1
Impact of Cyber-Security Issues on Smart Grid
Y. Yang, Tim Littler, S. Sezer, K. McLaughlin and H. F. Wang
Abstract—Greater complexity and interconnectivity across
systems embracing Smart Grid technologies has meant that
cyber-security issues have attracted significant attention. This
paper describes pertinent cyber-security requirements, in
particular cyber attacks and countermeasures which are critical
for reliable Smart Grid operation. Relevant published literature
is presented for critical aspects of Smart Grid cyber-security,
such as vulnerability, interdependency, simulation, and
standards. Furthermore, a preliminary study case is given which
demonstrates the impact of a cyber attack which violates the
integrity of data on the load management of real power system.
Finally, the paper proposes future work plan which focuses on
applying intrusion detection and prevention technology to
address cyber-security issues. This paper also provides an
overview of Smart Grid cyber-security with reference to related
cross-disciplinary research topics.
Index Terms— Smart Grid, Cyber-security, Cyber attack
I. INTRODUCTION
A. Motivation
The term Smart Grid has become one of the most
prevailing phrases in electric utility parlance in recent years.
The basis of a smart system is that a power network should be
more flexible, accessible, secure, reliable, and economic
compared to traditional grid interconnection and technologies.
The backbone of any so-called Smart Grid is an information
system which is effectively driven using conventional protocol
exchange, typically IPv4 and IPv6, from web-based and Java
supported controls. To accomplish Smart Grid objectives,
state-of-the-art information and communication technologies
(ICT) will provide the necessary communication
infrastructure. However, at the same time new vulnerabilities
will also emerge from the Smart Grid which will raise a large
number of critical cyber-security issues.
Cyber-security is a concerning issue because of emerging
cyber threats and security incidents targeting electricity
infrastructure. Cyber-security must address not only deliberate
attacks, for example from dissatisfied employees, industrial
spies, and terrorists, but also unintended compromises of the
cyber infrastructure due to user errors, equipment failure, and
natural disasters. Vulnerabilities may allow an attacker to
penetrate a system, get access to a control centre, and modify
load conditions to destabilize a Smart Grid in unpredictable
Y. Yang, Tim Littler, S. Sezer, K. McLaughlin and H. F. Wang are with
the School of Electronics, Electrical Engineering and Computer Science,
Queen’s University Belfast, Belfast, BT9 5AH UK (e-mail:
yyang09@qub.ac.uk; t.littler@ee.qub.ac.uk; s.sezer@ecit.qub.ac.uk;
kieran.mclaughlin@ee.qub.ac.uk; hf.wang@qub.ac.uk).
ways leading to serious results, for example brownout or even
catastrophic blackout [1]. In addition, cyber-security issues
may also result in a breach of customer privacy and
unpredicted economic losses in the electricity market.
Smart Grid cyber-security is typically assessed by a study
of the weakest links, similar to the “cask principle” in
economics. Hence, the increased interconnectivity and
complexity of Smart Grids introduce new security related
challenging issues.
B. Real cyber-security incidents
Both malicious and unintended cyber security incidents
have happened from time to time, several of which are as
follows:
In January 2003, the Slammer worm disabled the
computerized safety monitoring system at the Davis-Besse
nuclear power plant in Ohio, which was shut down for repair
at that time. The responsible managers considered the plant
‘secure’, as its outside network connection was protected by a
firewall. The worm entered the plant network by a contractor’s
infected computer that was connected via telephone dial-up
directly to the plant network, thus bypassing the firewall [2],
[3].
In March 2008, Hatch nuclear power plant near Baxley,
Georgia was forced into an emergency shutdown for 48 hours
after a software update was installed on a single computer.
According to a report filed with the Nuclear Regulatory
Commission, when the updated computer rebooted, it reset the
data on the control system, causing safety systems to errantly
interpret the lack of data as a drop in water reservoirs that cool
the plant's radioactive nuclear fuel rods. As a result, automated
safety systems at the plant triggered a shutdown [4].
In July 2010, The Stuxnet worm attacked the Siemens
SIMATIC WinCC supervisory control and data acquisition
(SCADA) system, using at least four vulnerabilities of the
Microsoft Windows operating system. It was the first
malicious code attack which damaged the industrial
infrastructures directly. According to Symantec's statistics,
about 45,000 networks around the world have been infected
with the worm so far, and 60% of the victim hosts are in Iran.
The Iranian government has confirmed that the country's
Bushehr nuclear power plant has been attacked by Stuxnet [5].
Stuxnet has become the first worm crossing both the cyber
and physical world by manipulating the control system of the
critical infrastructure. Stuxnet indicates the development
tendency of cyber wars and terrorism in the future. It also
means that cyber-security must be inherently embedded into
any Smart Grid system as a foundation of next generation
critical infrastructure.
 2

