On Topology Attack of a Smart GridJinsub Kim and Lang Tong

School of Electrical and Computer EngineeringCornell University, Ithaca, NY 14853.Email: {jk752, lt35}@cornell.edu

Abstract—Cyber attacks on a smart grid aiming at mislead-ing the control center with incorrect topology information areconsidered. In such attacks, an adversary intercepts networkand meter data from the remote terminal units, modifies partof them, and forwards the modified data to the control center. Anecessary and sufficient condition for an undetectable topologyattack is presented, and an undetectable attack that requiresthe modification of only a few meter data is proposed. Whenthe adversary has limited local information, a heuristic attackstrategy is proposed. The proposed attacks are tested withIEEE 14-bus and 118-bus systems, and their effect on real-timelocational marginal pricing is examined.Index Terms—Topology attack, cyber security in smart grid,

bad data detection.

I. INTRODUCTIONSmart grid operations rely heavily on communications

among remote terminal units, substations, and control centers.Such dependency on communications exposes smart gridsto threats of cyber attacks. This paper considers a class ofcyber attacks that mislead the control center with an incorrect“target” topology.Power grid topology is an essential input to real-time grid

operations, including state estimation, real-time pricing, andreal-time dispatch. Hence, an adversary with the ability toperturb the topology information may have partial control overgrid operations. The adversary may mask a connected line asdisconnected or vice versa so that the control center makesimproper decisions in contingency analysis, optimal dispatch,or load shedding. Furthermore, since the topology is used inthe computation of real-time locational marginal price (LMP)[1], the adversary may perturb the topology estimate such thatthe adversary’s gain is maximized.In this paper, we consider the man-in-the-middle attacks

where the adversary intercepts network data (e.g., breakerand switch states) and meter data from remote terminal units,modifies part of them, and forwards the modified version tothe control center. Modern power systems are equipped withbad data tests which alert operators when inconsistency isdiscovered among network and meter data. Hence, for theadversary to succeed, it should modify both network and meterdata elaborately such that they are consistent with the “target”topology.The ability to launch successful attacks is limited by the

subset of data the adversary can modify, which depends

This work is supported in part by the National Science Foundationunder Grant CNS-1135844 and the DoE CERTS program. The first authorwas partially supported by Samsung Scholarship.

both on the protection measure of the power system and thepower of the adversary. In this paper, we aim to providethe condition under which the adversary may launch anundetectable topology attack and demonstrate that power gridsare easily vulnerable to topology attacks: even an adversarywith ability to modify only few data may successfully launchan undetectable topology attack. Our results call for the needof proper countermeasures.

A. Related works

Liu, Ning, and Reiter [2] first presented a feasible cyberattack on power grid state estimation, referred to as stateattack, which perturbs the state estimate by modifying a subsetof meter data. The attack considered in [2] cannot be detectedby the control center, and it can perturb the state estimatearbitrarily in a subspace of the state space. Many effortshave since been made to study feasibility of state attacks andcountermeasures. Kosut et al. [3] showed that feasibility ofundetectable state attacks can be characterized by the classicalnotion of system observability. Sandberg et al. [4] proposedthe use of security indices to measure the system robustness tostate attacks, and Dan and Sandberg [5] proposed an optimalstrategy to locate protection devices on meters to maximizesecurity indices. Kosut et al. [6] provided a graph-theoreticalcharacterization of the minimum number of data modificationsto launch an undetectable state attack. The effect of stateattacks on real-time pricing was also studied in [7], [8]. All theaforementioned works assumed that the adversary can modifyonly meter data. In this paper, we assume that the adversarymay also modify network data and study the attacks aimed atperturbing the topology estimate rather than the state estimate.

