Survey of Security Advances in Smart Grid - IEEE Xplore

1

Survey of Security Advances in Smart Grid: A DataDriven Approach

Song Tan, Debraj De, Wen-Zhan Song, Junjie Yang, Sajal K. Das

Abstract—With the integration of advanced computing andcommunication technologies, Smart Grid is considered as thenext-generation power system, which promises self healing,resilience, sustainability and efficienc to the energy criticalinfrastructure. The Smart Grid innovation brings enormouschallenges and initiatives across both industry and academia, inwhich the security issue emerges to be a critical concern. In thispaper, we present a survey of recent security advances in SmartGrid, by a data driven approach. Compared with existing relatedworks, our survey is centered around the security vulnerabilitiesand solutions within the entire lifecycle of Smart Grid data, whichare systematically decomposed into four sequential stages: datageneration, data acquisition, data storage and data processing.Moreover, we further review the security analytics in Smart Grid,which employs data analytics to ensure Smart Grid security.Finally, an effort to shed light on potential future researchconcludes our paper.

Index Terms—Data-Driven, Security, Smart Grid, Survey

I. INTRODUCTION

The electrical power grid is the most fundamental andcomplex artificia system in modern society. With the recentadvancement in monitoring, sensing, control and communi-cation, plus the ever increasing penetration of renewable anddistributed energy resources, the legacy power grid is nowevolved along the journey to smart grid, which is envisionedto achieve self healing, resilience, sustainability and efficien y.The smart grid vision is being realized through the imple-mentation of cyber infrastructure overlaying the legacy powernetwork. The cyber infrastructure enables the collection andanalysis of data from millions of various distributed end-points such as smart meters, phasor measurement units, andcircuit breakers, etc. As suggested in [1], smart grid is literallyexploding into the largest example of internet-of-things, whichwill inevitably converge to something called Enernet.

However, the beauty of the smart grid innovation comeswith its danger: the integration and dependency upon cyberinfrastructure would exceedingly increase the chances of cyberthreats and attacks. On the one hand, critical control processessuch as state estimation, economic dispatch, load aggregationand demand response, etc, all rely on a secure and robust

This research is supported by NSF-1125165, NSF-1135814, NSF-1303359,NSF-1442630, NSF-1066391, NSFC-61202369, NSF CNS-1545037 and NSFCNS-1545050.

Song Tan is with Department of Computer Science, Georgia State Univer-sity, [email protected]. Wenzhan Song is now with College of Engineer-ing, University of Georgia, [email protected].

Debraj De and Sajal K. Das are with Department of Computer Science, Mis-souri University of Science and Technology, [email protected] and [email protected].

Junjie Yang is with Department of Electrical and Information Engineering,Shanghai University of Electric Power, China, [email protected].

cyber infrastructure, which are indispensable to all aspectsof smart grid. On the other hand, the cyber vulnerabilitiesmay also enable adversaries to manipulate meter measure-ments, system parameters and price information, and evenintrude and acquire direct access to these critical routines, todestabilize the grid in unpredictable ways. In the roadmap tosecure control system proposed by Department of Energy andDepartment of Homeland security [2], energy control systemsare subject to targeted cyber attacks. Potential adversarieshave pursued progressively devious means to exploit fl wsin system components, telecommunication methods, and com-mon operating systems with intent to infiltrat and sabotagevulnerable control systems. Sophisticated cyber attack toolsrequire little technical knowledge to use and can be foundon the Internet, as can manufacturers’ technical specificationfor popular control system equipment. As mentioned in [3],security issues are considered as one of the highest prioritiesfor the smart grid design. Therefore, the cyber security in smartgrid has become a key concern with increasing urgency for theresearch community.

As a result, a tremendous amount of efforts have been putinto the research of security issues in smart grid. Variousreactive (acting against the past) and proactive (acting inanticipation) methodologies are proposed to reduce the riskof threats, increase the ability to detect and identify systemanomalous behavior, and initiate mitigation countermeasuresquickly to restore the system operations. Since the natureof threats and vulnerabilities are constantly changing, theapplications of current best security practices are necessarybut not sufficient To greatly facilitate ongoing and futureresearch of security technologies in smart grid, comprehensivesurveys about previously efforts are essential and valuable,such as [4] [5] [6] [7] [8]. We notice that this line ofworks usually organize the survey from the perspective ofcommunication architectures and network layers, and theattacks and countermeasures described are centered around therequirements listed in [9], such as integrity, confidentialit ,availability, authenticity, authorization, and non repudiation,etc. For example, the attacks, such as man-in-the-middle andDoS attacks, and the countermeasures, such as authenticationand key management protocols, have all been discussed ineach of the above works.

In this paper, we are motivated to investigate and survey thesecurity advances of smart grid from a different perspective:a data driven approach. We believe that the goal of cybersecurity is to protect data, both in transit and at rest. Therefore,our survey is centered around the security issues within theentire lifecycle of smart grid data, which can be systematically

Digital Object Identifier: 10.1109/COMST.2016.2616442

1553-877X c© 2016 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.See http://www.ieee.org/publications standards/publications/rights/index.html for more information.

2

decomposed into four sequential stages [10]: data generation,data acquisition, data storage and data processing. To capturethe wide spectrum of technologies concerning each area, wesummarize the previous related efforts, structure comparisonsand provide insights for remaining challenges. In addition,we further review the security analytics in smart grid, whichemploy the big data analytics to ensure smart grid security.Our approach renders extra values in comparison with previoussurvey works by explicitly bridging the security issues with bigdata technologies in smart grid domain. Specificall , we havestriven to cover the following aspects of smart grid securityadvances:

• Data generation security: We firs summarize various datasources in Smart Grid system, and categories them intopower generation, power transmission and distribution,and load management. Then the security challenges foreach category are further discussed.

• Data acquisition security: The data acquisition processrelies on the underling communication protocols to gatherthe data from data sources to data storage. Therefore,we firs present the general communication protocols fordata acquisitions in Smart Grid and then address theissues of secure data collection and privacy-preservingdata sharing.

• Data storage security: Large-volume and reliable datastorages are indispensable for Smart Grid data streams.In this part, we describe the different data storage mecha-nisms for Smart Grid and review the related works aboutdata storage security.

• Data processing security: The Smart Grid data are even-tually processed within certain applications to delivertheir values. It is essential to emphasize the securitymechanisms of Smart Grid applications. In this section,we discuss the security aspects of two well known smartgrid applications-demand response and state estimation.

• Security analytics: From the security perspective, datacould be both the problem and the solution. In otherwords, data analytics could also provide promising solu-tions to ensure security. Thus, we summarize the datasources, data analysis methods as well as data visualiza-tion approaches for security analytics in Smart Grid.

We survey all together 180 papers from conferences andjournals, spanned mainly from 2010-2015. Our work not onlycomprehensively discusses the state-of-the-art technologies,but also is complementary to the coverage of existing surveypapers. It is our humble expectation that this work can serveras a firs stop for general audiences and domain experts tosearch for information and guideline upon their specifi needsregarding security solutions of smart grid.

The rest of this paper is organized as follows. In sectionII, we summarize the existing survey works about cybersecurity in smart grid. In section III, we present an overviewof smart grid and its key subsystems. From section IV tosection VII, we introduce the security issues within each phaseof smart grid data: data generation, data acquisition, datastorage and data processing. Then in section VIII, we discussthe security analytics in smart grid. Finally, we identify the

future directions and give the conclusions in section IX, X,respectively.

II. RELATED WORKS

Cyber security issues in Smart Grid have been capturing theinterests of research community for a while. Therefore, thereexists quite a few of survey papers related to this topic. Inthis part, we review the existing survey works to have a goodknowledge of previous efforts.

The firs line of works intend to cover the security issues ofentire Smart Grid system. In [6], Wang et al. extensively exam-ine the communication networks within both transmission sub-system and distribution subsystem of Smart Grid, including thewide-area network (SCADA) and local-area network (AMI).The authors firs introduce the network architecture, featuresand protocols of Smart Grid communication network andexplicitly compare those with the ones of Internet. Afterwards,they classify the potential threats and attacks within eachlayer of the communication network and employ a seriesof key uses cases of Smart Grid communication networksin [9], in order to further uncover the network vulnerabil-ities. Finally, the corresponding countermeasures based onnetworking and cryptography are presented. Similarly, Lineet al. in [11] compare the security requirements betweenSmart Grid communication network and telecommunicationnetworks. Then they list the overall cyber security challengessuch as connectivity, trust models, security management, soft-ware vulnerabilities, consumers’ privacy, and human factors.Solutions to these challenges are also suggested. Yan etal. in [4] further suggest the cyber security requirements,vulnerabilities and solutions for Smart Grid communicationnetworks. The security protocols adopted at each networkinglayer are given. In [7], Baig et al. classify the Smart Grid cyberattacks and countermeasures through fi e categories: SCADA,Smart Meter Attacks, Physical Layer Attacks, Data Injectionand Replay Attacks and Network-based Attacks, which spanhome area networks, neighborhood networks, and wide areanetworks.

Another line of works focus on the security of a particularsubsystem with Smart Grid. In [12], Cleveland et al. addressesthe security requirements specificall for Advanced MeteringInfrastructure (AMI), which include confidentialit , integrity,availability and non-repudiation. Then the threats that mayundermine these requirements are presented. In [13], Zhu et al.present a taxonomy of cyber attacks on SCADA system. It firsintroduces the security requirements of SCADA system. Thencategorize the attacks into attacks on hardware, attacks onsoftware and attacks on communication stack. In [14], Deng etal. survey the vulnerabilities and countermeasures specificallfor the transmission subsystem within Smart Grid. It focuseson the vulnerabilities of Phasor Measurement Units (PMUs)and Wide Area Measurement System (WAMS) technology. Itdivides the attacks into: denial of service attack, malicious datainjection attack, traffi analysis attack, and high-level applica-tions attack. Then as countermeasures, the authors introducethe principles of PMU and state estimation with PMU, andhow that can be used to counter attacks. Similarly, Beasley et

3

TABLE IRELATED SURVEYS OF CYBER SECURITY IN SMART GRID

al. in [15] focus the survey of cyber security vulnerabilities onPMU network. The attacks are classifie into four classes as in[16]: interruption, interception, modification and fabrication.All the recent attacks against PMU network are grouped intothe four categories. The countermeasures for each categoryof attacks are described. More recently, Komninos et al.in [8] present a survey of smart grid security issues witha strong emphasis on the smart home environment and itsinteractions with the smart grid environment. The securityobjectives of smart grid and smart home are also illustrated,including integrity, confidentialit , availability, authenticity,authorization, and non repudiation. Based on these objectives,the attacks against smart home, smart grid and the interactionsbetween the two are categorized. The countermeasures are alsoclassifie based on their abilities to ensure these objectives.

The related works are summarized in Table I. We noticethat both lines of works usually organize the paper from theperspective of communication architecture and network layers,and the attacks and countermeasures described are centeredaround the requirements listed in [9], such as integrity, con-fidentialit , availability, authenticity, authorization, and nonrepudiation, etc. For example, the attacks, such as man-in-the-middle attack and DoS attacks, and the countermeasures,such as authentication and key management, have almost beendiscussed in each of the above works.

III. SMART GRID OVERVIEW

A smart grid is an electrical grid that uses informationand communications technology to gather and act on data toimprove the efficien y, reliability, and sustainability of electricpower. It is characterized by the two-way communications ofdata and control signal, large scale penetrations of renewableenergy, and the complex interactions of distribution systemswith distributed generators, energy markets, and customerbehaviors. Specificall , a smart grid covers the followingaspects of the power system [17] [18] [19]:

• The delivery infrastructure, such as circuit breakers,transmission and distribution lines, transformers, smartsubstations and sensors, etc.

• The end-user systems and related distributed-energyresources, such as renewable resources, loads, storage,

Fig. 1. NIST reference model for smart grid

and electrical vehicles, etc.• The communication networks, such as remote measure-

ment and control networks, inter- and intra-enterprisenetworks, and the Internet and Home Area Networks(HAN), etc.

• The management system at various levels of generationand delivery infrastructure, such as transmission and dis-tribution control centers, regional reliability coordinationcenters, national emergency response centers and smartmetering management system, etc.

• The financia and regulatory environment, such as stockand bond markets, government incentives, regulated andnon-regulated rate of return, etc.

A. Overall architectureCurrently, the design architectures and implementation mod-

els for smart grid are still evolving and not finalized Oneof the most well known common reference model of smartgrid is proposed by the U.S National Institute of Standardsand Technology (NIST) in [18]. A conceptual view of theNIST’s smart grid reference model is depicted in Figure 1.The NIST’s model is composed of seven domains: generation,transmission, distribution, customers, markets, operations, andservice providers. The two-way electrical fl ws are movingacross the top four domains (power generation, transmission,distribution, and customer), which are controlled and managedby the bottom three domains (market, operations, and serviceproviders) through communication fl ws. In addition, threetypical customers are listed: Home Area Network (HAN),Building Area Network(BAN) and Industrial Area Network(IAN), where the Advanced Metering Infrastructure (AMI)takes place to monitor and manage the power and informationfl ws through smart meters.

B. Key subsystems1) Advanced Metering Infrastructure (AMI): AMI is

viewed as a fundamental subsystem for smart grid and it is

4

Fig. 2. Hierarchical architecture of AMI data fl w

an integration of multiple technologies (smart meters, com-munication networks, and information management systems)that provides intelligent connections between consumers andsystem operators [20]. The deployment of AMI solutions arebeneficia to both energy suppliers and end-use customers[21]. For the energy suppliers, AMI enables more efficienmeter reading, less cost, and accurate outage localization.For the end-use customers, it provides the opportunity toreduce energy cost by participating real-time market pricingand demand response.

The key technology of AMI is smart meter, which is a solidstate programmable devices that can read real-time energyconsumption as well as other operational data, such as voltage,phase angles, and frequencies, etc [22]. Consisting of smartmeters, AMI enables automated bidirectional data transferbetween end-user meters and the grid operators, such that fur-ther data analysis and processing can be conducted to facilitatemarket pricing and operational controls. A conceptual notionof hierarchy in AMI where data are collected, processed, andanalyzed to optimize smart grid benefit is depicted in Figure2 [23].

2) Supervisory Control and Data Acquisition (SCADA):SCADA system is at the core of Smart Grid system andresponsible for the real-time monitoring and control of powerdistribution [24]. It is deeply ingrained in the fabric of crit-ical infrastructure sectors [13]. It is designed to have real-time system-wide data acquisition capabilities, allowing thecontrol centers to gather all sorts of analog measurements andcircuit breaker status data from the power system, in orderto facilitate various security analysis, such as contingencyanalysis, corrective real and reactive power dispatch, etc [25].As the innovation of smart grid, the SCADA system isactively evolving, e.g, the smart grid control center is nowable to acquire the dynamic characteristics of transmission lineparameters and new vulnerabilities [26].

A typical SCADA system includes the following key com-ponents [27]:

• Control Servers: hosting control software and accessingsubordinate control modules.

• Human-Machine Interface (HMI): the platform that

Fig. 3. SCADA system general layout

allows operators to monitor the system states, changecontrol settings, and manually override automatic controloperations in the event of an emergency.

• Remote Terminal Unit (RTU): the fiel devices withwireless radio interfaces to conduct data acquisition andcontrol.

• Programmable Logic Controller (PLC): the fiel devicesto perform the logic control functions executed by elec-trical hardware.

• Intelligent Electronic Devices (IED): a smart sensor andactuator to acquire data, communicate to other deives,and perform local processing and control.

As shown in Figure 3, the control center holds the controlserver, the HMI, engineering workstations, and the data histo-rian, which are all connected by a LAN and exposed througha router. It collects measurements and logs information fromthe fiel devices, visualize them to the HMI, and may generateactions based upon detected events. The wide area networksenable the communication protocols between the control cen-ter and the fiel sites, which are typically implemented usingpower/telephone line, cable, radio microwave and satellite.

3) Wide Area Measurement system: The traditional SCADAsystem use data from remote terminal units (RTUs) to provideinformation to system operators. However, the mechanismused to retrieve data from the devices is asynchronous andrelative low [28]. To be able to monitor, operate and controlpower system in wide geographical area, Wide Area Measure-ment Systems (WAMS) are deployed. The overall capability ofWAMS is that data of the entire system can be obtained at thesame time and the same place [29]. WAMS use a GPS satellitesignal to time-synchronize from phasor measurement units(PMUs) at important nodes in the power system, send real-time phasor (angle and magnitude) data to a control center.The acquired phasor data provides dynamic information onpower systems, which helps operators to initiate correctiveactions to enhance the power system reliability. Table II showsa comparison between the RTUs of SCADA and the PMUsof WAMS. WAMS usually holds a hierarchical networkedarchitecture [30] [31], as shown in Figure 4. In each area,a certain number of PMUs are installed in the bus substationsof the power grid. In the middle level, there is a set of PhasorData Concentrators (PDCs). Each PDC can share informationwith the PDCs in neighborhoods through communicationchannels. In the top level, there is a WAMS center whichcollects information from PDCs supporting the system-widemonitoring task.