From published cyber-security incidents, it is apparent that compromise the Smart Grid are as follows:
the electric power industry has been and is susceptible to 1) DoS/DDoS: DoS or DDoS attacks attempt to delay,
potential cyber-security threats. Therefore, timely research on obstruct or damage information transmission and exchange
cyber-security issues for the Smart Grid is highly relevant, between nodes in a Smart Grid. These malicious attacks can
immediate and a particularly significant engineering task. decrease the availability of systems. The Smart Grid will
partly, if not fully, utilize IP-based protocols (e.g., IEC 61850
C. Outline
has already use TCP/IP as a part of its protocol stacks) and
The remaining parts of this paper are organized as follows: TCP/IP is vulnerable to DoS/DDoS attacks, so highly
Section II introduces general aspects of Smart Grid cyber- developed countermeasures to these attacks are indispensable
security including cyber-security requirements, typical cyber to the Smart Grid.
attacks and countermeasures. Section III is related work for 2) Malicious Software: Malicious software is also referred
several critical aspects of Smart Grid cyber-security, such as to generally as malware. General types of malware contain
vulnerability, interdependency, simulation, and standards. viruses, worms, Trojan horses, logic bombs, and backdoors or
Section IV describes a preliminary study on the impact of a trapdoors [7]. Malware attacks may directly or indirectly
cyber attack on load management in real power system. decrease or compromise the availability, integrity or
Finally, future work is proposed at the end of the paper confidentiality of cyber infrastructure. Logic bombs and
focusing on developing intrusion detection approaches to backdoors or trapdoors in particular are deliberately embedded
mitigate cyber-security issues in the Smart Grid. into programs by program developers which may be utilized to
launch attacks later.
II. GENERAL ASPECTS OF SMART GRID CYBER-SECURITY 3) Identity Spoofing: Identity spoofing attacks allow
A. Cyber-Security Requirements attackers to impersonate an authorized user without using the
The US National Institute of Standards and Technology user’s passwords. Common identity spoofing attacks consist
(NIST) propose three main cyber-security requirements for the of man-in-the-middle attacks, message replays, network
Smart Grid in [6]: availability, integrity and confidentiality. spoofing (for example IP spoofing), and software exploitation
1) Availability: This requirement refers to ensuring timely attacks [7].
and reliable access to or use of information to authorized users. 4) Password Pilfering: Password pilfering attacks refer to a
In terms of the Smart Grid, this relates to all cyber systems, violation of confidentiality. The common methods for
for example SCADA, distributed control centres and pilfering user passwords contain guessing, social engineering,
distribution management system (DMS), as well as the dictionary attacks, and password sniffing. Social engineering
communication networks between these systems and external in particular is a method of attacking or penetrating a system
networks. A loss of availability, such as denial-of-service using social skills (for example psychological measures),
(DoS) and distributed DoS (DDoS), may not only lead to rather than by technical attacks [7].
economic losses but also result in security problems, for 5) Eavesdropping: The aim of the attacker is to
example blackout or brownout, as operators may lose the compromise the confidentiality of the communication in the
ability to monitor and control the systems. Thus, availability is Smart Grid, typically sniffing IP packets on the local area
generally considered as the most significant cyber security network (LAN) or intercepting wireless transmissions on the
requirement in the Smart Grid. home area network (HAN) in the Smart Grid [8].
2) Integrity: This requirement refers to guarding against 6) Intrusion: Intrusion means that an illegitimate user gets
undetected information modification or destruction by access to a cyber system and obtains the ability to control
unauthorized persons or systems including ensuring data non- aspects of the behaviour of the system at will, including the
repudiation and authenticity. Integrity for Smart Grids applies ability to violate confidentiality and integrity requirements [8].
to information such as sensor values and control commands. A IP scans and port scans are common hacking tools to realize
lack of integrity leads to deception which may cause safety intrusion attacks [7].
issues, for example during a potential situation operator 7) Side-Channel Attacks: A side-channel attack exploits
judgment may be compromised by unreliable data. information gained from the implementation of a cryptosystem
3) Confidentiality: This requirement refers to preventing in order to infer the cryptographic key [9]. Common side-
disclosure of secret information to unauthorized users. From a channel attacks include power analysis attacks [10],
Smart Grid perspective, this refers to privacy of customer electromagnetic analysis attacks [11] and timing attacks [12].
information, electric market data and critical enterprises Smart Grid equipment in the field, such as substation devices,
information. Violation of confidentiality results from pole-top equipment, smart meters and in-house devices, are
disclosure of private information. With the increasing vulnerable to side-channel attacks which could result in
accessibility of customer information on the internet, compromise of customer privacy, usage information and
confidentiality is becoming more and more significant. passwords, and even allow attackers to potentially obtain
administrative access to Smart Grid systems [6].
B. Typical Cyber Attacks
C. Countermeasures and Management
An intentional violation of a cyber-security requirement is
called an attack. Some typical cyber attacks which may In response to the aforementioned cyber-security
requirements and typical cyber attacks, the International