B. Summary of contributions and organizations

For the most powerful adversary who has access to globalinformation (network parameters, topology, and data), wepresent a necessary and sufficient algebraic condition for fea-sibility of undetectable topology attacks, and an undetectableattack with a small number of data modifications is proposed.For a single-line attack, in which the adversary aims to eitheradd or remove one line, the proposed attack is shown to beoptimal in the sense that it requires the minimum number ofdata modifications. For a weak adversary who has access toonly local data, we present a heuristic attack based on localinformation.The proposed attacks are tested with IEEE 14-bus and 118-

bus systems. The results demonstrate that the attacks may

978-1-4673-4896-6/13/$31.00 ©2013 IEEE

succeed with high probability and their effect on real-timepricing is non-negligible.The rest of the paper is organized as follows. Section II

presents backgrounds and mathematical formulation of theproblem. In Section III, we present a necessary and sufficientcondition for undetectable attacks and propose an undetectableattack with a small cost. Section IV presents a heuristic attackbased on local information. Section V provides simulationresults, and Section VI finishes the paper with concludingremarks.

II. PRELIMINARIES

The control center receives two types of data from metersand sensors deployed throughout the grid. One is the networkdata s ∈ {0, 1}d, each entry of which represents the state of abreaker (0 for open and 1 for closed). The second type is themeter data z ∈ Rm consisting of bus injection and line flowmeasurements.Without an attack or a sensing error, s gives the true breaker

states. Each s ∈ {0, 1}d corresponds to a system topology,which is represented by a directed graph G = (V,E), where Vis the set of buses and E is the set of connected transmissionlines. For each physical transmission line between two buses(e.g., i and j), we assign an arbitrary direction1 for the line(e.g., (i, j)), and (i, j) is in E if and only if the line isconnected. In addition, E0 denotes the set of all lines (withthe assigned directions), both connected and disconnected.In the absence of an attack and measurement noise, z is

assumed to come from the DC model [9]:

z = Hx (1)

where z ∈ Rm consists of the real parts of bus injectionand line flow measurements, H ∈ Rm×n is the measurementmatrix, and x ∈ Rn is the unknown state vector consistingof voltage phase angles at all buses except the slack bus. Inthe following sections, feasibility of an undetectable attackwill be analyzed under the noiseless assumption. However,the analysis will be followed by practical attacks under thenoisy model.The measurement matrix H in (1) depends on the system

topology G. If an entry zk of z is the measurement of the lineflow from i to j of a connected line in G, zk is Bij(xi − xj)where Bij is the line susceptance and xi is the voltage phaseat bus i. The corresponding row of H is equal to

h(i,j) � [0 · · · 0 Bij︸︷︷︸ 0 · · · 0 −Bij︸ ︷︷ ︸ 0 · · · 0].ith entry jth entry

(2)On the other hand, if zk is the measurement of the lineflow through a disconnected line in G, zk is zero, and thecorresponding row of H consists of all zero entries. If zk isthe measurement of bus injection at i, it is the sum of all theoutgoing line flows from i, and the corresponding row of H is

1The arbitrary assignment of direction for each line is only for the usein presentations in the later sections.

Topology ErrorIdentification

StateEstimator

TopologyProcessor/

ObservabilityAnalysis

Bad DataAnalysis

Fail

PassAttacker

< Generalized State Estimator >

zz

G (x, G)

(x, G)

ss

Fig. 1. Attack model with generalized state estimation

the sum of the row vectors corresponding to all the outgoingline flows.

A. Adversary model

As described in Fig. 1, the adversary launches a man-in-the-middle attack: it intercepts (s, z) from remote terminalunits, modifies part of them, and forwards the modified version(s, z) to the control center. In this paper, we assume a strongadversary who knows network parameters and observes allentries of (s, z) even though it may modify only part of them,except in Section IV, where we present an attack strategy fora weak adversary who can observe only few entries in (s, z).The system with the original topology G is assumed to be

observable: i.e., H has full column rank. The adversary aimsat modifying the topology estimate from G = (V,E) to G =(V, E). Note that G and G have the same set of vertices. Inother words, we only consider the attacks aimed at perturbingtransmission line connectivities2. We call the lines in E�E 3

