1

Survey of Security Advances in Smart Grid: A DataDriven Approach

Song Tan, Debraj De, WenZhan Song, Junjie Yang, Sajal K. Das

Abstract—With the integration of advanced computing andcommunication technologies, Smart Grid is considered as thenext-generation power system, which promises self healing,resilience, sustainability and efficiency to the energy criticalinfrastructure. The Smart Grid innovation brings enormouschallenges and initiatives across both industry and academia, inwhich the security issue emerges to be a critical concern. In thispaper, we present a survey of recent security advances in SmartGrid, by a data driven approach. Compared with existing relatedworks, our survey is centered around the security vulnerabilitiesand solutions within the entire lifecycle of Smart Grid data, whichare systematically decomposed into four sequential stages: datageneration, data acquisition, data storage and data processing.Moreover, we further review the security analytics in Smart Grid,which employs data analytics to ensure Smart Grid security.Finally, an effort to shed light on potential future researchconcludes this survey.

Index Terms—Data-Driven, Security, Smart Grid, Survey

I. INTRODUCTION

The electrical power grid is the most fundamental andcomplex artificial system in modern society. With the recentadvancement in monitoring, sensing, control and communi-cation, plus the ever increasing penetration of renewable anddistributed energy resources, the legacy power grid is nowevolved along the journey to smart grid, which is envisionedto achieve self healing, resilience, sustainability and efficiency.The smart grid vision is being realized through the imple-mentation of cyber infrastructure overlaying the legacy powernetwork. The cyber infrastructure enables the collection andanalysis of data from millions of various distributed end-points such as smart meters, phasor measurement units, andcircuit breakers, etc. As suggested in [1], smart grid is literallyexploding into the largest example of internet-of-things, whichwill inevitably converge to something called Enernet.

However, the beauty of the smart grid innovation comeswith its danger: the integration and dependency upon cyberinfrastructure would exceedingly increase the chances of cyberthreats and attacks. On the one hand, critical control processessuch as state estimation, economic dispatch, load aggregationand demand response, etc, all rely on a secure and robust

This research is supported by NSF-1125165, NSF-1135814, NSF-1303359,NSF-1442630, NSF-1066391, NSFC-61202369, NSF CNS-1545037 and NSFCNS-1545050.

Song Tan, Wen-Zhan Song are with College of Engineering, University ofGeorgia, stan6@student.gsu.edu and wsong@uga.edu.

Debraj De and Sajal K. Das are with Department of Computer Science, Mis-souri University of Science and Technology, ded@mst.edu and sdas@mst.edu.

Junjie Yang is with Department of Electrical and Information Engineering,Shanghai University of Electric Power, China, yangjj@shiep.edu.cn.

cyber infrastructure, which are indispensable to all aspectsof smart grid. On the other hand, the cyber vulnerabilitiesmay also enable adversaries to manipulate meter measure-ments, system parameters and price information, and evenintrude and acquire direct access to these critical routines, todestabilize the grid in unpredictable ways. In the roadmap tosecure control system proposed by Department of Energy andDepartment of Homeland security [2], energy control systemsare subject to targeted cyber attacks. Potential adversarieshave pursued progressively devious means to exploit flawsin system components, telecommunication methods, and com-mon operating systems with intent to infiltrate and sabotagevulnerable control systems. Sophisticated cyber attack toolsrequire little technical knowledge to use and can be foundon the Internet, as can manufacturers’ technical specificationsfor popular control system equipment. As mentioned in [3],security issues are considered as one of the highest prioritiesfor the smart grid design. Therefore, the cyber security in smartgrid has become a key concern with increasing urgency for theresearch community.

As a result, a tremendous amount of efforts have been putinto the research of security issues in smart grid. Variousreactive (acting against the past) and proactive (acting inanticipation) methodologies are proposed to reduce the riskof threats, increase the ability to detect and identify systemanomalous behavior, and initiate mitigation countermeasuresquickly to restore the system operations. Since the natureof threats and vulnerabilities are constantly changing, theapplications of current best security practices are necessarybut not sufficient. To greatly facilitate ongoing and futureresearch of security technologies in smart grid, comprehensivesurveys about previously efforts are essential and valuable,such as [4] [5] [6] [7] [8]. We notice that this line ofworks usually organize the survey from the perspective ofcommunication architectures and network layers, and the at-tacks and countermeasures described are centered around therequirements listed in [9], such as integrity, confidentiality,availability, authenticity, authorization, and non repudiation,etc. For example, the attacks, such as man-in-the-middle andDoS attacks, and the countermeasures, such as authenticationand key management protocols, have all been discussed ineach of the aforementioned works.