Electro-technical Council (IEC) TC57 WG15 [31] have
proposed a set of appropriate countermeasures.
Technical solutions include encryption, access control,
antivirus or spyware, firewall, virtual private network (VPN),
intrusion detection system (IDS), application of security
standards (IEC 62351 in particular), etc.
From a security management viewpoint, solutions include
key management, risk assessment of assets, during-attack
coping and post-attack recovery, security policy exchange,
security incident and vulnerability reporting, etc.
III. RELATED WORK
Increasingly, academic and industrial related organisations
are focusing on cyber-security issues in the Smart Grid.
However, cross-disciplinary research connecting
developments in power systems and IT is still at an early
stage. In this section, relevant published literature in the
critical areas required by Smart Grid cyber-security is
surveyed and summarized.
A. Vulnerability and Risk Assessment
According to a European research roadmap of cyber-
security for critical infrastructures, including Smart Grids, the
initial step in assessment is vulnerability evaluation and risk
evaluation, especially for the next 3-5 years. A number of
academic related organisations are targeting this particular
topic. For instance, Chen-Ching Liu et al have applied attack
trees and Petri nets to quantify vulnerability assessment in
terms of SCADA systems in the electric industry and
developed several software tools for cyber-security
vulnerabilities like PENET [13]-[16]. However, it is a
complex progress due to interdependencies between cyber
networks and power systems. In addition, there is a lack of
practical statistical and historical data.
B. Interdependency and Interaction
A better understanding of interdependency and interaction
between the cyber and physical infrastructure is highly
beneficial for cross-disciplinary research, particularly for
cyber-security issues in the Smart Grid.
At present there are many modelling and simulation
methods [17]-[19] for assessment of interdependency and
interaction of critical infrastructures such as cyber
infrastructures and power systems.
In terms of modelling and simulation of complex
infrastructures, there are mainly microscopic and macroscopic
approaches. At a microscopic level, small sections of the
infrastructure are modelled, though low-level models may fail
to see the larger picture; at a macroscopic level, a holistic
system is modelled using high level abstractions, however it
may sometimes result in certain improper abstractions [20]. In
practice, a bottom-up modelling approach is a preferable
approach to model cyber-security issues in the Smart Grid
combining both microscopic and macroscopic approaches.
C. Simulation and Test Bed
One approach to attain practical data is to build a
comparatively simple simulation which can approximate a real
3
situation, for example the US Idaho National Lab SCADA test
bed [21].
In addition, the European 6th Framework Program (FP6)
project ‘Critical Utility Infrastructure Resilience’ (CRUTIAL)
[22] set up a tele-control and micro-grid test beds to collect
data statistics and evaluate malicious attacks in grid tele-
operation and micro grid control scenarios.
Furthermore, researchers from the University of Arizona in
US [23] develop a test bed to analyse the security of SCADA
control systems (TASSCA) which consists of three software
tools: i) The OPNET tool simulating the communication
network; ii) The PowerWorld tool, which simulates electrical
power grid operation; and iii) An Autonomic Software
Protection System (ASPS) which detects cyber attacks in
SCADA systems. The test bed adopted a TCP, Modbus and
distributed network protocol (DNP3) protocol analyser to
detect SCADA attack anomalies, for example protocol state
transition analysis.
Other researchers have tried to exploit the coupled power
grid communication network simulator based on software
agents or application program interface (API) methods [24]-
[26] using commercial-off-the-shelf (COTS) simulation tools,
such as MATLAB, PSCAD/EMTDC, OpenDSS (EPRI),
PSSTMNETOMAC (SIEMENS), NS2/3, OPNET and
OMNET++.
From published work and the above examples it is known
that authentic simulation and accurate test beds are effective
tools for Smart Grid cyber-security research. However,
comprehensive and well-developed tools require significant
effort to fully develop but are often propriety, hence limited
open simulation and test bed resources are available to the
wider research community. Thus the formulation of an open
cyber-security framework for Smart Grid technologies is one
particular focus of this work.
D. Standards, Regulations and Protocols
Recently, many institutions have paid much attention to
Smart Grid cyber-security such as NIST, the North American
Electric Reliability Corporation-Critical Infrastructure
Protection (NERC-CIP) and the IEEE. Some guidelines,
roadmaps, technological requirements and standards have
been developed. For instance, the NIST has identified five
foundation Smart Grid standards: IEC 61968, IEC61970, IEC
61850, IEC 60870-6 and IEC 62351; the IEC also
recommends five similar standards as a core requirement for
the Smart Grid using IEC 62357 instead of IEC 60870-6. The
standard IEC 62351 is specially designed for cyber-security in
Smart Grid with the purpose of undertaking the development
of standards for security of communication protocols defined
by IEC TC 57; specifically IEC 60870-5, IEC 60870-6, IEC
61850, IEC 61970, and IEC 61968.
Additionally, there are mainly three regulations focusing on
Smart Grid cyber-security:
1) NERC CIPs: The NERC-CIP cyber security standards
[27] cover cyber-security protection of the most critical
electrical generation and transmission assets that control or
affect the reliability of North America’s bulk electric systems
(BES).
 4

