Electric power system security: the case for an integrated cyber-physical risk management framework

TL;DR

This paper proposes an integrated cyber-physical risk management framework for electric power systems, emphasizing the importance of jointly optimizing physical and cyber-security measures to enhance grid resilience against sophisticated attackers.

Contribution

It introduces a tri-level decision model that co-optimizes preventive physical and cyber-security strategies considering attacker uncertainty, highlighting their complementary roles in grid security.

Findings

Physical and cyber-security measures are non-exchangeable and complementary.

Joint optimization improves overall grid security.

Uncertainty management is crucial in decision-making.

Abstract

This paper concerns the security of the electric power transmission grid facing the threat of malicious cyber-physical attackers. We posit that there is no such thing as perfectly effective cyber-security. Rather, any cyber-security measure comes with the possibility that a highly skilled attacker could (eventually find a way to) bypass it. On these grounds, we formulate a tri-level decision making problem seeking to co-optimize preventive physical and cyber-security measures under uncertainty on the ability of an exogenous cyber-physical attacker to overcome the latter. Preventive physical security measures refer to the \emph{ex-ante} procurement of reserve capacity, which translates into ramping restrictions in real-time. Cyber-security measures refer to updating the firewall rules so as to impede an intruder from taking over the cyber infrastructure of the grid and disconnecting power generators and transmission branches. We adopt standard assumptions to formalize the inner optimization problems corresponding to the cyber-physical attacker and power grid operator and focus on uncertainty management at the uppermost level of the problem. Our findings establish that physical- and cyber-security measures are non-exchangeable complements in keeping the power grid operation secure.