Enhancing Power System Cyber-Security with Systematic Two-Stage Detection Strategy

Abstract: State estimation estimates the system condition in real-time and provides a base case for other energy management system (EMS) applications including real-time contingency analysis and security-constrained economic dispatch. Recent work in the literature shows malicious cyber-attack can inject false measurements that bypass traditional bad data detection in state estimation and cause actual overloads. Thus, it is very important to detect such cyber-attack. In this paper, multiple metrics are proposed to monitor abnormal load deviations and suspicious branch flow changes. A systematic two-stage approach is proposed to detect false data injection (FDI) cyber-attack. The first stage determines whether the system is under attack while the second stage identifies the target branch. Numerical simulations verify that FDI can cause severe system violations and demonstrate the effectiveness of the proposed two-stage FDI detection (FDID) method. It is concluded that the proposed FDID approach can efficiently detect FDI cyber-attack and identify the target branch, which will substantially improve operators situation awareness in real-time.