measurement impact of LR attack on the long-term power supply reliability
matrix H can be estimated. In cases where attackers can not by proposing a power system reliability evaluation model.
distinguish the eavesdropped measurement corresponding to The proposed Monte Carlo simulation based assessing method
the current system topology, Higgins et al. [71] proposed considers LR attacks that can cause load curtailment. Fu et al.
an unsupervised learning method to cluster the data set via [81] presented an attacker who does not pursue a temporary
the density based spatial clustering of application with noise profit but the most tripped lines during the cascading process
(DBSCAN) algorithm. by coordinating LR attacks with physical attacks. As the main
cause of cascading failure is a physical attack, the system
4) Load Redistribution Attacks: In 2011, Yuan et al. [75] operator will always try to prevent cascading failure by re-
defined a special type of false data injection attacks, namely dispatching the system back to a security operation point. This
load redistribution (LR) attacks. By considering the charac- is when LR attacks come into play to disrupt and mislead
teristics of the power system and the attacker’s capability, the re-dispatching by causing the maximum line overloading.
limited access to specific meters is available to LR attackers. Fu’s case study showed that the LR enhanced coordinated
Unlike original FDI attacks with a strong assumption that the attack is more serious than a single physical attack causing
attacker has access to all the meters in the system, LR attacks cascading attacks. Zhang et al. [77] extended the LR attack to
only manipulate the injection measurements of load buses and AC distribution systems by presenting a net load redistribution
line power flow measurements. Centralized generator mea- attack (NLRA), which aims at misleading the distribution
surements and zero load bus injection measurements are not system state estimation to observe illusory voltage violations.
attackable. In other words, LR attacks are realistic false data Measurements from prosumer buses with behind-the-meter
injection attacks. Liu et al. [76] proposed a local LR attack, distributed energy resources (DER) can be manipulated by an
which does not require the network parameter information NLRA. Choeum et al. [79] proposed an LR attack against the
of the whole system. They defined non-attacking regions, conservation voltage reduction (CVR) in distribution systems
attacking regions, and boundary buses that connect these two with DERs. The presented adversary injects malicious load
types of regions. According to their research, an attacker, data into the advanced metering infrastructure network and
without knowing the network information of the entire power misleads the CVR to come up with an abnormal control
system, can launch a successful local load redistribution attack signal for the voltage regulator and smart inverter set points.
with only the knowledge of the network information (topology The CVR results are consequently distorted, which cause an
and line admittance) of the attacking region. This is done by increase in active power flow from the substation.
H. ZHANG ET AL.: CYBER-PHYSICAL ATTACK AND DEFENSE 9

TABLE IV: Control-Signal-Measurement Attacks

Control signal Mathematical
Target Objective Means Consequence
attack expression
Line outage Measurement Voltage
Topology Measurement Measurement
masking attack manipulation to mask violation and
estimation manipulation injection yta
[88]–[92] line-outage line overflow
Control
Control signal Stealthy command
Stuxnet-Like Attack Communication Incorrect control and and malicious injection uat
[93], [94] channel measurement signal measurement control and
manipulation commands measurement
injection yta

5) Topology Attacks: In 2013, Kim et al. [82] proposed the wide-area damping control. By swapping the signals of two
topology attacks in distinguishing from the FDI attack. The buses, the WAMS estimated the disturbance at a location far
main difference between the topology attack and the FDI away from the correct location; the damping control failed,
attack is that the topology attack manipulates the estimated and the system frequency kept dropping. The other type of
topology state (switch and breaker states) instead of the esti- GPS spoofing attack is called time stamp attack, also known as
mated system state (power injection, power flow). A topology time synchronization attacks (TSAs), which aim to maliciously
attack is achieved by manipulating both the meter measure- introduce erroneous time stamps, thereby inducing a wrong
ment data and the network data, which can be represented as phase angle in the PMU measurements [83]. Risbud et al.
binary bits indicating on and off states of various switches and [85] formulated an optimization problem to identify the most
line breakers. The attack vector in a DC model is shown in vulnerable PMUs to construct a TSA. The vulnerability was
(6): quantified by the state estimation error, and a greedy algorithm
a = (H̄ − H)x (6) was utilized to solve the problem.
where H and H̄ are the measurement matrices before and after
the attack, respectively. When the measurement is noiseless, D. Control signal measurement Attacks
the system state x can be replaced with a function of measure- 1) Line Outage Masking Attacks: The recent attack on the
ments to generate the attack vector. However, the estimated Ukrainian power grid [95], which affected both the physical
state x̂ is required when considering measurement noise. infrastructure and the situational awareness at the control
Note that both DC and AC attack vectors previously men- center, is drawing more attention from researchers. A novel
tioned in this subsection require full knowledge of network line outage masking attack was proposed [88]–[92], where an
information to construct the measurement matrices and func- adversary attacks an area by physically disconnecting some
tions. In reality, this may not be possible. Therefore, a topology lines from the attacked area (i.e., remotely open the circuit
attack with local network information [82], [87] has been breakers) to occur short-term damage like voltage violation
studied. Kim et al. [82] considered a weak attacker who has and line overflow, and then mask the measurements within the
access to a few local meters only. The authors proposed line attacked area by DoS or FDI attacks. Such attacks combine
removal attacks, i.e., the adversary tries to remove lines from both control and measurement layer attacks to cause imme-
the actual network topology and mislead the operator that diate failure and block the operator’s awareness at the same
the line is disconnected. Liu et al. [87] observed the existing time, which may lead to cascading failures.
topology attacking model has two practical issues. The first Deng et al. [92] presented two coordinated cyber-physical
issue is that there is no limit on the attacking amounts for attacks (CCPAs) to mask the line outage, namely replay and
load measurements at buses. The second issue is that attack- optimized CCPA. To construct the replay CCPA, attackers alter
ers have limited capability to obtain necessary information. the meter readings on all the branches to force the active
Thus, the authors proposed a local topology attack model to power flow measurements after the line outage to be the same
determine the feasible attack region by obtaining less network as the power flow measurements from a normal state. The
information. replay CCPA is extremely costly, and the actual system state
6) GPS Spoofing Attack: In CPSGs, spoofing attacks on is not consistent with the manipulate measurements, which
PMUs are conducted via global position system (GPS) spoof- makes it detectable by independently known-secure PMUs.
ing, where the adversary produces artificial GPS signals. The optimized CCPA neutralizes the impact of the line outage
Two attack approaches, i.e., source ID mix attacks and time on the BDD residual. Soltan et al. [88] proved that finding
stamp attacks, are studied based on the spatio-temporal char- the set of line failures after data distortion and data replay
acterization of the GPS signals. A source ID mix attack masking attack is an NP-hard problem, based on the operator’s
is that attackers can exchange the location information of knowledge of the phase angle measurement before and after
measurement data among different PMU’s channels without the attack as well as the line admittance matrix. Li et al.
altering the measurement values. This type of attack places the [96], [97] proposed to conduct two-step cyberattacks that
measured data into wrong positions in associated data servers. mask line outages resulting from the physical attacks. The
Cui et al. [84] demonstrated the impact of source ID mix cyberattacks are decomposed into two steps, which include
spoofing on the wide-area monitoring systems (WAMS) and a topology-preserving attack as the first step, followed by the
H. ZHANG ET AL.: CYBER-PHYSICAL ATTACK AND DEFENSE 10

load redistribution attack (if the first step is not feasible). More A. temporally- and spatially-relevant DETECTION
specifically, the topology attack masks line outages caused by In a temporally-relevant detection, the current system state
physical attacks while the load redistribution attack keeps the is estimated by prior estimated state, measurement, and control
total load unchanged and redistributes the line flow to bypass signal. At time t, the estimated measurement ŷ (t) and the
the state estimation-based detection. Chung et al. [91] further residual δ (t) are shown as:
improved the masking approach by deploying a line-removing  
FDI attack (topology attack) that misled the SCADA system ŷ (t) = L1 X̂ (t − 1) , U (t − 1) , Y (t − 1) (9)
with a fake outage in another position. After the real line
∆
outage attack, the topology attack region is then selected to re- δ (t) = y (t) − ŷ (t) (10)
dispatch the power flow. The attack vector is generated in an
where L1 (•) is an abstract function; X̂ (t − 1) =
AC model with local network information and the capability
[x̂ (t − 1) · · · x̂ (0)] ∈ Rn×t is the set of the prior estimated
to manipulate the measurement within the attacked area.
state; U (t − 1) = [u (t − 1) · · · u (0)] ∈ Rl×t ; Y (t − 1) =
2) Stuxnet-Like Attacks: Traditional Stuxnet attacks inject [y (t − 1) · · · y (0)] ∈ Rm×t . After the estimation, if the
the malicious control commands to the actuators and, mean- calculated residual is larger than a pre-defined threshold, the
while, corrupt the sensor readings to cover the ongoing attack. detection method will signal an alert. Among all temporally-
To avoid being detected, Stuxnet attacks require the attacker’s relevant approaches, the most widely used method is the
capabilities of replaying all the measurements during the Kalman filter based state estimator and the chi-squared test
steady state of the system. Forensic analysis of Stuxnet attacks [98]–[100]. The Kalman filter based estimator minimizes the
[93] has shown the feasibility of a very targeted and highly variance of the estimated state, given the previous observa-
sophisticated cyberattack. Moreover, with some modifications, tions. The chi-squared test [101] is commonly used to detect
Stuxnet can be tailored as a platform for targeting other anomalies.
systems e.g., automobile or power systems. The spatially-relevant detection method estimates the sys-
Tian et al. [94] defined Stuxnet-like attacks against sec- tem by the correlation between different sensors in one time-
ondary voltage control, which assume the attacker has write interval only. A power system state estimator and the residual-
access to both the control signal and sensor measurement. The based BDD is an example of the spatially-relevant detection
cyber-physical system dynamic is described as a discrete-time approach. An essential of this estimation is measurement
linear time-invariant (LTI) model. In the presence of an attack, filtering, which utilizes the measurement data redundancy to
the system dynamics are as follows: increase the measurement accuracy. At time t, the estimated
system state is calculated based on the measurement from the
xa (t + 1) = Axa (t) + Bua (t) + w(t) (7)
same time interval,
ya (t) = Cxa (t) + v(t) (8) x̂ (t) = L2 (y (t)) (11)

