Preventive-Corrective Cyber-Defense: Attack-Induced Region Minimization and Cybersecurity Margin Maximization

Abstract: False data injection (FDI) cyber-attacks on power systems can be prevented by strategically selecting and protecting a sufficiently large measurement subset, which, however, requires adequate cyber-defense resources for measurement protection. With any given cyber-defense resource, this paper proposes a preventive-corrective cyber-defense strategy, which minimizes the FDI attack-induced region in a preventive manner, followed by maximizing the cybersecurity margin in a corrective manner. First, this paper proposes a preventive cyber-defense strategy that minimizes the volume of the FDI attack-induced region via preventive allocation of any given measurement protection resource. Particularly, a sufficient condition for constructing the FDI unattackable lines is proposed, indicating that the FDI cyber-attack could be locally rather than globally prevented. Then, given a non-empty FDI attack-induced region, this paper proposes a corrective cyber-defense strategy that maximizes the cybersecurity margin, leading to a trade-off between the safest-but-expensive operation point (i.e., Euclidean Chebyshev center) and the cheapest-but-dangerous operation point. Simulation results on a modified IEEE 14 bus system verify the effectiveness and cost-effectiveness of the proposed preventive-corrective cyber-defense strategy.