5

TABLE IICOMPARISON BETWEEN RTUS AND PMUS

Fig. 4. Hierarchical Architecture of WAMS in Smart Grid

IV. DATA GENERATION SECURITY

The security and privacy of Smart Grid data sources arevery crucial. In this section we focus on the security aspectsof data generation in Smart Grid.

A. Data Sources in Smart GridThe numerous data generated in Smart Grids belong to

various types such as sensing or measurements data (e.g.energy consumption or generation measurements), commandand control status information (e.g. power distribution or con-nection status), social and economics related knowledge (e.g.energy cost and pricing, demand).The data that get generatedand collected in Smart Grid ecosystem is not only gettingmassive in size, but also extremely varied, based on pervasivedata sources. The explosion in data reflect the fact that SmartGrid involves a very wide range of intelligent devices andassets spread across its distributed architecture. Overall thetypes of data sources in Smart Grid belong to the followingthree subsystem in Smart Grid: (i) power generation system;(ii) power transmission and distribution system ; (iii) loadmanagement system. The overview of all these data sourcesis summarized in Table III.

1) Data sources in power generation:• Solar power plants incorporate automatically measured

solar irradiation data to achieve high photovoltaic perfor-mance. Data about plant status include yield reports aboutindividual component performance, tracking of invertersor strings, alarm management [32], [33].

• Wind turbines convert wind’s kinetic energy into elec-trical energy. These can be installed in open field withenough wind speed or near the shore in the sea. The windplants need long-term historical and short-term data aboutwind and wave parameters [34], [33].

• Hydroelectric plants continuously monitor silt content(quantity and size in PPM) and the operating conditions

such as water level, temperature level, fl w rate in orderto diagnose the causes of fault or failure, and to determinereplacement measures or residual life [35].

• Marine turbines harness movement of the sea waveto generate electricity. The various data measured andused for stable operation and maintenance include long-term historical wave data from deep-water buoys as wellas the power plant’s site specifi short-term wave data(measured using wave gauge that uses acoustic Dopplercurrent profiler) energy yield, mechanical and electricalintegrity measurements. The wave data include waveheight, period, energy density, power per unit wave width[36].

2) Data sources in power transmission and distribution:• Phasor measurement unit (PMU) [37] measures pha-

sor with respect to a highly precise and accurate timereference. It is basically a solid-state relay or digital faultrecorder with GPS clock. PMUs generate data about theinstantaneous voltage, current and frequency at specifilocations on the electrical grid. The measurements dataare sent to substation or control center and stored indatabase at Phasor Data Concentrator (PDC) [37], [38].

• Microgrids are local and decentralized electric grids that,based on situation (e.g. natural disaster), can disconnectfrom traditional electric grid for autonomous operations.Its measurement unit consists of interface circuit workingwith PT (Power Transformer) and CT (Current Trans-former), conversion circuit for analog signal to digitaldata. The voltage and current measurements data atconsumer side is acquired and used to control power sys-tem and calculate the electrical power consumption. TheHistorical Information System (HIS) provides archive tostore power system historical data. This data is utilized toforecast both consumer load profil and power generation[39] [40].

• Fault detectors are critically important in Smart Grid forfindin faults and taking actions to control failure spread.The devices consist of sensors to detect faults/ issues inpower network, and intelligent switches to control thepower fl w in the network. The measurement data typesinclude relay statistics, earth potential rise monitor data,soil thermal resistance monitor data, insulator leakagecurrent monitor data, transmission line sag monitor data[41], [42].

3) Data sources in load management:• Smart Meters measure energy consumption in real-time,

and communicate energy usage data between customersand their utility companies. Typically By July 2014, thenumber of smart meter installations in the U.S. exceededvery large scale of 50 million. These covered more than43% of the U.S. homes, which is an increase from 46million smart meters from the year before [43], [44].Smart Meters record electric usage readings at least everyhour or less (e.g. every 15 minutes in many cases).

• Smart Appliances also play a very essential role in loadmanagement of Smart Grid. They allow f exible usage andoperations in off-peak periods than peak hours, reducing

6

TABLE IIITYPICAL DATA SOURCES IN SMART GRID ECOSYSTEM.

peak and average electricity usage. Studies by FederalEnergy Regulatory Commission (FERC) [45] [46] finthat only 17% of U.S demand response potential isprovided by residential customers. But with ongoing wideadoption of Smart Meters and Smart Appliances, the canbe increased to 45%. The Smart Appliances generatedata regarding measured energy consumption, and operate(among on, off or varied power level states) based on bothuser and the grid control commands.

• Electric Vehicles are bringing new perspectives for powerconsumption and storage in Smart Grid. The electric vehi-cle’s data acquisition system [47] continuously measureand store varied data, such as: battery current, tractionbattery potential, ambient temperature, vehicle axle pulsecounts, etc. EVs are the emerging source of large streamsand archives of important and actionable data in SmartGrid.

B. Security in - Data GenerationIn this subsection we elaborate security aspects in the

discussed three categories of data sources in Smart Grid.1) Data Source Security in - Power Generation: Energy

security is define in [48] by the European Commission (EC)as “uninterrupted physical availability of energy products onthe market, at a price which is affordable for all consumers(private and industrial)". The report by International EnergyAgency (IEA) [49] has discussed renewable energy technolo-gies and statistical analysis for assuring energy security. It ismainly focused on solutions to mitigate risks due to: physicalsecurity threats (can happen due to intentional attacks orweather events), technical system failures (e.g. outage suchas blackouts and brownouts), energy market dynamics (due to

economics, geopolitical and other factors). It assessed impactsof these different categories of risks in hydropower, solarphotovoltaics (PV), concentrating solar power (CSP) plants,wind power, biomass combustion, geothermal power, andocean energy.

A report in [50] has suggested detailed categorical measuresin designing cyber security capability at the State level forenergy assurance in Smart Grids. The report also stressedon the importance of information or data oriented securitymeasures. According to the Energy Independence and SecurityAct of 2007 (EISA 2007), the firs referenced characteristicsof smart grid security is “Increased use of digital informationand controls technology to improve reliability, security, andefficien y of the electric grid”. The work in [51] analyzes var-ious aspects of energy security for renewable energy systems.Based on work in [52], this work has discussed an analyticalframework to assess relationships between energy and security.It is divided into two branches: (a) energy system as an objectexposed to security threats, and (b) energy system as a subjectgenerating or enhancing insecurity. The firs aspect includesecurity of supply and security of demand. The second aspectinclude economic and political risk factors, technological riskfactors, environmental risk factors.

2) Data Source Security in - Power Transmission andDistribution: The existence of interacting embedded devicesis prevalent in power transmission and distribution system.From a general perspective, the work in [53] has addresses theoverall security challenges in these embedded and hardwaredevices, which includes data provenance and integrity, trustmanagement, identity management, and privacy. A genericlayered Internet of Things (IoT) architecture is presented withthe corresponding threat model. The threat model considers

7

attacks on various layers: individual sensors, particular sensornodes, actuators, gateway, federated infrastructure. For thedata provenance and integrity, concept of Sensor PhysicalUnclonable Function (PUF) is employed that merges sensingwith cryptography. Unlike traditional PUF [54] (whichproduces response based on the challenge), Sensor PUFproduces the response based on challenge as well as thesensed physical quantity. Sensor PUF can also be used inidentity management by providing unique IDs. For trustmanagement in legacy as well as low-cost systems, usageof hardware performance counters (HPCs) is suggested. Thehardware performance counters are registers that can monitorcertain events occurring during the lifetime of a program.Thus HPCs are present in all commodity processors. Forprivacy, light-weight encryption is suggested. In anotherwork [55], different physical attacks against sensing deviceshardware is evaluated. The physical attacks are categorizedwith decreasing severity as follows: (i) gaining completeread/write access to the microcontroller; (ii) reading outRAM or flas memory, in whole or in part; (iii) influencinsensor readings; and (iv) manipulating radio communications.In the following, we specificall investigate the data sourcesecurity within two embedded systems: Phasor MeasurementUnit(PMU) and Microgrid.

Securing PMUs. Phasor Measurement Unit (PMU) is one ofthe most critical measurement devices in power transmissionand distribution system. PMUs are prone to security andprivacy attacks. A recent work in [15] has surveyed relevantworks considering security vulnerabilities in PMU networks.The PMUs currently communicate typically with IEEEPMU communications standard C37.118 [56]. The protocoldefine data conventions, measurement accuracies, andcommunications formats for synchrophasors or PMUs. Sincethe networked PMU data are reported to PDC through TCP/IPcommunication, it is prone to cyber-attacks. The attacks aregenerally classifie into four categories as follows (basedon [16]): (a) interruption, (b) interception, (c) modificationand (d) fabrication. The authors have also discussed aboutcorresponding countermeasure methods. The interruptionattack include: physical attacks damaging the hardware orinfrastructure (e.g. cutting a network connection betweenthe PMU and PDC, sabotaging PMU); software attacks thataffect hardware (e.g. Stuxnet); PMU Specifi DoS or denialof service attack (the realtime measurement data servicesmake PMU vulnerable to DoS attacks). The interceptionattack can be either passive with packet sniffin or canbe active with man-in-the-middle attack. The side-channelattack can also occur, extracting information by observingimplementation artifacts. The modificatio attack tries toexploit some security vulnerabilities to corrupt, highjackor alter a legitimate process. Such attack include PMUspecifi insertion attacks such as malicious code injection andreturn-oriented programming. The fabrication attack involvecreating fictitiou asset or entity on the network, such assending fabricated data across network through data spoofinand man-in-the-middle attacks. Also future research directionand opportunity is indicated through security gateway system

that is capable of neutralizing these attacks. The securitygateway system can remove security vulnerabilities in thePMU - PDC - Super PDC network.

Securing Microgrids. Microgrid is another key factor inincreasing the electric grid reliability, the microgrid controlsystems are needed to be secure against adversarial attacks.The report in [57] has categorized the vulnerabilities in themicrogrid control systems. There are two kinds of vulnerabil-ities: (i) vulnerabilities existing in traditional Internet Protocol(IP) network (control communications of data in microgridhappen commonly over IP networks); and (ii) vulnerabilitiesspecifi to Industrial Control System (ICS) systems. IP net-work specifi vulnerabilities include following attacks: Denialof service (DoS), eavesdropping, man-in-the-middle (MITM),masquerading, message modification message replay, traffianalysis, unauthorized access. The ICS specifi vulnerabilitiesinclude various attacks as follows: attacks on fiel devices;backdoor or malicious software installed on command andcontrol network; database attacks; devices with few or no secu-rity features; improper configuratio of actors in ICS network;improper cyber-security procedures or training for internaland external personnel; improper or no network perimeterdefinition improper or non-existent patching of software andfirm are; insecure coding techniques; lack of ICS-specifimitigation technologies and security tools; lack of redundancyfor critical actors; unauthorized personnel having access to ICSactors; vulnerabilities in common communication and controlprotocols in ICS. The report has then paired some nationalincident scenarios with the combination of vulnerabilities fromthe ones described above. Here are few examples. (A) TheICS operation was disrupted by delaying or blocking the fl wof data through corporate or control networks. This had ledto denial of availability of the networks to operators andcausing information transfer bottlenecks or denial of serviceby information technology (IT)-resident services (such asdomain name resolution). This was caused by a combina-tion of DoS attack and improper or no network perimeterdefinitio vulnerability. (B) Another national incident wasfalse information being sent to ICS control operators eitherto disguise unauthorized changes or to initiate inappropriateactions by system operators. This was a combination of anumber of attacks/ vulnerabilities: database attack, improperor no network perimeter definition MITM, message modification, message replay. Finally a microgrid threat model isproposed, which is more complete (i.e. not site or installationspecific) This threat model integrates an architecturally drivenmodel with a generic threat profil that integrates informationfrom cyber-security issues and incidents in real-world controlsystems. Based on work on generic threat matrix in [58], thethreat levels (3 levels for high threat, 3 levels for mediumthreat, 2 levels for low threat) are categorized based onindicators of threat profile The threat profil indicators are:intensity, stealth and time in “commitment” related issues;technical personnel, cyber, kinetic and access in “resource”related issues.

3) Data Source Security in - Load Management: Loadmanagement is one of the key functionalities in smart grid,

8

TABLE IVACCOUNTS ACCESSED FOR POWER AND SERVICE CHARGES DURING ELEC-

TRICAL VEHICLES CHARGING TRANSACTIONS.

enabled by the deployment of smart meters and electricalvehicles. Different approaches such as trust model, policymaking, key management, and authentication schemes areemployed to secure the data generation in these two devices.

Securing Smart Meters. The work in [59] addresses issueof cyber-attacks against connected smart meters by propos-ing an independent, distributed and lightweight trust evalu-ation model. The trust model is implemented in two levels(individual smart meters and then collective nodes), whichhelps in detecting and isolating malicious nodes. The trustmanagement process is based on three features: compositionof trust components, aggregation of information from eachcomponent, formation of overall trust from collective trustcomponents. The three major possible threats are considered:network availability, data integrity and information privacy.Another work in [60] has presented the security issues specif-ically for smart meters from the policy point of view. Theauthors address the issues in electricity fraud, privacy, strategicvulnerabilities and over-regulation, the conflic of interests.Policies and economics issues about smart meters in homearea networks are listed. Key management system consid-erations for smart grid devices (including smart meters) ispresented in [61]. Smart Grid device manufactures are increas-ingly deploying different encryption technologies to providevaluable properties like Confidentiality Integrity/ Availability(termed as CIA) of the data to ensure operations policy andcompliance. Current vulnerability and threats to smart griddevices (including smart meters) are categorized as: consumerthreats, naturally occurring threats (i.e. hazards), individualand organizational threats, impacts on consumers, impacts onavailability, financia impacts, and likelihood of attack. Thereare various cryptosystems necessary to provide an end-to-end turnkey CIA services, covering all layers of the protocolstack as well as cyber-physical boundaries. For testing suchnumerous cryptosystems, example testbed of networked smartmeters is discussed in this work. The unique challenges in keymanagement are presented as: effectively modeling securityrequirements and implementations, and managing keys andkey distribution process.Securing Electric Vehicles. The electric vehicles can supportthe new Smart Grid system dynamics, but as long as thesecurity and privacy concerns are met. In this regard, thework in [62] proposes two authentication schemes to addressthe security and privacy issues of electric vehicles. The firsauthentication scheme is between the EV and a trusted Smart

TABLE VSUMMARY OF RELATED WORKS ON DATA GENERATION SECURITY IN

SMART GRID

Grid server directly, while second authentication scheme isvia a non-trusted third party entity with a robust privacy-preserving agenda. The electric power for the electrical vehi-cles is delivered to its area via the distribution network,based on the seven domains structure model presented in[9]. But the location of electrical vehicles can be in any ofthe following, referred to as Charging Points (CPs), HomeArea Network (HAN), Building Area Network (BAN), Host,Industry Area Network (IAN), public infrastructure, and thirdparty power station. Then the main challenge is to providesecured authentication for such transactions of EV charging inall those varied locations. This is complex because transactionsin each of these location scenarios need to access a numberof accounts for service credit and power charge debit. This isillustrated in Table IV.

C. Summary on Security of Data GenerationFinally we have summarized some of the key works about

data generation security in Table V.

V. DATA ACQUISITION SECURITY

With such a large range of data sources and data typesin Smart Grid ecosystem, the data acquisition process isalso complex and varied. There are various communicationtechnologies, protocols and standards being used for dataacquistion at different levels in Smart Grid. Usually inside thehome or other local facilities, there is ZigBee communicationprotocol for data collection. Then these facilities are connectedto the internet or the aggregator via wireless mesh networks(WMN), internet protocol (IP) or powerline communication(PLC). Aggregator acts as collector of information about

9

Fig. 5. Communication methods in Smart Grid.

consumer loads demand and availability of distributed small-scale energy supplies, and then offering these distributedenergy resources to the energy consumers. In another commu-nication mode, the substations in Smart Grid connect to theinternet or the aggregator via internet protocol (IP), powerlinecommunication (PLC), or IEC (International ElectrotechnicalCommission) standard protocol such as IEC 61850 [63]. Theseare illustrated in Figure 5. In this section we present thesemethods and standards for data acquisition in Smart Grid, witha focus on security issues.