where the notations are similar to those in (1) and (2) with where L2 (•) is an abstract function. From equation (2), the
an exception that the subscript a denotes the under attack estimated measurement is shown as:
status. The attacker knows the state transit matrix A, the ŷ (t) = C (x̂) . (12)
control matrix B, and the measurement matrix C. Variable ua
is the contaminated control signal received by the actuators; The residual-based alarm mechanism is also implemented in
ya is the manipulated sensor measurement received by the spatial-relevance detection. One notable difference is that in
control center; xa denotes the system state. Functions w(t) a temporally-relevant detection, the estimated measurement is
and v(t) respectively denote the process and sensor noises. calculated from prior system state (9); however, in a spatially-
This Stuxnet-like attack is only implemented on a converged relevant detection, the estimation is based on the current state
system, where the control center expects unchanged system (12).
states. The attacker needs to judge whether the system has
converged, according to the eavesdropped control signal and B. Securing measurement sensors
measurement data. As previously mentioned, the majority of attacks require,
more or less, the attacker’s knowledge about the system control
IV. C YBER -P HYSICAL D EFENSE and measurement signal. An assessment in [30] has shown that
the major cybersecurity concerns range from exploiting well-
Cyber-physical defense is absolutely the focus of ongoing known protocols to the leakage of confidential information.
research efforts, where a massive number of works have Therefore, one natural approach is to select and protect critical
already been published in the literature. In this section, control or measurement signal strategically.
we first categorize cyber-physical defense approaches into Bobba et al. [55] explored the detection of false data
temporally-relevant and spatially-relevant approaches. Further, injection by protecting a set of critical sensor measurements
several state-of-the-art cyber-physical defense approaches in and a method to verify the values of strategically selected
the CPSG, including securing measurement sensors, model state variables. The authors demonstrated that an attack aims
and algorithmic enhancement, data-driven approaches, moving to construct an attack vector such that it avoids specific mea-
target defense, and watermarking, are reviewed. surements and state variables that are protected and verified.
H. ZHANG ET AL.: CYBER-PHYSICAL ATTACK AND DEFENSE 11

From the defender’s perspective, the operator should select either redundant measurements or the cybersecurity of sensors
the sets of the protected measurements and the verified state and communication channels. These offline approaches make
to ensure that an adversary cannot find a stealthy attack vector. specific assumptions about the attacks and systems, which
Thus, FDI attacks could always be detected. The trade-off here are restrictive. One solution of PMUs placement or security
is that the protection and verification of a large number of mechanism may no longer be adequate under another sys-
measurements and state variables could be costly. tem configuration. Therefore, the author proposed an online
Phasor measurement units have recently attracted re- anomaly detection that covers broad attack scenarios. The
searchers’ attention due to their ability to provide measurement proposed method leverages online information obtained from
redundancy and assist in FDI detection. Zhao et al. [64] load forecasts, generation schedules, and real-time data from
developed a robust FDI attack detection method by checking PMUs to detect anomaly measurements.
the statistical consistency of measurements from a limited
number of secured PMUs. In the proposed detector, short- D. data-driven approaches
term measurement forecasting [102] was advocated to enhance
the PMU data redundancy. Giani et al. [103] proposed that it Another noteworthy category of defense approaches is on
is sufficient to place p + 1 known secure PMUs at carefully data-driven machine learning methods that have been gaining
chosen buses to neutralize a collection of p cyberattacks. traction due to the following two salient advantages:
Since then, the optimal PMU placement has been researched 1) The construction of the data-driven approaches does not
to detect the stealthy FDI attacks with the least PMUs. Qi depend on the network topology; and
et al. [104] formulated the optimal PMU placement as an 2) This approach is usually sensitive to time-variance mea-
optimization problem, which maximizes the determinant of surement, which can be very effective in detecting one
the empirical observability Gramian matrix. Pal et al. [105] time interval stealthy FDI attacks created based on the
presented an integer linear programming methodology for the spatial-relationship of CPSGs.
PMUs placement scheme while considering realistic cost and The use of supervised learning classifiers as alternate FDI
practical constraints. Sarailoo et al. [106] adopted synchropha- detectors was proposed by Ozay et al. [116] in 2015. Su-
sor availability (SA) on all buses as a constraint and then pervised machine learning based binary-classifiers were pre-
minimized the number of PMUs. The SA is the fraction of time sented to check the distance between ”secured” and ”attacked”
on average the bus voltage synchrophasor is correctly present. measurements. With the distance information, attacks can
As mentioned in Section III, the synchronization between be recognized by the learning algorithms. Yan et al. [117]
PMUs requires GPS signals, which are vulnerable and can be proposed to implement the learning based false data classifiers
attacked [107]–[109]. Fan et al. [110] proposed a cross-layer as a secondary detector after the residual-based BDD. They
detection against simultaneous GPS spoofing attacks towards designed FDI detectors with three widely used supervised
multiple PMUs. learning based classifiers, including support vector machine, k-
nearest neighbor, and extended nearest neighbor. The proposed
detectors are capable of detecting stealthy FDI attacks that can
C. modeling and algorithmic enhancement bypass the residual-based BDD. Sakhnini et al. [118] tested
Another category of defense approaches is on the im- three classification techniques with different heuristic feature
provement of the detection models and algorithms. Huang selection techniques. The authors concluded that the support
et al. [111] proposed an adaptive cumulative sum (CUSUM) vector machine and the k-nearest neighbor algorithms could
algorithm, which detects the adversary fast while maintaining get better accuracy than the artificial neural network. How-
a low detection error rate. Liu et al. [112] proposed a false ever, the artificial neural network is expected to have better
data detection mechanism that utilized the intrinsically low- performance on larger systems at a higher computational cost.
dimensional power grid measurements and the sparse nature of The recent breakthrough in computing provides the foundation
FDI attacks. The detection problem is formulated as a matrix for ”deep” neural network. Niu et al. [119] developed a smart
separation problem and is solved by two methods: the nuclear grid anomaly detection framework based on a neural network.
norm minimization and low-rank matrix factorization. Gu et The recurrent neural network with a long short-term memory
al. [113] proposed a detection method to detect FDI attacks cell is deployed to capture the dynamic behavior of power
by tracking the dynamics of measurement variations. They systems. According to the captured behavior, the estimated
utilized the Kullback-Leibler distance (KLD) to calculate the measurements are calculated and compared with the observed
distance between two probability distributions, i.e., historical measurements. If the residual between the observed and the
measurements and suspicious measurements, to detect the FDI estimated measurements is greater than a given threshold, an
attacks. Zhao et al. [114] proposed a short-term state forecast- attack is detected.
ing method considering the temporal correlation to calculate As for reinforcement learning based methods, Chen et
the approximate prior system measurements. The consistency al. [73] proposed a BDD method based on Kernel density
between the forecasted and received measurements is checked estimation. By using historical records, the measurements can
by a statistics-based test method. From the consistency test be estimated. The effectiveness of the proposed detection
result, a detection metric is constructed by the infinity and method relies on the abundance of integrated records of normal
the L2 -norm-based measurement residual analysis. Ashok et operations of the power grid. When an attack vector is injected
al. [115] showed that the existing CPS defense focuses on consistently, the tempered measurements could be used for the
H. ZHANG ET AL.: CYBER-PHYSICAL ATTACK AND DEFENSE 12

