Cyber-physical risk modeling with imperfect cyber-attackers

TL;DR

This paper models cyber-attack risks on power grids considering attackers with imperfect information, revealing how inaccuracies affect attack effectiveness and identifying common vulnerabilities for better risk management.

Contribution

It introduces a novel decision-making model for cyber-attackers with imperfect information and analyzes how data inaccuracies influence attack outcomes.

Findings

Inaccurate admittance data often lead to suboptimal yet still damaging attacks.

Inaccurate capacity data results in less effective cyber-attacks.

Common vulnerabilities are identified across different imperfect attack scenarios.

Abstract

We model the risk posed by a malicious cyber-attacker seeking to induce grid insecurity by means of a load redistribution attack, while explicitly acknowledging that such an actor would plausibly base its decision strategy on imperfect information. More specifically, we introduce a novel formulation for the cyber-attacker's decision-making problem and analyze the distribution of decisions taken with randomly inaccurate data on the grid branch admittances or capacities, and the distribution of their respective impact. Our findings indicate that inaccurate admittance values most often lead to suboptimal cyber-attacks that still compromise the grid security, while inaccurate capacity values result in notably less effective attacks. We also find common attacked cyber-assets and common affected physical-assets between all (random) imperfect cyber-attacks, which could be exploited in a preventive and/or corrective sense for effective cyber-physical risk management.