Received: 29 October 2021

DOI: 10.1049/stg2.12059

ORIGINAL RESEARCH
- -Revised: 16 December 2021 Accepted: 6 February 2022

- IET Smart Grid

Vulnerability assessment and defence strategy to site distributed

generation in smart grid

Jay Nayak | Irfan Al-Anbagi

Faculty of Engineering and Applied Science, Abstract

University of Regina, Regina, Saskatchewan, Canada
Correspondence
Irfan Al-Anbagi, Faculty of Engineering and Applied
Science, University of Regina, Regina, SK, Canada.
Email: irfan.al-anbagi@uregina.ca
Funding information
Sylvia Fedoruk Canadian Center for Nuclear
Innovation, Grant/Award Number: J2016-0032
False data injection (FDI) attacks tamper with the state estimation data and can pose
significant threats to the smart grid. The vulnerability analysis and defence strategies may
help to mitigate the impact of these attacks. However, existing research efforts have not
addressed the computational power and accuracy issues in the vulnerability analysis and
defence mechanisms using realistic test environments. In this work, the authors present a
novel low-complexity FDI attacks model to perform the vulnerability analysis. The au-
thors develop a reduced-row-echelon-form-based greedy algorithm using the non-linear
power flow system to generate FDI attacks more accurately. Later, the authors propose a
novel optimal defence strategy by developing a greedy algorithm. The authors' algorithm
finds the optimal power assets' locations and defends against hidden FDI attacks with low
computation cost. Finally, the authors utilize the proposed AC-based attack and defence
models to identify secure sites for distributed generation (DG) in the smart grid. The
authors' experimental results for various IEEE standard test systems show enhanced
accuracy of the attack and defence algorithms. The authors also validate the effectiveness
of the proposed approaches in finding secure sites for DG units in the smart grid.

KEYWORDS
distributed power generation, phasor measurement, power system cybersecurity and privacy, smart grid devices

1 | INTRODUCTION phasor measurement units (PMUs) have gained widespread

The smart grid improves the reliability and efficiency of the
traditional power systems with the use of information and
communication technology (ICT) [1]. In the centralized op-
erations of the smart grid, state estimation plays a crucial role
in decision-making processes. The state estimation involves the
processing of raw measurement data associated with the
characteristics and the topology of a power network [2].
However, the integration of ICT makes the smart grid
vulnerable to a variety of cyberattacks [3–5]. Therefore, pro-
tecting the integrity of the measurement data is a critical task.
In false data injection (FDI) attacks, the attacker injects
malicious data into the state variables measurements while
bypassing the bad data detection (BDD) mechanism. Previous
work [6–14] has introduced several techniques to perform
cyber vulnerability assessment and develop countermeasures
using a DC model to protect against FDI attacks. Furthermore,
interest in developing defence strategies against FDI attacks
because of their high sampling rate and GPS synchronization
[15–19]. However, due to the high cost of PMUs, it is crucial to
identify optimal sites for the PMU placement to ensure com-
plete system observability and effectively defend against FDI
attacks. Optimizing the number of PMU placements to reduce
the installation cost and complexity of the defence mechanism
was discussed in Refs. [8, 12, 16–19].
The above work uses a simplified DC model that makes
assumptions to transform the non-convex and non-linear po-
wer flow system into a linear model. These assumptions make
the DC state estimation less accurate compared to the AC state
estimation [20]. Hug and Giampapa [21] showed that the AC-
based FDI attack model has better accuracy compared to the
DC model. Therefore, the DC-based vulnerability assessments
and defence mechanisms provide erroneous solutions against
FDI attacks for the actual non-linear power systems [21–24].

-
This is an open access article under the terms of the Creative Commons Attribution License, which permits use, distribution and reproduction in any medium, provided the original work is
properly cited.
© 2022 The Authors. IET Smart Grid published by John Wiley & Sons Ltd on behalf of The Institution of Engineering and Technology.

IET Smart Grid. 2022;5:161–176. wileyonlinelibrary.com/journal/stg2 161


162
- NAYAK
Several research papers have proposed the PMU-placement-
based defence mechanism based on the AC model to protect
against FDI attacks [16, 18, 25]. In [21–28], FDI attacks were
formed based on AC power flow models.
Cybersecurity measures should not incur high computa-
tional complexity in defending the smart grid. A low-
complexity security mechanism can help determine whether
it is feasible to protect large power systems in a given time.
Furthermore, it must rapidly respond to cyber incidents to
avoid catastrophic failures in grid operations. The attack and
defence methodologies must also be realistic to ensure systems'
security without creating significant errors. However, a low
computational overhead, accurate vulnerability assessment and
defence model to prevent FDI attacks in AC power systems
have not been presented in prior studies.
To address the issues discussed above, in this work, we
present a novel AC-power-flow-based least-effort FDI attacks
model (i.e. an attack model that computes the minimum
number of sensor measurements to compromise) based on our
previous work [27]. Unlike Ref. [27], in this work, we improve
the model's scalability and accuracy in analysing cyber vul-
nerabilities of large AC power networks. We perform experi-
ments on IEEE standard test systems of different scales.
Simulation results show that our attack model can effectively
evaluate the vulnerabilities of large power systems with
significantly less computational complexity.
Based on the vulnerability analysis of the power systems
presented in Ref. [27], we develop a novel AC-power-flow-
based defence strategy to prevent the risk of FDI attacks in
the system. In this work, we consider PMUs as devices that
protect the state estimation against hidden FDI attacks. Our
proposed defence strategy is generic as it can derive optimal
sites for any secure power asset to defend against hidden FDI
attacks.
Furthermore, finding optimal locations of distributed gen-
erations (DGs) have been investigated in the literature [29–37]
to minimise energy loss in power transmission and distribu-
tion. In this work, we also present a case study to select secure
sites for small-size nuclear reactors, known as small modular
reactors (SMRs) units, which are introduced as small-to-
medium-scale DGs with power generation of up to
300 MWe [38]. Many SMRs siting criteria must be considered
before the most optimal sites are identified. These include
geographical [39], surface water [40], groundwater [41],
geological [42], exclusion zones [43], transportation routes [44],
socio-economic and environmental risks [45], and reserved
land considerations [46]. Combining two or more of the above
criteria to site SMRs is out of the scope of this paper.
Integrating SMRs with the smart grid can pose cyber
threats to them in the absence of proper security measures [4].
It is necessary to prevent exposure of SMRs to cyber incidents
to sustain their operational integrity. The siting of SMRs under
the impact of cybersecurity has not been addressed in the
literature. As a case study, we use our vulnerability assessment
and defence approaches to find secure sites for SMRs in the
Saskatchewan Power Corporation grid (SaskPower), which is
the principal electric utility in Saskatchewan, Canada [47].
25152947, 2022, 3, Downloaded from https://ietresearch.onlinelibrary.wiley.com/doi/10.1049/stg2.12059 by Readcube (Labtiva Inc.), Wiley Online Library on [16/05/2023]. See the Terms and Conditions (https://onlinelibrary.wiley.com/terms-and-conditions) on Wiley Online Library for rules of use; OA articles are governed by the applicable Creative Commons License
AND AL‐ANBAGI
We implement our FDI attack model and defence strategy
on several IEEE standard test systems to evaluate their
effectiveness and computational complexity in securing the
grid against hidden FDI attacks. We show that our attack
modelling and defence algorithms do not incur high compu-
tational costs even for large power systems. Our power flow
models do not simplify the non-linear operational and topo-
logical characteristics of the grid. We use the proposed optimal
defence strategy to protect the power grid against hidden FDI
attacks and obtain secure locations for SMRs in the system.
Finally, we find secure SMR sites in the SaskPower grid.
The main contributions of this paper can be summarized
below:
� We present an enhanced least-effort FDI attack model to
perform an accurate cyber vulnerability analysis
� We develop a novel reduced row echelon (RRE)-form-based
greedy algorithm to calculate hidden FDI attack vectors in
the AC state estimation
� We propose a novel optimal defence strategy to protect the
smart grid against hidden FDI attacks. We do that by devel-
oping a greedy algorithmic solution to find the optimal loca-
tions to deploy secure power assets and defend the non-linear
power network while achieving full observability of the system
� We identify suitable sites for SMRs in a smart grid envi-
ronment, which are secure from FDI attack threats under
given PMU placement
The first two contributions in this paper are based on our
previous work [27], in this work, we enhance our attack
model's scalability and accuracy for large AC power networks
(such as IEEE-300 bus system) and perform additional sim-
ulations and analyses of the model's computational cost in
comparison with the prior work. Furthermore, we have added
two more contributions in this paper, namely novel optimal
defence strategy against hidden FDI attacks and siting SMRs
under cybersecurity constraints, which were not discussed in
our previous work. We have discussed the first two contribu-
tions as the foundation for developing our defence strategy
and the SMR localization technique.
The rest of the paper is organized as follows: Section 2
presents the related work. Section 3 describes the DC and the
AC state estimation theory and methodology, followed by an
introduction to the FDI attacks framework. Section 4 presents
our enhanced least-effort FDI attacks model. Section 5 dis-
cusses our optimal defence strategy. In Section 6, we discuss
the methodology for siting DGs in the smart grid under
cybersecurity constraints. Section 7 shows the simulation re-
sults and analysis. Finally, Section 8 concludes the paper.
2 | RELATED WORK
This section discusses previous works on cyber vulnerability
assessment and defence models for the power systems against
cyberattacks. It also reviews various techniques and factors
considered for siting DGs in the power systems.