Kernel density estimation analysis. Thus, the proposed BDD the MTD planning, a utility needs to install D-FACTS devices
detection method could fail. Other than the studies that con- on an appropriately identified subset of transmission lines,
tribute to attack detection, Li et al. [120] proposed a defense namely solving the problem of D-FACTS placement. Arbitrary
methodology that recovers the real measurements to maintain placement and full placement are the two simplest D-FACTS
uninterrupted state estimation under FDI attacks. The proposed placement strategies. Arbitrary placement randomly selects a
method utilized a generative adversarial network based data subset of lines to install D-FACTS devices [127]. Full place-
model which captures the deviations from ideal measurements ment is the most expensive method in which D-FACTS devices
and then generates correct data to replace the manipulated are installed on every transmission line [128]. However, the
data. Besides the aforementioned defense approaches that detection effectiveness of MTDs under these two placements
protect the transferred measurement data, the defense on is not considered. Max-rank placement [129], [130] can make
the communication channel is vital. One of the cutting-edge MTDs achieve the maximum rank of the composite matrix (
wireless communication technologies used in the smart grid is i.e., max-rank MTDs), a metric of the detection effectiveness.
the cognitive radio, which is motivated by the ever-increasing Spanning-tree placement proposed in [131] installs D-FACTS
demand for high data rates in the face of limited spectral devices on the lines which form a spanning tree of the
resources. Ding et al. [121] introduced a spectrum attacker system. MTDs under spanning-tree placement is effective to
who can inject attack data into the honest spectrum sensor detect single-bus, uncoordinated multiple-bus, and coordinated
to mislead the fusion center to lower the spectrum utilization. multiple-bus FDI attacks.
Moreover, the authors show that the kernel K-means clustering After the allocation of D-FACTS devices, the system oper-
(KMC) algorithm yields better performance than the KMC ator/defender needs to continuously determine the D-FACTS
algorithm in the detection of spectrum attacks. However, high- setpoints under different load conditions in the MTD op-
quality clean training data are too expensive or too difficult eration. The MTD operation includes four methods. First,
to obtain in some cases. Xie et al. [122] proposed a convex random selection is the simplest operation method without any
framework to provide robust classification and training in computational overhead, in which the D-FACTS setpoints are
improving the anomaly-resistant against sensor failures (i.e., randomly perturbed [127]. As D-FACTS devices are originally
falsified channel sensing resulting in Byzantine attacks) in used to control the power flow, OPF-based operation methods
which possibly anomalous samples occur in the training set. integrate the D-FACTS devices into the optimal power flow
Qin et al. [123] proposed a low-rank matrix completion based model to minimize the system losses or generation costs [129],
malicious user detection framework for the secure cooperative [132], [133]. Neither the random selection method nor OPF-
spectrum sensing with a lower data acquisition cost. based operation methods consider the detection effectiveness.
Thus, these two methods must be constructed in the D-FACTS
E. Moving Target Defense placements, which ensure the detection effectiveness, such
The aforementioned operational defense approach is either as the max-rank placements. Second, the optimization-based
computationally complex or somewhat passive. As an emerg- operation takes both the economic cost and the detection
ing technique, moving target defense (MTD), is originally effectiveness into account, in which the metric of detection
proposed to enhance network security [124]. It proactively effectiveness is maximized or taken as constraints [128], [130].
changes the system configuration so that it reduces the at- Finally, the hidden MTD operation method delicately selects
tack surface and increases the uncertainty about the network D-FACTS setpoints such that all measurements remain the
system. With the properly arranged MTD perturbation, the same after MTD is applied [134]–[136]. In this case, vigilant
attacker’s knowledge about the system is always outdated. attackers cannot detect the MTD in place using BDD. To
This approach increases the barriers for the attackers to launch find suitable placement for hidden MTD operation, authors
stealthy attacks. MTD has recently been introduced in the in [135] enumerate all placement combinations, while authirs
physical layer of the cyber-physical power system (CPPS) in [136] use the max-rank placement in [130], with the help
to provide proactive defense, which is an advantage over the of protected meters.
traditional remedial defense. Comparing with the MTD in the In the literature, there are three important concerns to
cyber-layer network system, MTD in CPPS is very complex evaluate the performance of MTD. First, attack detection
as it requires the physical dispatch of control, measurements, effectiveness is the most important metric for a defense
or device properties. algorithm. As not all MTDs are effective in detecting FDI
The concept of MTD was first introduced into the physical attacks, the feasibility and the limitation of MTD is discussed
layer of the power system by Morrow et al. [125] and Davis in [131]. Many works focus on improving the attack detection
et al. [126]. In general, MTD utilizes distributed flexible AC effectiveness of MTDs though the MTD planning [129]–[131],
transmission system (D-FACTS) devices to actively modify [136] and MTD operation [128], [132], [135]. Two metrics
impedance perturbations to invalidate attackers’ knowledge are proposed to measure the detection effectiveness of MTD,
about the power system configurations, which is essential for namely the Lebesgue measure [132] and the rank of the
constructing stealthy attacks. Table V summarizes the existing composite matrix [128]–[130], [135]. The composite matrix
works on MTD, where the superscript ”AC” or ”DC” indicates rank is superior to the Lebesgue measure in the evaluation of
the corresponding AC or DC model used. MTD detection effectiveness since it demonstrates the inherent
There are two essential steps in the construction of an nature of MTD on FDI attack detection and provides an
MTD, namely MTD planning and MTD operation. First, in explicit objective for constructing an effective MTD. Authors
H. ZHANG ET AL.: CYBER-PHYSICAL ATTACK AND DEFENSE 13

TABLE V: Moving Target Defense in CPSG

MTD Algorithm MTD planning MTD operation Characteristics
Random MTD
Arbitrary placement Random selection Detection effectiveness is not considered
[127]DC
OPF-based MTD Minimize generation cost and guarantee
N/A OPF-based operation
[132]DC , [133]AC detection effectiveness [132]
Placement
Hidden MTD enumeration [135]; Random selection MTD has max-rank and is hidden to alert
[135]DC , [134]AC , max-rank placement subject to hidden attacker, but [136] uses extra protected
[136]DC using protected condition [135] sensors
meters [136]
Spanning-tree MTD Spanning-tree Covers all buses, but max-rank MTD is
Random selection
[131]DC placement not ensured
Minimizes system losses [128] or
Optimization-based
Max-rank MTD Full placement [128], generation costs [129]. Guarantees
operation [128];
[128]DC , [130]DC , max-rank placement max-rank MTD based on numerical
ACOPF-based
[129]DC, AC [129], [130] methods [128], [130] or graph-theory
operation [129]
methods [129]

in [129] proved the rank of the composite matrix could be physical attacks or insiders who are usually authenticated
merely determined by D-FACTS placement, as long as no D- users. The concept is that by injecting a known noise as
FACTS devices work in idle-states. In addition, the number a probe input of the system, an expected effect of such
of buses covered by D-FACTS devices and the incremental input should be found in the true measurement output due
line reactance introduced by D-FACTS devices also impact to the system dynamics. Thus, if the attacker is unaware
the MTD detection effectiveness [131]. However, there is no of the watermarking, the injected attack will be detected by
metric proposed to measure this impact. a chi-squared detector. Weerakkody et al. [99] considered a
Second, the cost of the MTD application is a must-concern more adversarial attacker who has access to a subset of real-
for a utility. The cost consists of the planning cost and the time control and sensing signals. The physical watermarking
operation cost. In the planning cost, the number of D-FACTS approach is extended to show the ability to counter a more
devices used in MTD determines the capital cost and labor fee. intelligent adversary. Since introducing a random probe signal
Max-rank placement in [129] uses the minimum number of D- into the system could clearly affect the operating cost, Miao
FACTS devices to achieve the maximum rank of the composite et al. [138] proposed an optimization method for the trade-off
matrix. In the operation cost, the D-FACTS setpoints impact between cost-centric and security-centric controllers. Despite
the generation cost and system losses, as these setpoints can the detection capability, the physical watermarking needs to
change power flow in the system. Thus, OPF-based operation inject perturbation as a probe into the system, which may affect
methods can be used to reduce the MTD operation cost in both the system performance. Moreover, the physical watermarking
AC and DC models. To integrate the OPF-based operation detection sensitivity is usually related to the probe signal
methods into the EMS, an interior-point solver proposed in magnitude. Thus, to increase the detection performance, the
[133] can solve these methods within seconds. defender has to sacrifice the optimal system performance.
Third, the hiddenness of MTDs provides a superior function Satchidanandan et al. [139] extended the physical water-
as it makes the MTD stealthy to attackers. Vigilant attackers marking to dynamic watermarking in a noisy dynamical sys-
use BDD to detect the existence of MTD before launching tem. The authors introduced independent and identically dis-
any attacks. If attackers detect any MTD in place, they may tributed random variables to actuator nodes, namely privately
stop FDI attacks and invest more resources to launch data imposed excitation. The actual realization of the time-sequence
exfiltration attacks to obtain the latest system configuration excitation is superimposed on the control input from an honest
[135]. Hidden MTDs can mislead these attackers to launch actuator. The author assumed that the control policy is in
detectable attacks based on incorrect line parameters. In sum- place, and the excitation is only known by the honest actuator
mary, a desirable MTD would be a hidden MTD with maximal itself. The proposed dynamic watermarking can ensure that
detection effectiveness and low cost. a malicious sensor is constrained to distorting the process
noise by at most a zero-power signal by implementing the
correlation detector. Ferdowsi et al. [140] proposed a deep
F. Watermarking learning framework for dynamic watermarking of IoT signals.
Watermarking is originally used to identify the ownership The framework is based on the long short-term memory blocks
of noise-tolerant signals such as audio, video, or image data. to extract stochastic features from IoT signals and watermarks
It also can be used to check the integrity and authenticity of the features inside the original signal. This dynamic extraction
a signal. The first use of watermarking to defend the replay enables eavesdropping attack detection since the attacker will
attack employed in Stuxnet was introduced by [98], [137], not be able to extract the watermarked information.
where the physical watermarking as a control-theoretic method Watermarking can also be used for attack identification in
to authenticate the correct control operation was proposed. CPSG. Liu et al. [128] designed a reactance perturbation-
Although existing tools like cryptography can provide au- based scheme to identify originally covert FDI attacks on
thentication, physical watermarking is more effective against power system state estimation. The term originally covert
H. ZHANG ET AL.: CYBER-PHYSICAL ATTACK AND DEFENSE 14