A. Communication Methods for Data Acquisition in SmartGrid

ZigBee communication protocol [64] [65] [66] is used inSmart Grid for wireless personal area network (WPAN)applications. It follows the IEEE 802.15.4 standard, and isdesigned for relatively low data rate communication amonglow-power devices in a small local area such as inside thehome or building. Zigbee protocol stack consists of four layers:physical (PHY) sub-layer and the medium access control(MAC) sub-layer define by IEEE 802.15.4, then the networklayer and application layer. ZigBee has two device classes: fullfunction device (FFD), and reduced function device (RFD).FFD can perform all the tasks define by ZigBee, while RFDcan perform only limited tasks. FFD can form any topologyand become a network coordinator (responsible for overallnetwork management). RFD is limited to star topology andconsume low power. ZigBee has following components orentities defined coordinator, end device, router, ZigBee trustcenter (ZTC), and ZigBee gateway. The packet frame structurein IEEE 802.15.4/ ZigBee communication is illustrated inFigure 6. The preamble consists of 32 bits for synchronizationpurpose. The PSDU (PHY Service Data Unit) size rangesfrom 0-127 Bytes and consists of PC (for addressing modeflags) ADDR (for address information), DSN (Data SequenceNumber), Link Layer PDU, and CRC (Cyclic RedundancyCheck).

Wireless Mesh Networks (WMN) communication protocolis used in Smart Grid for wireless metropolitan area networkapplications. WMN form a wireless communication backbonewith interconnection among WiFi (IEEE 802.11 family of

Fig. 6. ZigBee packet structure.

a, b, g, n etc.) or WiMax (IEEE 802.16 family of d ande) routers. WMN can be connected to the internet or otherexternal networks through gateway router. The IEEE 802.16d/e WiMAX provides fi ed (wireless local loop), portable, andmobile high data rate wireless service at speeds of up to 72Mbps and direct reach up to 6 miles. The MAC Convergencesub-layer in IEEE 802.16 receives IP, Ethernet packets fromupper layer and outputs it to MAC SDU (Service Data Unit).Then the MAC common part and privacy sub-layer receives theSDU from the MAC convergence layer and outputs to MACPDU (Protocol Data Unit). Finally the PHY layer receivesthe MAC PDU and outputs the IEEE 802.16 frame. The WiFiIEEE 802.11 a/ b/ g/ n respectively provide typical throughputof upto 25/ 7/ 14/ 100 Mbps and outdoor range of upto100/ 300/ 300/ 600 ft. The PHY layer in IEEE 802.11 is offour types: 802.11a 5 GHz, 802.11b 2.4 GHz, 802.11g 2.4GHz, and 802.11n 2.4 and 5 GHz PHY. Overall the reportin [67] has surveyed the wireless communication technologiesbased on following performance requirements in Smart Griddata collection: latency, data rate, resilience, security, distance,scalability.

IEC 61850 [68] [69] is a object-oriented communicationprotocol definin communication across Intelligent ElectronicDevices (IEDs). It is mainly focused on communication forelectric substation automation. IEC 61850 provides a compre-hensive model for enabling easy organization of data in powersystem devices, with the support of consistency across devicetypes and plug-and-play capability. The core parts of IEC61850 include following: Substation Configuratio Language(SCL), Abstract Communications Service Interface (ACSI)and base types, Common Data Classes (CDC), Logical Nodes,Specifi Communications Service Mappings (SCSM) withMMS and ethernet, sampled values over ethernet, conformancetesting. The standard has define data types to be transmittedfor each logical device, with object name, data class name(data structure), data description, mandatory/ optional prefer-ence.

Power Line Communication (PLC) [70] [71] is wired com-munications technology that uses power transmission con-ductor line to transmit data. It provides lower cost thanwireless communication modes because it utilizes alreadyexisting power line infrastructure. There are 3 classes of PLCcommunication technology: broadband, narrowband, and ultranarrowband. The broadband provides up to 200 Mbps datarate and is applicable to residential AMI (advanced metering

10

infrastructure)/ AMR (automatic meter reading), but not suit-able for sub-stations. The narrowband provides up to 500 kbpsdata rate and is applicable to sub-station communications. Theultra-narrowband provides up to 100 bps and is applicableto AMI, AMR, Demand Response (for direct load controlpurpose).

In summary, the U.S. Department of Energy (DoE) report[72] has suggested communication parameter needs for var-ious Smart Grid functionalities. This is illustrated in TableVI. There also exist other communication technologies andstandards for Smart Grid data collection and aggregation,such as: IEC 61970 and IEC 61969 for energy manage-ment systems, IEC 60870-6/ TASE.2 for inter-control centercommunications, IEEE P2030 for customer-side applications,IEEE P1901 for in-home Smart Grid applications, OpenADRfor load control in Demand Response, BACnet in buildingautomation, Z-Wave as alternative to ZigBee for home areanetworking, etc.

B. Security in - Data AcquisitionData Acquisition is a very essential function in Smart

Grid for monitoring varied states of entities such as powerconsumption, load balancing, resource allocation, etc. TheSmart Grid data are collected very frequently to support smartelectricity distribution, consumption and management. But thisalso introduces new security and privacy challenges.

1) Secure data collection and aggregation: The non-IPbased networks deployed in utility power grids are limitedin communication and security capability. The largely distrib-uted data generating sensors around Smart Grid architectureare typically constrained (in terms of computation, mem-ory, communication bandwidth), requiring scalable and securetransport and data collection protocols design. The work in[73] has proposed SSTP, a scalable and light-weight transportprotocol over power grid wide area network. It supportslifetime-lived, secure and reliable sensor data delivery, byexploiting the notion of state-token. The state-token is issuedwith each server message and attached to corresponding clientmessage subsequently delivered to the server. The work hasalso compared different transport protocol based on differ-ent features. SSTP has been proved to significantl reducecomputation and memory overhead, compared to the existingtransport protocols.Secure and scalable data collection proto-col for Smart Grid is proposed in [74] and [75], containinga hierarchical architecture consisting of measurement devices,data collectors, and power operator. The measurement devicesencrypt generated data, the data collectors relay those datafrom the measurement devices to power operator. While thedata collectors can verify the data integrity, they cannot accessthe content of the data, thus preserving data confidentialit .This feature removes the requirements of trusted or honest-but-curious data collectors from the data collection model.The authors further extend this work in [76] by couplingthe secure data collection requirements with objective oftime minimization, such that the total data collection time isreduced while ensuring confidentialit of data. In [77], thetime minimization objective is specificall studied within a

tree-based smart grid data collection environment. Anotherwork in [78] has proposed a secure data transmission schemebased on compressive sensing. Only simple linear operationsare required in the encryption process. The proposed schemecan achieve perfect secrecy under certain conditions.

2) Privacy preserving data collection and sharing: A num-ber of works have proposed and designed privacy-preservingframeworks and policies for data sharing in Smart Grid. As thebusiness model in Smart Grid gets a transformation, businessother than utilities might even sell electricity or collect energyusage/ production data directly from consumers [79]. Utilitiesmay also get into new services outside traditional powerdistribution and provision. This motivations increasing risksof privacy violation within Smart Grid. The work in [80] hassummarized privacy policies, laws, regulations and standardsin this regard. The corresponding privacy-enhancing schemessuch as encryption, steganography, aggregation methodologies,de-identificatio methodologies, access control systems, andprivacy seals for websites are discussed. The newest privacyconduct code from the U.S. Department of Energy (DoE) isavailable in [81].

First, the work in [82] has proposed a privacy-protectedsmart meter data collection scheme. The original data arehomomorphic encrypted to protect users’ privacy. Proposedscheme is able to check the correctness of the collecteddata by directly examining the homomorphic-encrypted onesinstead of the original ones, such that the users’ privacy ispreserved while data correctness is ensured. Another work in[83] addresses the issue of privacy protection where individualsmart meter measurements are kept secret from outsiders(including the utility provider itself), while processing privatemeasurements under encryption. The authors firs list theinvolved parties in a smart meter scenario and the smartmetering architecture. Then they use total energy consumptionas the aggregation function, and compare different privacy-preserving approaches to implement the aggregation function.Finally, challenges related to hardware limitations, securitycryptographic protocols and signal processing are discussed.

Moreover, grid users and standardization committees usu-ally prevent the utilities and third parties from collectingaggregated meter data at the household granularity. Dataperturbation is a technique used to provide a trade-off betweenthe privacy of individuals and the precision of the aggregatedmeasurements. The work in [84] presents an interesting deci-sional attack on aggregation with data perturbation. It showsthat it is possible to detect the presence or absence of anindividual’s data inside an aggregate by exploit the temporalcorrelation within the measurements. Similarly, the work in[85] has considered a decisional attack on data aggregationwith data-perturbation, showing that a curious entity canexploit the temporal correlation of Smart Grid measurementsto detect presence or absence of individual data generatedby a specifi user, inside the aggregate. Another work in[86] has proposed an efficien and privacy-preserving dataaggregation scheme, by using a superincreasing sequence tostructure multidimensional data and encrypting the structureddata by the homomorphic paillier cryptosystem. For datacommunications from user to Smart Grid operation center,

11

TABLE VINETWORK COMMUNICATION REQUIREMENTS IN DIFFERENT APPLICATIONS OF SMART GRID

TABLE VIISUMMARY OF RELATED WORKS ON DATA ACQUISITION SECURITY IN

SMART GRID

data aggregation is performed directly on ciphertext at localgateways, without decryption.

Finally, there are also relevant works in the literature forassuring privacy while sharing smart meter data. The work in[87] has proposed a privacy-preserving data sharing method toprevent stakeholders from obtaining identifiabl smart meter-ing data, while still enabling them to perform their respectivefunctions. The authors firs introduce a data sanitization-basedmechanism to protect sensitive information before sharing datafor external usage. Then they present solutions based on securemulti-party computing to enable the third parties to performaggregation operations on smart metering data in a privacy-preserving manner. Another work in [88] presents a privacy-preserving framework for the analysis of sensor data fromsmart homes. The authors propose an approach to achievedata privacy throughout the complete data cycle including: datageneration, transfer, storage, processing and sharing. The mainobjective of the privacy preservation is to ensure that privateinformation remains protected, while processing or releasingdata.

The key discussed works about data acquisition security aresummarized in Table VII.

Fig. 7. Different components in cloud-based Smart Grid data storage.

VI. DATA STORAGE SECURITY IN SMART GRID

Data storage is one of the most vital components in theSmart Grid ecosystem for assuring a number of services andfunctionalities (such as grid failure detection - isolation -restoration, demand-response, prediction of energy generation,micro-grids, customer analysis and billing etc.). The data fromvery broad range of sources are needed to be stored in asystematic manner for efficien and contextual retrieval. Thesedata are needed to be queried and retrieved meaningfully forprocessing and analysis for intelligence extraction.

A. Methods and Practices for Data StorageCloud-based data storage and analysis has become largely

popular in Smart Grids due to advantages like performance,scalability, availability and interoperability, facilitating dataanalysis both in real-time and long-term historical. As illus-trated in Figure 7 the different components of cloud-based datastorage systems for Smart Grid are: data center facilities, datastorage arrays, storage area network, server platforms, data-base, and virtualization of server or storage or network devices.While a number of these components are infrastructure ormaintenance related, the database is very important componentrequiring more design efficien y and security protection. Themaintenance and operations in Smart Grid database consists

12

Fig. 8. Different database types for Smart Grid data storage.

of standard data management operations such as: schema orformat creation, data insertion with update and delete routines,data query and contextual information retrieval, performanceoptimization of data retrieval, data access control, backup andrecovery.

For more traditional database management system (DBMS)in Smart Grid, different relational database are popular suchas: Oracle (proprietary), Microsoft SQL Server (proprietary),IBM DB2 and Informix (proprietary), SAP Sybase (propri-etary), MySQL (open source), PostgreSQL (open source).But recently NoSQL (Not only SQL) based post-relationaldatabase systems are being adopted for Smart Grid database,such as: document-oriented database (e.g. MongoDB), XMLdatabase (e.g. BaseX), graph database (e.g., InfiniteGraph)key-value store (e.g., Apache Cassandra), multi-value database(e.g., OpenQM), object-oriented database (e.g., db4o), RDF(resource description framework) database (e.g., MeronymySPARQL), tabular database (e.g., BigTable), tuple database(e.g., Jini), column-oriented database (e.g., c-store). Moreover,the parallel and distributed fil systems are getting increasinglypopular in Smart Grid database design, due to large-scale,distributed and geographically scattered nature of Smart Gridresources. Most popular distributed fil system include ApacheHadoop and Google MapReduce. These database types arealso illustrated in Figure 8. Database management for SmartGrids is discussed in detail in [89].

Different database designs and configuration need to beaware of data types and operations specifi to the applicationdomain. In this regard the work in [90] has presented a surveyof Smart Grid data operations in cloud-based system. Specifiproperties of Smart Grid data are discussed: heterogeneityof device types, interfaces and capabilities; time-stamped;high data generation rate; unboundedness of data streams;evolving nature with temporal locality and structural breaks;unordered data streams (not always following the order ofdata generation). Smart Grid stream data analysis in cloud-based systems are observed to be requiring following basicset of operations: storage, indexing, aggregation, clustering,sampling, searching, and auditing.

Now we briefl discuss some application/ service specifidata management system in Smart Grid. The work in [91] hasaddressed a series of system architectures to store and processsmart meters reading data. These different data managementarchitectures are classifie based on following components:Concentrator Node (CN) and Central Data Processing Node(CDPN). The Concentrator Node (CN) gathers, stores andreturns electricity consumption information from multiplesmart meters. The Central Data Processing Node (CDPN)manages the CNs. While operations of CNs are more passive(receiving and executing queries), CDPNs are active withhighest level of control. CDPNs are responsible for managingand coordinating tasks assigned to CNs, and also calculatingelectricity consumption statistics and monthly billing informa-tion. Now based on configuratio of CNs and CDPNs, thereare following four architectures for smart meter data storageand management: (i) single relational database (one CDPN, aset of CNs, and one Relational Database Management Systemor RDBMS located at the CDPN); (ii) distributed relationaldatabase (an RDBMS per CN for parallel database access);(iii) key-value distributed database (storing all monthly read-ings for each household into a single row, instead of writinga database row per smart meter; the single row of readingsconsist of a household identifie and an xml structured string);and (iv) hybrid storage (combination of one CDPN with asingle RDBMS database and a set of CNs with their local FileSystems). Another work in [92] has presented the IBM storageinfrastructure for smart grid data management. The work alsoemphasizes data security issues and compliance with the NorthAmerican Electric Reliability Corporations’s (NERC) CriticalInfrastructure Protection (CIP) program.

B. Security in - Data Storage1) Security factors for cloud-based data storage: Large-

scale spatial temporal data storage in Smart Grids mostlyrequire and use cloud-based distributed architecture. ThereforeSmart Grid data storage also has those fundamental securityand privacy challenges as in cloud-based data storage. Thework in [93] has surveyed existing works for following datastorage security objectives within cloud-based platform: dataintegrity, data confidentialit , and data availability. Anotherwork in [94] has analyzed security and privacy issues inSmart Grids software architecture operating on different cloudenvironments. Due to various services in Smart Grids thereis much less opportunity to compress information throughaggregation, before storing them, causing data bloat.

There are a number of federal and state regulations (e.g.guidelines in [95]) regarding Smart Grid data storage, in orderto protect consumer data and assure transparency about energypricing. Long-term analysis of historical data in Smart Gridsneed longer duration of data preservation. But this bringsa number of unique challenges such as: security codes andprivacy policies evolving over time; large-scale data migrationbetween cloud vendors when original vendor is unable tocontinue service (also bringing issues in migrating securityand privacy policies); simultaneous local and global contextbringing multiple jurisdiction issues in protecting data and

13

enforcing mechanisms.2) Security factors for data storage on fiel deployed

devices: Malware protection and secure access issues forfiel deployed devices in Smart Grid are discussed in [96].Importance of both secure software development and securesoftware upgrade are discussed. The predominant method forsecure storage is use of keying mechanism for validation.Typically the device is configure with public key of a securesigning server. With this key, the device can validate any newlydownloaded software prior to running it or new batch of dataaccess. This proactive approach can provide higher levels ofassurance.