NAYAK AND AL‐ANBAGI
Modelling of FDI attacks and the protection schemes were
presented in [6–13, 15, 48–50] to analyse the vulnerabilities of
the system and defend against cyberattacks. For instance, Kim
and Tong [6] developed an undetectable attack model followed
by a PMU-placement-based defence strategy using a graph-
theoretic condition to defend against FDI attacks. Kim and
Poor [7] demonstrated that it is more feasible for the attacker
with limited resources to minimise the manipulations of the
number of measurements to launch unobservable FDI attacks.
Studies in [8, 9] optimized the cost of the attack vector
computation by developing a k-sparse attack model. The
proposed defence model in Ref. [8] considered minimizing the
number of PMU placements to reduce the computational and
capital cost of the protection scheme.
Furthermore, Yang et al. [10] proposed a heuristic-based
scheme to generate the least-effort attack vector by manipu-
lating minimum unit measurements. However, the overhead of
the brute-force search mechanism used in this work is high for
larger grid systems. Yang et al. [12] enhanced the least-effort
attack model presented in Ref. [10] by reducing the computa-
tion complexity and introducing a greedy algorithm to defend
against hidden FDI attacks in the system. However, the attack
and defence models in the above work ignored the non-linear
characteristics and their related computational complexity.
Therefore, the authors did not provide effective simulation re-
sults for the actual smart grid. In addition, the above power flow
models were DC based to approximate the non-linear power
systems. FDI attacks constructed based on an AC model are
more damaging than the DC-based FDI attacks [23, 24].
There is insufficient work focussing on the modelling FDI
attacks and defence strategies using the AC power flow model
[16, 18, 21, 22, 25, 26]. The PMU placement strategy in Ref.
[18] required a configuration of about 50% more PMUs to
provide a reliable defence against cyber vulnerabilities. The
AC-based defence mechanism proposed in Ref. [25] required
additional PMU placements to achieve higher state estimation
accuracy. All of the above AC-based power system models did
not consider the computational complexity and the effective-
ness of the attack and defence models. In this work, we
develop an effective AC-power-flow-based vulnerability
assessment and defence model with a low computation cost.
Siting SMRs in the power grid has gained research interests
in recent years [51, 52]. The authors in Ref. [51] presented a
fuzzy analytic hierarchy process based multi-criteria decision-
making technique to find suitable sites of SMRs in the sys-
tem while focussing on efficient power generation. Belles and
Omitaomu [52] considered geotechnical and resource accessi-
bility factors, such as distance to cooling water and population,
grid capacity etc., for siting SMRs using spatial modelling and
geographic information system technology. Lokhov et al. [53]
listed various factors impacting the siting of SMRs in the po-
wer systems, such as social and economic challenges, envi-
ronmental regulatory issues, lack of infrastructure to support
the SMR deployment, and security challenges.
Recent work has performed a cybersecurity impact analysis
on the operation of Distributed Energy Resources (DERs).
For example, Duan et al. [54] presented a cybersecurity
25152947, 2022, 3, Downloaded from https://ietresearch.onlinelibrary.wiley.com/doi/10.1049/stg2.12059 by Readcube (Labtiva Inc.), Wiley Online Library on [16/05/2023]. See the Terms and Conditions (https://onlinelibrary.wiley.com/terms-and-conditions) on Wiley Online Library for rules of use; OA articles are governed by the applicable Creative Commons License
- 163
evaluation for DER operation and assessed the detrimental
effects of cyberattacks on DG. Studies in [55] discussed cyber
vulnerabilities of DERs in a cyber-physical system by
employing a threat modelling technique and identified risks of
penetration at DGs on the overall grid operation.
Siting SMRs in the smart grid without adequate cyberse-
curity can expose them to cyberattacks. Previous research has
focussed on localizing power assets in a smart grid environ-
ment under the impact of cybersecurity [16, 56–58]. In Ref. [6],
the authors discussed finding secure sites for PMUs to protect
them from different types of cyber threats. Refs. [57, 58]
proposed greedy-algorithm-based strategies to address optimal
placement problems for PMUs concerning cybersecurity in the
distribution grids. In this work, we use our proposed attack
model and defence strategy to find secure locations for SMRs.
This area has not been addressed in the prior work yet.
3 | STATE ESTIMATION AND FDI
ATTACKS
This section presents an overview of the theory and method of
the AC state estimation, followed by the discussion of the FDI
attacks framework.
3.1 | AC state estimation
Linear DC models simplify the complex power flow operation
and control equations associated with the non-linear power
systems [59].
Unlike the DC state estimation, the power flows and in-
jections in the AC state estimation have a non-linear relationship
with voltage magnitudes and phase angles. Also, the AC model
does not ignore the reactive power flows and injections, or the
shunt admittances. Therefore, the real and the reactive power
flow from bus i to j can be expressed as Ref. [21]:
� �
P ij ¼ V 2i gsi þ gij − Vi Vj gij cosθij þ bij sinθij ð1Þ
� �
Qij ¼ −V 2i bsi þ bij − Vi Vj gij sinθij þ bij cosθij ; ð2Þ
And the real and the reactive power injection at bus i can
be shown as follows:
X �
P i ¼ Vi Vj Gij cosθij þ Bij sinθij ð3Þ
j∈Ni
X �
Qi ¼ Vi Vj Gij sinθij − Bij cosθij ð4Þ
j∈Ni
where gsi + jbsi and Gij + jBij are the shunt branch and line
admittance, respectively, and Ni is the set of buses connected to
bus i. The measurements in the AC model are non-linearly
dependent on the state variables, as shown in the following
expression:
 25152947, 2022, 3, Downloaded from https://ietresearch.onlinelibrary.wiley.com/doi/10.1049/stg2.12059 by Readcube (Labtiva Inc.), Wiley Online Library on [16/05/2023]. See the Terms and Conditions (https://onlinelibrary.wiley.com/terms-and-conditions) on Wiley Online Library for rules of use; OA articles are governed by the applicable Creative Commons License
164
- NAYAK AND AL‐ANBAGI

z ¼ hðxÞ þ e; ð5Þ Hence, we focus on modelling FDI attacks and defence stra-
tegies using the AC state estimation.
where z = [z1 z2 z3 … zm] is the m � 1 non-linear mea-
surement vector, which involves active and reactive power
measurements of the power systems. Here, the system state
vector x is the n � 1 state vector, which consists of voltage
3.2 | FDI attacks against the AC state
magnitudes and phase angles of the power system buses [26],
estimation
that is, x = [θ2 θ3 … θn V2 V3 … Vn]. Whereas in the DC
To execute FDI attacks in the power system, the attacker in-
model, the state variable x includes phase angles only. The
serts a false data attack vector a in the state estimation, which
m � 1 measurement error vector e = [e1 e2 e3 … em] ac-
the BDD mechanism cannot detect. The attacker requires in-
counts for standard deviations in each measurement in z re-
formation on the grid topology and the network parameters to
flected by the accuracy of the corresponding metre used [59]. h
carry out hidden FDI attacks. With this knowledge, the
() is a non-linear function between z and x. Bus 1 is regarded
attacker can manipulate the sensor measurements, which can
as a slack bus and its phase angle and voltage magnitude are:
mislead the control centre to make the wrong decisions dis-
θ1 = 0 and V1 = 1 p.u. [12].
rupting the power network. The attacker aims to either gain
The number of measurements of the sensors should be
economic advantages or interfere with grid operations using
more than the number of state variables (i.e. m > n) for the
FDI attacks [61].
accurate state estimation of the system [12, 60]. The AC-state
An FDI attack model developed in Ref. [62] showed that if
estimation problem can be solved using the following WLS
the attacker has knowledge of the Jacobian matrix J computed
optimization method:
in the state estimation, then it is possible to generate a false
data attack vector a that can bypass the BDD mechanism. In
min FðxÞ ¼ ðz − hðxÞÞT ⋅ W ⋅ ðz − hðxÞÞ ð6Þ
the state estimation, the BDD mechanism checks the differ-
ence between the measurement values received from the sen-
where the weight matrix W represents the inverse of the ac- sors and the estimated measurement values denoted as
curacy of the measurements. The functionality of h() is
decided by the type of the measurement, that is, real or reactive r ¼ z − hð^xÞ ð9Þ
power flows or injections. The standard iterative approach is
then used to solve this optimization problem [59]. The first- Here, r represents the residual between the measurement
order condition derived for the optimal solution of the state values estimated using the WLS method and the measurement
estimation problem can be given as values obtained from the sensors. Note that the value of r is
∂FðxÞ sensitive to the measurement errors e since the square of ith
j ¼ −2J T : ^x ⋅ W ⋅ ðz − hð^xÞÞ ¼ 0 ð7Þ measurement residual ri 2 is inversely related to the error
∂x x¼^x
variance for the same measurement [59]. If the value of r ex-
Here, ^x is the n � 1 estimated state vector, and the Jacobian ceeds a pre-specified threshold value τ, that is, ‖r‖2 > τ, then
matrix J consists of partial derivatives of Pi, Qi, Pij, and Qij there is a bad data present in the received sensor measure-
with respect to the state variables. The structure of the matrix J ments. The threshold value used in the BDD mechanism is the
is as follows: maximum allowable percentage variations in the sensor mea-
surements according to the IEEE standard [63], for example,
2 3
∂P ij ∂P ij 80% < Vpu < 110% indicates that Vpu is in the normal voltage
6 ∂θi ∂Vi 7 range.
6 7
6 7 This threshold value τ accounts for the errors in the
6 ∂Qij ∂Qij 7
6 7 calculation of the Jacobian matrix [59]. The threshold to detect
6 ∂θ ∂Vi 7
6 i 7 the bad data in the system is global across each IEEE standard
6 7: ð8Þ
6 ∂P i ∂P i 7 test system used in our experiments. We use V1 = 1 p.u. at the
6 7
6 ∂θ ∂Vi 7 reference bus for the sake of simplicity, where we initiate
6 i 7
6 7 the state estimation process and later calculate the attack
4 ∂Qi ∂Qi 5 vector and the PMU configuration in the power systems.
∂θi ∂Vi Therefore, the suitable voltage levels for the ith bus are
0:8 p:u: < Vpu i < 1:1 p:u.
An iterative process is used to solve the resulting non- If the attacker can successfully insert an m � 1 attack
linear equation from Equation (7). vector a in the system, the change in the measurement vector
The DC model ignores the phase angle differences, reac- can be shown as
tive power flows and injections, and all shunt elements and
branch resistances [59] that deviate the model from the actual z a ¼ z þ a; ð10Þ
power system, leading to erroneous state estimation [23]. On
the other hand, the AC power flow model does not involve which results into an erroneous estimated state vector as
such assumptions to simplify the complex power system. follows:
 25152947, 2022, 3, Downloaded from https://ietresearch.onlinelibrary.wiley.com/doi/10.1049/stg2.12059 by Readcube (Labtiva Inc.), Wiley Online Library on [16/05/2023]. See the Terms and Conditions (https://onlinelibrary.wiley.com/terms-and-conditions) on Wiley Online Library for rules of use; OA articles are governed by the applicable Creative Commons License
NAYAK AND AL‐ANBAGI
- 165