A. Cyber-physical security in distribution systems on the grid

edge
A CPSG is a critical infrastructure with an enormous
number of complicated devices. Cyber-physical attack and de-
fense simulations are necessary to estimate their performance,
though it is impossible to implement most experiments on a
real-world power grid. However, the existing cyber-physical
studies focus primarily on transmission systems, while the
work on the three-phase unbalanced distribution systems with
low system observability is significantly under-researched. A
growing number of distribution systems on the grid edge are
experiencing significant penetration of DERs. The emerging
power-electronic-device-based electric vehicles, local energy
storage, and demand-response have also contributed to the
system dynamics and complexity. Fully taking into account the
new dynamics and complexity in low-observability distribution
systems is quite challenging in the context of cyber-physical
security. More research efforts are therefore necessary in
distribution systems on the grid edge.
Fig. 3: Infographic of attack and defense mechanisms in smart On the other hand, conventional, discrete-time, model-based
grid. simulations are accepted by researchers [142]. However, the
traditional power system simulation tools may not be suitable
for studying the distribution grid with increasing complex-
ity and cyber-physical concerns. There has been a growing
attack refers to the stealth of the attack prior to reactance
need to use continuous-time simulation with hardware in the
perturbation. The authors proved that the originally covert
loop (HIL) capabilities. In [143], the authors developed a
attack (constructed with original measurement matrix H0 ) is
SCADA security testbed, which integrates a real-time immer-
detectable and identifiable in a reactance perturbation with a
sive network simulation environment with PowerWorld. The
new measurement matrix H if and only if the rank of [H0 H]
authors in [144] developed a testbed with PowerWorld and
is equal to 2(n − 1), where n is the number of buses. Zhang et
OPNET. A platform equipped with GridLAB-D and NetSim
al. [141] proposed an attack identification approach for GPS
has been used for power systems and communication network
spoofing attacks (GSAs) against PMUs. They performed a
simulation in [145]. Due to time-domain analysis complexity,
probing technique on each PMU in parallel to determine the
these simulation platforms cannot run in real-time or perform
locations of spoofed PMUs and the ranges of GSA phase shifts
HIL simulation. In a broader sense, the real-time simulation
under the assumption that the PMU in a substation is secure.
reflects the exact dynamic behavior of a CPSG, and the HIL
The attack models reviewed in Section III and the defense ensures precise operation as the real devices. While these
mechanisms surveyed in Section IV are summarized in Fig. two functionalities are usually unavailable with the current
3. The two-layer model in this figure is a graphic form of the simulation structure, development on the real-time simulation
CPSG model abstracted in Section II-A. In Fig. 3, each attack testbed with HIL largely remain to be conducted.
on smart grid functionalities is shown with corresponding
counter-measurements labeled next to it.
B. Interdependence
Studying the CPSG security issues relies on the interdepen-
V. O PPORTUNITIES AND C HALLENGES dence of both the cyber layer and the physical layer. The attack
detection requires advanced communication technologies to
Despite the tremendous research efforts reviewed in this transfer data from the physical devices to the control center.
work, cyber-physical security challenges remain to be thor- On the other hand, most cyber-physical attack schemes have
oughly addressed. Critical power system functionalities such taken advantage of this interdependence to launch attacks
as market operation, advanced metering, and network oper- in the cyber layer and induce physical damages. For future
ation may also face attacks. Meanwhile, the potential impli- research in this area, cyber-physical interdependence needs
cations of these attacks remain to be further investigated. In to be comprehensively explored. For instance, the physical
addition, the emerging applications, including time of use, attacks on cybersecurity have been under-investigated, and the
demand response, and large-scale electric vehicles, will have threats can be devastating when the dependence of physical
strong impacts on the smart grid and may also become targets systems is exploited by an attacker [2]. Another cyber-physical
of cyber-physical attacks in the future. In this section, we interdependence that has been largely ignored is simulation
highlight four critical challenges and opportunities in the software. Traditional software is developed to simulate or
field of smart grid cyber-physical security that deserve further emulate either communication networks (e.g., OPNET, NS2,
research efforts. OMNET) or physical power systems (e.g., RTDS, DSATools,
H. ZHANG ET AL.: CYBER-PHYSICAL ATTACK AND DEFENSE 15

PSS/E, PowerWorld). Such software cannot provide realistic vulnerabilities targeted by an attacker. We classify the existing
cyber-physical environments [146]. Additionally, the interde- attack approaches against different components based on the
pendence between CPSGs and other critical infrastructures, CPPS model. A review of the cutting-edge operational defense
such as communication, water, and transportation networks, approaches was presented to summarize and categorize the
ought to be researched in the context of cyber-physical attacks state-of-the-art in the field, ranging from the state estimation
against CPSGs. based detector to the emerging moving target defense and
watermarking methods. As smart grid technologies become
C. Attack coordination more prevalent and more physical devices are connected to
the cyber-physical infrastructures, significant attack surfaces
In real-word CPSG, sequential outages are the most com- are introduced, as well as a wide range of opportunities and
mon causes of blackouts [147], e.g., the 2003 Northeast challenges. Four challenges were highlighted in the investiga-
Blackout [148] and the 2011 Southwest Blackout [149]. If a tion of smart grid cyber-physical security. Our survey provides
series of attacks can trigger such events, then an intimidating insights that future research efforts must target a new set
cyber-physical security risk will be worthy of attention. In of cyber-physical security concerns, including real-time risk
Section III, we discussed the line outage masking attack, one modeling and simulation, risk mitigation, and coordinated
of the popular methods among coordinated attacks. Mean- attack defense.
while, most researchers assume that the cyberattack vector
is injected simultaneously with the physical damage in the
R EFERENCES
existing research. This assumption may be validated in a
specific condition, such as the system is in a steady state. [1] C.-P. S. P. W. Group et al., “Framework for cyber-physical systems:
Volume 1, overview, version 1.0,” NIST Special Publication, pp. 1500–
However, the general circumstances in which the attackers 201, 2017.
cannot promise timely cyberattack injection with respect to the [2] H. He and J. Yan, “Cyber-physical attacks and defences in the smart
system dynamic have remained to be considered. However, the grid: a survey,” IET Cyber-Physical Systems: Theory Applications,
vol. 1, no. 1, pp. 13–27, 2016.
timing and ordering of coordinated attacks can also have an [3] G. Loukas, “1 - a cyber-physical world,” in Cyber-
impact on the eventual damages. With an elaborate schedule, Physical Attacks, G. Loukas, Ed. Boston: Butterworth-
not only will concurrence be relaxed, but the damage may be Heinemann, 2015, pp. 1 – 19. [Online]. Available:
http://www.sciencedirect.com/science/article/pii/B9780128012901000011
amplified. On the other hand, from a defender’s perspective, [4] S. Sridhar, A. Hahn, and M. Govindarasu, “Cyberphysical system
analyzing the coordinated attacks on CPSG based on temporal- security for the electric power grid,” vol. 100, no. 1, pp. 210–224.
topological correlation can help to restore the complete attack [Online]. Available: http://ieeexplore.ieee.org/document/6032699/
[5] T. C. Reed, At the abyss: an insider’s history of the Cold War. Presidio
path and identify the intent of the attacks [150]. Press, 2005.
[6] T. L. Hardy, Software and System Safety. AuthorHouse, 2012.
[7] P. Shakarian, “Stuxnet: Cyberwar revolution in military affairs,” p. 11.
D. Attack identification and mitigation [8] J. P. Farwell and R. Rohozinski, “Stuxnet and the future of cyber war,”
In future power systems, an attack detector will be an Survival, vol. 53, no. 1, pp. 23–40, 2 2011.
[9] G. Liang, S. R. Weller, J. Zhao, F. Luo, and Z. Y. Dong, “The 2015
indispensable tool for detecting and identifying anomalous ukraine blackout: Implications for false data injection attacks,” IEEE
measurements. Without reliable attack identification, it is hard Transactions on Power Systems, vol. 32, no. 4, pp. 3317–3318, 7 2017.
to implement a mitigation process with pertinence. While de- [10] H. Farhangi, “The path of the smart grid,” IEEE Power and Energy
Magazine, vol. 8, no. 1, pp. 18–28, 1 2010, event: IEEE Power and
tecting attacks is computationally straightforward, identifying Energy Magazine.
the attack location and strategy is computationally challenging [11] J. Rost and R. L. Glass, Disgruntled Employees and Sabotage, 2011,
[151]. For instance, bad data cannot be identified once belong- pp. 189–212.
[12] F. M. Cleveland, “Cyber security issues for advanced metering in-
ing to the critical sets of measurements, also known as bad data frastructure (ami).” 2008 IEEE Power and Energy Society General
groups, because they cause the same normalized residuals for Meeting - Conversion and Delivery of Electrical Energy in the 21st
each element of the set [152]. Another problem is that existing Century, 7 2008, pp. 1–5, iSSN: 1932-5517.
[13] P. McDaniel and S. McLaughlin, “Security and privacy challenges in
state estimation based algorithms in transmission systems are the smart grid,” IEEE Security Privacy, vol. 7, no. 3, pp. 75–77, 5
not suitable for unbalanced distribution systems with high r/x 2009, event: IEEE Security Privacy.
ratios [153]. With the aforementioned issues, few solutions [14] H. Khurana, M. Hadley, N. Lu, and D. A. Frincke, “Smart-grid security
issues,” IEEE Security Privacy, vol. 8, no. 1, pp. 81–85, 1 2010, event:
have been proposed for the identification of attacks. In addi- IEEE Security Privacy.
tion, rather than brutally getting rid of identified compromised [15] L. Xie, Y. Mo, and B. Sinopoli, “False data injection attacks in
measurements, how best to mitigate the adverse effect of those electricity markets,” in 2010 First IEEE International Conference on
Smart Grid Communications. IEEE, 2010, pp. 226–231.
attacks is also a very challenging issue depending on particular [16] S. N. Islam, Z. Baig, and S. Zeadally, “Physical layer security for
operation and controls of a CPSG. the smart grid: Vulnerabilities, threats, and countermeasures,” IEEE
Transactions on Industrial Informatics, vol. 15, no. 12, pp. 6522–6530,
2019.
VI. C ONCLUSION [17] S. Shapsough, F. Qatan, R. Aburukba, F. Aloul, and A. Al Ali, “Smart
grid cyber security: Challenges and solutions,” in 2015 International
A CPSG relies on the cooperation of both cyber and conference on smart grid and clean energy technologies (ICSGCE).
physical layer functionalities. The ubiquitous threat to the IEEE, 2015, pp. 170–175.
entire smart grid’s large attack surface makes it necessary [18] A. Procopiou and N. Komninos, “Current and future threats framework
in smart grid domain,” in 2015 IEEE International Conference on
to comprehensively analyze and classify attacks. This paper Cyber Technology in Automation, Control, and Intelligent Systems
provides a CPPS operation model and addresses the associated (CYBER). IEEE, 2015, pp. 1852–1857.
H. ZHANG ET AL.: CYBER-PHYSICAL ATTACK AND DEFENSE 16