In this paper, we are motivated to investigate and survey thesecurity advances of smart grid from a different perspective:a data driven approach. We believe that the goal of cybersecurity is to protect data, both in transit and at rest. Therefore,our survey is centered around the security issues within theentire lifecycle of smart grid data, which can be systematically

2

decomposed into four sequential stages [10]: data generation,data acquisition, data storage and data processing. To capturethe wide spectrum of technologies concerning each area, wesummarize the previous related efforts, structure comparisonsand provide insights for remaining challenges. In addition,we further review the security analytics in smart grid, whichemploy the big data analytics to ensure smart grid security.Our approach renders extra values in comparison with previoussurvey works by explicitly bridging the security issues with bigdata technologies in smart grid domain. Specifically, we havestriven to cover the following aspects of smart grid securityadvances:

• Data generation security: We first summarize various datasources in Smart Grid system, and categories them intopower generation, power transmission and distribution,and load management. Then the security challenges foreach category are further discussed.

• Data acquisition security: The data acquisition processrelies on the underling communication protocols to gatherthe data from data sources to data storage. Therefore,we first present the general communication protocols fordata acquisitions in Smart Grid and then address theissues of secure data collection and privacy-preservingdata sharing.

• Data storage security: Large-volume and reliable datastorages are indispensable for Smart Grid data streams.In this part, we describe the different data storage mecha-nisms for Smart Grid and review the related works aboutdata storage security.

• Data processing security: The Smart Grid data are even-tually processed within certain applications to delivertheir values. It is essential to emphasize the securitymechanisms of Smart Grid applications. In this section,we discuss the security aspects of two well known smartgrid applications-demand response and state estimation.

• Security analytics: From the security perspective, datacould be both the problem and the solution. In otherwords, data analytics could also provide promising so-lutions to ensure security. Thus, we summarize the datasources, data analysis methods as well as data visualiza-tion approaches for security analytics in Smart Grid.

We survey all together 180 papers from conferences andjournals, spanned mainly from 2010-2015. Our work not onlycomprehensively discusses the state-of-the-art technologies,but also is complementary to the coverage of existing surveypapers. It is our humble expectation that this work can serveras a first stop for general audiences and domain experts tosearch for information and guideline upon their specific needsregarding security solutions of smart grid.

The rest of this paper is organized as follows. In sectionII, we summarize the existing survey works about cybersecurity in smart grid. In section III, we present an overviewof smart grid and its key subsystems. From section IV tosection VII, we introduce the security issues within each phaseof smart grid data: data generation, data acquisition, datastorage and data processing. Then in section VIII, we discussthe security analytics in smart grid. Finally, we identify the

future directions and give the conclusions in section IX, X,respectively.

II. RELATED WORKS

Cyber security issues in Smart Grid have received greatattention from research community for a while. Therefore,there are quite a few of survey papers related to this topic.In this part, we review the existing survey works to have agood knowledge of previous efforts.

The first line of works intend to cover the security issues ofentire Smart Grid system. In [6], Wang et al. extensively exam-ine the communication networks within both transmission sub-system and distribution subsystem of Smart Grid, including thewide-area network (SCADA) and local-area network (AMI).The authors first introduce the network architecture, featuresand protocols of Smart Grid communication network andexplicitly compare those with the ones of Internet. Afterwards,they classify the potential threats and attacks within eachlayer of the communication network and employ a seriesof key uses cases of Smart Grid communication networksin [9], in order to further uncover the network vulnerabil-ities. Finally, the corresponding countermeasures based onnetworking and cryptography are presented. Similarly, Lineet al. in [11] compare the security requirements betweenSmart Grid communication network and telecommunicationnetworks. Then they list the overall cyber security challengessuch as connectivity, trust models, security management, soft-ware vulnerabilities, consumers’ privacy, and human factors.Solutions to these challenges are also suggested. Yan etal. in [4] further suggest the cyber security requirements,vulnerabilities and solutions for Smart Grid communicationnetworks. The security protocols adopted at each networkinglayer are given. In [7], Baig et al. classify the Smart Grid cyberattacks and countermeasures through five categories: SCADA,Smart Meter Attacks, Physical Layer Attacks, Data Injectionand Replay Attacks and Network-based Attacks, which spanhome area networks, neighborhood networks, and wide areanetworks.

Another line of works focus on the security of a particularsubsystem with Smart Grid. In [12], Cleveland et al. addressesthe security requirements specifically for Advanced MeteringInfrastructure (AMI), which include confidentiality, integrity,availability and non-repudiation. Then the threats that mayundermine these requirements are presented. In [13], Zhu et al.present a taxonomy of cyber attacks on SCADA system. It firstintroduces the security requirements of SCADA system. Thencategorize the attacks into attacks on hardware, attacks onsoftware and attacks on communication stack. In [14], Deng etal. survey the vulnerabilities and countermeasures specificallyfor the transmission subsystem within Smart Grid. It focuseson the vulnerabilities of Phasor Measurement Units (PMUs)and Wide Area Measurement System (WAMS) technology. Itdivides the attacks into: denial of service attack, malicious datainjection attack, traffic analysis attack, and high-level applica-tions attack. Then as countermeasures, the authors introducethe principles of PMU and state estimation with PMU, andhow that can be used to counter attacks. Similarly, Beasley et

3

al. in [15] focus the survey of cyber security vulnerabilities onPMU network. The attacks are classified into four classes as in[16]: interruption, interception, modification, and fabrication.All the recent attacks against PMU network are grouped intothe four categories. The countermeasures for each categoryof attacks are described. More recently, Komninos et al.in [8] present a survey of smart grid security issues witha strong emphasis on the smart home environment and itsinteractions with the smart grid environment. The securityobjectives of smart grid and smart home are also illustrated,including integrity, confidentiality, availability, authenticity,authorization, and non repudiation. Based on these objectives,the attacks against smart home, smart grid and the interactionsbetween the two are categorized. The countermeasures are alsoclassified based on their abilities to ensure these objectives.