^xa ¼ ^x þ c; ð11Þ step is to identify the state variables to modify. The Jacobian
matrix J gives the relationship between the state variables and
Here, c is an n � 1 error vector representing the errors
the associated measurements as follows [21]:
introduced in the original estimated state variables due to the
attack vector. Consequently, the new residual value can be 2 3
∂h1 ∂h1 ∂h1
given as 6 ∂x1 ⋯
6 ∂x2 ∂xn 7
7
6 7
r a ¼ z a − hð^x þ c Þ: ð12Þ 6 ∂h2 ∂h2 ∂h2 7
6 ⋯ 7
6 ∂x1 ∂x2 ∂xn 7 ð15Þ
6 7
6 7
FDI attacks can evade the BDD if 6 ⋮ ⋮ ⋱ ⋮ 7
6 7
4 ∂hm ∂hm ∂hm 5
r a ¼ z a − hð^x þ c Þ ¼ z þ a − hð^x þ c Þ ¼ z − hð^xÞ ¼ r : ⋯
∂x1 ∂x2 ∂xn
ð13Þ
where a non-zero element ij of a row means that the
Equation (13) defines the condition to bypass the BDD measurement zi belongs to the state variable xj. Otherwise,
after state variable manipulation, where the new residual in the a row element is zero if the measurement is not dependent
system ra needs to be less than or equal to the pre-specified on the state variable at any given column. Therefore, the
threshold value τ in the BDD mechanism. minimum data manipulations to launch FDI attacks can be
Therefore, the attacker needs to compute the attack vector found by determining the row of the targeted measurement
a using the following condition to launch hidden FDI attacks and the non-zero indices in that row. As mentioned in
in the AC state estimation: Section 3, there are two types of state variables in the state
vector of the AC power system. Therefore, if the attacker
a ¼ hð^x þ c Þ − hð^xÞ. ð14Þ wants to attack multiple states simultaneously, the number
of measurements required for the manipulations is even
Equation (14) establishes the necessary condition for the higher.
existence of hidden FDI attacks in power systems that can Since the attacker has the constraint of limited resources,
bypass the BDD. In the next section, we utilize this condition the objective to calculate the least-cost attack vector a can be
to formulate our methodology for the hidden least-effort FDI defined as follows:
attack vector generation. �
minkhð^x þ c Þ − h ^x k0 : ð16Þ

4 | VULNERABILITY ASSESSMENT
AGAINST FDI ATTACKS IN SMART GRID
This section discusses our methodology for modelling the
least-effort FDI attacks in the smart grid such that the
generated least-cost attack vector a can bypass the BDD, as
shown in Equation (14), and the security constraint of the
system. Our attacks model can effectively analyse cyber vul-
nerabilities of large power networks with enhanced scalability
and a low computation cost. We develop the minimum cost
FDI attacks generation model because it is more economical
for the attacker, having limited resources, to carry out unde-
tectable FDI attacks in the system with minimal sensor
measurement manipulations. Later, we present our RRE-form-
based algorithm for an AC power flow model to calculate the
sparsest attack vector a against the AC state estimation that
cannot be detected by the BDD.
4.1 | Formalization
As discussed in the previous section, the attacker needs to
calculate the attack vector a according to Equation (14). If the
attacker aims to manipulate specific measurements, the first
However, the attacker also needs to consider the system's
security constraint. The security constraint of the system can
be expressed as
J ⋅ c ¼ 0: ð17Þ
Under ideal conditions where there is no bad data present
in the system, Equation (17) is valid only if there exists no non-
zero error vector in the state estimation, that is, c = 0.
From the attacker’s perspective, if there is a non-zero
error vector c, such that J ⋅c = 0, the attacker can suc-
cessfully launch an attack that can bypass the security
constraint. Based on this vulnerability in the system, we
define the hidden attack vector generation problem in
Equation (18), where an error vector c is calculated and
injected into the Jacobian matrix in such a way that it does
not violate the BDD and the security constraint.
However, the values of each non-zero element in the error
vector c should be higher than a certain threshold τ to create a
significant impact on the estimated state vector ^x. Therefore,
the objective of modelling unobservable least-effort FDI at-
tacks can be defined as
�
minc khð^x þ c Þ − h ^x k0 ; s:t: J ⋅ c ¼ 0; kck∞ > τ: ð18Þ
 25152947, 2022, 3, Downloaded from https://ietresearch.onlinelibrary.wiley.com/doi/10.1049/stg2.12059 by Readcube (Labtiva Inc.), Wiley Online Library on [16/05/2023]. See the Terms and Conditions (https://onlinelibrary.wiley.com/terms-and-conditions) on Wiley Online Library for rules of use; OA articles are governed by the applicable Creative Commons License
166
- NAYAK AND AL‐ANBAGI

The least-effort hidden FDI attacks generation problem in
Equation (18) injects error vector c in the Jacobian matrix J
and ensures that all non-zero elements in c are beyond τ to
create a significant impact on the state vector. As a result, the
non-zero indices in the generated attack vector can cause sig-
nificant manipulations in the measurements when added to the
measurement vector z and thus disturb the accuracy of the
state estimation process.
Notice that Equation (18) is a general least-effort hidden
FDI attack problem formulated in the absence of secure power
assets in the grid. In this case, the entire Jacobian matrix J
consists of an unprotected set of indices, where an error vector
c can exist in the system such that it can suffice the security
constraint of the system in Equation (17).
Since Equation (18) is a non-deterministic polynomial-
time (NP)-hard problem [10], it is difficult to solve it in
polynomial time. Therefore, we find a near-optimal solution
to Equation (18) to launch least-effort FDI attacks. To
address this problem, we develop an RRE-form-based al-
gorithm for the AC power systems to calculate the sparsest
attack vector against the AC state estimation. The proposed
RRE-form-based algorithm is based on the undetectable
FDI attacks generation objective shown in Equation (18),
which generates the attack vector a that can bypass
the BDD.
4.2 | An RRE-form-based algorithmic
solution
Algorithm 1 RRE-form-based algorithm
operation within each row, we exchange all the non-zero ele-
ments with the elements at the last indices. We perform the
elementary row transformation and column exchange opera-
tions iteratively and obtain a new RRE form of the Jacobian
matrix in every iteration. We repeat the entire process until the
new RRE form of the matrix no longer changes. Finally, we
calculate the sparsest attack vector a using the final RRE form
of the matrix Jr.
Notice that in the algorithmic solution discussed above for
finding the false data attack vector, the Jacobian matrix J must
be a full column rank during the entire process. If the matrix
is not a full-column rank, then it can have a row that does
not contain any non-zero element in its RRE form. Since we
discussed above that we select the row with the minimum non-
zero elements in every iteration to perform further operations,
targeting the row with all elements being zero will result in
infinite column exchange operations. Therefore, the Jacobian
matrix J must always be a full column rank to calculate the
sparsest attack vector [62]. The RRE-form-based algorithm to
find the false data attack vector against the AC state estimation
is shown in Algorithm 1.
4.3 | Case study for vulnerability assessment
We present a case study for the IEEE 14-bus system to
investigate our proposed RRE-form-based algorithmic solu-
tion in obtaining the unobservable false data attack vector. The
measurements we consider to calculate the Jacobian matrix are
real and reactive power flows, real and reactive power in-
jections, and voltage magnitudes and phase angles at all buses.
We compute the Jacobian matrix using a MATLAB package
MATPOWER and perform the experiments in MATLAB
R2017a.
Figure 1 shows the standard single-line diagram of the
IEEE 14-bus system. The ultimate RRE form for the IEEE
14-bus system obtained using our algorithm is as follows:

2 3
1 0 0 0 ⋯ 0 0 ⋯ 0 −2:43 2:54
60 1 0 0 ⋯ 0 0 ⋯ 0 9:04 9:43 7
6 7
60 0 1 0 ⋯ 0 0 ⋯ 0 1:59 −1:56 7
6 7
60 0 0 1 ⋯ 0 0 ⋯ 0 1:69 −1:65 7
6 7
6⋮ ⋮ ⋮ ⋮ ⋱ ⋮ ⋮ ⋱ ⋮ ⋮ ⋮ 7
6 7
60 0 0 0 ⋯ 1 0 ⋯ 0 1:09 −1:03 7
6 7
40 0 0 0 ⋯ 0 1 ⋯ 0 0:73 −0:22 5
0 0 0 0 ⋯ 0 0 ⋯ −1 1 1
ð19Þ
We now discuss the RRE-form-based algorithm to find the
optimal attack vector a against the AC state estimation. Ac-
cording to the proposed algorithmic solution, we first perform Notice that the last row in the above matrix contains the
elementary row transformation operations on the transpose of least number of non-zero elements. We select this row to
the Jacobian matrix (J)T and calculate its RRE form. Once we calculate the sparsest attack vector, as illustrated in the final
obtain the RRE form of (J)T, we find a row with the minimum step of Algorithm 1. In this regard, the attack vector a
number of non-zero elements in the matrix to perform the calculated for the IEEE 14-bus using our RRE-form-based
column exchange operations. In the column exchange algorithm is shown below:

NAYAK AND AL‐ANBAGI
FIGURE 1 IEEE 14-bus system
aT ¼ ½ 0 0 ⋯ 0:42 ⋯ 0:42 ⋯ −0:15 0:13 0:14 �:
ð20Þ
where the non-zero indices in this attack vector are 14, 26,
66, 67, and 68. The number of non-zero elements in the
calculated attack vector a signifies the number of measure-
ments to compromise for the hidden FDI attacks. Hence, in
the case of the IEEE 14-bus system, the attacker needs to
compromise a minimum of five sensor measurements to
launch the unobservable least-effort FDI attacks. Our al-
gorithm takes three iterations to generate the least-effort
FDI attack vector for the IEEE 14-bus system. Note that
the attack vector in Equation (20) is generated based on
the optimal attack vector calculation problem defined in
Equation (18). This attack problem is developed in the
absence of any secure measurement sensor (i.e. PMU in this
work) in the power network.
The simulation results obtained for the IEEE-14 bus sys-
tem show that an adversary could exploit the present cyber
vulnerabilities of the power grid and calculate the
optimal attack vector that can satisfy the objective defined in
Equation (18). Thus, our attack model can successfully launch
least-effort hidden FDI attacks against AC state estimation in
the smart grid.
5 | DEFENCE STRATEGY AGAINST FDI
ATTACKS
This section discusses our novel optimal defence strategy to
protect the smart grid against hidden FDI attacks. Later, it
presents our greedy algorithm to find optimal locations for
secure power assets in the grid and prevent unobservable FDI
attacks.
25152947, 2022, 3, Downloaded from https://ietresearch.onlinelibrary.wiley.com/doi/10.1049/stg2.12059 by Readcube (Labtiva Inc.), Wiley Online Library on [16/05/2023]. See the Terms and Conditions (https://onlinelibrary.wiley.com/terms-and-conditions) on Wiley Online Library for rules of use; OA articles are governed by the applicable Creative Commons License
- 167
5.1 | Defence strategy
For defence against FDI attacks, protection of measurements
is required to the extent where it is no longer feasible to
calculate the attack vector in Equation (18).
The conventional SCADA systems measure the units
gathered from sensors in seconds, which degrades the syn-
chronization accuracy of field sensors. Consequently, the
SCADA systems cannot monitor the real-time dynamic
behaviour of the power grid [12].
In the smart grid, PMUs are considered to support secure
state estimation and countermeasures against FDI attacks [7–9,
12, 17, 25, 64]. However, it is shown in [65] that PMUs can be
vulnerable to GPS spoofing attacks. Therefore, PMUs are
arguably not suitable to build defences against cyberattacks
other than FDI attacks. Nevertheless, this work focusses on
providing defence measures for the smart grid against hidden
FDI attacks. To achieve that, our defence strategy aims to
secure the state estimation from data manipulation, which re-
quires highly accurate system monitoring with the use of
redundant and geographically synchronized real-time sensor
measurements. Therefore, we use PMUs as secure power assets
to ensure the availability and integrity of sensor measurements
for reliable AC state estimation. Therefore, we use PMUs as
secure power assets to carry out real-time monitoring of the
power network and ensure the availability and integrity of
sensor measurements for reliable AC state estimation.
Addressing cybersecurity for other cyberattacks is out of scope
for this paper.
In power systems, the placement of a PMU on a bus makes
the manipulations of the obtained measurements difficult for
the attacker because of the high sampling rate of the sensor
measurements (availability) and their accurate GPS synchro-
nization [7]. It also provides observability to all the branches

168
- NAYAK
connecting to that bus, that is, all the associated measurements
to the bus with a PMU are protected [12]. For example, placing
a PMU on bus i connecting to buses j and k secures all state
variables including Vi, θi, Pi, Qi, Pij, Pik, Qij, Qik, as well as, Vj,
θj, Vk, and θk from manipulations. Therefore, the PMU
placement on one bus protects all of the connected buses and
branches.
After the PMU placement on a single bus, all of the cor-
responding measurements and state variables can be removed
from the Jacobian matrix J because they are no longer useful
for the attacker to compute the attack vector a. In this regard,
the matrix J can be divided into two sub-matrices Js and J s , as
the protected and unprotected set of indices, respectively. The
security matrix Js should be of full rank to make the system
fully observable and secure the AC state estimation.
Configuring a PMU on a bus changes the objective defined
in Equation (16) to calculate the minimum cost attack vector.
Further, it also changes the existing security constraint in
equation (17) to a new security constraint as follows:
J s ⋅ c ¼ 0: ð21Þ
From the attacker's perspective, there are following two
aspects to the updated security constraint [62]:
� If the Jacobian matrix Js of h(x) is of a full rank, that is, rank
(Js) = 2N − 2, then Js ⋅c = 0 if and only if c = 0. In this case,
the existence of hidden FDI attacks in the system is not
feasible
� If rank(Js) < 2N − 2, then there can exist a non-zero vector
c such that Js ⋅c = 0. Hence, the unobservable FDI attacks
can be successfully launched in the system
In this regard, the new optimization problem for the
attacker to launch unobservable least-effort FDI attacks, after
configuring at least one PMU in the system, can be given as
minkhs ð^ x þ c Þ − hs ð^xÞk0 ;
c
s:t: J s ⋅ c ¼ 0; ð22Þ
kck∞ > τ:
Since the placement of a PMU secures the set of mea-
surements observed by the configured bus, it also updates the
protected set of indices in the Jacobian matrix J. Therefore,
the modified hidden least-cost FDI attack problem in Equa-
tion (22) now focusses on the set of indices that remain un-
protected in J, denoted as the sub-matrix J s .
Based on the above discussion, the objective of our
optimal defence strategy is to place the minimum number of
PMUs on buses to secure the subsets of measurements until
the security matrix Js is full rank and the system becomes
completely observable. Eventually, there will be no non-zero
vector c that can manipulate the state estimation vector
while satisfying Equation (21). Thus, hidden FDI attacks
cannot exist in the AC state estimation because the solution to
Equation (22) is no longer feasible.
25152947, 2022, 3, Downloaded from https://ietresearch.onlinelibrary.wiley.com/doi/10.1049/stg2.12059 by Readcube (Labtiva Inc.), Wiley Online Library on [16/05/2023]. See the Terms and Conditions (https://onlinelibrary.wiley.com/terms-and-conditions) on Wiley Online Library for rules of use; OA articles are governed by the applicable Creative Commons License
AND AL‐ANBAGI
5.2 | The PMU placement algorithm
There is no PMU placed in the system initially, that is, Js = 0.
Consequently, a non-zero error vector c exists in the system
that satisfies the security constraint and enables the attacker to
compute the least-effort attack vector a using the matrix J s .
Thus, we develop our PMU placement algorithm on the
premise that an attack vector a already exists in the system.
Nevertheless, the outcomes of the PMU placement algorithm
do not depend on a particular attack vector (e.g. the input
attack vector a mentioned above). The algorithm expects
changes in the attack vector at every round after each PMU
placement based on which it derives the next suitable locations
for PMUs, as discussed below. Therefore, irrespective of the
different scales and numbers of attack vectors, the algorithm
always achieves full system observability at the end to prevent
FDI attacks.
The PMU placement starts with configuring one bus at a
time and securing its corresponding measurements. In each
round, we use the greedy approach to configure a PMU on the
most vulnerable bus (i.e. the bus with the highest number of
manipulated measurements). To elaborate, we select one bus
for a PMU in every round, which has the most number of
measurements coinciding with the altered measurements in the
attack vector a. We continue this process until the security
matrix Js becomes full rank one.
The set of manipulated sensor measurements in the attack
vector a can be given as
� �
Ja ¼ Ja1 ; Ja2 ; ⋯ ; JaNa ; ð23Þ
where Na is the total number of manipulated measurements.
Each element in Ja is a 1 � n vector representing the row
index of the altered measurements in matrix J s . Let J bi be the
set of measurements in matrix J s that associates to bus i. To
illustrate, for the IEEE 14-bus system, the set of measure-
ments in J s corresponding to bus number 3 can be shown as
� �
∂P 34 ∂P 34 ∂P 3 ∂P 3 ∂Q34 ∂Q34 ∂Q3 ∂Q3
J b3 ¼ ; ; ; ; ; ; ; : ð24Þ
∂V3 ∂θ3 ∂V3 ∂θ3 ∂V3 ∂θ3 ∂V3 ∂θ3
According to our defence strategy, we choose the most
vulnerable bus, that is, the bus with the highest degree of
intersection between J bi and Ja, for the PMU placement. Our
objective to identify the most vulnerable bus for the PMU in
each round is as follows:
�
Ω b0i ¼ max jJ bi ⋂ J a j; ð25Þ
i∈½2;N−1�
0�
where Ω bi represents the degree of the intersection, N is the
0
total buses in the grid, and bi is the most vulnerable bus
derived for the PMU placement. Bus 1 is considered as a
reference bus in the above objective. However, if there is more