3) Access control and authentication: The different accesscontrol and authentication mechanisms in Smart Grid arediscussed in [97]. Role-based access control (RBAC) canenhance the system reliability and can eliminate potentialsecurity threats. The different user roles in Smart Grid includeoperators, engineers, technicians, managers, etc. These roleshave different access privileges to grid devices, the stored data,and system functionalities. The work in [98] has proposedsmart-grid role-based access control (SRAC) model. In themodel, users role hierarchy and role constraints are predefinedAn XML-based security policy managing method is designed.For authentication, the work in [99] has proposed a lightweighttwo-step mutual authentication protocol by combining the pub-lic key encryption scheme and Diffie-Hellma key agreementscheme. The works in [99] and [100] are based on publickey cryptography. Public key infrastructure (PKI) is a classicpublic key management system, where users obtain certificate(including public keys) from pre-define certificat authorities(CAs), and the CAs belong to a hierarchical structure. In SmartGrid with PKI, each grid device obtains a certificat from alocal CA. Two grid devices belonging to the same regionalnetwork may have their certificate issued by different CAs,and they will not recognize each other’s certificate

Another work in [101] has discussed how unauthorizedaccess and malicious codes can affect Smart Grid data storagesecurity. In the U.S., there are requirements, policies andregulatory issues pre-define by the NERC, NIST and DOE[102]. But there are alarming evidence that an adversary canmanage to get critical access to the network data stored ina Smart Grid related database and can even manipulate thestored data [101] [103]. These can lead to compromise andfailure spread in Smart Grid infrastructure. In this regard theOptimal Power Flow (OPF) is a power system analysis toolwhich is widely adopted in the control centres. The OPFoperations are highly dependent on network configuratio dataand data measured from SCADA system. The interruption inpower systems due to the malicious modificatio of Smart Gridstored data is discussed in [103]. A method based on PrincipleComponent Analysis (PCA) is proposed to detect anomaliesrelevant to this kind of attacks. This method is applied in IEEEbenchmark test systems and has shown significan impact onfalse alarm reduction.

C. Summary on Security of Data StorageFinally in Table VIII we have summarized some of the key

discussed works on Smart Grid data storage security.

TABLE VIIISUMMARY OF SOME RELATED WORKS ON DATA STORAGE SECURITY IN

SMART GRIDS.

VII. DATA PROCESSING SECURITY IN SMART GRID

In this section, we focus on security challenges within dataprocessing phase, where the data are actually used for appli-cations. Specificall , we investigate the security issue fromthe perspectives of three well known Smart Grid applications:demand response, state estimation and energy theft detection.

A. Demand ResponseDemand Response (DR) is a fundamental aspect of smart

grid that gains relevance when smart metering and advancedcommunications infrastructures among different elements ofthe grid are in place. In smart grids, a demand responsemanagement strategy utilizes smart metering data and pricingsignals, and alters the energy consumption patterns of end-user customers in timing or level, in response to changes inthe price of electricity over time [104]. For utility companies,demand response motivates changes in electricity use andinduces lower system load at times when grid reliability isjeopardized, and helps to stabilize volatile electricity prices inregions with centrally organized wholesale electricity markets.For end-use customers, demand response enables them notonly to reduce their bills, but also use energy more efficientlby turning off and on an appliance in accordance with theenvironmental requirements. Demand response basically fallsinto two categories: load control techniques and pricing poli-cies. In load control approach, the residential users agree totransfer their energy consumption control to the utility, whilepricing policies provide incentives for the users to adjust theirenergy usage according to a global optimization constraints.

1) OpenADR: OpenADR, developed by the OpenADRAlliance, is a set of standards and open data exchange modelsto facilitate the automated demand response between serviceprovides and consumers [105]. The OpenADR specificationdefine various XML-based messages that can be exchangedover any IP-based network using protocols such as HTTP,SOAP or XMPP [106]. It is expected to be a dominatingmechanism for at least next 10 years, contributing to lowerproduct development costs [107]. Figure 9 is a generic Ope-nADR architecture [108]. It consists of the Demand Response

14

Fig. 9. Generic Open Automated DR Interface Architecture

Automation Server (DRAS) and the DRAS Client. As shown,the data fl w in OpenADR architecture is typically in fi esteps [108]:

• 1. The utility company define DR event and price signalsto send to DRAS.

• 2. DR event and price services are published on DRAS.• 3. DRAS clients, which can be either a client and logic

with integrated relay (CLIR) or a web service will requestevent data from the DRAS every minute.

• 4. Preprogrammed DR strategies determine action basedon event and price.

• 5. Facility Energy Management Control System (EMCS)carries out load reduction based on DR event signals andstrategies.

2) Security issues and requirements: In [106], the generalsecurity guidelines specificall for demand response processare listed:

• Confidentiality Demand response is naturally a dis-tributed decision making problem, in which each ofthe utility companies and customers only has partialinformation of the entire decision making problem andthey need to negotiate with one another to reach a globalconsensus. The negotiations among the decision makersare through sharing and exchanges of privacy-sensitivedata, which may include: smart meter measurements,billing and personal information, demographic data, etc.Confidentialit ensures that these data is encrypted duringthe network transmission as well as in the storage, toprevent unauthorized access and privacy violation.

• Integrity: Demand response requires accurate energyconsumption, price signals and event information. Themanipulations of these data could result in grid instabilityand even blackout. The integrity of these data should beprotected during communications.

• Availability: Demand response, especially fast-DR,requires timely information sharing between utility com-panies and end-use customers. Thus, the real time avail-ability of information like energy demand, is crucial.

• Authentication: It has to be guaranteed that only anlegitimate party can issue DR event signals.

• Non-repudiation: Verifiabl evidences about the trans-actions between utility companies and end-use customersshould be kept.

• Auditing and Logging: Reliable auditing has to beconducted by employing the secure logs of events andsensitive operations.

3) Secure demand response schemes: In this part, weoverview the existing schemes to enhance demand responsesecurity.

We firs address the works that intend to preserve pri-vacy. In [109], Liang et al. apply homomorphic encryp-tion to the demand aggregation process within the proposeddynamic pricing scheme to achieve privacy-preserved demandresponse. Similarly, in [110], Li et al. present EPPDR, anotherprivacy-preserving demand response scheme. This scheme alsoemploys a homomorphic encryption to the energy demandaggregation process. Differently, an adaptive key evolutiontechnique is further incorporated such that the privacy preser-vation of forward secrecy of users’ session keys and theevolution of users’ private keys, are also implemented. Thecomputation and communication overhead to achieve forwardsecrecy in EPPDR are evaluated to demonstrate its better per-formance in comparison with existing techniques. As an alter-native approach, Zhu in [111] formulates demand responsegames for demand allocation and shedding, and proposecorresponding distributed privacy preserving algorithms basedon secure multi-party computation. The existence of Nashequilibrium and the algorithms’ convergence are presented.The authors consider the privacy preserving against semi-honest adversaries, who attempt to infer private informationfrom the received messages. Both proposed algorithms areresilient against at most N-2 adversaries, which means thatin a game with N players, even if there are as many asN-2 adversary players, the private information of the left 2legitimate players can still be protected.

Preserving grid stability is another key concern for securedemand response. Maharjan et al. in [112] formulate a Stack-elberg game between utility companies and consumers toachieve distributed and dependable demand response manage-ment. First, the intrinsic distributed nature of the proposedalgorithm is resilient to the failure or noncooperation of anyplayer, such that the global equilibrium can always be achievedto maximize each one’s benefit Second, the authors shows thatthe algorithm will converge to the global equilibrium withonly local information available, which means each playerdoesn’t have to expose private sensitive energy consumptionand generation information to others. Last but not least, thepaper is the firs to study and evaluate the impact of cyberattacks on demand response management system, from theperspectives of both the economic aspect and the physicalaspect. The attacker intends to create monetary and physicaldamage by manipulating the price information between theutility companies and consumers. Countermeasure based onindividual reserve power and common reserve power areproposed to avoid the physical damage. In [113], Nguyan

15

et al. illustrate the error-prone nature of collaborate demandresponse, due to users’ erratic behavior, limited commitments,device insecurity, and possible misconfigurations To assurethe safety of demand response under these contingencies, thepropose approach incorporates a real-time secure assessmentmodule before the load management process, which adoptstimes-to-being-unsafe (TTBU), the minimum remaining timeuntil the grid becomes unsafe as the safety metric. As a result,the load management process is divided into two phases toassure the safety: a load curtailment phase and a load sheddingphase. When TTBU drops below a warning threshold, thesystem enters the load curtailment phase to induce customersto decrease consumptions collaboratively. If the curtailment isnot fully realized by the customer and the TTBU drops to anemergent threshold, the system enters the load shedding phase,which simply shutdown a subset of loads to prevent furtherfailures.

B. State EstimationState estimation is a key system monitoring process

deployed in power system control center to estimate the systemunknown state variables based on the collected meter measure-ments [25]. The outputs of state estimation lay the foundationfor a series of subsequent critical control processes, such ascontingency analysis, security constrained economic dispatch,and real-time pricing in electrical market, etc. Therefore, thesafety of state estimation process is a key concern in SmartGrid cyber security. Traditionally, the state estimation processis formulated as a static weighted-least-square (WLS) problemand solved in a centralized control center, which need tocollect all the measurements through SCADA system acrossthe entire network [25]. In [114], Liu et al. firs introduce theconcept of false data injection attacks against state estimation,which opens up a brand new perspective to attack the process.Inspired by the work in [114], a series of further developmentsare made in [115] [116] [117] [118], etc. This kind of attacksmainly expose and rely on the vulnerabilities of the traditionalcentralized weighted-least-square state estimation model andits corresponding bad data detection method. Meanwhile,Smart Grid is characterized by the intermittent renewablepower generations and frequent grid topology changes, and theunprecedentedly large amount of data generated in real time bythe new measurement devices like phasor measurement units(PMUs). The traditional static WLS state estimation modelis not suitable to capture the system dynamics in real timeand the centralized online data processing is even practicallyinfeasible due to the communication bottleneck. Therefore,new state estimation methods should be proposed not onlyjust as countermeasures against false data injection attacks,but also as new approaches to process the measurementdata in more timely and robust way. In this section, recentresilient state estimation methods are presented, which canbe categorized into two major classes: methods employingdistributed architecture, and methods adopting new models.Figure 10 gives the taxonomy of resilient state estimators wehave covered.

1) Distributed state estimation: Distributed state estimatorsmainly still employ the traditional static WLS formulation.

Fig. 10. A Taxonomy of Resilient State Estimators

Differently, they partition the power network into severalcontrol regions, and distribute the computation and bad datadetection requirements among these local control centers, toincrease the online measurement processing capabilities andbad data detection sensitivity. Each local control center onlyhas knowledge of local measurements and network structure,and iteratively coordinate the local state estimates with othercontrol centers to achieve the global state convergence.

Pasqualetti et al. [119] employs the traditional centralizedWLS state estimation model and distribute the computationamong local control centers using two interaction structures:the incremental interaction and the diffusive interaction. Inincremental interaction, the estimated result fl ws in a sequen-tial manner from one control center to another. In diffusiveinteraction, each control center communicates with all itsneighbors. Although both interaction structures have proofedconvergence to the centralized WLS solution, local observabil-ity is required, which means the local Jacobian matrix afterpartition must be full rank. Xie et al. in [120] and Kekatoset al. in [121] respectively propose distributed methods whichdon’t require local observability. In [120], a firs order adaptivediffusion-based algorithm is presented, which combines alocal descent step with a diffusion step. In [121], the wellknown alternating direction method of multipliers (ADMM)is employed. As further improvement, [122] proposes a robustand fully decentralized adpative re-weighted state estimationscheme, which essentially a generalization of the Gossip basedGauss-Newton algorithm. It demonstrates faster convergencespeeds and is completely adaptable to measurement meterfailures and communication network failures.

All the above distributed state estimation methods areaccompanied by the corresponding distributed bad data detec-tion techniques. These distributed models decrease the chanceof success of false data injection attacks, since they canincorporate more meter measurements and divide the wholenetwork into smaller and more observable regions, but arenot specificall designed for false data attack detections. In[123], the authors particularly propose a false data injectionattack detection scheme based on extended distributed stateestimation (EDSE). The whole network is partitioned into sev-

16

eral regions using graph partition algorithms and each regionalso incorporates the adjacent buses and tie lines. By thisapproach, the detection sensitivity is dramatically increased,such that the false data stands out distinctively from normalobservation errors in the chi-square test. In [124], the authorspropose a decentralized false data injection detection schemeby creating Markov graph of the bus phase angles. Powernetwork topology is learned by the conditional covariancetest. It shows that in normal conditions, the Markov graphshould be consistent with the power network topology, suchthat a discrepancy between the calculated Markov graph andthe learned topology will indicate a false data injection attack.The set of the malicious meters can be determined withoutany extra hardware resources.

Although distributed state estimators are proposed as thefuture state estimation alternative to enhance performanceas well as resilience, they are not fl wless. Recent work in[125] particularly addresses the security vulnerabilities withindistributed state estimation. The authors show that by compro-mising the communication links of a single control center ina interconnected system, an attacker could launch a denial-of-service attack to blind the monitoring of every region.In [126], false data injection attacking strategies are evenspecificall designed against distributed state estimation modelin [121]. These indicate how to design a secure distributedstate estimation model is still quite challenging.

2) New formulations for state estimation: Traditional staticWLS formulation for state estimation has the limitation inthe presence of bad data [127] and lacks the ability toproduce real-time snapshot of the highly dynamic Smart Gridsystem. To overcome these issues, other formulations for stateestimation problem are proposed.

Gol et al. in [128] present the feasibility of Least AbsoluteValue (LAV) estimator for robust state estimation when PMUmeasurements are employed. The least absolute value (LAV)estimator is traditionally known to be more robust than theWLS estimator in the presence of bad data, and the baddata can be rejected automatically due to their producedlarge normalized residuals. However, since the traditionalmeasurements for state estimation only include bus powerinjections, branch power fl ws and bus voltage magnitudes, theformulated LAV estimator would require extremely high com-putational cost to fin the solution. Therefore, the WLS esti-mator is widely adopted instead of LAV. In [128], the authorssuggest that with the help of PMU measurements, which arethe voltage and current phasor measurements, the estimationproblem is linearized and LAV estimator would demonstratecompetitive computational performance with WLS while pre-serving its robustness.

The penetration of renewables and sudden changes in theload, generation and topology make the Smart Grid systemmuch more dynamic. To cope with such dynamics, a new lineof researches about dynamic state estimators are motivated, tofacilitate the major needs for robust online state estimation.One solution is to employ Kalman Filters. Weng et al. in[129] propose a new Kalman filte based state estimationmethod, which firs use historical data to conduct maximumlikelihood parameter estimation, then use the estimated para-

meters with online measurements to estimate the system state.The Kalman filte is employed in a physically meaningfulkernel feature space, such that missing data can be tolerated.A similar approach is proposed in [130], which combinesKalman filter with real-time PMU data. The authors introducea novel state estimator, viz. adaptive Kalman Filter with inflatable noise variances, and suggest its resilience against wrongsystem modeling and bad data injection through extensive sim-ulations. To further improve the robustness of state estimatoragainst topology changes, bad data and malicious attacks, theauthors in [131] introduce a robust data-driven state estimator.Specificall , the state estimator firs uses historical state andsystem topology to cope with topology changes, then historicaldata are employed to remove the bad data. Subsequently, toidentify a malicious attack, a maximum agreement algorithmis executed upon collected states. Finally, the resulting infor-mation is used in a kernel ridge regression process withinBayesian inference framework, which leads to a highly robustdata-driven state estimator. However, this estimator suffers alarge computational overhead. To accommodate online dataprocessing, dimension reduction and k-dimensional tree index-ing are utilized to speed up the process. As a most recentalternative approach, Chavali et al. in [132] propose a dynamicrobust state estimator based using Factor Graphs. They modelthe power system as a factor graph, in which the state vectorscorresponding to each area at each time are considered asfactor nodes. The dependencies between state vectors and theirneighbor area vectors, and the dependencies between statevectors at different times, are captured into the factor graph.This state estimation method is naturally distributed since thesum-product message passing algorithm on factor graphs aredistributed. Since the factor graph can capture the nonlinearrelations, this state estimator introduces less errors than thetraditional extended Kalman filte based methods, in whichnonlinear power system measurement model is approximatedas a linear model. The authors further suggest that the pro-posed method is more robust to bad data, since once an areahas bad data, the weights corresponding to the state samplesin that area will become very small.