target lines and the buses at the ends of the target lines targetbuses.The mathematical model of data modifications by the ad-

versary is as follows (the notation that a bar is on a variabledenotes the value modified by the adversary):

s = s+ b (mod 2),z = z+ a(z), a(z) ∈ A,

(3)

where s is the modified network data corresponding to the“target” topology G, b ∈ {0, 1}d represents the modificationson the network data s, a(z) ∈ Rm denotes the attackvector added to the meter data z, and A ⊂ Rm denotes thesubspace of feasible attack vectors. We use the notation a(z)to emphasize that the adversary can design the attack vectorbased on the whole meter data z. In addition, A has a formof {c ∈ Rm : ci = 0, i ∈ IS} where IS is the set of indicesof secure measurements that the adversary cannot alter. Notethat A fully characterizes the power of the adversary, and themapping a fully describes the attack strategy.

B. Detection of topology attack

As illustrated in Fig. 1, the control center executes gen-eralized state estimation (GSE) [10] with (s, z) as an input.

2The attacks aiming to split or combine buses are out of scope of thispaper. Such attacks require modifying the measurements of breaker statesinside substations. If the control center employs generalized state estimation[10], such modification invokes substation-level state estimation which leadsto a robust bad data test. Hence, such attacks are harder to avoid detection.

3For a pair of sets A and B, A�B � (A \B) ∪ (B \A).

GSE involves a more elaborate bad data detector than classicalstate estimation. In classical state estimation, network data aregenerally assumed to be free of error, and the state estimatorlooks for the state estimate that fits meter data best. In contrast,GSE regards network data as possibly erroneous and searchesfor both the topology and state estimate that fit the collecteddata best.We assume that the control center employs the following

consistency check for bad data detection:{bad data (attack) if z /∈ Col(H),no bad data (no attack) if z ∈ Col(H).

(4)

where (s, z) is the input to GSE and H is the measurementmatrix for the topology corresponding to s. In the absenceof an attack, (s, z) = (s, z) and H = H . Assuming that theadversarial data modification is the only major source of baddata, we consider declaration of “bad data” as declaration of“attack”. In practice, when the noise is present, the controlcenter employs residue tests, which, roughly speaking, projectz on Col(H) and declare “bad data” if residues are large. Inthe absence of noise, (4) is equivalent to the residue testsGiven the above detector, an undetectable topology attack

is defined as follows.Definition 2.1: An attack to modify G to G with the attack

vector a is said to be undetectable if

z+ a(z) ∈ Col(H), ∀z ∈ Col(H), (5)

where H and H are the measurement matrices for G and G

respectively.In other words, an undetectable attack can modify any meterdata z from the topology G to the data consistent with G.We aim to find the condition under which the adversary with

the subspace A ⊂ Rm of feasible attack vectors can launch anundetectable attack. In addition, we want to construct an attackstrategy that requires a small number of data modifications(i.e., a small dimension A), because modification of each datainvolves compromising a field metering device or communi-cation device, which is a time-consuming and difficult task.

III. TOPOLOGY ATTACK WITH GLOBAL INFORMATIONA. Condition for an undetectable attack

We first derive a necessary and sufficient algebraic conditionfor existence of an undetectable attack that modifies G to G

with the subspace A of feasible attack vectors.Suppose there is an undetectable attack a with a(z) ∈

A, ∀z ∈ Col(H). Then, undetectability implies that z+a(z) ∈Col(H), ∀z ∈ Col(H), and thus, Col(H) ⊂ Col(H,A).Now suppose Col(H) ⊂ Col(H,A). There exists a basis

{c1, . . . , cp,d1, . . . ,dq} of Col(H,A) such that {c1, . . . , cp}is a subset of columns of H and {d1, . . . ,dq} is a set oflinearly independent vectors in A. For any z ∈ Col(H), sinceCol(H) ⊂ Col(H,A), there exist unique (αi)

pi=1 ∈ Rp and

(βj)qj=1 such that z =

∑pi=1 αici +

∑qj=1 βjdj . If we set

a(z) = −∑qj=1 βjdj , z + a(z) =

∑pi=1 αici ∈ Col(H).

