Electric power system security: the case for an integrated cyber-physical risk management framework

Abstract: This paper concerns the security of the electric power transmission grid facing the threat of malicious cyber-physical attackers. We posit that there is no such thing as perfectly effective cyber-security. Rather, any cyber-security measure comes with the possibility that a highly skilled attacker could (eventually find a way to) bypass it. On these grounds, we formulate a tri-level decision making problem seeking to co-optimize preventive physical and cyber-security measures under uncertainty on the ability of an exogenous cyber-physical attacker to overcome the latter. Preventive physical security measures refer to the \emph{ex-ante} procurement of reserve capacity, which translates into ramping restrictions in real-time. Cyber-security measures refer to updating the firewall rules so as to impede an intruder from taking over the cyber infrastructure of the grid and disconnecting power generators and transmission branches. We adopt standard assumptions to formalize the inner optimization problems corresponding to the cyber-physical attacker and power grid operator and focus on uncertainty management at the uppermost level of the problem. Our findings establish that physical- and cyber-security measures are non-exchangeable complements in keeping the power grid operation secure.