Another interesting idea we have found is in [133]. Theauthors measure the robustness of the estimator by the worsecase mean square error, and seek to construct an optimalrobust estimator based on the attackers’ ability to launchdata integrity attacks. A Minimax Optimization problem isformulated, which intends to minimize the mean square errorresulted from the most destructive attack. A very importantissue we have captured from this work is: for state estimators,the concept of robustness and security should be distinguishedfrom each other. In other words, a robust estimator may notnecessarily be secure. This suggests that future research aboutstate estimators should have clear definition of robustnessand security, and the corresponding assessment standards andmethodologies would also be indispensable.

C. Energy Theft DetectionEnergy theft is a notorious security problem in power sys-

tems, which causes significan economic losses and threatens

17

Fig. 11. A Taxonomy of Energy Theft Detection Approaches

grid stability. Due to the ease of intrusion and economic bene-fit [134], energy theft is a widespread practice. In developingcountries, up to 50 percent of electricity is acquired via theft[135]. In United States, the utility companies lose approxi-mately six billion dollars per data due to this problem [136].Energy theft can be caused by physical and cyber attacks, suchas directly connecting loads to the electricity distribution lines,hacking and reprogramming smart meters, etc. The detectionof energy theft has traditionally been addressed through phys-ical checks of tamper-evident seals by fiel personnel withbalance meters [137]. As the high-resolution data collectionfrom smart meters in AMI, utility companies are now ableto timely gather more data from these devices and employanalytics to turn these data into actionable information, suchas detecting energy theft and abnormal consumption trends.The authors in [138] specificall summarize the energy theftdetection schemes by detectors, such as classificatio based,state estimation based and game theory based. Here we adoptthe data-driven perspective, which categorize the approachesinto single data source based, multiple data source basedand privacy-preserving data source based. Figure 11 givesthe taxonomy of energy theft detection approaches we havecovered.

1) Single data source: The single data source basedapproaches only employ the smart meter data in AMI. In[139], the authors use the fine-graine anomaly detection fromsmart meters and formulate the problem as a game between theelectric utility and the electricity thief. The Nash equilibriumof the game is a probability density function that both partieshave to choose when reporting AMI measurements. The goalof the electricity thief is to steal a predefine amount ofelectricity while minimizing the likelihood of being detected,while the electric utility wants to maximize the probabilityof detection. In [140], the authors propose a new threatmodel that could be used either by adversarial classificatioand adversarial learning, and evaluate the threat model onseveral detectors including Average Detector, ARMR-GLR,nonparametric satistics, unsupervised learning (Local OutlierFactor). In [141], the smart meter data are integrated within thestate estimation process, and the amount of energy stolen bya smart meter is modeled as a measurement bias. As a result,a weighted least square based state estimation approach canbe applied to detect the energy thefts, in which a zero biasrepresents a truthful smart meter.

2) Multiple data sources: Recently works about energytheft detection tend to employ the data from multiple datasources, which are the multiple data source based approaches.[142] proposes AMIDS, an AMI intrusion detection systemthat uses information fusion to combine the sensors andconsumption data from smart meters to detect energy theft.AMIDS combines meter audit logs of physical and cyberevents with consumption data to model and detect energy theft.It differs previous works by evaluating multiple AMI datasources under a combination of techniques. It uses an attackgraph based information fusion technique to combine collectedinformation from three data sources: cyber-side network andhost-based intrusion detection system, on-meter anti-tamperingsensors, and power measurement-based anomalous consump-tion detectors. [143] proposes a temperature dependent predic-tive model which uses both smart meter data and data fromdistribution transformers to detect electricity theft. Load profilanalysis of customers to detect abnormal energy consump-tion pattern. These methods cannot be used where there iscomplete bypass of meters. Technical losses and energy theftare accurately calculated using the energy balance betweenthe energy supplied from the distribution transformer and theenergy consumption reported by the users. Another work in[144] presents a novel consumption pattern-based energy theftdetector (CPBETD), which leverages the predictability prop-erty of customers’ normal and malicious consumption patterns.By employing transformer meters as well as smart meters,the total consumption of each neighborhood is measured, andis compared with the total amount of energy consumptionreported by the smart meters. If energy theft is detected at thislevel, for each customer in the suspicious area, a multiclasssupport vector machine is trained using historic data as well assynthetic attack data set.T he classifie is then used to decidewhether a new sample reported by the customer is tamperedor not.

3) Privacy-preserving data sources: Since the smart meterdata contain sensitive users’ energy profil information, con-ducting energy theft detection while preserving data sourceprivacy draws great attention to another line of research worksrecently. [145] is the firs to investigate the energy theftdetection problem considering users’ privacy issues. Previousschemes all require users to send their private information,e.g., load profile or meter reading at certain times to theutility companies, which invades users’ privacy. This paperutilizes peer-to-peer computing, and propose three distributedalgorithms to solve a linear system of equations (LSE) foruser’s honesty coefficients The users’ privacy can be pre-served because they do not need to disclose any of their energyconsumption data to others. The propose privacy-preservingdistributed LU and QR decomposition to solve a linear systemof equations, which adaptively account for both constant andvariable honesty coefficients The work in [146] also achievesprivacy preserving by proposing a centralized energy theftdetection scheme using the Kalman filte , called SEK. Basedon SEK, it develops a privacy-preserving distributed energytheft scheme called PPBE, which privately find the energythieves by decomposing the Kalman filte into two parallel andloosely coupled filters The main idea is to model the amount

18

Fig. 12. Evolution of Data Analytics in Security

of energy stolen by a smart meter as a measurement bias, anduse optimal state estimation techniques to solve for all themeters’ biases. A zero bias indicates a faithful meter. One filte(bias-ignorant filter estimates the state variable vector andthe other filte (bias filter estimate the bias vector. The bias-ignorant filte firs conducts state estimation in a private anddistributed manner, such that users’ measurements are hiddenfrom the system operators to preserve privacy. The resultedresidual will be further employed by the system operatorto carry out bias filte . The privacy preserving energy theftdetection would be a promising research direction in the future.

VIII. SECURITY ANALYTICS IN SMART GRID

From the security perspective, data in Smart Grid are boththe problem and the solution. On one hand, as suggested inprevious sections, the security and privacy of the big datain Smart Grid are among the most challenging issues forSmart Grid innovation. On the other hand, big data analyticsalso holds the big promises for solving Smart Grid securityproblems. By exploiting the historical and real time data inSmart Grid, system operators are able to uncover hiddenrelationships, improve situational awareness, discover patternsand facts about security threats, and predict and even preventthe potential new issues before they occur. All these relatedtechniques are called security analytics, i.e., the applicationof big data analytics techniques to cyber security [147]. Assuggested in [148], in the next three to fi e years, securityanalytics will disrupt the status quo in most informationsecurity product segments and evolve to enable a wide rangeof security intelligence with advanced predictive capabilitiesand automated real-time controls, which are also called data-driven security or intelligence-driven security.

The applications of data analytics for power system securityis not new [149]. However, in Smart Grid, as the massiveamounts of data generation and increasingly sophisticatedcyber attacks, the traditional security solutions are rapidlyrendered obsolete. For example, traditional security solutionsare not working since 97% of breaches led to compromisewithin days or less, of which 72% leading to data exfiltratio inthe same time [150]. Figure 12 describes the evoluation of dataanalytics in security [150]. Specificall , the security analyticsin Smart Grid should meet the following requirements [148][150]:

• Diverse data sources: leveraging multiple data sourcesand creating a synergistic learning effect as new security-related information becomes available.

• Big data infrastructure: employing a fast and scalableinfrastructure to conduct real time and long term analysis.

TABLE IXEXAMPLE DATA SOURCES FOR SECURITY ANALYTICS IN SMART GRID

• High performance analytics engine: being capable ofprocessing large volumes of data in real time to detect,investigate and prioritize threats.

• Integrated intelligence: supporting recommendations anddecision making.

• Comprehensive visibility: visualizing the trends andevents effectively with appropriate normalization.

In this section, we review the start-of-art works in securityanalytics in Smart Grid. Specificall , we firs discuss the poten-tial data sources for security analytics, and then analyze thecorresponding feasible data analysis methods and visualizationmethods.

A. Data sources for security analyticsAs the integration of cyber infrastructure within smart grid,

the security related data expands considerably and a multitudeof potential data sources become available. The security ana-lytics in smart grid collect and integrate a wide variety of newdata for analysis and investigation. These new data mainlycomes from an increasing number of new enhanced systems[151]:

• Advanced Metering Infrastructure (AMI)• Meter Data Management Systems (MDMS)• Outage Management Systems (OMS)• Distribution Management Systems (DMS)• Enterprise Asset Management Systems (EAS)

Specificall , we summarize both the traditional and new datasources in literature [152] [153] [148] [154] [155] in TableIX.

B. Data analysisData analysis is the most important part of security ana-

lytics, the goal of which is to extract insights, detect and

19

recognize patterns, derive conclusions and support decision-making. In smart grid, due to the great diversity of dataproperty and objective systems, the data analysis methods forsecurity analytics differ significantl . In [151], according to thedepth of analysis, the authors classify the general data analysismethod into the following three categories:

• Descriptive analytics: extracts the what have occurred andcurrent system status.

• Predictive analytics: predicts the future trend and fore-casts the potential risks.

• Prescriptive analytics: supports decision making andproblem prevention.

The above classificatio captures the functional features ofdifferent methods.

As an alternative approach, the authors in [10] classify thedata analysis methods from a technical perspective:

• Statistical analysis: is to model randomness and uncer-tainty by probability theory.

• Data mining: is the computational process of discoveringpatterns and relationships in data sets.

• Data visualization: is to represent data through pictorialand graphical format.

In this subsection, we adopt this technical perspective andfocus on the smart grid security analysis methods usingstatistical analysis and data mining. Data visualization basedmethods are discussed in detail in next subsection.

1) Statistical analysis methods: In [156], Moreno et al.present a safe and intelligent management platform for thedistributed generations in smart grid. In particular, in orderto detect power quality events, such as sags, swells, andtransient faults, etc, the system integrates the skewness andkurtosis statistical estimators, as well as a real-time cumulativesum (CUSUM) algorithm. The CUSUM algorithm directlyuses all the samples in sequence and plots the cumulativesums of the deviations of the sample values from a targetvalue. In [157], Sedghi et al. propose an attack detectionscheme for SCADA system in smart grid, based on Markovgraph of bus phase angles. Using convential and PMU mea-surements, Conditional Covariance Test (CCT) is adopted tolearn the structure of the power network. Ali et al. in [158]propose the configuration-base intrusion detection system foradvanced metering infrastructure. The authors employ eventlogs collected at smart meters and model them by fourth orderMarkov Chain to demonstrate deterministic and predictablebehavior of AMI, which can be used accurately to developintrusion detection system (IDS). The IDS essentially lever-ages a device configuratio based stochastic model checkingtechnique. Another important aspect of the work is that a real-world dataset of thousands of meters collected at the AMI ofa leading utility provider is used in the evaluation process,which significantl improves the soundness of the proposedmethod.

2) Data mining methods: Hurst et al. in [159] achievein-depth defense of a nuclear power plant against cyberthreats by using behavior observations and data analysis.Specificall , feature extraction and data classificatio tech-niques are employed to evaluate data sets and detect changes

TABLE XSECURITY DATA ANALYSIS METHODS IN SMART GRID

in behavioral patterns. In the training mode, features areextracted to form feature vectors for both normal and abnormalbehavior. Once all the required data processed, the featurevectors are sent to the evaluation process, where specifi dataclassificatio techniques are applied, including uncorrelatednormal density based classifie (UDC), quadratic discrimi-nant classifie (QDC), linear discriminant classifie (LDC),decision tree (TREEC), and parzen classifie (PARZENC).The performances and accuracy of the above classifier arelisted and compared. In [155], Popovic et al. implementa fault analysis platform for power transmission system byparticularly focusing on the practical use of digital protectiverelays (DPR) data. An rule-based expert system is employedto conduct the data analysis for fault detection. Recently, Panet al. [160] develop a hybrid intrusion detection system insmart grid, which learns temporal state-based specificationfor power system scenarios, such as normal control operations,disturbances, and cyber attacks. The common path miningtechnique is employed to learn patterns for those scenariosfrom a fusion of PMU data, and system audit logs. In [161],data stream mining is used to enhance the security of AMIthrough intrusion detection. Based on the difference in datastream properties, individual intrusion detection technique isspecificall designed for each part of AMI, including smartmeter, data concentrator and AMI headend. Moreover, toexplore the performance and accuracy, seven implementationsof data stream classifier from massive online analysis (MOA)data stream mining framework, are evaluated using the realisticKDD Cup 1999 data set. Besides MOA, more data streammining implementations can be found in [90].

The above data analysis methods for smart grid securityanalytics are summarized in Table X. We explicitly list thedata set used in the evaluation of each proposed method sincethey are critical to the validity of data analysis methods.

C. Data visualizationVisualization is the most direct and effective approach

to demonstrate and inspire ideas to human [162]. It wouldbe greatly beneficia to leverage visualizations to addressthe security issues in smart grid. Data visualization is anessential part of security analytics [163]. The smart gridinnovation enables the generation of more and more datafrom both infrastructures as well as applications, such as logs

20

and measurements. With the ever changing threat landscapeand dynamic infrastructure configurations visualization ofthese data enables individuals to uncover hidden patterns,detect attacks, identify emerging risks and vulnerabilities, andrespond decisively with countermeasures that are far morelikely to succeed than conventional approaches, which is anessential part of future actionable security intelligence. In thissection, we present the existing works about security visual-izations in smart grid, and identify the research challenges forfuture work.

1) Existing security visualization works: As an early work,Klump et al. in [152] visualize the security threats ofpower system by displaying data from phasor measurementunits(PMUs) and SCADA data sources simultaneously. TheSCADA data sources provide a comprehensive capture ofsystem states but at a slow refresh rate. As a comparison, thePMU measurements can capture the system transient dynamicsand generate data at a much higher rate. The integrationof SCADA data and PMU data for visualization can helpdirectly identify the security threats in the system. The pro-posed platform characterizes the properties of PMU data andaddresses specificall the challenges of employing distributeddata sources with different data generating rate. PowerWorldis employed to provide dynamic geographical view.

Recently, [164] presents a general visualized monitoringtool for distributed power generations in smart grid. Thevisualization tool uses an expert system to filte and analyzereal-time measurements from the smart meters at transformerstations of the distribution grid, and generate diagnosis forfailures and recommendation corresponding actions. It pro-vides a geographic based main view for the current state ofthe grid, as well as the additional views to highlight detailsabout the particular points of interests on demand. The statusof communication network and weather are also integrated.Another work in [165] is promising since it presents a 3Dvisualization scheme for contingency and security in smartgrid. In this work, the proposed approach employs AdvancedVisual Systems Express 7.3 software, and is devoted to visu-alizing the physics of power grids. Specificall , the systemreal-time dynamics when a generator fails are visualized.The implementation consists of large data transfer program,numerical analysis program, visualization program, visualiza-tion matrix, data acquisition and data segmentation functions.Instead of just providing geographic layout, the work in [166]deals with the different hierarchical layers that exist at bothtopological and geographical levels, and it is highlighted bythe seamlessly integration of the geographical and topologicallayers, allowing to understand a single node’s contributionto the security of entire system from different perspectives.As the most recent work, [167] demonstrates in-progressapplications of large scale data processing technologies forsecurity visualization in Smart Grid. By using a distributeddata processing model, both data from smart meter profile andAMI networks are streamed and spatiotemporally visualizedin real-time, in order to facilitate cyber attacks identificationalert and response.

Another line of works are focused on the visualizations ofsome particular security aspect in smart grid. In [168], Yan et

TABLE XISUMMARY OF SECURITY DATA VISUALIZATION

al. present an integrated visualization platform for smart grid,specificall for demonstrating the cascading failures in powertransmission system caused by cyber attacks. The systememploys ESRI ArcGIS software as visualization platform andimplement its interface with MATLAB, where the attacks anddefense algorithms are simulated. In [169], Matuszak et al.describe the design of CyberSAVe, a visualization tool forcyber trust for SCADA system in Smart Grid. The authors firsdefin the mathematical model of cyber trust, which consistsof availability, detection and false alarm trust values, as wellas a model of predictability. By employing an aggregationalgorithm for all these models, CyberSAVe incorporates andvisualizes the aggregated trust, which could be used by thesystem operator to detect, identify, and mitigate various attackson Smart Grid system.