2) NIST 800-53: NIST special publication 800-53 (revision

3) establishes the recommended security controls for federal
information systems and organizations [28].
3) NISTIR 7628: This report provides guidelines for Smart
Grid cyber-security [6]. It attempts to describe how to secure
the whole cyber infrastructure in the Smart Grid, though at a
high level.
In the US, the NERC is collaborating with Department of Fig. 1 A diagram of a simple power system with a cyber attack
Energy (DOE) and NIST to develop comprehensive cyber-
security risk management process guidelines for the entire 2
1.9
electricity grid, including the bulk power and distribution 1.8
Sensor S2 output (Bias=1.1MW)
Sensor S2 real output power
systems. This initiative is particularly important with the
increasing availability of Smart Grid technologies [29]. 1.6

The wider standards and protocols on Smart Grid cyber- 1.4

security are described in the form of table in [30].

Active Power (MW)

1.2
1.1
IV. PRELIMINARY RESEARCH ON THE IMPACT OF A CYBER 1
ATTACK ON SMART GRID
0.8
It has been well established that cyber attacks can result in
0.6
a large number of negative impacts on the secure, reliable and
economic operation of a system exploiting Smart Grid 0.4
technologies. Thereafter, effects can include blackout,
0.2
brownout, instability, unreliability, failure and economic
losses. Therefore, it is essential to quantitatively study the 0
0 1 2 3 3.2 4 5 6 7 8 9 10
potential impacts of cyber attacks on the weak points in power Time (sec)
systems. Fig.2. Sensor S2 active power output with a bias of 1.1MW and real output
D. Kundur et al. in [18] propose a graph-based dynamic
system model to describe both cyber and electrical grids 60
System frequency (Bias=-0.4MW)
focusing on the impact analysis of cyber attacks on real power 55
System frequency (Bias=0.2MW)
systems. This paper has adopted this proposed method and 50
model as the basis for a preliminary study on the impact of
cyber attacks on a Smart Grid system. 45

A basic simulation model in MATLAB/Simulink was 40

Frequency (Hz)

constructed which can demonstrate the impact of a cyber 35

attack violating the integrity of data on the load management
of the Smart Grid. Through the simulation, it is apparent that a 30

cyber attack on something as trivial as a sensor reading can 25

lead to a disruption in power delivery. 20
The elementary diagram of the simulation is shown in Fig.
1 including a synchronous generator G, a distribution 15

transformer T, three feeders (L1-L3), three circuit breakers (B1- 10

B3), two loads or plug-in hybrids (Z1 and Z2), four sensors (S1-
5
S4), three breaker actuators (C1-C3) and a control centre. The 0 1 2 3 3.2 4 5
Time (sec)
6 7 8 9 10

