Developing a Correlation Indices to Identify Coordinated Cyber-Attacks on Power Grids.

The large deployment of Information and Communication Technology~(ICT) exposes the power grid to a large number of coordinated cyber-attacks. Thus, it is necessary to design new security policies that allow an efficient and reliable operation in such conflicted cyber-space. The detection of cyber-attacks is known to be a challenging problem, however, through the coordinated effort of defense-in-depth tools (e.g., Intrusion Detection Systems~(IDSs), firewalls, etc.) together with grid context information, the grid's real security situation can be estimated. In this paper, we derive a Correlation Index~(CI) using grid context information (i.e., analytical models of attack goals and grid responses). The CI reflects the spatial correlation of cyber-attacks and the physical grid, i.e., indicates the target cyber-devices associated to attack goals. This is particularly important to identify (together with intrusion data from IDSs) coordinated cyber-attacks that aim to manipulate static power applications, and ultimately cause severe consequences on the grid. In particular, the proposed CI, its properties, and defense implications are analytically derived and numerically tested for the Security Constrained Economic Dispatch~(SCED) control loop subject to measurement attacks. However, our results can be extended to other static power applications, such as Reactive Power support, Optimal Power Flow, etc.