[19] R. K. Pandey and M. Misra, “Cyber security threatssmart grid infras- [44] “Ieee approved draft standard for interconnection and interoperability
tructure,” in 2016 National Power Systems Conference (NPSC). IEEE, of distributed energy resources with associated electric power systems
2016, pp. 1–6. interfaces - amendment 1 to ieee std 1547-2018 to provide more
[20] A. Sanjab, W. Saad, I. Guvenc, A. Sarwat, and S. Biswas, “Smart flexibility for adoption of abnormal operating performance category
grid security: Threats, challenges, and solutions,” arXiv preprint iii,” IEEE P1547a/D1.4, January 2020, pp. 1–17, 3 2020.
arXiv:1606.06992, 2016. [45] R. Tan, V. Badrinath Krishna, D. K. Yau, and Z. Kalbarczyk, “Impact of
[21] I. Colak, S. Sagiroglu, G. Fulli, M. Yesilbudak, and C.-F. Covrig, “A integrity attacks on real-time pricing in smart grids,” 2013, p. 439450.
survey on the critical issues in smart grid technologies,” Renewable [46] Y. Zhang, V. V. G. Krishnan, J. Pi, K. Kaur, A. Srivastava, A. Hahn,
and Sustainable Energy Reviews, vol. 54, pp. 396–405, 2016. and S. Suresh, “Cyber physical security analytics for transactive energy
[22] P. Eder-Neuhauser, T. Zseby, J. Fabini, and G. Vormayr, “Cyber attack systems,” IEEE Transactions on Smart Grid, vol. 11, no. 2, pp. 931–
models for smart grid environments,” Sustainable Energy, Grids and 941, 3 2020.
Networks, vol. 12, pp. 10–29, 2017. [47] S. Maharjan, Q. Zhu, Y. Zhang, S. Gjessing, and T. Basar, “Dependable
[23] A. O. Otuoze, M. W. Mustafa, and R. M. Larik, “Smart grids security demand response management in the smart grid: A stackelberg game
challenges: Classification by sources of threats,” Journal of Electrical approach,” IEEE Transactions on Smart Grid, vol. 4, no. 1, pp. 120–
Systems and Information Technology, vol. 5, no. 3, pp. 468–483, 2018. 132, 3 2013, event: IEEE Transactions on Smart Grid.
[24] G. Bedi, G. K. Venayagamoorthy, R. Singh, R. R. Brooks, and K.-C. [48] R. Tan, H. H. Nguyen, E. Y. S. Foo, D. K. Y. Yau, Z. Kalbarczyk, R. K.
Wang, “Review of internet of things (iot) in electric power and energy Iyer, and H. B. Gooi, “Modeling and mitigating impact of false data
systems,” IEEE Internet of Things Journal, vol. 5, no. 2, pp. 847–870, injection attacks on automatic generation control,” IEEE Transactions
2018. on Information Forensics and Security, vol. 12, no. 7, pp. 1609–1624, 7
[25] T. Liu, J. Tian, J. Wang, H. Wu, L. Sun, Y. Zhou, and X. Guan, 2017, event: IEEE Transactions on Information Forensics and Security.
“Integrated security threats and defense of cyber-physical systems,” [49] J. Giraldo, A. Crdenas, and N. Quijano, “Integrity attacks on real-
Acta Automatica Sinica, vol. 45, no. 1, pp. 5–24, 2019. time pricing in smart grids: Impact and countermeasures,” IEEE
[26] M. Z. Gunduz and R. Das, “Cyber-security on smart grid: Threats and Transactions on Smart Grid, vol. 8, no. 5, pp. 2249–2257, 9 2017.
potential solutions,” Computer Networks, vol. 169, p. 107094, 2020. [50] S. Sridhar and M. Govindarasu, “Model-based attack detection and
[27] A. J. Wood, B. F. Wollenberg, and G. B. Shebl, Power Generation, mitigation for automatic generation control,” IEEE Transactions on
Operation, and Control. John Wiley & Sons, 12 2013. Smart Grid, vol. 5, no. 2, pp. 580–591, 3 2014.
[28] None, None, “National Electric Sector Cybersecurity Organization [51] C. Chen, K. Zhang, K. Yuan, L. Zhu, and M. Qian, “Novel detection
Resource (NESCOR),” Tech. Rep. 1163840, Jun. 2014. [Online]. scheme design considering cyber attacks on load frequency control,”
Available: http://www.osti.gov/servlets/purl/1163840/ IEEE Transactions on Industrial Informatics, vol. 14, no. 5, pp. 1932–
[29] J. Yan, Y. Zhu, H. He, and Y. Sun, “Multi-contingency cascading anal- 1941, 5 2018, event: IEEE Transactions on Industrial Informatics.
ysis of smart grid based on self-organizing map,” IEEE Transactions [52] Y. Liu, N. Peng, and M. K. Reiter, “False data injection attacks
on Information Forensics and Security, vol. 8, no. 4, pp. 646–656, 4 against state estimation in electric power grids,” in Proceedings
2013, event: IEEE Transactions on Information Forensics and Security. of the 16th ACM Conference on Computer and Communications
Security, ser. CCS ’09. New York, NY, USA: Association
[30] Y. Dafalla, B. Liu, D. A. Hahn, H. Wu, R. Ahmadi, and A. G. Bar-
for Computing Machinery, 2009, p. 2132. [Online]. Available:
das, “Prosumer nanogrids: A cybersecurity assessment,” IEEE Access,
https://doi.org/10.1145/1653662.1653666
vol. 8, pp. 131 150–131 164, 2020, event: IEEE Access.
[53] Y. Liu, N. Peng, and M. K. Reiter, “False data injection attacks
[31] R. Langner, “Stuxnet: Dissecting a cyberwarfare weapon,” IEEE Secu-
against state estimation in electric power grids,” ACM Transactions on
rity & Privacy, vol. 9, no. 3, pp. 49–51, 2011.
Information and System Security (TISSEC), vol. 14, no. 1, pp. 1–33,
[32] T. M. Chen, “Stuxnet, the real start of cyber warfare?[editor’s note],”
2011.
IEEE Network, vol. 24, no. 6, pp. 2–3, 2010.
[54] B. M. Horowitz and K. M. Pierce, “The integration of di-
[33] N. Falliere, L. O. Murchu, and E. Chien, “W32. stuxnet dossier,” White versely redundant designs, dynamic system models, and state es-
paper, Symantec Corp., Security Response, vol. 5, no. 6, p. 29, 2011. timation technology to the cyber security of physical systems,”
[34] L. Zhang, G. Ding, Q. Wu, Y. Zou, Z. Han, and J. Wang, “Byzantine Systems Engineering, vol. 16, no. 4, pp. 401–412, 2013, eprint:
attack and defense in cognitive radio networks: A survey,” IEEE https://onlinelibrary.wiley.com/doi/pdf/10.1002/sys.21239.
Communications Surveys & Tutorials, vol. 17, no. 3, pp. 1342–1363, [55] R. B. Bobba, K. M. Rogers, Q. Wang, H. Khurana, K. Nahrstedt,
2015. and T. J. Overbye, “Detecting false data injection attacks on dc state
[35] A. Geetha and N. Sreenath, “Byzantine attacks and its security mea- estimation,” vol. 2010, 2010.
sures in mobile adhoc networks,” Intl Journal of Computing, Communi- [56] Z. Wang, Y. Chen, F. Liu, Y. Xia, and X. Zhang, “Power system security
cations and Instrumentation Engineering (IJCCIE 2016), vol. 3, no. 1, under false data injection attacks with exploitation and exploration
pp. 42–47, 2016. based on reinforcement learning,” IEEE Access, vol. 6, pp. 48 785–
[36] G. Ding, J. Wang, Q. Wu, L. Zhang, Y. Zou, Y.-D. Yao, and Y. Chen, 48 796, 2018, event: IEEE Access.
“Robust spectrum sensing with crowd sensors,” IEEE Transactions on [57] J. Liang, L. Sankar, and O. Kosut, “Vulnerability analysis and conse-
Communications, vol. 62, no. 9, pp. 3129–3143, 2014. quences of false data injection attack on power system state estimation,”
[37] J. Qin, M. Li, L. Shi, and X. Yu, “Optimal denial-of-service attack IEEE Transactions on Power Systems, vol. 31, no. 5, pp. 3864–3872,
scheduling with energy constraint over packet-dropping networks,” 2016.
IEEE Transactions on Automatic Control, vol. 63, no. 6, pp. 1648– [58] G. Hug and J. A. Giampapa, “Vulnerability assessment of ac state
1663, 2017. estimation with respect to false data injection cyber-attacks,” IEEE
[38] H. Zhang and W. X. Zheng, “Denial-of-service power dispatch against Transactions on Smart Grid, vol. 3, no. 3, pp. 1362–1370, 9 2012.
linear quadratic control via a fading channel,” IEEE Transactions on [59] G. Liang, J. Zhao, F. Luo, S. R. Weller, and Z. Y. Dong, “A review
Automatic Control, vol. 63, no. 9, pp. 3032–3039, 2018. of false data injection attacks against modern power systems,” IEEE
[39] M. Zeller, “Common questions and answers addressing the aurora Transactions on Smart Grid, vol. 8, no. 4, pp. 1630–1638, 7 2017.
vulnerability,” Schweitzer Engineering Laboratories Report, 2011. [60] K. C. Sou, H. Sandberg, and K. H. Johansson, “Electric power network
[40] M. Zeller, “Myth or reality does the aurora vulnerability pose a risk to security analysis via minimum cut relaxation.” 2011 50th IEEE
my generator?” in 2011 64th Annual Conference for Protective Relay Conference on Decision and Control and European Control Conference,
Engineers, 2011, pp. 130–136. 12 2011, pp. 4054–4059, iSSN: 0743-1546.
[41] “Ieee standard for salient-pole 50 hz and 60 hz synchronous generators [61] H. Wang, J. Ruan, G. Wang, B. Zhou, Y. Liu, X. Fu, and J. Peng, “Deep
and generator/motors for hydraulic turbine applications rated 5 mva and learning-based interval state estimation of ac smart grids against sparse
above,” IEEE Std C50.12-2005, pp. 1–45, 2006. cyber attacks,” IEEE Transactions on Industrial Informatics, vol. 14,
[42] A. Srivastava, T. Morris, T. Ernster, C. Vellaithurai, S. Pan, and no. 11, pp. 4766–4778, 11 2018, event: IEEE Transactions on Industrial
U. Adhikari, “Modeling cyber-physical vulnerability of the smart grid Informatics.
with incomplete information,” IEEE Transactions on Smart Grid, [62] J. Liang, L. Sankar, and O. Kosut, “Vulnerability analysis and conse-
vol. 4, no. 1, pp. 235–244, 3 2013. quences of false data injection attack on power system state estimation,”
[43] M. F. Arani, A. A. Jahromi, D. Kundur, and M. Kassouf, “Modeling IEEE Transactions on Power Systems, vol. 31, no. 5, pp. 3864–3872,
and simulation of the aurora attack on microgrid point of common 2016.
coupling,” in 2019 7th Workshop on Modeling and Simulation of Cyber- [63] M. Ozay, I. Esnaola, F. T. Yarman Vural, S. R. Kulkarni, and H. Vincent
Physical Energy Systems (MSCPES). IEEE, 2019, pp. 1–6. Poor, “Distributed models for sparse attack construction and state
H. ZHANG ET AL.: CYBER-PHYSICAL ATTACK AND DEFENSE 17