control centre can send a control signal to a corresponding
circuit breaker to realise load management as a technical part
of demand side management (DSM) in the Smart Grid. To
avoid single generator power system instability, breaker B2
and B3 can drop the load at required times when an individual
or combined load demand exceeds generation capability. All
sensor signals will be uploaded to the control centre for
decision-making. If some of the sensor signals are affected by
cyber attacks, data integrity has been breached and the system
is therefore vulnerable and insecure for the reliable control of
the power distribution system. Detailed simulation parameters
are as follows:
Simulation time: 0-10s; Simulation solver: discrete (fixed-
step); Sample time: 0.00001s; Single generator system
Fig.3. System frequency with the biases of －0.4MW and 0.2MW
frequency: 50HZ; Synchronous machine G: PN=1.0MW,
VN=11kV, Xd=1.305, Xd’=0.296, Xd”=0.252, Xq=0.474,
Xq”=0.243, Xl=0.18, Td’=1.01s, Td”=0.053s, Tq0”=0.1s, H=3.2s;
Three-phrase transformer T: PN=1.0MW, V1=11kV,
V2=0.4kV; Three-phase series RL branch (L1-L3):
r1=r2=r3=0.001Ω and l1=l2=l3=0.000027H; Two three-phase
series RLC loads Z1 and Z2: VN=0.4kV, P1=0.8MW,
P2=0.5MW.
In this example, sensor S2 is biased for cyber tampering.
Here, the cyber model is: S2(t)=P2(t)+§2(t), where S2(t) is the
attacked sensor information, P2(t) is the true power of sensor
S2 and §2(t) is a bias representing a cyber attack.
 5

In the case study, a cyber attack is rendered at 3s on sensor

S2 by adding a bias, and the load management in the control
centre delay is 0.2s. Fig. 2 describes the active power output
of S2. From 0 to 3s, load Z1 is being supplied. At 3s, sensor S2
is attacked by a bias §2(t)=1.1MW, which results in the output
of S2 falsely exceeding the capacity of generator G. After the
delay of 0.2s, the control centre sends control signals to
breaker actuators C1-C3, respectively, such that breaker B2 is
forced open and breaker B3 closed. Therefore, from the Fig.4. A hybrid intrusion detection solution for preventing cyber attacks
simulation result, it is clear that a cyber attack (a bias of
1.1MW) leads to incorrect load shedding (load Z1). monitoring for detecting unknown attacks is more feasible for
If sensor S2 is tampered by a bias of －0.4MW at 3s, when SCADA systems than general enterprise networks. In addition,
the fraudulent signal of sensor S2 is uploaded to the control several other new approaches have been presented to deal with
centre, the load management system in the control centre will intrusion and anomaly detection, such as a neural network
issue an incorrect decision in closing breaker C3 so that both based [40] and rough sets classification algorithm [41].
Z1 and Z2 are served. However, generator G is severely However, compared to research on intrusion detection and
overloaded in the situation. Fig. 3 illustrates that the system anomaly detection in SCADA systems, the study on IDS in
frequency sharply declines after 3.2s. According to the AMI is scarce. The work in [34] proposes a possible
generator under-frequency relay, the generator will be tripped architecture for intrusion detection based on specification.
out when the system frequency drops beneath a set frequency However, the accepted IDS would incur a high development
threshold. Thus, it is clear that a relatively simple cyber attack cost, so it is necessary to lower this cost to implement and
applied to a sensor (a bias of －0.4MW) would effectively validate the specification-based intrusion detection for AMI.
compromise the reliability of the power supply. However, in According to the aforementioned discussion, a hybrid
practice not all cyber attacks will result in negative impacts on approach may be a better way to address intrusion detection
real power delivery. For example, it is observed from Fig. 3 against cyber attacks in the Smart Grid background. A
that the system frequency keeps steady with the bias of proposed diagram is shown in Fig. 4.
0.2MW at sensor S2, and the cyber attack does not lead to an In Fig. 4, signature-based detection, also called misuse
incorrect decision from the control centre. detection, is a traditional and typical IDS technology using a
blacklist approach. By matching actual behaviour recorded in
V. DISCUSSION AND FUTURE WORK audit trails with known suspicious patterns, signature-based
Before full deployment and operation, the Smart Grid will detection is fully effective in uncovering known cyber attacks.
inevitably contain legacy systems that cannot be updated, However, it is ineffective when faced with unknown or novel
cyber attacks [33].
patched, or protected by traditional IT security techniques [32].
With limited computing resources in legacy devices and even Different from signature-based detection, anomaly
detection attempts to establish normal behaviour profiles for
no security design for cyber systems, it is difficult to embed
traditional cyber security techniques (for example, encryption) the system and then identifies what kinds of abnormal
into the Smart Grid with legacy systems. In these situations, a behaviour should be alarmed as intrusions [33]. Anomaly-
based detection adopts a white-list approach which is able to
feasible approach is to deploy intrusion detection and
prevention systems for the Smart Grid. detect unknown and new cyber attacks. However, the rate of
Intrusion detection and prevention technology in the IT false positive detection is usually higher than that in signature-
domain is relatively mature. Numerous intrusion detection based detection.
methods have been presented [33]. According to published Policy-based detection is neither signature-based, nor
anomaly-based but includes a logical security policy
literature [34]-[39], it is feasible to apply traditional intrusion
detection techniques to meet cyber-security requirements for specification and an execution trace validation algorithm [42].
the Smart Grid. However, current IDS technology is difficult It is a promising solution integrating the strengths of
signature-based and anomaly-based detection in terms of
to integrate in the Smart Grid environment because of a lack
of compatibility in Smart Grid applications and protocols. detection reliability, accuracy and required maintenance.
Therefore, a beneficial approach will involve proposing new Future research, as part of this work will focus on cyber-
IDS algorithms tailored for Smart Grid cyber-security, security issues in two significant areas: i) SCADA based; and
especially for SCADA and advanced metering infrastructure ii) AMI based, both in a Smart Grid context. Firstly,
conventional intrusion detection methods will be applied to
(AMI).
For SCADA systems, the US Idaho National Laboratory the above two areas, such as signature detection with protocol
[35] propose that future SCADA IDS technologies implement analysis and anomaly detection using a support vector
signature matching, flow analysis, and data inconsistency machine (SVM). Secondly, a novel policy-based intrusion
detection tailored particularly for SCADA systems. [36], [37] detection and prevention algorithm will be proposed especially
using specific protocols and behaviours (for example, IEC
propose a critical state based intrusion detection system for
SCADA systems. However, [38] believes that model-based 61850, DNP3, IEC 62056 and so forth). A third approach,