NAYAK AND AL‐ANBAGI
�
than one bus with the same Ω b0i , then we select the bus
connecting to a higher number of buses to configure a PMU.
As discussed above, all the measurements corresponding
0
to bus bi with a PMU can no longer be manipulated to
calculate the attack vector a. Also, all the buses connecting
0
to bus bi are now protected. Hence, the rows and columns
of the matrix J s corresponding to the set of secured mea-
surements and state variables will move to the security
matrix Js. Further, the elements of the error vector c
associated with bus b0i and its connected set of buses will
become zero since their state variables are no longer
vulnerable to manipulations. Consequently, the attacker
needs to calculate a new attack vector from the remaining
unprotected measurements in J s , focussing on the new
objective given in Equation (22). Since the iterative PMU
placement changes matrix J s in each round, the attacker has
to re-calculate the false data attack vector a after every
PMU configuration. The new attack vector will update the
compromised measurement vector Ja in each iteration,
which will yield the next most vulnerable bus of the grid,
according to Equation (25). The iterative PMU placement
ends when rank(Js) = 2N − 2, where the system is fully
observable, and the existence of hidden FDI attacks be-
comes infeasible. We store the outcome of each iteration of
our algorithm internally to derive the number of buses
placed with PMUs.
Algorithm 2 shows our greedy-PMU placement algorithm.
Algorithm 2: The PMU placement algorithm
5.3 | Case study for the defence strategy
In this case study, we use the IEEE 14-bus system to illustrate
the implementation of our proposed defence strategy. In
Section 4.3, we showed the calculation of the attack vector a
for the IEEE 14-bus system using our AC-based RRE algo-
rithm. The non-zero indices in the calculated attack vector
shown in Equation (26) represent the row indices of the
manipulated measurements in matrix J s . Thus, the
25152947, 2022, 3, Downloaded from https://ietresearch.onlinelibrary.wiley.com/doi/10.1049/stg2.12059 by Readcube (Labtiva Inc.), Wiley Online Library on [16/05/2023]. See the Terms and Conditions (https://onlinelibrary.wiley.com/terms-and-conditions) on Wiley Online Library for rules of use; OA articles are governed by the applicable Creative Commons License
- 169
compromised measurement vector Ja for the IEEE 14-bus
system can be expressed as
Ja ¼ ½ Ja14 ; Ja26 ; Ja66 ; Ja67 ; Ja68 �: ð26Þ
According to Algorithm 2, we calculate the degree of
intersection between J bi and Ja for each bus bi, where� i ∈ [2,
14]. Table 1 shows the degree of intersection Ω b0i for each
bus after one round of the PMU placement algorithm. We can
see from Table 1 that bus 14 is the ideal location for the first
round of PMU placement since it has the highest measure-
ments coinciding with the attack vector. After configuring bus
14 with a PMU, we update the matrices Js and J s as discussed
above and re-calculate the attack vector a using Algorithm 1.
In the next iteration, we again find the next ideal location out
of the remaining unprotected buses, based on the updated Ja.
We repeat the same procedure until the matrix Js becomes a
full rank. In this way, we identify the optimal locations for the
PMU configuration at buses 3, 5, 8, 11, 12, and 14 in the IEEE
14-bus system. Figure 2 shows the sequence of the PMU
placement in the IEEE 14-bus system. Notice that the system
becomes completely observable when the PMU placement
process is completed. Therefore, the unobservable FDI attacks
against the AC state estimation cannot exist since all the system
state variables become secured.
In the next section, we use our novel optimal defence
strategy to find secure locations for SMRs in the power sys-
tems. We implement the proposed PMU placement algorithm
on the grid to prevent unobservable FDI attacks and enable a
secure system to site SMRs.
6 | SITING DGS IN SMART GRID
UNDER CYBERSECURITY CONSTRAINT
This section discusses the siting of new SMR power generation
units in a power grid. SMRs are considered as DGs generating
small-to-medium-scale electric power. We use our novel FDI
attack and defence models presented in Sections 4 and 5 to find
optimal SMRs' locations in the power grid from a cybersecurity
perspective. Note that the proposed attack and defence algo-
rithms (Algorithm 1 and Algorithm 2) are greedy approaches
that aim to optimally calculate attack vectors and find suitable
locations for PMUs, respectively. Thus, the siting of DGs, which
relies on the two greedy-based methods, is an optimal problem.
We utilize the SaskPower grid [66] to show the optimal
secure sites for new SMRs. Although we use our enhanced
least-effort FDI attack model and the optimal defence strategy
to site SMRs, our approach can be used to site other power
assets in other power networks.
6.1 | Scenario description for siting SMRs
Based on the current list of power stations, generation ca-
pacities, and voltage ratings of transmission lines given in [66],
 25152947, 2022, 3, Downloaded from https://ietresearch.onlinelibrary.wiley.com/doi/10.1049/stg2.12059 by Readcube (Labtiva Inc.), Wiley Online Library on [16/05/2023]. See the Terms and Conditions (https://onlinelibrary.wiley.com/terms-and-conditions) on Wiley Online Library for rules of use; OA articles are governed by the applicable Creative Commons License
170
- NAYAK AND AL‐ANBAGI

T A B L E 1 Results after the first round of the phasor measurement

unit placement algorithm in IEEE 14-bus system SMRs in Saskatchewan, Canada, based on the locations
� � � configured with PMUs.
Bus Ω b 0i Bus Ω b 0i Bus Ω b 0i We assume that any unobservable bus at the control centre
2 0 7 2 12 2 through a direct PMU configuration or a PMU on its neigh-
3 0 8 2 13 2
bour bus is vulnerable to hidden FDI attacks. In this regard, we
propose that the most suitable location to place an SMR under
4 0 9 0 14 3 the impact of cybersecurity is at the bus secured by PMUs.
5 0 10 0 - - Therefore, we apply our PMU placement algorithm on the grid
6 2 11 0 - -
network to identify the optimal set of buses to configure with
PMUs and secure the AC state estimation against FDI attacks.
Once the entire grid becomes fully observable after perform-
Load ing the PMU placement algorithm on the system, we consider
Load
13
Load the ideal locations for siting SMRs at all the PV buses of the
12 14 grid.
As discussed in Section 1, SMRs have small-to-medium-
Load Load scale power generation of up to 300 MWe. DGs operating at
11
10 Load this capacity require proper infrastructure that can provide
9
6
8
C effective power systems protection and the ability to process
Slack 7 real-time data at a high rate received from PMUs. In this re-
C Load
1
Load 4 gard, we choose PV (generator) buses in the transmission
5 network to site SMRs since those buses are understood to have
Load
a better foundation to support the functioning of SMRs.
Furthermore, it is more convenient for the system operators to
2
Load perform energy management systems operations, such as
Load Generator 3
Generator economic dispatch, load balancing, and energy distribution for
the generator sources located at the generator buses. Also,
there are environmental and social challenges to site SMRs in a
FIGURE 2 Phasor measurement unit placement in the IEEE 14-bus
power network, as discussed in Section 2. Therefore, we avoid
system the distribution network for locating SMRs since it remains
closer to the consumer end.

and inspired by the network diagrams of the IEEE test systems

[67], we develop an approximated SaskPower grid map, as
shown in Figure 3. The information on the bus topology of the
SaskPower grid and the connecting buses to other territories
out of Saskatchewan, Canada, shown in Figure 3, are obtained
from the single-line power diagrams of SaskPower subsystems
and the system descriptions presented in [68–71]. The majority
of the system load and the generation fleet of the province is
located in the central/southern area. As shown in Figure 3, the
SaskPower grid map includes 25 generators (or PV) buses and
69 load (or PQ) buses, thereby 94 total buses in the system.
Here, bus 1 is regarded as a reference bus.
6.2 | Methodology for siting SMRs
Our SMR placement method aims to find the optimal secure
locations (secure from cyber threats) in the grid. The first step
is to analyse the grid's cyber vulnerabilities using our least-
effort FDI attack. We do this by implementing the RRE-
form-based algorithm on the state estimation of the bus
network and calculating the hidden attack vector a. The second
step is to implement our optimal defence strategy to protect
the grid against hidden FDI attacks. We perform the PMU
placement algorithm on the grid network to achieve complete
system observability. Finally, we identify the secure sites for
7 | SIMULATION RESULTS AND
ANALYSIS
In this section, we evaluate the effectiveness of our proposed
vulnerability assessment model and optimal defence strategy in
defending against hidden FDI attacks. We perform experi-
ments on several IEEE standard test systems, including IEEE
9-bus, 14-bus, 30-bus, 118-bus, and 300-bus systems. Later, we
show the secure sites in the SaskPower grid to site SMR power
generation units.
We compute the Jacobian matrix using a MATLAB pack-
age MATPOWER [72]. We run the experiments in MATLAB
R2017a. The computer system utilized for the simulations is a
64-bit operating system with a 3.4 GHz processor and 16 GB
RAM.
7.1 | Vulnerability assessment against FDI
attacks
We show the minimum number of measurements to carry out
the least-effort hidden FDI attacks. Table 2 shows the simu-
lation results of the RRE-form-based algorithm. The results in
Table 2 show the calculated sparsest attack vectors, total iter-
ations, and CPU time the algorithm takes to calculate these
 25152947, 2022, 3, Downloaded from https://ietresearch.onlinelibrary.wiley.com/doi/10.1049/stg2.12059 by Readcube (Labtiva Inc.), Wiley Online Library on [16/05/2023]. See the Terms and Conditions (https://onlinelibrary.wiley.com/terms-and-conditions) on Wiley Online Library for rules of use; OA articles are governed by the applicable Creative Commons License
NAYAK AND AL‐ANBAGI
- 171

MEADOW LAKE MARTENSVILLE PRINCE

49
ALBERT 66
45 46 NIPAWIN
1 2 19 20
NORTH - QUEEN 53
3 4 44 54 56 57
BATTLEFORD ELIZABETH 15 55
62
16
8 17
10 11 ABERDEEN 51
7 47 60 61
12
5 6 50
13 14 18
9 52
48
59 67
WOLVERINE 63 65
LLOYD COTEAU CONDIE 58
CORY
MINISTER CREEK 69 70
22 CO-GEN
21 31 40 41
29 68 64
75 80
YORKTON
74 76 79 81 91 90
30 89
23 PASQUA 85
SWIFT
CURRENT 39 86
32 72
24 25 38
37 42
71 KENNEDY
33
77
73 87
26 28 35
27 34 36 43 78
82 88
REGINA SHAND
83 92
McNEILL
POPLAR
84 93
RIVER
:230 kV :138kV & BOUNDARY 94
Bus below Bus DAM