In addition, a(z) ∈ A for all z. Hence, there exists an

undetectable attack with the subspace A of feasible attackvectors.The above arguments lead to the following theorem.Theorem 3.1: There exists an undetectable attack to modify

G to G with the subspace A of feasible attack vectors if andonly if Col(H) ⊂ Col(H, A).With this algebraic condition, we can check whether the

adversary can launch an undetectable attack with A for thetarget G. By finding the smallest A satisfying the condition,we can characterize the minimum cost of undetectable attacksfor G.In the following section, we present an undetectable attack

requiring only few data modifications and prove its optimalityin single-line attacks by exploiting the condition given inTheorem 3.1.

B. State-preserving attack

This section presents a simple undetectable attack, referredto as state-preserving attack. As the name suggests, the ideaoriginates from observing the difference between Hx and Hx,which are the measurements from the systems with G and G

respectively, having the same state x.Given z = Hx ∈ Col(H), the state-preserving attack aims

to set a(z) equal to (H−H)x. Since H has full column rank,the attack vector can be obtained by using a projection operatoras a(z) � (H−H)(HtH)−1Htz. The state-preserving attackis undetectable: for any z = Hx ∈ Col(H), z+a(z) = Hx ∈Col(H).In the following, we will show that, for any state x ∈ Rn,

all entries of (H − H)x are zeros except those associatedwith target lines. This means that the adversary only needs tomodify data entries relevant to target lines.As noted in [11], H can be decomposed as H = MBAt,

whereM ∈ Rm×l is the measurement-to-line incidence matrixwith l � |E0|, B ∈ Rl×l is a diagonal matrix with the linesusceptances in the diagonal entries, and At ∈ Rl×n is theline-to-bus incidence matrix. Each column of M (each row ofAt) corresponds to a distinct line in E0. For 1 ≤ j ≤ l, if thejth column of M corresponds to (a, b) ∈ E0, let L+

j and L−jdenote (a, b) and (b, a) respectively. Then, M is defined suchthatMij = ±1 if (i) the ith meter (the meter corresponding tothe ith row of M ) is the line flow meter for L±j , or (ii) the ithmeter is an injection meter at a bus and L±j is an outgoing linefrom the bus; otherwise, Mij = 0. For At, (At)ji = ±1 if theline corresponding to the jth row of At (or equivalently thejth column of M ) is connected in G, and L±j is an outgoingline from i; otherwise, (At)ji = 0. Note that M and B areindependent of the topology, but At does depend on G. Fig. 2provides an example to illustrate the structures of M , B, andAt. Similarly, H is decomposed as H = MBAt.As illustrated in Fig. 2, the entries of BAtx ∈ Rl×1

correspond to the line flows of all the lines in E0 when thestate is x and the topology is G. Similarly, BAtx is the vectorof line flows when the state is x and the topology is G. If thestates are the same, the line flows from G and G differ only at

1

4

2

3

M =

0 1 1 -1 00 0 -1 0 -11 0 0 0 00 1 0 0 00 0 1 0 00 0 0 1 00 0 0 0 1

At =

0 -1 01 0 01 0 -10 0 00 1 -1

B = diag(B13, B21, B24, B32, B34)

(1,3) (2,1) (2,4) (3,2) (3,4) 2 3 42

4(1,3)(2,1)(2,4)(3,2)(3,4)

(1,3)(2,1)(2,4)(3,2)(3,4)

1

4

2

3

BAt x =1

4

2

3

B13(-x3)B21(x2)

B24(x2 - x4)0

B34(x3-x4)

BAt x =

B13(-x3)B21(x2)

B24(x2 - x4)B32(x3-x2)B34(x3-x4)