loosely based on the approach in Fig. 4 will involve a hybrid
intrusion detection scheme including policy-based detection to
render greater Smart Grid security. A simulation test bed will
be constructed as part of this work to evaluate and validate
each of the proposed solutions.
VI. CONCLUSION
With the development and deployment of new Smart Grid
technology it is apparent that greater investment in state-of-
the-art IT technologies will be a direct consequence.
According to reported cyber-security incidents and published
literature, it is clear that a large number of potential cyber-
security issues are increasingly probable on systems as
complex and diverse as the emerging Smart Grid. This paper
has provided an overview of prevalent issues in the Smart
Grid. The paper has also presented a preliminary study case
that illustrates the influence of a simple cyber attack which
compromised the integrity of power supply data. From the
simulation results, it is inferred that cyber-security issues can
influence and compromise secure and steady operation of the
Smart Grid. Therefore, cyber-security issues in the Smart Grid
are of immediate and significant interest, therefore robust and
timely technical solutions are of pertinent value to the relevant
research communities. One critical aspect of Smart Grid
cyber-security research is ensuring sufficient cross-
disciplinary engagement to formulate optimum approaches
and methods. The research reported in this paper is ongoing
and forms one part of a broader portfolio of work by the
authors.
VII. REFERENCES
[1] Don Von Dollen. (2009, Jun.). Report to NIST on Smart Grid
Interoperability Standards Roadmap, Electric Power Research Institute
(EPRI), Palo Alto, CA. [Online]. Available:
http://www.smartgridnews.com/artman/uploads/1/InterimSmartGridRoa
dmapNISTRestructure.pdf
[2] K. Poulsen. (2003, Aug.) Slammer worm crashed Ohio nuke plant net.
[Online]. Available: http://www.securityfocus.com/news/6767.
[3] U.S. Nuclear Regulatory Commission. (2003) NRC Information Notice
2003-14. [Online]. Available: http://www.nrc.gov/reading-rm/doc-
collections/gen-comm/infonotices/2003/in200 314.pdf
[4] Brian Krebs. (2008, Jun.) Cyber Incident Blamed for Nuclear Power
Plant Shutdown [Online]. Available: http://www.washingtonpost.com
/wp-dyn/content/article/2008/06/05/AR2008060501958.html.
[5] Antiy CERT. (2010, Sep.). Report on the Worm Stuxnet's Attack. Antiy
Corp., Harbin, China. [Online]. Available:
http://www.antiy.net/en/analysts/Report_On_the_Attacking_of_Worm_
Struxnet_by_antiy_labs.pdf
[6] The Smart Grid Interoperability Panel–Cyber Security Working Group.
(2010, Oct.). Guidelines for Smart Grid Cyber Security. NIST,
Gaithersburg, MD. [Online]. Available:
http://csrc.nist.gov/publications/PubsNISTIRs.html
[7] Jie Wang, Computer Network Security. Beijing: Higher Education Press
and New York: Springer Berlin Heidelberg, 2009, p. 3-24.
[8] D. Dzung, M. Naedele, T. P. Von Hoff, and M. Crevatin, "Security for
Industrial Communication Systems," Proceedings of the IEEE, vol. 93,
pp. 1152-1177, Jun. 2005.
[9] N. R. Potlapally, A. Raghunathan, S. Ravi, Niraj K. Jha, and Ruby B.
Lee, “Aiding Side-Channel Attacks on Cryptographic Software With
Satisfiability-Based Analysis,” IEEE Trans. Very Large Scale
Integration (VLSI) Systems, vol. 15, pp. 465-470, Apr. 2007.
[10] T. Messerges, E. A. Dabbish, and R. H. Sloan, “Examining smart-card
security under the threat of power analysis attacks,” IEEE Trans.
Computer, vol. 51, pp. 541-552, May 2002.
6
[11] K. Gandolfi, C. Mourtel, and F. Olivier, “Electromagnetic analysis:
Concrete results,” in Proc. 2001 the Third International Workshop on
Cryptographic Hardware and Embedded Systems, pp. 251-261.
[12] P. Kocher, “Timing attacks on implementations of Diffie-Hellman, RSA,
DSS, and other systems,” in Proc. Crypto, 1996, pp. 104-113.
[13] T. Chee-Wooi, L. Chen-Ching, and M. Govindarasu, "Vulnerability