FIGURE 3 The SaskPower grid map

vectors. Here, the numeric values in the attack vectors repre- open to FDI attacks. It also exposes other state variables
sent the compromised row indices in the Jacobian matrix of associated with those manipulated measurements causing
each test system. cascading failures.
We can see from Table 2 that our algorithm takes less than Figure 4b shows the percentage of the compromised
five iterations for any test system to obtain the minimum cost measurements for each test system. We can observe from
attack vector. Notice the number of measurements to Figure 4b that the attacker has to compromise around 11% of
compromise in each test system to launch hidden FDI attacks the total sensor measurements to launch hidden FDI attacks in
in the system. Since our RRE-form-based algorithm focusses the IEEE 9-bus system. In the IEEE 300-bus system, the
on generating the least-cost attack vector, it yields the optimal attacker needs to manipulate 0.7% of the total sensor mea-
number of measurements to compromise for constructing the surements. The descending trend in the fraction of the
attack vector. On the other hand, the AC-based attack model compromised measurements shows that the cost of hidden
presented in [22] derives at least 16 numbers of measurements FDI attacks is decreasing with the increasing system size.
necessary to compromise for the IEEE-14 and the IEEE-18 The results of our least-effort FDI attacks model show that
bus systems, compared to 5 and 7, respectively, in our work. the hidden FDI attack vector a can be successfully injected in
Hence, we verify that the proposed RRE-form-based algo- the AC state estimation while satisfying the objective of
rithm can calculate the relatively sparsest attack vector to Equation (18). This means that the existing security constraints
launch the least-effort hidden FDI attack in the AC power and the BDD mechanism are unable to prevent FDI attacks
systems. against the AC state estimation.
Figure 4a shows a comparison between the computational Figure 4c shows the minimum cost attack vector of our AC
cost (in terms of the time complexity in finding the attack power flow model and the DC power flow model presented in
vector) of the DC model and our AC-based RRE algorithm. Ref. [12]. We use these results to find the feasibility of the DC-
We show that even when using complex AC power models, the based FDI attack model in evaluating cyber vulnerabilities. We
total time elapsed in our algorithm is significantly less than that can see from Figure 4c that the minimum number of mea-
of simple DC models used in Refs. [10, 62]. surements to compromise in the DC-based FDI attack model
Notice the pattern of the compromised measurements in remains constant for all IEEE test systems. On the other hand,
the attack vectors shown in Table 2. This pattern means that if in our AC-based FDI attack model, the number shows an
a measurement of any state variable is under attack, then the increasing trend from the IEEE 9-bus to the 300-bus system.
remaining measurements corresponding to the same state This comparison shows that the attacker neglects to modify
variable and close to that compromised measurement in the certain measurements in the DC-based model required to
Jacobian matrix are also vulnerable to manipulations. There- calculate the attack vectors. This is due to the assumptions
fore, an attack on a single measurement makes its entire set involved in the DC power flow model and the DC state

172
- NAYAK
TABLE 2 Simulation results of the reduced-row-echelon-form-based algorithmic solution
Test system Attack vector
9-bus (4, 6, 16, 36)
14-bus (14, 26, 66, 67, 68)
30-bus (13, 14, 140, 141, 142)
118-bus (297, 298, 480, 481, 600, 601, 602)
300-bus (9, 708, 709, 732, 733, 1394, 1419, 1420, 1421, 1422)
F I G U R E 4 (a) Time complexity for finding the attack vector, (b) Percentage of compromised measurements, (c) Comparison of AC and DC systems for
modelling false data injection attacks. RRE, reduced row echelon
estimation. These incorrect state variable estimations propa-
gate into the branch power flows and power injections mea-
surements. Therefore, even though the DC model simplifies
the modelling of FDI attacks, it gives inaccurate outcomes that
can trigger the BDD [21]. The above comparison of the AC
and the DC systems for modelling FDI attacks shows that it is
more feasible for the attacker to model the hidden least-effort
FDI attacks using the AC power systems.
7.2 | Defence strategy
We run experiments on different IEEE standard test systems
to evaluate the feasibility and the computational complexity of
our proposed defence strategy. Table 3 shows the simulation
results for different test systems, including the optimal number
of buses required for the PMU configuration and the CPU
time (in seconds) the PMU placement algorithm takes to
achieve complete system observability in each case.
We can see from Table 3 that the fraction of buses placed
with PMUs ranges between 40%–50% of the total number of
buses. This result is consistent with the previous work in Refs.
[6, 25] that used DC and AC models, respectively. However,
the PMU placement techniques in Ref. [6], and Ref. [25]
considered that the system is not under FDI attacks during the
PMU configurations [8, 16]. In this case, the solutions of the
defence techniques rely only on the initial state of the attack
and thereby become stagnant in responding to a variety of
attack vectors. On the other hand, the defence model proposed
in this work accounts for constant FDI attack threats while
25152947, 2022, 3, Downloaded from https://ietresearch.onlinelibrary.wiley.com/doi/10.1049/stg2.12059 by Readcube (Labtiva Inc.), Wiley Online Library on [16/05/2023]. See the Terms and Conditions (https://onlinelibrary.wiley.com/terms-and-conditions) on Wiley Online Library for rules of use; OA articles are governed by the applicable Creative Commons License
AND AL‐ANBAGI
Iteration Elapsed time (in seconds)
4 0.014
3 0.021
2 0.09
2 0.99
2 9.5
configuring PMUs, which helps provide a more rapid response
to cyber incidents in real-time.
Our optimal defence strategy achieves accurate state esti-
mation through securing all the system state variables with
minimum PMU configurations. On the other hand, the AC-
based defence techniques proposed by Yang et al. [25] have
not considered minimizing the number of PMUs while
achieving high state estimation accuracy.
Table 4 shows a comparison between the number of PMUs
required to achieve maximum state estimation accuracy in the
technique proposed in Ref. [25] and our approach. We can see
that our proposed approach uses fewer PMUs to secure all the
state variables. Furthermore, our defence strategy achieves
higher state estimation accuracy while achieving system
observability and combating FDI attacks. Our approach does
not require auxiliary PMU placements, and it does not include
any extra computational overhead needed to find additional
buses for PMU configuration.
Notice that Algorithm 2 also incorporates the calculation
of the attack vector a in every round. Therefore, the
complexity of the defence algorithm shown in Table 3 includes
the cost for finding the attack vector a and the computation
time required to find the optimal set of buses for PMU
configuration. Based on the results shown in Table 3 and
Figure 4a, we confirm that the time complexity of our AC-
based optimal defence strategy is very low.
To show the effectiveness of our approach, we analyse its
impact on the attack cost. Figure 5a shows the number of
measurements needed to compromise the state estimation
versus the percentage of buses with PMUs for different IEEE

NAYAK AND AL‐ANBAGI
T A B L E 3 Results of the PMU
Test system
placement algorithm
9-bus
14-bus
30-bus
118-bus
300-bus
Abbreviation: PMU, phasor measurement unit.
TABLE 4 Comparison of PMU placements in AC-based defence models
Test system Number of PMU placements in Ref. [25]
14-bus 11
30-bus 29
118-bus 65
Abbreviation: PMU, phasor measurement unit.
test systems. We can see that the attack costs are the minimum
when there are no PMUs in the system. However, as the
number of PMUs increases, the minimum number of
sensor measurements also increases. Once the PMU place-
ment algorithm achieves the full system observability, that is,
rank(Js) = 2N − 2, the solution to Equation (22) becomes
infeasible. Thus, the hidden attack vector can no longer exist in
the AC state estimation.
Figure 5b shows the percentage of the protected state
variables after each PMU configuration. We see that once the
PMU placement algorithm satisfies its objective in each test
system, all the system state variables are secured.
Figure 5c shows a comparison between the number of
buses configured with PMUs to prevent hidden FDI attacks
using the DC model in [12] and our work. The comparison
shows the effectiveness of our approach in protecting the
system. We see that the differences in the results obtained for
the DC and the AC models are close for small test systems.
However, for large networks, there is a difference because our
approach is more realistic.
The above results show that our AC-based optimal defence
approach can effectively protect the system against hidden FDI
attacks while securing the AC state estimation. Our model is
also able to achieve complete system observability with a low
computation cost. We also show that a defence strategy based
on the DC system is ineffective in the actual non-linear power
grid to prevent hidden FDI attacks.
7.3 | Case study: Selecting secure sites for
SMRs
To select secure sites for SMR power generation units, we first
implement our least-effort FDI attacks approach on the
SaskPower grid to test its vulnerability against hidden FDI
attacks. Based on the calculated false data attack vector a, we
obtain the most vulnerable buses for iterative PMU
25152947, 2022, 3, Downloaded from https://ietresearch.onlinelibrary.wiley.com/doi/10.1049/stg2.12059 by Readcube (Labtiva Inc.), Wiley Online Library on [16/05/2023]. See the Terms and Conditions (https://onlinelibrary.wiley.com/terms-and-conditions) on Wiley Online Library for rules of use; OA articles are governed by the applicable Creative Commons License
- 173
Number of buses placed with PMUs Elapsed time (in seconds)
5 0.1
6 0.6
12 3
52 150
149 3200
Number of PMU placements (This work)
6
12
52
configuration. Finally, we show the secure sites for SMRs. The
total number of buses in the SaskPower grid shown in Figure 3
is 94. This grid resembles the IEEE 118-bus system [67]. We
compute the Jacobian matrix J for the state estimation of
the SaskPower grid based on the standard information of the
IEEE 118-bus system. We obtained the power and voltage
magnitudes, phase angles, the shunt and line admittance at
generator and load buses, and branch resistance and reactance
from the IEEE 118-bus system.
To run the vulnerability analysis, we use the RRE-form-
based algorithm shown in Algorithm 1 to compute the hid-
den attack vector a. The attack vector a derived using the same
objective defined in Equation (18) for the SaskPower grid is
shown as follows:
aT ¼ ½ 0 ⋯ 0:06 ⋯ 0:06 ⋯ 0:43 ⋯ 0:15 − 0:15 0:06 0:43 �
ð27Þ
Here, the non-zero indices in the attack vector aT shown
above are 3, 46, 185, 431, 432, 433, and 434. Therefore, the
attacker needs to manipulate seven sensor measurements to
launch the least-effort FDI attack in this grid. It takes two it-
erations for our AC-based RRE algorithm to produce the
hidden attack vector.
Based on the above results, we note that the sparsest attack
vector a can be computed. These results satisfy the objective of
Equation (18) to launch hidden FDI attacks. Consequently, this
means that the test system is vulnerable to hidden FDI attacks.
Hence, to configure secure sites for SMRs, the system needs
effective defence mechanisms. We assume that PMUs are used
to secure the power assets. Thus, we apply our PMU-
placement-based defence strategy to secure the state estima-
tion of the SaskPower grid.
Figure 6 shows the optimal locations for the PMU
configuration in the SaskPower grid derived using our PMU
placement algorithm (Algorithm 2). The total number of
 25152947, 2022, 3, Downloaded from https://ietresearch.onlinelibrary.wiley.com/doi/10.1049/stg2.12059 by Readcube (Labtiva Inc.), Wiley Online Library on [16/05/2023]. See the Terms and Conditions (https://onlinelibrary.wiley.com/terms-and-conditions) on Wiley Online Library for rules of use; OA articles are governed by the applicable Creative Commons License
174
- NAYAK AND AL‐ANBAGI