vector estimation in the smart grid,” in 2012 IEEE Third International [84] Y. Cui, F. Bai, Y. Liu, P. L. Fuhr, and M. E. Morales-Rodrguez, “Spatio-
Conference on Smart Grid Communications (SmartGridComm), 2012, temporal characterization of synchrophasor data against spoofing at-
pp. 306–311. tacks in smart grids,” IEEE Transactions on Smart Grid, vol. 10, no. 5,
[64] J. Zhao, L. Mili, and M. Wang, “A generalized false data injection pp. 5807–5818, 9 2019, event: IEEE Transactions on Smart Grid.
attacks against power system nonlinear state estimator and counter- [85] P. Risbud, N. Gatsis, and A. Taha, “Vulnerability analysis of smart grids
measures,” IEEE Transactions on Power Systems, vol. 33, no. 5, pp. to gps spoofing,” IEEE Transactions on Smart Grid, vol. 10, no. 4, pp.
4868–4877, 2018. 3535–3548, 7 2019, event: IEEE Transactions on Smart Grid.
[65] J. Kim, L. Tong, and R. J. Thomas, “Subspace methods for data attack [86] L. Che, X. Liu, and Z. Li, “Fast screening of high-risk lines under false
on state estimation: A data driven approach,” IEEE Transactions on data injection attacks,” IEEE Transactions on Smart Grid, vol. 10, no. 4,
Signal Processing, vol. 63, no. 5, pp. 1102–1114, 3 2015, event: IEEE pp. 4003–4014, 2018.
Transactions on Signal Processing. [87] X. Liu and Z. Li, “Local topology attacks in smart grids,” IEEE
[66] Z.-H. Yu and W.-L. Chin, “Blind false data injection attack using pca Transactions on Smart Grid, vol. 8, no. 6, pp. 2617–2626, 11 2017.
approximation method in smart grid,” IEEE Transactions on Smart [88] S. Soltan, M. Yannakakis, and G. Zussman, “React to cyber attacks on
Grid, vol. 6, no. 3, pp. 1219–1226, 5 2015. power grids,” IEEE Transactions on Network Science and Engineering,
[67] “Principle component analysis: Springer series in statistics,” in vol. 6, no. 3, pp. 459–473, 7 2019.
Principal Component Analysis, I. T. Jolliffe, Ed. New York, [89] S. Soltan and G. Zussman, “Expose the line failures following a cyber-
NY: Springer New York, 2002, pp. 1–9. [Online]. Available: physical attack on the power grid,” IEEE Transactions on Control of
https://doi.org/10.1007/0-387-22440-8 1 Network Systems, vol. 6, no. 1, pp. 451–461, 3 2019.
[68] M. A. Rahman and H. Mohsenian-Rad, “False data injection attacks [90] S. Soltan, P. Mittal, and H. V. Poor, “Line failure detection after a
with incomplete information against smart power grids.” 2012 IEEE cyber-physical attack on the grid using bayesian regression,” IEEE
Global Communications Conference (GLOBECOM), 12 2012, pp. Transactions on Power Systems, vol. 34, no. 5, pp. 3758–3768, 9 2019.
3153–3158, iSSN: 1930-529X. [91] H.-M. Chung, W.-T. Li, C. Yuen, W.-H. Chung, Y. Zhang, and C.-
[69] V. Kekatos, G. B. Giannakis, and R. Baldick, “Grid topology identifi- K. Wen, “Local cyber-physical attack for masking line outage and
cation using electricity prices.” 2014 IEEE PES General Meeting | topology attack in smart grid,” IEEE Transactions on Smart Grid,
Conference Exposition, 7 2014, pp. 1–5, iSSN: 1932-5517. vol. 10, no. 4, pp. 4577–4588, 7 2019.
[70] M. Esmalifalak, H. Nguyen, R. Zheng, and Z. Han, “Stealth false [92] R. Deng, P. Zhuang, and H. Liang, “Ccpa: Coordinated cyber-physical
data injection using independent component analysis in smart grid.” attacks and countermeasures in smart grid,” IEEE Transactions on
2011 IEEE International Conference on Smart Grid Communications Smart Grid, vol. 8, no. 5, pp. 2420–2430, 9 2017.
(SmartGridComm), 10 2011, pp. 244–248. [93] S. Karnouskos, “Stuxnet worm impact on industrial cyber-physical
[71] M. M. Higgins, D. F. Teng, and P. T. Parisini, “Stealthy mtd against system security,” in IECON 2011-37th Annual Conference of the IEEE
unsupervised learning-based blind fdi attacks in power systems,” arXiv Industrial Electronics Society. IEEE, 2011, pp. 4490–4494.
preprint arXiv:2004.07004, 2020. [94] J. Tian, R. Tan, X. Guan, Z. Xu, and T. Liu, “Moving target defense
approach to detecting stuxnet-like attacks,” IEEE Transactions on
[72] R. Deng and H. Liang, “False data injection attacks with limited
Smart Grid, pp. 1–1, 2019.
susceptance information and new countermeasures in smart grid,” IEEE
[95] D. U. Case, “Analysis of the cyber attack on the ukrainian power grid,”
Transactions on Industrial Informatics, vol. 15, no. 3, pp. 1619–1628,
Electricity Information Sharing and Analysis Center (E-ISAC), vol.
2019.
388, 2016.
[73] Y. Chen, S. Huang, F. Liu, Z. Wang, and X. Sun, “Evaluation of
[96] Z. Li, M. Shahidehpour, A. Alabdulwahab, and A. Abusorrah, “Bilevel
reinforcement learning-based false data injection attack to automatic
model for analyzing coordinated cyber-physical attacks on power
voltage control,” IEEE Transactions on Smart Grid, vol. 10, no. 2, pp.
systems,” IEEE Transactions on Smart Grid, vol. 7, no. 5, pp. 2260–
2158–2169, 3 2019, event: IEEE Transactions on Smart Grid.
2272, 9 2016, event: IEEE Transactions on Smart Grid.
[74] I. Markwood, Y. Liu, K. Kwiat, and C. Kamhoua, “Electric grid power
[97] Z. Li, M. Shahidehpour, A. Alabdulwahab, and A. Abusorrah, “Ana-
flow model camouflage against topology leaking attacks.” IEEE
lyzing locally coordinated cyber-physical attacks for undetectable line
INFOCOM 2017 - IEEE Conference on Computer Communications, 5
outages,” IEEE Transactions on Smart Grid, vol. 9, no. 1, pp. 35–47,
2017, pp. 1–9.
2018.
[75] Y. Yuan, Z. Li, and K. Ren, “Modeling load redistribution attacks in [98] Y. Mo and B. Sinopoli, “Secure control against replay attacks,” in
power systems,” IEEE Transactions on Smart Grid, vol. 2, no. 2, pp. 2009 47th annual Allerton conference on communication, control, and
382–390, 6 2011. computing (Allerton). IEEE, 2009, pp. 911–918.
[76] X. Liu and Z. Li, “Local load redistribution attacks in power systems [99] S. Weerakkody, Y. Mo, and B. Sinopoli, “Detecting integrity attacks
with incomplete network information,” IEEE Transactions on Smart on control systems using robust physical watermarking.” 53rd IEEE
Grid, vol. 5, no. 4, pp. 1665–1676, 7 2014. Conference on Decision and Control, Dec. 2014, pp. 3757–3764, iSSN:
[77] H. Zhang, B. Liu, and H. Wu, “Net load redistribution attacks on nodal 0191-2216.
voltage magnitude estimation in ac distribution networks,” in 2020 [100] D. Simon, “Kalman filtering with state constraints: a survey of linear
IEEE PES Innovative Smart Grid Technologies Europe (ISGT-Europe), and nonlinear algorithms,” IET Control Theory & Applications, vol. 4,
2020, pp. 46–50. no. 8, pp. 1303–1318, 2010.
[78] L. Che, X. Liu, Z. Li, and Y. Wen, “False data injection attacks [101] R. K. Mehra and J. Peschon, “An innovations approach to fault
induced sequential outages in power systems,” IEEE Transactions on detection and diagnosis in dynamic systems,” Automatica, vol. 7, no. 5,
Power Systems, vol. 34, no. 2, pp. 1513–1523, 3 2019, event: IEEE pp. 637–640, 1971.
Transactions on Power Systems. [102] Y. Chakhchoukh, V. Vittal, and G. T. Heydt, “Pmu based state estima-
[79] D. Choeum and D. Choi, “Vulnerability assessment of conservation tion by integrating correlation,” IEEE Transactions on Power Systems,
voltage reduction to load redistribution attack in unbalanced active vol. 29, no. 2, pp. 617–626, 2013.
distribution networks,” IEEE Transactions on Industrial Informatics, [103] A. Giani, E. Bitar, M. Garcia, M. McQueen, P. Khargonekar, and
pp. 1–1, 2020. K. Poolla, “Smart grid data integrity attacks: characterizations and
[80] Y. Xiang, Z. Ding, Y. Zhang, and L. Wang, “Power system reliability countermeasures.” 2011 IEEE International Conference on Smart Grid
evaluation considering load redistribution attacks,” IEEE Transactions Communications (SmartGridComm), 10 2011, pp. 232–237.
on Smart Grid, vol. 8, no. 2, pp. 889–901, 2017. [104] J. Qi, K. Sun, and W. Kang, “Optimal pmu placement for power system
[81] J. Fu, L. Wang, B. Hu, K. Xie, H. Chao, and P. Zhou, “A sequential dynamic state estimation by using empirical observability gramian,”
coordinated attack model for cyber-physical system considering cas- IEEE Transactions on Power Systems, vol. 30, no. 4, pp. 2041–2054,
cading failure and load redistribution,” in 2018 2nd IEEE Conference 7 2015, event: IEEE Transactions on Power Systems.
on Energy Internet and Energy System Integration (EI2), 2018, pp. [105] A. Pal, A. K. S. Vullikanti, and S. S. Ravi, “A pmu placement
1–6. scheme considering realistic costs and modern trends in relaying,” IEEE
[82] J. Kim and L. Tong, “On topology attack of a smart grid: Undetectable Transactions on Power Systems, vol. 32, no. 1, pp. 552–561, 1 2017,
attacks and countermeasures,” IEEE Journal on Selected Areas in event: IEEE Transactions on Power Systems.
Communications, vol. 31, no. 7, pp. 1294–1305, 7 2013. [106] M. Sarailoo and N. E. Wu, “Cost-effective upgrade of pmu networks for
[83] D. Schmidt, K. Radke, S. Camtepe, E. Foo, and M. Ren, “A survey fault-tolerant sensing,” IEEE Transactions on Power Systems, vol. 33,
and analysis of the gnss spoofing threat and countermeasures,” ACM no. 3, pp. 3052–3063, 5 2018, event: IEEE Transactions on Power
Computing Surveys, vol. 48, no. 4, pp. 1–31, 5 2016. Systems.
H. ZHANG ET AL.: CYBER-PHYSICAL ATTACK AND DEFENSE 18