Assessment of Cybersecurity for SCADA Systems Using Attack Trees,"
in Proc. 2007 IEEE Power Engineering Society General Meeting, pp.1-8.
[14] Chee-Wooi, T., L. Chen-Ching, and G. Manimaran, "Vulnerability
Assessment of Cybersecurity for SCADA Systems." IEEE Trans. Power
Systems, vol. 23, pp.1836-1846, Nov. 2008.
[15] Srdjan Pudar, G. Manimaran and Chen-Ching Liu, "PENET: A practical
method and tool for integrated modeling of security attacks and
countermeasures," Computers & Security, vol. 28, pp. 754-771, May
2009.
[16] T. Chee-Wooi, G. Manimaran, and L. Chen-Ching, "Cybersecurity for
Critical Infrastructures: Attack and Defense Modeling," IEEE Trans.
Systems, Man and Cybernetics, Part A: Systems and Humans, vol. 40,
pp. 853-865, Jul. 2010.
[17] D. Kundur, X. Feng, S. Liu, T. Zourntos, and K. L. Butler-Purry,
"Towards a Framework for Cyber Attack Impact Analysis of the Electric
Smart Grid," in Proc. 2010 First IEEE International Conf. on Smart
Grid Communication, pp. 244-249.
[18] D. Kundur, X. F., S. Mashayekh, S. Liu, T. Zourntos, K.L. Butler-Purry,
"Towards modelling the impact of cyber attacks on a smart grid,"
International Journal of Security and Networks, vol. 6, pp. 2-13, Apr.
2011.
[19] B. Rozel, M. Viziteu, R. Caire, N. Hadjsaid, and J. P. Rognon, "Towards
a common model for studying critical infrastructure interdependencies,"
in Proc. 2008 IEEE Power and Energy Society General Meeting -
Conversion and Delivery of Electrical Energy in the 21st Century, pp. 1-
6.
[20] T. Rigole and G. Deconinck, "A survey on modeling and simulation of
interdependent critical infrastructures," in Proc. 3rd IEEE Benelux
Young Researchers Symposium in Electrical Power Engineering, 2006,
pp. 27-28.
[21] W. Dong, L. Yan, M. Jafari, P. Skare, and K. Rohde, "An integrated
security system of protecting Smart Grid against cyber attacks," in Proc.
2010 Innovative Smart Grid Technologies (ISGT), pp. 1-7.
[22] G. Dondossola, G. Garrone, J. Szanto, G. Deconinck, T. Loix, and H.
Beitollahi, "ICT resilience of power control systems: experimental
results from the CRUTIAL testbeds," in Proc. 2009 IEEE/IFIP
International Conf. on Dependable Systems & Networks, pp. 554-559.
[23] M. Mallouhi, Y. Al-Nashif, D. Cox, T. Chadaga, and S. Hariri, "A
testbed for analyzing security of SCADA control systems (TASSCS),"
in Proc. 2011 IEEE/PES Innovative Smart Grid Technologies (ISGT),
pp. 1-7.
[24] J. Bergmann, C. Glomb, J. Gotz, J. Heuer, R. Kuntschke, and M. Winter,
"Scalability of Smart Grid Protocols: Protocols and Their Simulative
Evaluation for Massively Distributed DERs," in Proc. 2010 First IEEE
International Conf. on Smart Grid Communication, pp. 131-136.
[25] T. Godfrey, S. Mullen, D. W. Griffith, N. Golmie, R. C. Dugan, and C.
Rodine, "Modeling Smart Grid Applications with Co-Simulation," in
Proc. 2010 First IEEE International Conf. on Smart Grid
Communication, pp. 291-296.
[26] K. Hopkinson, X. Wang, R. Giovanini, J. Thorp, K. Birman, and D.
Coury, "EPOCHS: a platform for agent-based electric power and
communication simulation built from commercial off-the-shelf
components," IEEE Trans. Power Systems, vol. 21, pp. 548-558, May.
2006.
[27] NERC CIP Cyber Security Standards, NERC Reliability Standards: CIP,
Feb. 2011.
[28] NIST. (2009, Aug.). NIST Special Publication 800-53 Revision 3:
Recommended Security Controls for Federal Information Systems and
Organizations. NIST, Gaithersburg, MD. [Online]. Available:
http://csrc.nist.gov/publications/nistpubs/800-53-Rev3/sp800-53-rev3-
final.pdf
[29] NERC. (2011, May). 2012 NERC Business Plan and Budget - DRAFT 1.
NERC, Princeton, NJ. [Online]. Available: http://www.nerc.com/
filez/business_plan_2012.html
[30] S. Rohjans, M. Uslar, R. Bleiker, J. Gonzalez, M. Specht, T. Suding, and
T. Weidelt, "Survey of Smart Grid Standardization Studies and
Recommendations," in Proc. 2010 First IEEE International Conf. on
Smart Grid Communication, pp. 583-588.
 7