G

G

G

Fig. 2. The measurement, line, or bus corresponding to each row or columnis labled. Bus 1 is the slack bus.

the lines in E�E (i.e., target lines). Therefore, (BAt−BAt)xhas all zero entries except the entries corresponding to the linesin E�E. Specifically, the entry corresponding to (i, j) ∈ E\Eassumes fij(x) � Bij(xi − xj), and the entry correspondingto (i, j) ∈ E \ E assumes −fij(x). Hence, (H − H)x =M(BAt −BAt)x is equal to∑

(i,j)∈E\Efij(x)m(i,j) −

∑(i,j)∈E\E

fij(x)m(i,j) (6)

where m(i,j) is the column vector of M corresponding to(i, j). Note that m(i,j) is a sparse vector that has nonzeroentries only at the rows corresponding to the line flow meterson the line (i, j) and the injection meters at i and j.From (6), for any state x ∈ Rn, (H − H)x is a linear

combination of elements in {m(i,j) : (i, j) ∈ E�E}. Hence,the state-preserving attack, which sets a(z) = (H − H)x,modifies at most the line flow meters on the target lines andthe injection meters at the target buses.If the attack aims at adding or removing a single line from

G, the following theorem states that the state-preserving attackhas the minimum cost among undetectable attacks.

Theorem 3.2: Assume that (i) |E�E| = 1 and (ii) everyline in E, incident4 to any target bus with an injection meter,has at least one line flow meter on it.Then, the minimum number of meter data modifications (i.e.,

the smallest dimension of A) required by undetectable attacksis the total number of meters located on the target line andtarget buses. Since these are the exact set of meters that thestate-preserving attack modifies, it incurs the minimum cost.

Sketch of proof: Let E�E = {(a, b)}. We prove thestatement for the case that the attack removes (a, b), and there

4A line (i, j) is said to be incident to both i and j.

are two line flow meters on (a, b) (one for each direction) andinjection meters at both a and b 5.Suppose there exists an undetectable attack with A, and let

U = {ui1 , . . . , uiK} denote the basis of A consisting of unitvectors in Rm. Theorem 3.1 implies Col(H) ⊂ Col(H, A).It can be easily verified that m(a,b) ∈ Col(H, A), and thisimplies m(a,b) = Hx +

∑Kk=1 αkuik for some x ∈ Rn and

(αk)Kk=1 ∈ RK . Then, m � m(a,b)−

∑Kk=1 αkuik ∈ Col(H).

Let m(i,j) (m(i)) denote the entry of m corresponding to theline flow from i to j (the injection at i) and u(i,j) (u(i)) denotethem-dimensional unit vector with 1 at the row correspondingto the line flow from i to j (the injection at i). Physically,m ∈ Col(H) means that m is a vector of meter data consistentwith the topology G. It implies that (i) m(a,b) and m(b,a) arezeros, since (a, b) is disconnected in G, and (ii) the Kirchhoff’scurrent laws should hold at bus a and b in G. Using the specialstructure of m(a,b) and m, the following can be proved. From(i), one can prove that u(a,b), u(b,a) ∈ U. From (ii), one canshow that U should include u(a) or some u(a,k) (or u(k,a))with a and k connected in G. Similarly, U should include u(b)

or some u(b,k) (or u(k,b)) with b and k connected in G. Hence,|U| is no less than the total number of meters located on thetarget line (a, b) and the target buses a and b.

C. Undetectable attack with noisy measurements

In this section, we study topology attacks under the noisymeasurement assumption. We present a counterpart of thestate-preserving attack in the noisy measurement case.The noisy meter data are assumed to contain additive

Gaussian measurement errors:

z = Hx+ e, (7)

where e is a zero-mean Gaussian random vector with adiagonal covariance matrix Σ.With the observed data z, the control center obtains the

weighted least squares (WLS) estimate of the state x:

x = argminy

(z−Hy)tΣ−1(z−Hy)

= (HtΣ−1H)−1HtΣ−1z.