2) Remaining challenges: The properties and comparisonsbetween the above works are summarized in Table XI. We cansee the visualization tools are mostly for the transmission sys-tems with a geographical display. Moreover, since these worksmainly leverage the existing visualization tools, the applicationof advanced visualization techniques, such as 3D visualization,is still rare. Through our studies, we fin that even thougha tremendous amount of research have examined visualiza-tions for cyber security, the works specificall addressing thesecurity of smart grid are surprisingly limited. As mentionedin [154], data visualization for smart grid security remainsextremely elementary, dominated by pie charts, graphs, andExcel spreadsheet pivot tables. The smart grid data has itsown features and dimensions, more efforts should be made toadvance the security visualization in smart grid system.

Based on our studies, we identify a number of remainingchallenges in visualization as the following:

• The objectives of security visualization can be expanded.Instead of limiting to transmission system, SCADA andAMI, more efforts should be made for power distributionsystem, smart buildings and energy management system,etc, where lies higher security risks due to extensive userinvolvements.

• The security visualization tools should address the diver-sity of heterogeneous data sources, such as data gen-erating rate, geographical locations, and duty cycles,etc. Customized visualization will also be desirable to

21

highlight particular interests on demand.• Advanced implementation techniques for visualization,

such as cloud based large scale data sanitation, 3D repre-sentations and human interactions, should be integrated tofacilitate the capabilities of real-time security monitoringand analysis.

• Predictive functions and models can be implementedwithin visualization to illustrate potential security risks.

IX. LESSONS LEARNED AND FUTURE RESEARCH

In this section, we present our learned lessons throughoutthe process of conducting our survey works and identifyseveral potential future research directions.

A. Lessons learnedIn this paper, we have adopted a data-driven approach to

survey the existing related works about cyber security in SmartGrid. Even though it is really difficul to draw insights aboutthe relations from the huge amount of research publications,we fin following the trace of data (generation, acquisition,storage and processing) is a straightforward and efficienapproach to systematically organize and analyze. Based onthis, we believe it would be also beneficia to conduct futuresecurity research in a data-driven way, which is a data-drivencyber security research framework. The framework itselfshould strive to bring security, big data analytics and cloudcomputing technologies all together, and capture the entirelifecycle of data in cyber security research. As shown inFigure 13, the research framework could consist of cybersecurity testbeds (data generation), cloud-based infrastructure(data storage and processing), and security analytics (dataapplication). The security testbed incorporates software sim-ulation, emulation and physical hardware to conduct cybersecurity analysis, which provides an experiment environmentto validate cyber security strategies while generating data suchas system traces and logs, etc. The security testbed storesgenerated data in the Cloud-based Infrastructure for SecurityAnalytics, while retrieves required data from the Cloud-basedInfrastructure when conducting the validation about SecurityAnalytics. These three components work together to facilitatethe future cyber security research in a data-driven way. Thiskind of full-stack approach would be also applicable to futuresecurity research in other general cyber-physical systems, suchas smart transportation system and smart buildings.

B. Potential future researchMany challenges in the smart grid security still need more

research attentions in the future. Below, we list some of theidentifie open issues:

• Security of plug-in electric vehicles (PEVs): The largescale integration of PEVs is listed as the top seven keyfunctions of Smart Grid [170], which could significantlincrease the use of renewable energy resources, provideenergy storage to ameliorate peak load demands, anddramatically reduce the carbon footprint. As suggestedin [171], the potential security issues related to PEVs

Fig. 13. Data-driven cyber security research framework

include privacy of movement, security payment, andintegration security with critical infrastructure, etc. Fromour survey, most existing authentication systems merelyapply security schemes directly to the smart grid, leavinggaps of the PEVs protection, except the most recent workin [172]. Also, more future work should look into theattack detection and vulnerability assessment methods[173]. The recent project about PEVs from EuropeanNetwork for Cyber Security [174] shows an increasingurgency about this research topic.

• Security of transactive energy: Transactive energy is asystem of economic and control mechanisms that allowsthe dynamic balance of supply and demand across theentire electrical infrastructure using value as a key oper-ational parameter [175]. As an integral part of the pacifinorthwest smart grid demonstrate project [176], transac-tive energy is a new concept that provides an approach tomaintain the reliability and security of the power system.It increases efficien y by coordinating the behaviors ofa large number of distributed energy resources, whichembraces both the economics and engineering of smartgrid system. The implementation of transactive energyrequires massive distributed controls and interactionsbetween independent entities, which would impose a sig-nifican of amount of security challenges. Sophisticatedcyber-physical attacks against transactive energy couldlead to serious unstable power operating conditions oreven blackout. Future research should particularly explorethe security solutions for this scenario.

• Security assessment tools: As the emerging of variousdesign and implementation of security architectures forsmart grid, it is essential to formally evaluate the strengthand weakness of each security solution, when the securityassessment tools would come into the picture. Eventhough there exists quite a few of theories about theassessment of smart grid security, which include prob-abilistic risk assessment, graph based assessment andsecurity metric based assessment [6], the implementedavailable tools are still rare. One of the leading in-progress efforts is from [177], which applies formal andsystematic analysis of different types of security assess-ment techniques to provide an integrative tool for large-scale real-world smart grid systems security assessment.Future research should focus on the implementations and

22

evaluations for security assessment tools, especially witha real-time interactive paradigm.

• Security architectures and frameworks in context ofInternet-Of-Things: Security architectures and frame-works are the full-stack models from a global perspectiveand provides a complete security solution to smart gridsystem. As shown in our previous works, most of theworks about cyber security in smart grid are concentratedon particular scenarios and specifi contexts. As the con-vergence of smart grid system with Internet-Of-Things,these security solutions should not be isolated and thereshould be a overall view to organize all the solutions.[178] firstl presents a security architecture model forsmart grid communication network, which incorporatessubsystems including AMI, demand response (DR), elec-tric vehicles, distributed resources and energy storagesystems, and distribution grid management. [179] alsopresents the security framework, security policies andcountermeasures for IoT in smart grid, or called powerinternet of things. The proposed security framework con-sisting of three layers: perception layer, network layer andapplication layer. [180] presents the security requirementsand architectures for IoT and specificall analysis ofsecurity architecture in smart home applications. Futureworks should consider the general IoT architecture andits corresponding security challenges, then emphasize onthe End-to-End security through a bottom-up approach.For example, how to implement security control at eachlevel of IoT architecture, such as device level, networklevel, and system level.

X. CONCLUSION

In this paper, we present the recent security advances inSmart Grid. By adopting a data driven approach, we char-acterize the security vulnerabilities and solutions within theentire lifecycle of Smart Grid data, including data generation,data acquisition, data storage and data processing. Moreover,security analytics for Smart Grid are described and discussed.Finally, potential research directions for Smart Grid secu-rity are identified This data-driven security analysis bringsnew and promising perspectives and methodologies to futureresearch in Smart Grid.

REFERENCES

[1] S. Collier, “The emerging enernet: Convergence of the smart grid withthe internet of things,” in Rural Electric Power Conference (REPC),2015 IEEE, April 2015, pp. 65–68.

[2] D. of Energy and D. of Homeland security, “Roadmap to secure controlsystems in the energy sector,” Tech. Rep., 2008.

[3] G. Ericsson, “Cyber security and power system communication2014;essential parts of a smart grid infrastructure,” Power Delivery,IEEE Transactions on, vol. 25, no. 3, pp. 1501–1507, July 2010.

[4] Y. Yan, Y. Qian, H. Sharif, and D. Tipper, “A survey on cyber securityfor smart grid communications,” Communications Surveys Tutorials,IEEE, vol. 14, no. 4, pp. 998–1010, Fourth 2012.

[5] J. Liu, Y. Xiao, S. Li, W. Liang, and C. L. P. Chen, “Cyber securityand privacy issues in smart grids,” Communications Surveys Tutorials,IEEE, vol. 14, no. 4, pp. 981–997, Fourth 2012.

[6] W. Wang and Z. Lu, “Cyber security in the smart grid: Survey andchallenges,” Comput. Netw., vol. 57, no. 5, pp. 1344–1371, Apr. 2013.[Online]. Available: http://dx.doi.org/10.1016/j.comnet.2012.12.017

[7] Z. Baig and A.-R. Amoudi, “An analysis of smart grid attacks andcountermeasures,” Journal of Communications, vol. 8, no. 8, Aug 2013.

[8] N. Komninos, E. Philippou, and A. Pitsillides, “Survey in smart gridand smart home security: Issues, challenges and countermeasures,”Communications Surveys Tutorials, IEEE, vol. 16, no. 4, pp. 1933–1954, Fourthquarter 2014.

[9] “Guidelines for smart grid cyber security,” NIST Smart Grid Interop-erability Panel, NISTIR 7628 Cyber Security Working Group, 2010.

[10] H. Hu, Y. Wen, T.-S. Chua, and X. Li, “Toward scalable systems forbig data analytics: A technology tutorial,” Access, IEEE, vol. 2, pp.652–687, 2014.

[11] M. Line, I. Tondel, and M. Jaatun, “Cyber security challenges in smartgrids,” in Innovative Smart Grid Technologies (ISGT Europe), 20112nd IEEE PES International Conference and Exhibition on, Dec 2011,pp. 1–8.

[12] F. Cleveland, “Cyber security issues for advanced metering infrasttruc-ture (ami),” in Power and Energy Society General Meeting - Conversionand Delivery of Electrical Energy in the 21st Century, 2008 IEEE, July2008, pp. 1–5.

[13] B. Zhu, A. Joseph, and S. Sastry, “A taxonomy of cyber attackson scada systems,” in Internet of Things (iThings/CPSCom), 2011International Conference on and 4th International Conference onCyber, Physical and Social Computing, Oct 2011, pp. 380–388.

[14] Y. Deng and S. Shukla, “Vulnerabilities and countermeasures: A surveyon the cyber security issues in the transmission subsystem of a smartgrid,” Journal of Cyber Security and Mobility, vol. 1, pp. 251–276,2012.

[15] C. Beasley, X. Zhong, J. Deng, R. Brooks, and G. Kumar Venayag-amoorthy, “A survey of electric power synchrophasor network cybersecurity,” in Innovative Smart Grid Technologies Conference Europe(ISGT-Europe), 2014 IEEE PES, Oct 2014, pp. 1–5.

[16] W. Stallings, Network and Internetwork Security: Principles and Prac-tice. Upper Saddle River, NJ, USA: Prentice-Hall, Inc., 1995.

[17] U. Department of Energy, “Smart grid systemreport 2009,” Tech. Rep., 2009. [Online]. Available:http://energy.gov/sites/prod/files 2009SmartGridSystemReport.pdf

[18] “Nist framework and roadmap for smart grid interoperability standards,release 1.0,” National Institute of Standards and Technology, 2010.[Online]. Available: http://dx.doi.org/10.6028/NIST.SP. 1108r1

[19] D. of Energy and U. K. Climate Change, “Smart grid vision androutemap,” Tech. Rep., 2014.

[20] D. Hart, “Using ami to realize the smart grid,” in Power and EnergySociety General Meeting - Conversion and Delivery of ElectricalEnergy in the 21st Century, 2008 IEEE, July 2008, pp. 1–2.

[21] R. Habash, V. Groza, D. Krewski, and G. Paoli, “A risk assessmentframework for the smart grid,” in Electrical Power Energy Conference(EPEC), 2013 IEEE, Aug 2013, pp. 1–6.

[22] U. S. NETL, “Advanced metering infrastructure,” Tech. Rep., 2008.[Online]. Available: http://www.smartgrid.gov/white_papers

[23] S. Uludag, s. Zeadally, and B. Mohamad, “Techniques, taxonomy,and challenges of privacy protection in the smart grid,” ComputerScience, Engineering and Physics, May 2015. [Online]. Available:http://deepblue.lib.umich.edu/handle/2027.42/111644

[24] A. Metke and R. Ekl, “Smart grid security technology,” in InnovativeSmart Grid Technologies (ISGT), 2010, Jan 2010, pp. 1–7.

[25] A. Abur and A. Expósito, Power System State Estimation: Theory andImplementation, 2004.

[26] U. Department of Energy, “Smart grid sys-tem report 2014,” Tech. Rep., 2014. [Online].Available: http://energy.gov/sites/prod/fil s/2014/08/f18/SmartGrid-SystemReport2014.pdf

[27] K. Stouffer, J. Falco, K. Scarfone, K. Stouffer, J. Falco, and K. Scar-fone, “Guide to supervisory control and data acquisition (scada) andindustrial control systems security,” in in SPIN, 2006.

[28] M. Mynam, A. Harikrishna, and V. Singh, “Synchrophasors redefininscada systems,” Tech. Rep., 2013.

[29] M. Shahraeini and M. H. Javidi, “Wide area measurementsystems,” in Advanced Topics in Measurements. InTech, Inc, 2012.[Online]. Available: http://www.intechopen.com/books/advanced-topics-in-measurements/wide-area-measurement-systems

[30] M. Larsson, P. Korba, and M. Zima, “Implementation and applicationsof wide-area monitoring systems,” in Power Engineering Society Gen-eral Meeting, 2007. IEEE, June 2007, pp. 1–6.

[31] V. Terzija, G. Valverde, D. Cai, P. Regulski, V. Madani, J. Fitch,S. Skok, M. Begovic, and A. Phadke, “Wide-area monitoring, pro-tection, and control of future electric power networks,” Proceedings ofthe IEEE, vol. 99, no. 1, pp. 80–93, Jan 2011.

23

[32] I. F. C. (IFC), “Utility scale solar power plants - a guide for developersand investors,” Tech. Rep., 2012.

[33] M. R. Patel, Wind and Solar Power Systems: Design, Analysis, andOperation, Second Edition. CRC Taylor and Francis, 2006.

[34] T. report by National Renewable Energy Laboratory (NREL), “Instal-lation, operation, and maintenance strategies to reduce the cost ofoffshore wind energy,” Tech. Rep., 2013.

[35] A. Kumar, T. Schei, A. Ahenkorah, R. C. Rodriguez, J.-M. Devernay,M. Freitas, D. Hall, . Killingtveit, and Z. Liu, Cambridge UniversityPress, Cambridge, United Kingdom and New York, NY, USA, 2011, ch.Hydropower.

[36] S. report prepared for the city and county of San Francisco, “Wavepower feasibility study report,” Tech. Rep., December 2009.

[37] M. Adamiak, W. Premerlani, and B. Kasztenny, “Synchrophasors:Definition measurement, and application,” Tech. Rep.

[38] R. by North American Electric Reliability Corporation (NERC), “Real-time application of synchrophasors for improving reliability,” Tech.Rep., October 2010.

[39] H. jae Yoo, J.-W. Seo, M.-C. Shin, and H. seok Suh, “Study ofdata acquisition and communication equipment for micro-grid system,”in Consumer Electronics, 2009. ISCE ’09. IEEE 13th InternationalSymposium on, May 2009, pp. 671–675.

[40] R. by Siemens, “Deep dive on microgrid technologies,” Tech. Rep.,March 2015.

[41] R. I. Monitoring, A. S. G. Measurement Report, and S. C. trial, “Gridapplications stream: Fault detection, isolation and restoration,” Tech.Rep., 2012.

[42] S. G. I. G. P. Report by U.S. Department of Energy (DOE), “Reli-ability improvements from the application of distribution automationtechnologies - initial reults,” Tech. Rep., December 2012.

[43] A. o. E. I. C. A. Whitepaper by Edison Electric Institute (EEI) andU. T. C. (UTC), “Smart meters and smart meter systems: A meteringindustry perspective,” Tech. Rep., March 2011.

[44] T. E. F. Report by Institure for Electric Innovation (IEI), “Utility-scalesmart meter deployments: Building block of the evolving power grid,”Tech. Rep., September 2014.

[45] A. report prepared as part of the EIE project: Smart Domestic Appli-ances in Sustainable Energy Systems (Smart-A), “Synergy potential ofsmart appliances,” Tech. Rep., 2008.

[46] R. by Pike Research, “Executive summary: Smart appliances,” Tech.Rep., 2012.

[47] M. Svendsen, M. Winther-Jensen, A. Pedersen, P. Andersen, andT. Sorensen, “Electric vehicle data acquisition system,” in ElectricVehicle Conference (IEVC), 2014 IEEE International, Dec 2014, pp.1–7.

[48] B. COM(2000) 769 final European Commission, “Green paper -towards a european strategy for the security of energy supply,” Tech.Rep., 2000.

[49] I. P. by International Energy Agency (IEA), “Contribution of renew-ables to energy security,” Tech. Rep., 2007.

[50] R. by National Association of State Energy Officials “Smart grid andcyber security for energy assurance,” Tech. Rep., 2011.

[51] B. Johansson, “Security aspects of future renewable energy system-s⣓a short overview,” Elsevier Energy Journal, vol. 61, pp. 598 –605, 2013.