[107] Q. Yang, D. An, and W. Yu, “On time desynchronization attack against [127] M. A. Rahman, E. Al-Shaer, and R. B. Bobba, “Moving target defense
ieee 1588 protocol in power grid systems.” 2013 IEEE Energytech, for hardening the security of the power system state estimation,”
5 2013, pp. 1–5. the First ACM Workshop. Scottsdale, Arizona, USA: ACM Press,
[108] Z. Zhang, S. Gong, A. D. Dimitrovski, and H. Li, “Time synchroniza- 2014, pp. 59–68, [Online; accessed 2020-05-16]. [Online]. Available:
tion attack in smart grid: Impact and analysis,” IEEE Transactions on http://dl.acm.org/citation.cfm?doid=2663474.2663482
Smart Grid, vol. 4, no. 1, pp. 87–98, 3 2013, event: IEEE Transactions [128] C. Liu, J. Wu, C. Long, and D. Kundur, “Reactance perturbation for
on Smart Grid. detecting and identifying fdi attacks in power system state estimation,”
[109] X. Jiang, J. Zhang, B. J. Harding, J. J. Makela, and A. D. Domnguez- IEEE Journal of Selected Topics in Signal Processing, vol. 12, no. 4,
Garca, “Spoofing gps receiver clock offset of phasor measurement pp. 763–776, 8 2018, event: IEEE Journal of Selected Topics in Signal
units,” IEEE Transactions on Power Systems, vol. 28, no. 3, pp. 3253– Processing.
3262, 8 2013, event: IEEE Transactions on Power Systems. [129] B. Liu and H. Wu, “Optimal d-facts placement in moving target defense
[110] Y. Fan, Z. Zhang, M. Trinkle, A. D. Dimitrovski, J. B. Song, and against false data injection attacks,” IEEE Transactions on Smart Grid,
H. Li, “A cross-layer defense mechanism against gps spoofing attacks pp. 1–1, 2020, event: IEEE Transactions on Smart Grid.
on pmus in smart grids,” IEEE Transactions on Smart Grid, vol. 6, [130] Z. Zhang, R. Deng, D. K. Yau, P. Cheng, and J. Chen, “Analysis of
no. 6, pp. 2659–2668, 11 2015, event: IEEE Transactions on Smart moving target defense against false data injection attacks on power
Grid. grid,” IEEE Transactions on Information Forensics and Security,
[111] Y. Huang, H. Li, K. A. Campbell, and Z. Han, “Defending false data vol. 15, pp. 2320–2335, 2019.
injection attack on smart grid network using adaptive cusum test.” [131] B. Li, G. Xiao, R. Lu, R. Deng, and H. Bao, “On feasibility and
2011 45th Annual Conference on Information Sciences and Systems, limitations of detecting false data injection attacks on power grid state
3 2011, pp. 1–6. estimation using d-facts devices,” IEEE Transactions on Industrial
[112] L. Liu, M. Esmalifalak, Q. Ding, V. A. Emesih, and Z. Han, “Detecting Informatics, vol. 16, no. 2, pp. 854–864, 2 2020.
false data injection attacks on power grid by sparse optimization,” IEEE [132] S. Lakshminarayana and D. K. Yau, “Cost-benefit analysis of moving-
Transactions on Smart Grid, vol. 5, no. 2, pp. 612–621, 3 2014, event: target defense in power grids,” IEEE Transactions on Power Systems,
IEEE Transactions on Smart Grid. 2020.
[113] G. Chaojun, P. Jirutitijaroen, and M. Motani, “Detecting false data [133] B. Liu, L. Edmonds, H. Zhang, and H. Wu, “An interior-point solver
injection attacks in ac state estimation,” IEEE Transactions on Smart for optimal power flow problem considering distributed facts devices,”
Grid, vol. 6, no. 5, pp. 2476–2483, 9 2015, event: IEEE Transactions in 2020 IEEE Kansas Power and Energy Conference (KPEC), 2020,
on Smart Grid. pp. 1–5.
[114] J. Zhao, G. Zhang, M. La Scala, Z. Y. Dong, C. Chen, and J. Wang, [134] B. Liu, H. Wu, A. Pahwa, F. Ding, E. Ibrahim, and T. Liu, “Hidden
“Short-term state forecasting-aided method for detection of smart grid moving target defense against false data injection in distribution net-
general false data injection attacks,” IEEE Transactions on Smart Grid, work reconfiguration,” in 2018 IEEE Power & Energy Society General
vol. 8, no. 4, pp. 1580–1590, Jul. 2017, event: IEEE Transactions on Meeting (PESGM). IEEE, 2018, pp. 1–5.
Smart Grid. [135] J. Tian, R. Tan, X. Guan, and T. Liu, “Enhanced hidden moving target
[115] A. Ashok, M. Govindarasu, and V. Ajjarapu, “Online detection of defense in smart grids,” IEEE Transactions on Smart Grid, vol. 10,
stealthy false data injection attacks in power system state estimation,” no. 2, pp. 2208–2223, 3 2019.
IEEE Transactions on Smart Grid, vol. 9, no. 3, pp. 1636–1646, May [136] Z. Zhang, R. Deng, D. K. Yau, P. Cheng, and J. Chen, “On hiddenness
2018, event: IEEE Transactions on Smart Grid. of moving target defense against false data injection attacks on power
[116] M. Ozay, I. Esnaola, F. T. Yarman Vural, S. R. Kulkarni, and H. V. grid,” ACM Transactions on Cyber-Physical Systems, vol. 4, no. 3, pp.
Poor, “Machine learning methods for attack detection in the smart 1–29, 2020.
grid,” IEEE Transactions on Neural Networks and Learning Systems, [137] Y. Mo, S. Weerakkody, and B. Sinopoli, “Physical authentication
vol. 27, no. 8, pp. 1773–1786, 2016. of control systems: Designing watermarked control inputs to detect
[117] J. Yan, B. Tang, and H. He, “Detection of false data attacks in smart counterfeit sensor outputs,” IEEE Control Systems Magazine, vol. 35,
grid with supervised learning,” in 2016 International Joint Conference no. 1, pp. 93–109, 2 2015, event: IEEE Control Systems Magazine.
on Neural Networks (IJCNN), 2016, pp. 1395–1402. [138] F. Miao, M. Pajic, and G. J. Pappas, “Stochastic game approach for
[118] J. Sakhnini, H. Karimipour, and A. Dehghantanha, “Smart grid cyber replay attack detection,” in 52nd IEEE conference on decision and
attacks detection using supervised learning and heuristic feature se- control. IEEE, 2013, pp. 1854–1859.
lection,” in 2019 IEEE 7th International Conference on Smart Energy [139] B. Satchidanandan and P. R. Kumar, “Dynamic watermarking: Active
Grid Engineering (SEGE), 2019, pp. 108–112. defense of networked cyber–physical systems,” Proceedings of the
[119] X. Niu, J. Li, J. Sun, and K. Tomsovic, “Dynamic detection of false IEEE, vol. 105, no. 2, pp. 219–240, 2016.
data injection attack in smart grid using deep learning,” in 2019 IEEE [140] A. Ferdowsi and W. Saad, “Deep learning-based dynamic watermarking
Power Energy Society Innovative Smart Grid Technologies Conference for secure signal authentication in the internet of things,” in 2018 IEEE
(ISGT), 2019, pp. 1–6. International Conference on Communications (ICC). IEEE, 2018, pp.
[120] Y. Li, Y. Wang, and S. Hu, “Online generative adversary network based 1–6.
measurement recovery in false data injection attacks: A cyber-physical [141] Y. Zhang, J. Wang, and J. Liu, “Attack identification and correction
approach,” IEEE Transactions on Industrial Informatics, vol. 16, no. 3, for pmu gps spoofing in unbalanced distribution systems,” IEEE
pp. 2031–2043, 2020. Transactions on Smart Grid, vol. 11, no. 1, pp. 762–773, 1 2020, event:
[121] G. Ding, Q. Wu, Y.-D. Yao, J. Wang, and Y. Chen, “Kernel-based IEEE Transactions on Smart Grid.
learning for statistical signal processing in cognitive radio networks: [142] J. Bélanger, P. Venne, and J.-N. Paquin, “The what, where and why of
Theoretical foundations, example applications, and future directions,” real-time simulation,” Planet Rt, vol. 1, no. 1, pp. 25–29, 2010.
IEEE Signal Processing Magazine, vol. 30, no. 4, pp. 126–136, 2013. [143] C. Davis, J. Tate, H. Okhravi, C. Grier, T. J. Overbye, and D. Nicol,
[122] T. Xie, N. M. Nasrabadi, and A. O. Hero, “Learning to classify with “Scada cyber security testbed development,” in 2006 38th North
possible sensor failures,” IEEE Transactions on Signal Processing, American Power Symposium. IEEE, 2006, pp. 483–488.
vol. 65, no. 4, pp. 836–849, 2016. [144] M. Mallouhi, Y. Al-Nashif, D. Cox, T. Chadaga, and S. Hariri, “A
[123] Z. Qin, Y. Gao, and M. D. Plumbley, “Malicious user detection based testbed for analyzing security of scada control systems (tasscs),” in
on low-rank matrix completion in wideband spectrum sensing,” IEEE ISGT 2011. IEEE, 2011, pp. 1–7.
Transactions on Signal Processing, vol. 66, no. 1, pp. 5–17, 2017. [145] T. Strasser, M. Stifter, F. Andrén, and P. Palensky, “Co-simulation train-
[124] E. Al-Shaer, Q. Duan, and J. H. Jafarian, “Random host mutation for ing platform for smart grids,” IEEE Transactions on Power Systems,
moving target defense,” A. D. Keromytis and R. Di Pietro, Eds. Berlin, vol. 29, no. 4, pp. 1989–1997, 2014.
Heidelberg: Springer Berlin Heidelberg, 2013, pp. 310–327. [146] B. Chen, K. L. Butler-Purry, A. Goulart, and D. Kundur, “Implementing
[125] K. L. Morrow, E. Heine, K. M. Rogers, R. B. Bobba, and T. J. Overbye, a real-time cyber-physical system test bed in rtds and opnet,” in 2014
“Topology perturbation for detecting malicious data injection.” 2012 North American Power Symposium (NAPS). IEEE, 2014, pp. 1–6.
45th Hawaii International Conference on System Sciences, Jan. 2012, [147] M. H. Athari and Z. Wang, “Impacts of wind power uncertainty on
pp. 2104–2113, iSSN: 1530-1605. grid vulnerability to cascading overload failures,” IEEE Transactions
[126] K. R. Davis, K. L. Morrow, R. Bobba, and E. Heine, “Power flow cyber on Sustainable Energy, vol. 9, no. 1, pp. 128–137, 2017.
attacks and perturbation-based defense.” 2012 IEEE Third Interna- [148] A. Muir and J. Lopatto, “Final report on the august 14, 2003 blackout
tional Conference on Smart Grid Communications (SmartGridComm), in the united states and canada: causes and recommendations,” US–
Nov. 2012, pp. 342–347. Canada Power System Outage Task Force, Canada, 2004.
H. ZHANG ET AL.: CYBER-PHYSICAL ATTACK AND DEFENSE 19

