Developing a Correlation Indices to Identify Coordinated Cyber-Attacks on Power Grids
For power grid operators, this work addresses the challenge of detecting highly disruptive coordinated cyber-attacks that can cause blackouts.
The paper proposes Correlation Indices to detect Coordinated Cyber-Attacks (CCAs) on power grids, demonstrating their effectiveness against measurement attacks on Security Constrained Economic Dispatch with benefits of deployment simplicity and detection of sophisticated attacks.
Increasing reliance on Information and Communication Technology~(ICT) exposes the power grid to cyber-attacks. In particular, Coordinated Cyber-Attacks (CCAs) are considered highly threatening and difficult to defend against, because they (i) possess higher disruptiveness by integrating greater resources from multiple attack entities, and (ii) present heterogeneous traits in cyber-space and the physical grid by hitting multiple targets to achieve the attack goal. Thus, and as opposed to independent attacks, whose severity is limited by the power grid's redundancy, CCAs could inflict disastrous consequences, such as blackouts. In this paper, we propose a method to develop Correlation Indices to defend against CCAs on static control applications. These proposed indices relate the targets of CCAs with attack goals on the power grid. Compared to related works, the proposed indices present the benefits of deployment simplicity and are capable of detecting more sophisticated attacks, such as measurement attacks. We demonstrate our method using measurement attacks against Security Constrained Economic Dispatch.