[52] J. B., “A broadened typology on energy and security,” Elsevier EnergyJournal, vol. 53, 2013.

[53] A. Kanuparthi, R. Karri, and S. Addepalli, “Hardware and embeddedsecurity in the context of internet of things,” in Proceedings of the2013 ACM Workshop on Security, Privacy: Dependability for CyberVehicles, ser. CyCAR ’13. New York, NY, USA: ACM, 2013, pp. 61–64. [Online]. Available: http://doi.acm.org/10.1145/2517968.2517976

[54] G. E. Suh and S. Devadas, “Physical unclonable functions for deviceauthentication and secret key generation,” in In Proceedings of the 44thannual Design Automation Conference, 2007, pp. 9–14.

[55] A. Becher, Z. Benenson, and M. Dornseif, “Tampering with Motes:Real-World Physical Attacks on Wireless Sensor Networks,” Proceed-ings of the 3rd International Conference on Security in PervasiveComputing (SPC), pp. 104–118, 2006.

[56] e. a. K.E. Martin, “Exploring the ieee standard c37.118��?005synchrophasors for power systems,” IEEE Transactions on PowerDelivery, vol. 23, no. 4, pp. 1805–1811, 2008.

[57] R. by Sandia National Laboratories, “Microgrid cyber security refer-ence architecture,” Tech. Rep., July 2013.

[58] S. N. Laboratories, “Categorizing threat: Building and using a genericthreat matrix,” Tech. Rep., September 2007.

[59] A. Alnasser and N.-E. Rikli, “Design of a trust securitymodel for smart meters in an urban power grid network,” inProceedings of the 10th ACM Symposium on QoS and Securityfor Wireless and Mobile Networks, ser. Q2SWinet ’14. NewYork, NY, USA: ACM, 2014, pp. 105–108. [Online]. Available:http://doi.acm.org/10.1145/2642687.2642703

[60] R. Anderson and S. Fuloria, “Smart meter security: a survey,” Tech.Rep., 2014.

[61] R. Abercrombie, F. Sheldon, H. Aldridge, M. Duren, T. Ricci,E. Bertino, A. Kulatunga, and U. Navaratne, “Secure cryptographickey management system (ckms) considerations for smart grid devices,”in Proceedings of the Seventh Annual Workshop on Cyber Securityand Information Intelligence Research, ser. CSIIRW ’11. NewYork, NY, USA: ACM, 2011, pp. 59:1–59:1. [Online]. Available:http://doi.acm.org/10.1145/2179298.2179364

[62] H. Nicanfar, P. TalebiFard, S. Hosseininezhad, V. C. Leung, andM. Damm, “Security and privacy of electric vehicles in thesmart grid context: Problem and solution,” in Proceedings of theThird ACM International Symposium on Design and Analysis ofIntelligent Vehicular Networks and Applications, ser. DIVANet ’13.New York, NY, USA: ACM, 2013, pp. 45–54. [Online]. Available:http://doi.acm.org/10.1145/2512921.2512926

[63] M. Adamiak, D. Baigent, and R. Mackiewicz, “Iec 61850 communica-tion networks and systems in substations: An overview for users,” inProc. of Syst. Protection Seminar, 2004.

[64] P. Yi, A. Iwayemi, and C. Zhou, “Developing zigbee deploymentguideline under wif interference for smart grid applications,” SmartGrid, IEEE Transactions on, vol. 2, no. 1, pp. 110–120, March 2011.

[65] M. Armel, “Zigbee overview, lecture notes, the george washingtonuniversity,” Tech. Rep., 2007.

[66] S. C. Ergen, “Zigbee/ieee 802.15.4 summary, technical report, univer-sity of california - berkeley,” Tech. Rep., 2004.

[67] B. Akyol, H. Kirkham, S. Clements, and M. Hadley, “A surveyof wireless communications for the electric power system, a reportprepared for the u.s. department of energy,” Tech. Rep., 2010.

[68] Y. Liang and R. H. Campbell, “Understanding and simulating the iec61850 standard, a technical report,” Tech. Rep., 2008.

[69] T. Kostic, O. Preiss, and C. Frei, “Understanding and using the iec61850: a case for meta-modelling,” Computer Standards and Interfaces,vol. 27, no. 6, pp. 679 – 695, 2005.

[70] S. Galli, A. Scaglione, and Z. Wang, “Power line communications andthe smart grid,” in Smart Grid Communications (SmartGridComm),2010 First IEEE International Conference on, Oct 2010, pp. 303–308.

[71] M. Yigit, V. C. Gungor, G. Tuna, M. Rangoussi, andE. Fadel, “Power line communication technologies for smartgrid applications: A review of advances and challenges,” ComputerNetworks, vol. 70, pp. 366 – 383, 2014. [Online]. Available:http://www.sciencedirect.com/science/article/pii/S1389128614002369

[72] R. by The U.S. Department of Energy, “Communication requirementsof smart grid technologies,” Tech. Rep., 2010.

[73] Y.-J. Kim, V. Kolesnikov, H. Kim, and M. Thottan, “Sstp: A scalableand secure transport protocol for smart grid data collection,” in SmartGrid Communications (SmartGridComm), 2011 IEEE InternationalConference on, Oct 2011, pp. 161–166.

[74] G. Dan, K.-S. Lui, R. Tabassum, Q. Zhu, and K. Nahrstedt, “Selinda:A secure, scalable and light-weight data collection protocol for smartgrids,” in Smart Grid Communications (SmartGridComm), 2013 IEEEInternational Conference on, Oct 2013, pp. 480–485.

[75] S. Uludag, K.-S. Lui, W. Ren, and K. Nahrstedt, “Practical andsecure machine-to-machine data collection protocol in smart grid,” inCommunications and Network Security (CNS), 2014 IEEE Conferenceon, Oct 2014, pp. 85–90.

[76] ——, “Secure and scalable data collection with time minimization inthe smart grid,” Smart Grid, IEEE Transactions on, vol. PP, no. 99,pp. 1–1, 2015.

[77] H. Jin, S. Uludag, K.-S. Lui, and K. Nahrstedt, “Secure data collectionin constrained tree-based smart grid environments,” in Smart Grid Com-munications (SmartGridComm), 2014 IEEE International Conferenceon, Nov 2014, pp. 308–313.

[78] G. Li and Y. Wang, “A compressive sensing based secure data transmis-sion scheme,” in Green Computing and Communications (GreenCom),2013 IEEE and Internet of Things (iThings/CPSCom), IEEE Interna-tional Conference on and IEEE Cyber, Physical and Social Computing,Aug 2013, pp. 1272–1275.

[79] J.-F. M. Jesús RodrÃguez-Molina 1, Margarita MartÃnez-Núñezand W. Pérez-Aguia., “Business models in the smart grid: Chal-

24

lenges, opportunities and proposals for prosumer profitabilit ,” inEnergies, Sep 2014.

[80] R. Herold and C. Hertzog, Data Privacy for the Smart Grid. AuerbachPublications, Jan. 2015.

[81] “Data privacy and the smart grid: A voluntary code of conduct (vcc),”Department of Energy, United States, Jan 2015.

[82] N. Yukun, T. Xiaobin, C. Shi, W. haifeng, Y. Kai, and B. Zhiyong, “Asecurity privacy protection scheme for data collection of smart metersbased on homomorphic encryption,” in EUROCON, 2013 IEEE, July2013, pp. 1401–1405.

[83] Z. Erkin, J. Troncoso-Pastoriza, R. Lagendijk, and F. Perez-Gonzalez,“Privacy-preserving data aggregation in smart metering systems: anoverview,” Signal Processing Magazine, IEEE, vol. 30, no. 2, pp. 75–86, March 2013.

[84] C. Rottondi, M. Savi, D. Polenghi, G. Verticale, and C. Krauss, “Adecisional attack to privacy-friendly data aggregation in smart grids,” inGlobal Communications Conference (GLOBECOM), 2013 IEEE, Dec2013, pp. 2616–2621.

[85] ——, “A decisional attack to privacy-friendly data aggregation in smartgrids,” in Global Communications Conference (GLOBECOM), 2013IEEE, Dec 2013, pp. 2616–2621.

[86] R. Lu, X. Liang, X. Li, X. Lin, and X. Shen, “Eppa: An efficien andprivacy-preserving aggregation scheme for secure smart grid commu-nications,” Parallel and Distributed Systems, IEEE Transactions on,vol. 23, no. 9, pp. 1621–1631, Sept 2012.

[87] L. Yang, H. Xue, and F. Li, “Privacy-preserving data sharing in smartgrid systems,” in Smart Grid Communications (SmartGridComm), 2014IEEE International Conference on, Nov 2014, pp. 878–883.

[88] A. Chakravorty, T. Wlodarczyk, and C. Rong, “Privacy preserving dataanalytics for smart homes,” in Security and Privacy Workshops (SPW),2013 IEEE, May 2013, pp. 23–27.

[89] “Database systems for the smart grid,” in Smart Grids, ser. GreenEnergy and Technology, A. B. M. S. Ali, Ed., 2013.

[90] A. Bere, B. Genge, and I. Kiss, “A brief survey onsmart grid data analysis in the cloud,” Procedia Technology,vol. 19, no. 0, pp. 858 – 865, 2015, 8th InternationalConference Interdisciplinarity in Engineering, INTER-ENG 2014,9-10 October 2014, Tirgu Mures, Romania. [Online]. Available:http://www.sciencedirect.com/science/article/pii/S2212017315001243

[91] M. Arenas-Martinez, S. Herrero-Lopez, A. Sanchez, J. Williams,P. Roth, P. Hofmann, and A. Zeier, “A comparative study of datastorage and processing architectures for the smart grid,” in Smart GridCommunications (SmartGridComm), 2010 First IEEE InternationalConference on, Oct 2010, pp. 285–290.

[92] “White paper: Storage infrastructure for smart grid data management,”IBM Systems and Technology: Energy and Utilities, 2012.

[93] C.-T. Huang, L. Huang, Z. Qin, H. Yuan, L. Zhou, V. Varadharajan,and C. Kuo, “Survey on securing data storage in the cloud,” APSIPATransactions on Signal and Information Processing, vol. 3, 2014.

[94] Y. Simmhan, A. Kumbhare, B. Cao, and V. Prasanna, “An analysisof security and privacy issues in smart grid software architectureson clouds,” in Cloud Computing (CLOUD), 2011 IEEE InternationalConference on, July 2011, pp. 582–589.

[95] “Guidelines for smart grid cyber security: Privacy and the smartgrid,” NIST Smart Grid Interoperability Panel, Cyber Security WorkingGroup, 2010.

[96] A. Metke and R. Ekl, “Security technology for smart grid networks,”Smart Grid, IEEE Transactions on, vol. 1, no. 1, pp. 99–107, June2010.

[97] X. Li, X. Liang, R. Lu, X. Shen, X. Lin, and H. Zhu, “Securing smartgrid: cyber attacks, countermeasures, and challenges,” CommunicationsMagazine, IEEE, vol. 50, no. 8, pp. 38–45, August 2012.

[98] H. Cheung, A. Hamlyn, T. Mander, C. Yang, and R. Cheung, “Role-based model security access control for smart power-grids computernetworks,” in Power and Energy Society General Meeting - Conversionand Delivery of Electrical Energy in the 21st Century, 2008 IEEE, July2008, pp. 1–7.

[99] M. Fouda, Z. Fadlullah, N. Kato, R. Lu, and X. Shen, “A lightweightmessage authentication scheme for smart grid communications,” SmartGrid, IEEE Transactions on, vol. 2, no. 4, pp. 675–685, Dec 2011.

[100] Q. Li and G. Cao, “Multicast authentication in the smart grid withone-time signature,” Smart Grid, IEEE Transactions on, vol. 2, no. 4,pp. 686–696, Dec 2011.

[101] A. Anwar and A. Mahmood, “Cyber security of smart grid infrastruc-ture,” in The State of the Art in Intrusion Prevention and Detection.CRC Press, Taylor & Francis Group, USA, 2014, pp. 449–472.

[102] D. Dolezilek and L. Hussey, “Requirements or recommendations?sorting out nerc cip, nist, and doe cybersecurity,” in 64th AnnualConference of Protective Relay Engineers, 2011.

[103] J. Valenzuela, J. Wang, and N. Bissinger, “Real-time intrusion detectionin power system operations,” Power Systems, IEEE Transactions on,vol. 28, no. 2, pp. 1052–1062, May 2013.

[104] F. Rahimi and A. Ipakchi, “Demand response as a market resourceunder the smart grid paradigm,” Smart Grid, IEEE Transactions on,vol. 1, no. 1, pp. 82–88, June 2010.

[105] “Openadr 2.0 profil specification” OpenADR Alliance, 2013. [Online].Available: http://www.openadr.org/specifica ion-download

[106] A. Paverd, A. Martin, and I. Brown, “Security and privacy insmart grid demand response systems,” in Smart Grid Security,ser. Lecture Notes in Computer Science, J. Cuellar, Ed. SpringerInternational Publishing, 2014, vol. 8448, pp. 1–15. [Online].Available: http://dx.doi.org/10.1007/978-3-319-10329-7_1

[107] A. Mohan and D. Mashima, “Towards secure demand-response systemson the cloud,” in Distributed Computing in Sensor Systems (DCOSS),2014 IEEE International Conference on, May 2014, pp. 361–366.

[108] S. Kiliccote, M. Piette, and J. Dudley, “Open automateddemand response for small commercial buildings,” Ernest OrlandoLawrence Berkeley National Laboratory, 2009. [Online]. Available:http://drrc.lbl.gov/sites/all/fil s/lbnl-2195e.pdf

[109] X. Liang, X. Li, R. Lu, X. Lin, and X. Shen, “Udp: Usage-baseddynamic pricing with privacy preservation for smart grid,” Smart Grid,IEEE Transactions on, vol. 4, no. 1, pp. 141–150, March 2013.

[110] H. Li, X. Lin, H. Yang, X. Liang, R. Lu, and X. Shen, “Eppdr: Anefficien privacy-preserving demand response scheme with adaptivekey evolution in smart grid,” Parallel and Distributed Systems, IEEETransactions on, vol. 25, no. 8, pp. 2053–2064, Aug 2014.

[111] M. Zhu, “Distributed demand response algorithms against semi-honestadversaries,” in PES General Meeting | Conference Exposition, 2014IEEE, July 2014, pp. 1–5.

[112] S. Maharjan, Q. Zhu, Y. Zhang, S. Gjessing, and T. Basar, “Dependabledemand response management in the smart grid: A stackelberg gameapproach,” Smart Grid, IEEE Transactions on, vol. 4, no. 1, pp. 120–132, March 2013.

[113] H. H. Nguyen, R. Tan, and D. K. Y. Yau, “Safety-assuredcollaborative load management in smart grids,” in ICCPS ’14:ACM/IEEE 5th International Conference on Cyber-Physical Systems(with CPS Week 2014), ser. ICCPS ’14. Washington, DC, USA:IEEE Computer Society, 2014, pp. 151–162. [Online]. Available:http://dx.doi.org/10.1109/ICCPS.2014.6843719

[114] Y. Liu, P. Ning, and M. K. Reiter, “False data injection attacks againststate estimation in electric power grids,” in Proceedings of the 16thACM Conference on Computer and Communications Security, 2009.

[115] O. Kosut, L. Jia, R. Thomas, and L. Tong, “Malicious data attackson smart grid state estimation: Attack strategies and countermeasures,”in Smart Grid Communications (SmartGridComm), 2010 First IEEEInternational Conference on, 2010, pp. 220–225.

[116] S. Cui, Z. Han, S. Kar, T. Kim, H. Poor, and A. Tajer, “Coordinateddata-injection attack and detection in the smart grid: A detailed lookat enriching detection solutions,” Signal Processing Magazine, IEEE,vol. 29, no. 5, pp. 106–115, 2012.

[117] A. Giani, E. Bitar, M. Garcia, M. McQueen, P. Khargonekar, andK. Poolla, “Smart grid data integrity attacks,” Smart Grid, IEEETransactions on, vol. 4, no. 3, pp. 1244–1253, 2013.

[118] Y. Huang, M. Esmalifalak, H. Nguyen, R. Zheng, Z. Han, H. Li,and L. Song, “Bad data injection in smart grid: attack and defensemechanisms,” Communications Magazine, IEEE, vol. 51, no. 1, pp.27–33, 2013.

[119] F. Pasqualetti, R. Carli, and F. Bullo, “A distributed method for stateestimation and false data detection in power networks,” in SmartGrid Communications (SmartGridComm), 2011 IEEE InternationalConference on, Oct 2011, pp. 469–474.