The residue r � z−Hx is often used for bad data detection[9]. We assume that the control center employs the J(x)-test, which has a nice property that its test statistic has thechi-squared distribution with the (m− n) degrees of freedom(denoted by χ2

m−n) under the absence of bad data [12]. TheJ(x)-test operates as follows:{

bad data (attack) if rtΣ−1r > τ ,no bad data (no attack) if rtΣ−1r ≤ τ , (8)

where τ is the detection threshold. τ is determined to satisfythe false alarm constraint α.We define statistical undetectability to characterize a class

of robust attacks.

5For the line addition attack and other meter availabilities, the similarargument can be made.

Definition 3.1: An attack with an attack vector a is said tobe statistically undetectable if, for any true state x, the J(x)-test with any false alarm constraint detects the attack with thedetection probability no greater than its false alarm constraint.Following the intuition behind the state-preserving attack

in Section III-B, we will construct its counterpart, which isstatistically undetectable. Recall the relation (6):

(H −H)x =∑

(i,j)∈E\Efij(x)m(i,j) −

∑(i,j)∈E\E

fij(x)m(i,j).

The above implies that

(H −H)x ∈ T � span{m(i,j) : (i, j) ∈ E�E} (9)

We set a(z) as a minimizer of the J(x)-test statistic6:

a(z) � argmind∈T

‖(z+ d)− HxWLS[z+ d]‖2Σ−1 (10)

where xWLS[z+ d] denotes the WLS state estimate when thetopology estimate is G, and z + d is observed at the controlcenter. Note that, since a(z) ∈ T, the attack with a modifiesat most the line flow measurements of the target lines and theinjection measurements of the target buses.Now, suppose that the adversary modifies breaker state

measurements such that the topology estimate becomes G andsimultaneously modifies the meter data with a(z). Then, theJ(x)-test statistic at the control center is upper bounded as

‖(z+ a(z))− HxWLS[z+ a(z)]‖2Σ−1

≤ ‖(Hx+ e)− HxWLS[Hx+ e]‖2Σ−1 ,

because (H−H)x is in T. Note that the right hand side is theJ(x)-test statistic when the meter data are consistent with thetopology estimate G. Hence, it has χ2

m−n distribution, the sameas the distribution of the J(x)-test statistic under the absenceof bad data [12]. This argument leads to the following theoremstating that this attack is statistically undetectable.

Theorem 3.3: The state-preserving attack a, as defined in(10), is statistically undetectable.xWLS[z + d] in (10) is a linear function of z + d, so a(z)

can be obtained as a linear weighted least squares solution.Specifically, a(z) has a form of a(z) = Dz where D ∈ Rm×m

depends on G, G, and Σ, but not on z. Hence, D can beobtained off-line before observing z.

IV. HEURISTIC WITH LOCAL INFORMATION

Suppose that the adversary wants to remove lines fromG, but it has access to only local measurements aroundthe target lines. Due to the lack of observations, the state-preserving attack does not seem directly applicable. However,we will see that, in some circumstances, the state-preservingattack actually reduces to a simple heuristic based on localmeasurements.

6We use ‖r‖2Σ to denote the quadratic form rtΣr.

Observedmeasurements

Attack-modifiedmeasurements

ii jj

zi

zij zji

zj zi − zij

0 0

zj − zji

Fig. 3. Heuristic operations around the target line (i, j)

We first consider the noiseless measurement case. Since weconsider line-removal attacks, E � E. Therefore, recalling (6),we have

(H −H)x = −∑

(i,j)∈E\Efij(x)m(i,j) (11)

where fij(x), as defined in Section III, denotes the line flowfrom i to j when the line is connected, and the state is x.Let zij denote the measurement of the line flow from i to

j. Due to the absence of the measurement noise, zij = fij(x),and zji = −fij(x). With this observation and (11), we have

(H −H)x = −∑

(i,j)∈E\Ezijm(i,j) (12)

Therefore, setting a(z) = (H − H)x, which is the state-preserving attack, is equivalent to setting

a(z) = −∑

(i,j)∈E\Ezijm(i,j) (13)

From (13), one can see that adding the above a(z) to z isequivalent to the following heuristic described in Fig. 3:1) For every target line (i, j), subtract zij and zji from theinjection measurements at i and j respectively.

