Market-Level Defense Against FDIA and a New LMP-Disguising Attack Strategy in Real-Time Market Operations

Traditional cyberattack strategies on the electricity market only consider bypassing bad data detections. However, our analysis shows that experienced market operators can detect abnormal locational marginal prices (LMPs) under the traditional attack model during real-time (RT) operations, because such attack model ignores the characteristics of the LMP itself and leads to price spikes that can be an easy-to-detect signal of abnormality. A detection approach based on the concept of critical load level (CLL) is used to help operators identify risky periods when operators would be prone to overlooking abnormal LMPs. During safe periods, the abnormal LMPs are identified according to the operator's experience, while in risky CLL intervals, a N-x cyber contingency analysis is proposed to help independent system operators (ISOs) detect abnormal LMPs. Further, this paper constructs a new type of cyberattack strategy capable of not only bypassing bad data detection in the state estimation stage but also disguising the compromised LMPs as regular LMPs to avoid market operators' alerts in a realistic scenario wherein the attacker has imperfect information on system topology. Finally, the proposed analysis method and the attack strategy are evaluated through numerical studies on the PJM 5-bus system and the IEEE 118-bus system.

Automated summary

Traditional cyberattack strategies focused on bypassing data detections in the electricity market can be detected by experienced operators during real-time operations. By using the concept of critical load level, risky periods with abnormal pricing mechanisms can be identified to prevent oversight by operators.