FIGURE 5 (a) Change in the attack cost with the phasor measurement unit placement, (b) Percentage of protected states, (c) Comparison of AC and DC
systems

MEADOW LAKE MARTENSVILLE PRINCE

ALBERT 49 66
45 46 NIPAWIN
1 2 19 20
NORTH - QUEEN 53
3 4 44 54 56 57
BATTLEFORD ELIZABETH 15 55
62
16
8 17
10 11 ABERDEEN 51
7 47 60 61
5 12 50
6 14 18
9 13
48 52
59 67
WOLVERINE 63 65
LLOYD COTEAU CONDIE 58
CORY
MINISTER CREEK 69 70
22 CO-GEN
21 31 40 41
29 68 64
75 80
YORKTON
74 76 79 81 91 90
30 89
23 PASQUA 85
SWIFT
CURRENT 39 86
32 72
24 25 38
37 42
71 KENNEDY
33 77
73 87
26 28 35
27 34 36 43 78
82 88
REGINA SHAND

POPLAR 83 92
McNEILL
RIVER 84 93
:230 kV :138kV & :SMR Locations – Scenario 1 94
BOUNDARY
Bus below Bus :PMU DAM

FIGURE 6 Suitable sites for small modular reactor power generation units

buses required for the PMU configuration is 42 to achieve 8 | CONCLUSION

complete observability. We can see that after the completion
of the PMU placement algorithm, all of the system buses In this work, we proposed low-complexity cybersecurity
become observable at the control centre through secure measures to mitigate the risks of hidden FDI attacks. We
PMU measurements. Therefore, an attacker cannot calculate presented a novel AC-based least-effort FDI attack model to
the false data attack vector without bypassing the BDD assess the vulnerabilities of very large power networks. Based
mechanism. Figure 6 also shows optimal locations for SMRs on the vulnerability assessment, we introduced a novel optimal
in the grid. All of the PV buses are suitable locations for defence strategy to protect the grid against hidden FDI attacks.
SMRs as they are protected by the PMUs. We see that We developed a greedy algorithm to find optimal locations of
although not all the PV buses are configured with PMUs, secure power assets and achieve full system observability. We
they are treated as suitable sites for SMRs because those carried out experiments on various IEEE standard test systems
buses are observed from the neighbour buses with PMUs. to evaluate the performance of our attack and defence algo-
Note that the secure siting of SMRs is influenced by the rithms. The experimental results showed that the proposed
derived locations for the PMU placement. models could effectively protect the smart grid from hidden

NAYAK AND AL‐ANBAGI
FDI attacks with low computational complexity and enhanced
accuracy.
We used our cyber vulnerability assessment model and the
optimal defence strategy to site SMR power generation units
under the impact of cybersecurity constraints. We presented a
case study to find secure sites for SMRs in Saskatchewan,
Canada. Although our case study is used for the power utility
in Saskatchewan, our approach can be used to find secure
locations for power assets in other power networks.
As future work, we plan to carry out a detailed study on
how close our near-optimal solutions to FDI attacks modelling
and defence strategy are to the actual optimal solutions.
ACK NOW L ED GE ME N T S
This work was funded by the Sylvia Fedoruk Canadian Center
for Nuclear Innovation J2016-0032 ‘Developing Technical
Capacity for Understanding the Practical, Regulatory and
Economic Viability of Introducing a New Advanced Tech-
nology: A Case Study of Introducing Nuclear Power into a
Small, Previously Non-Nuclear Jurisdiction’.
CON FLIC T OF I N TE R ES T
No.
DATA AVAI L A BI L I T Y S TA T E ME N T
Data sharing is not applicable. No new data was generated, or
the article describes entirely theoretical research.
ORC ID
Irfan Al-Anbagi https://orcid.org/0000-0001-9192-7976
R EF ERE N CES
1. Greer, C., et al.: Nist framework and roadmap for smart grid interop-
erability standards, release 3.0. Tech. Rep. (2014)
2. He, H., Yan, J.: Cyber-physical attacks and defences in the smart grid: a
survey. IET Cyber-Phys. Syst.: Theory Appl. 1(1), 13–27 (2016)
3. Mo, Y., et al.: Cyber-physical security of a smart grid infrastructure. Proc.
IEEE. 100(1), 195–209 (2011)
4. Li, Z., Shahidehpour, M., Aminifar, F.: Cybersecurity in distributed po-
wer systems. Proc. IEEE. 105(7), 1367–1388 (2017)
5. Cintuglu, M.H., Ishchenko, D.: Secure distributed state estimation for
networked microgrids. IEEE Internet Things J. 6(5), 8046–8055
(2019)
6. Kim, J., Tong, L.: On phasor measurement unit placement against state
and topology attacks. In: 2013 IEEE Int. Conf. on Smart Grid Com-
munications, SmartGridComm, pp. 396–401 (2013)
7. Kim, T.T., Poor, H.V.: Strategic protection against data injection attacks
on power grids. IEEE Trans. Smart Grid. 2(2), 326–333 (2011)
8. Giani, A., Bent, R., Pan, F.: Phasor measurement unit selection for un-
observable electric power data integrity attack detection. Int. J. Crit.
Infrastruct. Prot. 7(3), 155–164 (2014). https://doi.org/10.1016/j.ijcip.
2014.06.001
9. Giani, A., et al.: Smart grid data integrity attacks. IEEE Trans. Smart
Grid. 4(3), 1244–1253 (2013)
10. Yang, Q., et al.: On false data-injection attacks against power system state
estimation: modeling and countermeasures. IEEE Trans. Parallel Distr.
Syst. 25(3), 717–729 (2013)
11. Yang, Q., et al.: Towards optimal pmu placement against data integrity
attacks in smart grid. In: 2016 Annual Conf. on Information Science and
Systems (CISS), pp. 54–58 (2016)
25152947, 2022, 3, Downloaded from https://ietresearch.onlinelibrary.wiley.com/doi/10.1049/stg2.12059 by Readcube (Labtiva Inc.), Wiley Online Library on [16/05/2023]. See the Terms and Conditions (https://onlinelibrary.wiley.com/terms-and-conditions) on Wiley Online Library for rules of use; OA articles are governed by the applicable Creative Commons License
- 175
12. Yang, Q., et al.: On optimal pmu placement-based defense against data
integrity attacks in smart grid. IEEE Trans. Inf. Forensics Secur. 12(7),
1735–1750 (2017)
13. Bi, S., Zhang, Y.J.: Graphical methods for defense against false-data in-
jection attacks on power system state estimation. IEEE Trans. Smart
Grid. 5(3), 1216–1227 (2014)
14. Farraj, A., et al.: A game-theoretic analysis of cyber switching attacks and
mitigation in smart grid systems. IEEE Trans. Smart Grid. 7(4),
1846–1855 (2015)
15. Deng, R., Zhuang, P., Liang, H.: CCPA: coordinated cyber-physical at-
tacks and countermeasures in smart grid. IEEE Trans. Smart Grid. 8(5),
2420–2430 (2017)
16. Manousakis, N.M., Korres, G.N.: A weighted least squares algorithm for
optimal pmu placement. IEEE Trans. Power Syst. 28(3), 3499–3500
(2013)
17. Gou, B.: Generalized integer linear programming formulation for optimal
pmu placement. IEEE Trans. Power Syst. 23(3), 1099–1104 (2008)
18. Paudel, J., et al.: A strategy for pmu placement considering the resiliency
of measurement system. J. Power Energy Eng. 3(11), 29–36 (2015)
19. Nuqui, R.F., Phadke, A.G.: Phasor measurement unit placement tech-
niques for complete and incomplete observability. IEEE Trans. Power
Deliv. 20(4), 2381–2388 (2005)
20. Cetinay, H., et al.: Comparing the effects of failures in power grids under
the ac and dc power flow models. IEEE Trans. Netw. Sci. Eng. 5(4),
301–312 (2017)
21. Hug, G., Giampapa, J.A.: Vulnerability assessment of ac state estimation
with respect to false data injection cyber-attacks. IEEE Trans. Smart
Grid. 3(3), 1362–1370 (2012)
22. Liu, X., Li, Z.: False data attacks against ac state estimation with
incomplete network information. IEEE Trans. Smart Grid. 8(5),
2239–2248 (2016)
23. Rahman, M.A., Mohsenian-Rad, H.: False data injection attacks against
nonlinear state estimation in smart power grids. In: 2013 IEEE Power &
Energy Society General Meeting, pp. 1–5 (2013)
24. Jin, M., Lavaei, J., Johansson, K.H.: Power grid ac-based state estimation:
Vulnerability analysis against cyber attacks. IEEE Trans. Automat.
Control. 64(5), 1784–1799 (2018)
25. Yang, Q., et al.: PMU placement in electric transmission networks for
reliable state estimation against false data injection attacks. IEEE Internet
Things J. 4(6), 1978–1986 (2017)
26. Chaojun, G., Jirutitijaroen, P., Motani, M.: Detecting false data injection
attacks in ac state estimation. IEEE Trans. Smart Grid. 6(5), 2476–2483
(2015)
27. Nayak, J., Al-Anbagi, I.: Modelling false data injection attacks against
non-linear state estimation in ac power systems. In: 2020 8th Int. Conf.
on Smart Grid (icSmartGrid), pp. 37–42 (2020)
28. Tran, N.N., et al.: Designing constraint-based false data injection attacks
against the unbalanced distribution smart grids, IEEE Internet Things J,
8(11), 9422–9435 (2021)
29. Idris, R., Latif, Z.A.: Gis multi-criteria for power plant site selection.
In: 2012 IEEE Control and System Graduate Research Colloquium,
pp. 203–206. IEEE (2012)
30. Kaboli, A., et al.: A new method for plant location selection problem: a
fuzzy-ahp approach. In: 2007 IEEE Int. Conf. on Systems, Man and
Cybernetics, pp. 582–586. IEEE (2007)
31. Choudhary, D., Shankar, R.: An steep-fuzzy ahp-topsis framework for
evaluation and selection of thermal power plant location: A case study
from India. Energy. 42(1), 510–521 (2012)
32. Kabir, G., Sumi, R.S.: Power substation location selection using fuzzy
analytic hierarchy process and promethee: A case study from Bangladesh.
Energy. 72, 717–730 (2014)
33. Naik, S.N.G., Khatod, D.K., Sharma, M.P.: Analytical approach for
optimal siting and sizing of distributed generation in radial distribution
networks. IET Gener. Transm. Distrib. 9(3), 209–220 (2014)
34. Hung, D.Q., Mithulananthan, N., Bansal, R.: Analytical expressions for dg
allocation in primary distribution networks. IEEE Trans. Energy Conv.
25(3), 814–820 (2010)