2) For every target line (i, j), modify zij and zji to 0.If a target line (i, j) has only one line flow meter (e.g., zji), wecan use −zji in the place of zij . But, if some target line hasno line flow meter, this heuristic is not applicable. Note thatthe heuristic only requires the ability to observe and modifythe line flow measurements of the target lines and the injectionmeasurements of the target buses. The adversary can launchit without knowing the topology or network parameters (i.e.,H and H are not necessary).The same heuristic is applicable to the noisy measure-

ments. Suppose that the adversary wants a(z) to approximateHx − Hx such that z + a(z) is close to Hx + e, whichis consistent with G. Because zij = fij(x) + eij , zij is anunbiased estimate of fij(x). Similarly, −

∑(i,j)∈E\E zijm(i,j)

is an unbiased estimate of −∑(i,j)∈E\E fij(x)m(i,j), which

is equal to Hx − Hx. Hence, it is reasonable to set a(z) =−∑

(i,j)∈E\E zijm(i,j) even in the noisy measurement case.

V. NUMERICAL RESULTSWe tested the state-preserving attack (in Section III-C) and

the heuristic with IEEE 14-bus and IEEE 118-bus system usinga practical nonlinear model, and investigated their effect onreal-time locational marginal prices (LMPs).For simulations, we first assigned the line capacities, gener-

ation limits, and estimated loads, and obtained the day-ahead

0 5 10 15 200

0.02

0.04

0.06

0.08

0.1

0.12

Detection probability of topology attacks (False alarm const. = 0.1)

target branch index

dete

ctio

n pr

obab

ility State−preserving

Heuristic

Fig. 4. Detection probability (1000 Monte Carlo runs): the x-axis is for thetarget line index. The measurement noise standard deviation was 0.5 p.u.

dispatch. Then, we modeled the states (i.e., voltage magnitudesand phases of buses) as Gaussian random variables with smallvariances and the means equal to the states for the day-aheaddispatch. In each Monte Carlo run, we generated a state vectorfrom the aforementioned distribution and used the nonlinearAC power flow model7 with Gaussian measurement noiseto generate noisy meter measurements. The adversary wasassumed to modify the network data accordingly, observe thenoisy meter measurements, add the corresponding attack vec-tor to them, and pass the modified version to the control center.The control center employed the nonlinear state estimator toobtain the residue and performed the J(x)-test. If the controlcenter failed to detect the attack, it calculated real-time LMPsbased on the state estimates.We assumed that the attacker aims to remove a single line

from the topology. Fig. 4 presents the detection probabilityof the proposed attacks on IEEE 14-bus system, for differenttarget lines. It shows that the attacks on most target linessucceeded with low detection probabilities, close to the falsealarm constraint 0.1. Table I shows the detection probabilityaveraged over all possible target lines. Again, the detectionprobabilities of both the state-preserving attack and the heuris-tic are close to the false alarm constraints. The performanceof the heuristic is remarkably good considering that it needsonly a small amount of resources.We also examined the absolute perturbation of the real-

time LMPs (see [1] for the details about real-time LMP). Theestimated set of congested lines and the shift-factor matrixare critical inputs to the real-time LMP calculation, and bothheavily depend on the topology estimate. Hence, we expectthat the proposed attacks would perturb the real-time LMP

7In simulations, we have reactive measurements, which were not con-sidered in our analysis. We simply used the same analysis on the reactivecomponents of the linearlized decoupled model [9] and derived the reactivecounterpart of the state-preserving attack. For the heuristic, we apply theheuristic to the active measurements and the reactive measurements separately,in the same manner.