[120] L. Xie, D.-H. Choi, S. Kar, and H. Poor, “Fully distributed state estima-tion for wide-area monitoring systems,” Smart Grid, IEEE Transactionson, vol. 3, no. 3, pp. 1154–1169, Sept 2012.

[121] V. Kekatos and G. Giannakis, “Distributed robust power system stateestimation,” Power Systems, IEEE Transactions on, vol. 28, no. 2, pp.1617–1626, May 2013.

[122] X. Li and A. Scaglione, “Robust decentralized state estimation andtracking for power systems via network gossiping,” Selected Areas inCommunications, IEEE Journal on, vol. 31, no. 7, pp. 1184–1194, July2013.

[123] D. Wang, X. Guan, T. Liu, Y. Gu, C. Shen, and Z. Xu, “Extendeddistributed state estimation: A detection method against tolerable false

25

data injection attacks in smart grids,” Energies, vol. 7, no. 3, p. 1517,2014. [Online]. Available: http://www.mdpi.com/1996-1073/7/3/1517

[124] H. Sedghi and E. Jonckheere, “Statistical structure learning to ensuredata integrity in smart grid,” Smart Grid, IEEE Transactions on, vol. 6,no. 4, pp. 1924–1933, July 2015.

[125] M. Ozay, I. Esnaola, F. Vural, S. Kulkarni, and H. Poor, “Sparse attackconstruction and state estimation in the smart grid: Centralized anddistributed models,” Selected Areas in Communications, IEEE Journalon, vol. 31, no. 7, pp. 1306–1318, July 2013.

[126] O. VukovicÌ' and G. DaÌ'n, “Security of fully distributed power systemstate estimation: Detection and mitigation of data integrity attacks,”Selected Areas in Communications, IEEE Journal on, vol. 32, no. 7,pp. 1500–1508, July 2014.

[127] S. Tan, W.-Z. Song, M. Stewart, and L. Long, “Lpattack: Leveragepoint attacks against state estimation in smart grid,” in Global Com-munications Conference (GLOBECOM), 2014 IEEE, Dec 2014, pp.643–648.

[128] M. Gol and A. Abur, “Lav based robust state estimation for systemsmeasured by pmus,” Smart Grid, IEEE Transactions on, vol. 5, no. 4,pp. 1808–1814, July 2014.

[129] Y. Weng, R. Negi, and M. Ilic, “Historical data-driven state estimationfor electric power systems,” in Smart Grid Communications (Smart-GridComm), 2013 IEEE International Conference on, Oct 2013, pp.97–102.

[130] J. Zhang, G. Welch, N. Ramakrishnan, and S. Rahman, “Kalmanfilter for dynamic and secure smart grid state estimation,”Intelligent Industrial Systems, pp. 1–8, 2015. [Online]. Available:http://dx.doi.org/10.1007/s40903-015-0009-6

[131] “Robust data-driven state estimation for smart grid,” In submissionto IEEE transaction on Neural Networks and Learning. [Online].Available: https://www.ml.cmu.edu/research/dap-papers/dap_weng.pdf

[132] P. Chavali and A. Nehorai, “Distributed power system state estimationusing factor graphs,” Signal Processing, IEEE Transactions on, vol. 63,no. 11, pp. 2864–2876, June 2015.

[133] Y. Mo and B. Sinopoli, “Secure estimation in the presence of integrityattacks,” Automatic Control, IEEE Transactions on, vol. 60, no. 4, pp.1145–1151, April 2015.

[134] B. Krebs, “Fbi: Smart meter hacks likely to spread,” Tech. Rep.,2012. [Online]. Available: http://krebsonsecurity.com/2012/04/fbi-smart-meter-hacks-likely-to-spread/

[135] W. Bank, “Reducing technical and non-technical losses inthe power sector,” Tech. Rep., 2009. [Online]. Available:http://documents.worldbank.org/curated/en/2009/01/20382190/reducing-technical-non-technical-losses-power-sector

[136] P. McDaniel and S. McLaughlin, “Security and privacy challenges inthe smart grid,” Security Privacy, IEEE, vol. 7, no. 3, pp. 75–77, May2009.

[137] E. de Buda, “System for accurately detecting electricitytheft,” 2010, uS Patent App. 12/351,978. [Online]. Available:http://www.google.com/patents/US20100007336

[138] R. Jiang, R. Lu, Y. Wang, J. Luo, C. Shen, and X. Shen, “Energy-theftdetection issues for advanced metering infrastructure in smart grid,”Tsinghua Science and Technology, vol. 19, no. 2, pp. 105–120, April2014.

[139] A. Cardenas, S. Amin, G. Schwartz, R. Dong, and S. Sastry, “A gametheory model for electricity theft detection and privacy-aware control inami systems,” in Communication, Control, and Computing (Allerton),2012 50th Annual Allerton Conference on, Oct 2012, pp. 1830–1837.

[140] D. Mashima and A. Cárdenas, “Evaluating electricity theft detectorsin smart grid networks,” in Research in Attacks, Intrusions, andDefenses, ser. Lecture Notes in Computer Science, D. Balzarotti,S. Stolfo, and M. Cova, Eds. Springer Berlin Heidelberg, 2012, vol.7462, pp. 210–229.

[141] S. Salinas, C. Luo, W. Liao, and P. Li, “State estimation for energy theftdetection in microgrids,” in Communications and Networking in China(CHINACOM), 2014 9th International Conference on, Aug 2014, pp.96–101.

[142] S. McLaughlin, B. Holbert, A. Fawaz, R. Berthier, and S. Zonouz, “Amulti-sensor energy theft detection framework for advanced meteringinfrastructures,” Selected Areas in Communications, IEEE Journal on,vol. 31, no. 7, pp. 1319–1330, July 2013.

[143] S. Sahoo, D. Nikovski, T. Muso, and K. Tsuru, “Electricity theftdetection using smart meter data,” in 2015 IEEE PES Innovative SmartGrid Technologies Conference (ISGT), Aug 2015.

[144] P. Jokar, N. Arianpoo, and V. Leung, “Electricity theft detection in amiusing customers consumption patterns,” Smart Grid, IEEE Transactionson, vol. PP, no. 99, pp. 1–1, 2015.

[145] S. Salinas, M. Li, and P. Li, “Privacy-preserving energy theft detectionin smart grids: A p2p computing approach,” Selected Areas in Com-munications, IEEE Journal on, vol. 31, no. 9, pp. 257–267, September2013.

[146] S. Salinas and P. Li, “Privacy-preserving energy theft detection inmicrogrids: A state estimation approach,” Power Systems, IEEE Trans-actions on, vol. PP, no. 99, pp. 1–12, 2015.

[147] T. Mahmood and U. Afzal, “Security analytics: Big data analytics forcybersecurity: A review of trends, techniques and tools,” in InformationAssurance (NCIA), 2013 2nd National Conference on, Dec 2013, pp.129–134.

[148] S. Curry, E. Kirda, E. Schwartz, W. Stewart, and A. Yoran, “Big datafuels intelligence-driven security,” RSA Security Brief, 2013. [Online].Available: http://www.emc.com/collateral/industry-overview/big-data-fuels-intelligence-driven-security-io.pdf

[149] B. Thuraisingham, L. Khan, M. Masud, and K. Hamlen, “Data miningfor security applications,” in Embedded and Ubiquitous Computing,2008. EUC ’08. IEEE/IFIP International Conference on, vol. 2, Dec2008, pp. 585–589.

[150] S. Porta, “Data analytics for a secure smart grid,” EMC Research GroupIreland COE, Feb 2015.

[151] S. Witt and A. Kapchonava, “Big data fuels intelligence-drivensecurity,” In-depth briefin in Smart Grid Update, 2014. [Online].Available: http://www.smartgridupdate.com/dataforutilities/pdf/data-2014.pdf

[152] R. Klump, R. Wilson, and K. Martin, “Visualizing real-time securitythreats using hybrid scada / pmu measurement displays,” in SystemSciences, 2005. HICSS ’05. Proceedings of the 38th Annual HawaiiInternational Conference on, Jan 2005, pp. 55c–55c.

[153] A. A. Cardenas, “Big data analytics and security intelligence insmart grid applications,” IEEE conference on Innovative Smart GridTechnology, Feb 2013.

[154] R. Alguliyev and Y. Imamverdiyev, “Big data: Big promises for infor-mation security,” in Application of Information and CommunicationTechnologies (AICT), 2014 IEEE 8th International Conference on, Oct2014, pp. 1–4.

[155] T. Popovic, M. Kezunovic, and B. Krstajic, “Smart grid data analyticsfor digital protective relay event recordings,” Information SystemsFrontiers, vol. 17, no. 3, pp. 591–600, 2015. [Online]. Available:http://dx.doi.org/10.1007/s10796-013-9434-9

[156] I. Moreno-Garcia, A. Moreno-Munoz, F. Domingo-Perez, V. Pallares-Lopez, R. Real-Calvo, and J. Gonzalez-de-la Rosa, “Intelligent elec-tronic device for smart grid: Statistical approach applied to event detec-tion,” in IECON 2012 - 38th Annual Conference on IEEE IndustrialElectronics Society, Oct 2012, pp. 5221–5226.

[157] H. Sedghi and E. Jonckheere, “Statistical structure learning of smartgrid for detection of false data injection,” in Power and Energy SocietyGeneral Meeting (PES), 2013 IEEE, July 2013, pp. 1–5.

[158] M. Q. Ali and E. Al-Shaer, “Configuration-base ids for advancedmetering infrastructure,” in Proceedings of the 2013 ACM SIGSACConference on Computer & Communications Security, ser. CCS’13. New York, NY, USA: ACM, 2013, pp. 451–462. [Online].Available: http://doi.acm.org/10.1145/2508859.2516745

[159] W. Hurst, M. Merabti, and P. Fergus, “Big data analysis techniquesfor cyber-threat detection in critical infrastructures,” in AdvancedInformation Networking and Applications Workshops (WAINA), 201428th International Conference on, May 2014, pp. 916–921.

[160] S. Pan, T. Morris, and U. Adhikari, “Developing a hybrid intrusiondetection system using data mining for power systems,” Smart Grid,IEEE Transactions on, vol. PP, no. 99, pp. 1–1, 2015.

[161] M. Faisal, Z. Aung, J. Williams, and A. Sanchez, “Data-stream-basedintrusion detection system for advanced metering infrastructure in smartgrid: A feasibility study,” Systems Journal, IEEE, vol. 9, no. 1, pp. 31–44, March 2015.

[162] M. Kazerooni, H. Zhu, and T. Overbye, “Literature review on theapplications of data mining in power systems,” in Power and EnergyConference at Illinois (PECI), 2014, Feb 2014, pp. 1–8.

[163] R. W. Griffin “Security analytics and smart grid security,” EMCCorporation, Feb 2014.

[164] M. Steiger, T. May, J. Davey, and J. Kohlhammer, “Smart grid moni-toring through visual analysis,” in Innovative Smart Grid TechnologiesEurope (ISGT EUROPE), 2013 4th IEEE/PES, Oct 2013, pp. 1–5.

[165] P. Chopade, K. Flurchick, M. Bikdash, and I. Kateeb, “Modeling andvisualization of smart power grid: Real time contingency and securityaspects,” in Southeastcon, 2012 Proceedings of IEEE, March 2012, pp.1–6.

26

[166] M. Angelini, D. D. Santis, and G. Santucci, “Toward geographicalvisualizations for hierarchical security data,” in Visualization for CyberSecurity (VizSec), 2014 IEEE Symposium on, Nov 2014.

[167] D. Gurugubelli, C. Foreman, and D. Ebert, “Achieving a cyber-securesmart grid through situation aware visual analytics,” The Center forEducation and Research in Information Assurance and Security, 2015.

[168] J. Yan, Y. Yang, W. Wang, H. He, and Y. Sun, “An integratedvisualization approach for smart grid attacks,” in Intelligent Control andInformation Processing (ICICIP), 2012 Third International Conferenceon, July 2012, pp. 277–283.

[169] W. J. Matuszak, L. DiPippo, and Y. L. Sun, “Cybersave: Situationalawareness visualization for cyber security of smart grid systems,” inProceedings of the Tenth Workshop on Visualization for Cyber Security,ser. VizSec ’13. New York, NY, USA: ACM, 2013, pp. 25–32.[Online]. Available: http://doi.acm.org/10.1145/2517957.2517961

[170] “Nist framework and roadmap for smart grid interoperability standards,release 3.0,” National Institute of Standards and Technology, Sep2014. [Online]. Available: http://dx.doi.org/10.6028/NIST.SP. 1108r3

[171] “Smart grid cyber security potential threats, vulnerabili-ties and risks,” Public Interest Energy Research (PIER)Program INTERIM PROJECT REPORT, 2012. [Online].Available: http://www.energy.ca.gov/2012publications/CEC-500-2012-047/CEC-500-2012-047.pdf

[172] A.-F. Chan and J. Zhou, “Cyber-physical device authentication for thesmart grid electric vehicle ecosystem,” Selected Areas in Communica-tions, IEEE Journal on, vol. 32, no. 7, pp. 1509–1517, July 2014.

[173] S. Abedi, A. Arvani, and R. Jamalzadeh, “Cyber security of plug-in electric vehicles in smart grids: Application of intrusion detectionmethods,” in Plug In Electric Vehicles in Smart Grids, ser. PowerSystems. Springer Singapore, 2015, pp. 129–147.

[174] “European network for cyber security (encs) announces researchproject around electric vehicle (ev) smart charging with enexis andelaadnl.” [Online]. Available: https://www.encs.eu/news/european-network-cyber-security-encs-announces-research-project-around-electric-vehicle-ev-smart-charging-enexis-and-elaadnl

[175] “Gridwise transactive energy framework version 1.0,” TheGridWise Architecture Council, 2015. [Online]. Available:http://www.gridwiseac.org/pdfs/te_framework_report_pnnl-22946.pdf

[176] “Pacifi northwest smart grid demonstration project.” [Online].Available: http://www.pnwsmartgrid.org/transactive.asp

[177] “The integrative security assessment of smart grid cyber infrastructureat the advanced digital sciences center (adsc).” [Online]. Available:http://publish.illinois.edu/integrative-security-assessment

[178] H. Lim, J. Ko, S. Lee, J. Kim, M. Kim, and T. Shon, “Securityarchitecture model for smart grid communication systems,” in ITConvergence and Security (ICITCS), 2013 International Conferenceon, Dec 2013, pp. 1–4.

[179] Y. Zhang, W. Zou, X. Chen, C. Yang, and J. Cao, “The security forpower internet of things: Framework, policies, and countermeasures,”in Cyber-Enabled Distributed Computing and Knowledge Discovery(CyberC), 2014 International Conference on, Oct 2014, pp. 139–142.

[180] M. Leo, F. Battisti, M. Carli, and A. Neri, “A federated architectureapproach for internet of things security,” in Euro Med Telco Conference(EMTC), 2014, Nov 2014, pp. 1–5.

Song Tan is a PhD student in Department of Computer Science, Georgia StateUniversity. His research is focused on the cyber-physical security in SmartGrid system, which includes bad data detection, electrical market security anddesign of cyber-physical security testbed for Smart Grid. He has a MS fromGeorgia State University, and a BS from Northeast Normal University, China,

Debraj De is a postdoctoral research associate in Department of ComputerScience, Missouri University of Science and Technology. His current researchinterests are in the areas of cyber security, smart healthcare, smart environ-ments, smart cities, machine learning, and wireless sensor networks. De has aPhD in Computer Science from Georgia State University and MS from OhioState University.

Wen-Zhan Song is now a professor in College of Engineering, University ofGeorgia. His research mainly focuses on sensor web, smart grid and smartenvironment where sensing, computing, communication and control play acritical role and need a transformative study. His research has received 6million+ research funding from NSF, NASA, USGS, Boeing and etc since2005. He is an Senior Member.

Jujie Yang is currently an associate professor in Department of Electric andInformation Engineering, Shanghai University of Electric Power, China. Hisresearch areas are intelligent demand response in Smart Grid, remote andonline monitoring of power substations, and wireless sensor networks. Hehas a PhD from Shanghai jiao Tong University, China.

Sajal K. Das is the Chair of Computer Science and Daniel St. Clair EndowedChair at the Missouri University of Science and Technology. His currentresearch interests include wireless sensor networks, smart healthcare, cyber-physical systems, mobile and pervasive computing, security and privacy, andsocial networks. Das has a PhD in Computer Science from the University ofCentral Florida. He is an Fellow.