[31] F. Cleveland, "IEC TC57 Security Standards for the Power System's
Information Infrastructure - Beyond Simple Encryption," in Proc.
2005/2006 IEEE PES Transmission and Distribution Conf. and Exhibit.,
pp. 1079-1087.
[32] Joseph Weiss, Protecting industrial control systems from electronic
threats. New York: Momentum Press, 2010, p. 29-41.
[33] Ali A. Ghorbani, Wei Lu, and Mahbod Tavallaee, Network Intrusion
Detection and Prevention: concepts and techniques. London: Springer,
2010, p. 27-49.
[34] R. Berthier, W. H. Sanders, and H. Khurana, "Intrusion Detection for
Advanced Metering Infrastructures: Requirements and Architectural
Directions," in Proc. 2010 First IEEE International Conf. on Smart Grid
Communication, pp. 350-355.
[35] J. Verba and M. Milvich, "Idaho National Laboratory Supervisory
Control and Data Acquisition Intrusion Detection System (SCADA
IDS)," in Proc. 2008 IEEE Conf. on Technologies for Homeland
Security, pp. 469-473.
[36] I. N. Fovino, A. Carcano, T. De Lacheze Murel, A. Trombetta, and M.
Masera, "Modbus/DNP3 State-Based Intrusion Detection System," in
Proc. 2010 24th IEEE International Conf. on Advanced Information
Networking and Applications (AINA), pp. 729-736.
[37] A. Carcano, A. Coletta, M. Guglielmi, M. Masera, I. N. Fovino, and A.
Trombetta, "A Multidimensional Critical State Analysis for Detecting
Intrusions in SCADA Systems," IEEE Trans. Industrial Informatics, vol.
7, pp. 179-186, May. 2011.
[38] S. Cheung, B. Dutertre, M. Fong, U. Lindqvist, K. Skinner, and A.
Valdes, "Using model-based intrusion detection for SCADA networks,"
in Proc. 2007 the SCADA Security Scientific Symposium, pp. 127–134.
[39] U. K. Premaratne, J. Samarabandu, T. S. Sidhu, R. Beresh, and T. Jian-
Cheng, "An Intrusion Detection System for IEC61850 Automated
Substations," IEEE Trans Power Delivery, vol. 25, pp. 2376-2383, Oct.
2010.
[40] O. Linda, T. Vollmer, and M. Manic, "Neural Network based Intrusion
Detection System for critical infrastructures," in Proc. 2009
International Joint Conf. on Neural Networks (IJCNN), pp. 1827-1834.
[41] M. P. Coutinho, G. Lambert-Torres, L. E. B. da Silva, H. G. Martins, H.
Lazarek, and J. C. Neto, "Anomaly detection in power system control
center critical infrastructures using rough classification algorithm," in
Proc. 2009 3rd IEEE International Conf. on Digital Ecosystems and
Technologies, pp. 733-738.
[42] J. Zimmermann, L. Me, and C. Bidan, "An improved reference flow
control model for policy-based intrusion detection," in Proc. Computer
Security, ESORICS 2003, pp. 291-308.