TABLE IDETECTION PROBABILITY (1000 MONTE CARLO RUNS)

14-bus 118-busfalse alarm const. α α = 0.1 α = 0.01 α = 0.1 α = 0.01

state-preserving 0.061 0.009 0.075 0.005heuristic 0.105 0.019 0.095 0.009

calculation. In our simulations, both the state-preserving attackand the heuristic resulted in changes in the real-time LMPsby 10% on average for the 14-bus system and 3.3% for the118-bus system. The results imply that the effect of topologyattacks on real-time LMPs is non-negligible.

VI. CONCLUSIONThis paper presented a class of cyber attacks on smart grids

that mislead the control center with an incorrect topologyestimate. For an adversary with global information aboutsystem state, the feasibility condition for undetectable attackswas presented, and undetectable attacks with a small numberof meter modifications were proposed. For a weak adversarywith local information, a simple undetectable heuristic wasproposed. The numerical results showed that the proposedattacks can succeed with very low detection probabilities, andtheir effect on real-time LMPs is significant. The overall re-sults suggest that successful topology attacks can be launchedwith a small amount of resources, and a proper countermeasureis necessary.

REFERENCES[1] A. L. Ott, “Experience with pjm market operation, system design, and

implementation,” IEEE Trans. Power Systems, vol. 18, no. 2, pp. 528–534, May 2003.

[2] Y. Liu, P. Ning, and M. K. Reiter, “False data injection attacks againststate estimation in electric power grids,” in Proceedings of the 16th ACMconference on Computer and communications security, 2009, pp. 21–32.

[3] O. Kosut, L. Jia, R. J. Thomas, and L. Tong, “Limiting false dataattacks on power system state estimation,” in Proc. 2010 Conferenceon Information Sciences and Systems, Mar 2010.

[4] H. Sandberg, A. Teixeira, and K. H. Johansson, “On security indicesfor state estimators in power networks,” in First Workshop on SecureControl Systems,CPSWEEK 2010, Stockholm, Sweeden, Apr 2010.

[5] G. Dan and H. Sandberg, “Stealth attacks and protection schemes forstate estimators in power systems,” in Proc. IEEE 2010 SmartGrid-Comm, Gaithersburg, MD, USA., Oct 2010.

[6] O. Kosut, L. Jia, R. J. Thomas, and L. Tong, “Malicious Data Attackson the Smart Grid,” IEEE Transactions on Smart Grid, vol. 2, no. 4,pp. 645 –658, dec. 2011.

[7] L. Xie, Y. Mo, and B. Sinopoli, “False data injection attacks in electricitymarkets,” in Proc. IEEE 2010 SmartGridComm, Gaithersburg, MD,USA., Oct 2010.

[8] L. Jia, R. J. Thomas, and L. Tong, “Malicious data attack on real-timeelectricity market,” in Proc. 2011 IEEE Intl. Conf. Acoust. Speech &Sig. Proc. (ICASSP), Prague, Czech Republic, May 2011.

[9] A. Abur and A. G. Exposito, Power System State Estimation: Theoryand Implementation. CRC, 2000.

[10] O. Alsac, N. Vempati, B. Stott, and A. Monticelli, “Generalized stateestimation,” IEEE Transactions on Power Systems, vol. 13, no. 3, pp.1069 –1075, aug 1998.

[11] G. R. Krumpholz, K. A. Clements, and P. W. Davis, “Power systemobservability: a practical algorithm using network topology,” IEEETrans. Power Apparatus and Systems, vol. 99, no. 4, pp. 1534–1542,July 1980.

[12] E. Handschin, F. C. Schweppe, J. Kohlas, and A. Fiechter, “Baddata analysis for power system state estimation,” IEEE Trans. PowerApparatus and Systems, vol. PAS-94, no. 2, pp. 329–337, Mar/Apr 1975.