[149] F. E. R. Commission et al., “Arizona-southern california outages on

september 8, 2011: Causes and recommendations,” FERC and NERC
Staff, Apr, 2012.
[150] L. Wang, Z. Qu, Y. Li, K. Hu, J. Sun, K. Xue, and M. Cui, “Method
for extracting patterns of coordinated network attacks on electric power
cps based on temporal–topological correlation,” IEEE Access, vol. 8,
pp. 57 260–57 272, 2020.
[151] F. Pasqualetti, F. Dörfler, and F. Bullo, “A divide-and-conquer approach
to distributed attack identification,” in 2015 54th IEEE Conference on
Decision and Control (CDC). IEEE, 2015, pp. 5801–5807.
[152] F. Fusco, “General bad data identification and estimation in the
presence of critical measurement sets,” in 2014 IEEE PES General
Meeting— Conference & Exposition. IEEE, 2014, pp. 1–5.
[153] A. Primadianto and C.-N. Lu, “A review on distribution system state
estimation,” IEEE Transactions on Power Systems, vol. 32, no. 5, pp.
3875–3883, 2016.

Hang Zhang (S’2020) received his B.S. and M.S.

degree in Electrical and Computer Engineering at
Kansas State University, Manhattan, KS, USA in
2017 and 2018, respectively. He is currently pursu-
ing the Ph.D. degree in Electrical and Computer En-
gineering at Kansas State University, Manhattan, KS,
USA. His research interests include cyber-physical
security and resiliency of power systems, machine
learning, and renewable energy.

Bo Liu (S’18) received his B.S. and M.S. degree

in Electrical Engineering from Harbin Institute of
Technology, China in 2013 and 2015, respectively.
He is currently working toward the Ph.D. degree
in Electrical and Computer Engineering at Kansas
State University, Manhattan, KS, USA. His current
research interests include cyber-physical security of
power systems, smart grid technologies, machine
learning, and state estimation in smart grids.

Hongyu Wu (SM’15) received the B.S. degree in

Energy and Power Engineering and the Ph.D. degree
in Control Science and Engineering from Xi’an Jiao-
tong University, Xi’an, China, respectively. He is an
Assistant Professor and a Michelle Munson-Serban
Simu Keystone Research Faculty Scholar with the
Department of Electrical and Computer Engineering,
Kansas State University (K-State), Manhattan, KS,
USA. He is a National Science Foundation EPSCoR
research fellow and a team member in the IEEE-
NERC Security Integration Project. Before joining
K-State, he was a Research Engineer with Power Systems Engineering Center,
National Renewable Energy Laboratory, Golden, CO, USA. From 2011 to
2014, he was a Postdoctoral Researcher with the Robert W. Galvin Center
for Electricity Innovation, Illinois Institute of Technology, Chicago, IL, USA.
His research interests include cyber-physical security of smart grids, power
system planning, operation and energy management, as well as grid integration
of renewable energy.