176
- NAYAK
35. Griffin, T., et al.: Placement of dispersed generation systems for reduced
losses. In: Proc. of the 33rd annual Hawaii Int. Conf. on System Sciences,
p. 9. IEEE (2000)
36. Samajpati, D.: Distributed generation allocation for power loss minimi-
zation and voltage improvement of radial distribution systems using
genetic algorithm. Ph.D. dissertation (2014)
37. Nadhir, K., Chabane, D., Tarek, B.: Firefly algorithm for optimal allo-
cation and sizing of distributed generation in radial distribution system
for loss minimization. In: 2013 Int. Conf. on Control, Decision and
Information Technologies (CoDIT), pp. 231–235. IEEE (2013)
38. Subki, M.H.: Global development and deployment plan of small-
medium reactors (smrs) (2012). https://inis.iaea.org/collection/
NCLCollectionStore/_Public/50/003/50003436.pdf
39. Almalki, R., Piwowar, J., Siemer, J.: Geographical considerations in site
selection for small modular reactors in saskatchewan. Geosciences. 9(9),
402 (2019)
40. Zanacic, E., McMartin, D.: Water supply assessment for siting small
modular reactors in Saskatchewan. In: Canadian Nuclear Society, Pro-
ceedings. Saskatoon (2018)
41. Ferris, D.M., Potter, G., Ferguson, G.: Characterization of the hydraulic
conductivity of glacial till aquitards. Hydrogeol. J. 28(5), 1827–1839
(2020)
42. Sprague, A., et al.: Developing subsurface geological criteria for small
modular reactors (smr), in saskatchewan. In: 40th Annual Conference of
the Canadian Nuclear Society. Saint John, NB, Canada (2020)
43. Lulik, B., DeMontigny, D., Hussein, E.: Is an exclusion zone needed for a
small modular reactor? In: Canadian Nuclear Society, Proceedings,
Saskatoon, (2018)
44. Mehran, B., et al.: Case study scenarios in site selection of hazardous
material facilities based on transportation preferences. J. Mod. Transp.
27(4), 317–333 (2019)
45. Zhang, X., et al.: A multicriteria small modular reactor site selection
model under long-term variations of climatic conditions-a case study for
the province of saskatchewan, Canada. J. Clean. Prod. 290, 125651 (2021)
46. Omoruyi, B.: Indigenous peoples’ participation in regulatory framework
for small modular reactors operations in Canada. In: 1st International
Conference on Generation IV and Small Reactors. Ottawa, ON, Canada
(2018)
47. SaskPower: Saskpower. https://www.saskpower.com/. Accessed 01 Dec
2020
48. Li, Y., Huang, R., Ma, L.: False data injection attack and defense method
on load frequency control. IEEE Internet Things J. 8(4), 2910–2919
(2021)
49. Wang, X., et al.: Detection and isolation of false data injection attacks in
smart grids via nonlinear interval observer. IEEE Internet Things J. 6(4),
6498–6512 (2019)
50. Luo, X., et al.: Interval observer-based detection and localization against
false data injection attack in smart grids. IEEE Internet Things J. 8(2),
657–671 (2021)
51. Shrestha, R., Wagner, D., Al-Anbagi, I.: Fuzzy ahp-based siting of small
modular reactors for power generation in the smart grid. In: 2018 IEEE
Electrical Power and Energy Conf. (EPEC), pp. 1–6. IEEE (2018)
52. Belles, R.J., Omitaomu, O.A.: Evaluation of potential locations for siting
small modular reactors near federal energy clusters to support federal
clean energy goals. Oak Ridge National Lab.(ORNL), Oak Ridge, TN
(United States), Tech. Rep. (2014)
53. Lokhov, A., et al.: Small modular reactors: nuclear energy market po-
tential for near-term deployment. Org. for Economic Co-Op. and
Development, Tech. Rep. (2016)
54. Duan, N., et al.: Cybersecurity analysis of distribution grid operation with
distributed energy resources via co-simulation. In: 2020 IEEE Power
Energy Society General Meeting (PESGM), pp. 1–5 (2020)
25152947, 2022, 3, Downloaded from https://ietresearch.onlinelibrary.wiley.com/doi/10.1049/stg2.12059 by Readcube (Labtiva Inc.), Wiley Online Library on [16/05/2023]. See the Terms and Conditions (https://onlinelibrary.wiley.com/terms-and-conditions) on Wiley Online Library for rules of use; OA articles are governed by the applicable Creative Commons License
AND AL‐ANBAGI
55. Soyoye, O.T., Stefferud, K.C.: Cybersecurity risk assessment for
California’s smart inverter functions. In: 2019 IEEE CyberPELS
(CyberPELS), pp. 1–5 (2019)
56. Chen, J., Abur, A.: Placement of pmus to enable bad data detection in
state estimation. IEEE Trans. Power Syst. 21(4), 1608–1615 (2006)
57. Jamei, M., et al.: Anomaly detection using optimally placed <tex-math
notation="latex">μPMU </tex-math> sensors in distribution grids.
IEEE Trans. Power Syst. 33(4), 3611–3623 (2018)
58. Jamei, M., et al.: Phasor measurement units optimal placement and
performance limits for fault localization. IEEE J. Sel. Area. Commun.
38(1), 180–192 (2020)
59. Abur, A., Exposito, A.G.: Power system state estimation: theory and
implementation. CRC press (2004)
60. Abdallah, A., Shen, X.S.: Efficient prevention technique for false data
injection attack in smart grid. In: 2016 IEEE Int. Conf. on Communi-
cations (ICC), pp. 1–6. IEEE (2016)
61. Liang, G., et al.: A review of false data injection attacks against modern
power systems. IEEE Trans. Smart Grid. 8(4), 1630–1638 (2016)
62. Liu, Y., Ning, P., Reiter, M.K.: False data injection attacks against state
estimation in electric power grids. ACM Trans. Inf. Syst. Secur. 14(1),
1–33 (2011)
63. Yingram, M., Premrudeepreechacharn, S.: Investigation over/under-
voltage protection of passive islanding detection method of distributed
generations in electrical distribution systems. In: 2012 Int. Conf. on
Renewable Energy Research and Applications (ICRERA), pp. 1–5
(2012)
64. Wang, X., et al.: Detection and isolation of false data injection attacks in
smart grid via unknown input interval observer. IEEE Internet Things J.
7(4), 3214–3229 (2020)
65. Zhang, Y., Wang, J., Liu, J.: Attack identification and correction for pmu
gps spoofing in unbalanced distribution systems. IEEE Trans. Smart
Grid. 11(1), 762–773 (2019)
66. SaskPower: Saskpower system map. https://www.saskpower.com/Our-
Power-Future/Our-Electricity/Electrical-System/System-Map. Accessed
21 Apr 2020
67. Station, T.A.E.E.: IEEE 118-bus system. https://electricgrids.engr.tamu.
edu/electric-grid-test-cases/ieee-118-bus-system/. Accessed 21 Apr 2020
68. Baker, M., Burgess, R.: Design and experience of a back-to-back hvdc
link in western Canada. In: 1991 Int. Conf. on Advances in Power System
Control, Operation and Management, APSCOM-91. IET, pp. 686–693
(1991)
69. Islam, S., Chowdhury, N.: A case-based windows graphic package for the
education and training of power system restoration. IEEE Trans. Power
Syst. 16(2), 181–187 (2001)
70. Kennedy, W., et al.: Five years experience with a new method of field
testing cross and quadrature polarized mho distance relays. ii. three case
studies. IEEE Trans. Power Deliv. 3(3), 887–893 (1988)
71. Jonnavithula, S., Billinton, R.: Topological analysis in bulk power
system reliability evaluation. IEEE Trans. Power Syst. 12(1), 456–463
(1997)
72. MATPOWER.: Form the power flow jacobian. https://matpower.org/
docs/ref/matpower5.0/makeJac.html. Accessed 01 Dec 2020
How to cite this article: Nayak, J., Al-Anbagi, I.:
Vulnerability assessment and defence strategy to site
distributed generation in smart grid. IET Smart Grid.
5(3), 161–176 (2022). https://doi.org/10.1049/stg2.
12059