The related works are summarized in Table I. We noticethat both lines of works usually organize the paper from theperspective of communication architecture and network layers,and the attacks and countermeasures described are centeredaround the requirements listed in [9], such as integrity, con-fidentiality, availability, authenticity, authorization, and nonrepudiation, etc. For example, the attacks, such as man-in-the-middle attack and DoS attacks, and the countermeasures,such as authentication and key management, have almost beendiscussed in each of the above works.

TABLE IRELATED SURVEYS OF CYBER SECURITY IN SMART GRID

Ref. No Objective System Key facets

[4] Transmission systemDistribution system Requirements and solutions

[6] Transmission systemDistribution system Attacks and countermeasures

[7] Transmission systemDistribution system Attacks and countermeasures

[8] Smart homes Attacks and countermeasures

[11] Transmission systemDistribution system Requirements and solutions

[12] AMI Requirements and attacks[13] SCADA Attacks[14] Transmission system Attacks and countermeasures[15] PMU network Attacks and countermeasures

III. SMART GRID OVERVIEW

A smart grid is an electrical grid that uses informationand communications technology to gather and act on data toimprove the efficiency, reliability, and sustainability of electricpower. It is characterized by the two-way communications ofdata and control signal, large scale penetrations of renewableenergy, and the complex interactions of distribution systemswith distributed generators, energy markets, and customerbehaviors. Specifically, a smart grid covers the followingaspects of the power system [17] [18] [19]:

• The delivery infrastructure, such as circuit breakers,transmission and distribution lines, transformers, smartsubstations and sensors, etc.

• The end-user systems and related distributed-energy re-sources, such as renewable resources, loads, storage, andelectrical vehicles, etc.

• The communication networks, such as remote measure-ment and control networks, inter- and intra-enterprisenetworks, and the Internet and Home Area Networks(HAN), etc.

• The management system at various levels of generationand delivery infrastructure, such as transmission and dis-tribution control centers, regional reliability coordinationcenters, national emergency response centers and smartmetering management system, etc.

• The financial and regulatory environment, such as stockand bond markets, government incentives, regulated andnon-regulated rate of return, etc.

A. Overall architecture

Currently, the design architectures and implementation mod-els for smart grid are still evolving and not finalized. Oneof the most well known common reference models of smartgrid was proposed by the U.S National Institute of Standardsand Technology (NIST) in [18]. A conceptual view of theNIST’s smart grid reference model is depicted in Figure 1.The NIST’s model is composed of seven domains: generation,transmission, distribution, customers, markets, operations, andservice providers. The two-way electrical flows are movingacross the top four domains (power generation, transmission,distribution, and customer), which are controlled and managedby the bottom three domains (market, operations, and serviceproviders) through communication flows. In addition, threetypical customers are listed: Home Area Network (HAN),Building Area Network(BAN) and Industrial Area Network(IAN), where the Advanced Metering Infrastructure (AMI)takes place to monitor and manage the power and informationflows through smart meters.

Fig. 1. NIST reference model for smart grid

4

B. Key subsystems

1) Advanced Metering Infrastructure (AMI): AMI isviewed as a fundamental subsystem for smart grid and it isan integration of multiple technologies (smart meters, com-munication networks, and information management systems)that provides intelligent connections between consumers andsystem operators [20]. The deployment of AMI solutions arebeneficial to both energy suppliers and end-use customers[21]. For the energy suppliers, AMI enables more efficientmeter reading, less cost, and accurate outage localization.For the end-use customers, it provides the opportunity toreduce energy cost by participating real-time market pricingand demand response.

The key technology of AMI is smart meter, which is a solidstate programmable devices that can read real-time energyconsumption as well as other operational data, such as voltage,phase angles, and frequencies, etc [22]. Consisting of smartmeters, AMI enables automated bidirectional data transfer be-tween end-user meters and the grid operators, such that furtherdata analysis and processing can be conducted to facilitatemarket pricing and operational controls. A conceptual notionof hierarchy in AMI where data are collected, processed, andanalyzed to optimize smart grid benefits is depicted in Figure2 [23].

Markets Operations

Transmission Substation

Distribution Substation

Feeders

Smart Meters

Fig. 2. Hierarchical architecture of AMI data flow

2) Supervisory Control and Data Acquisition (SCADA):SCADA system is at the core of power grid system andresponsible for the real-time monitoring and control of powerdistribution [24]. It is deeply ingrained in the fabric of crit-ical infrastructure sectors [13]. It is designed to have real-time system-wide data acquisition capabilities, allowing thecontrol centers to gather all sorts of analog measurements andcircuit breaker status data from the power system, in orderto facilitate various security analysis, such as contingencyanalysis, corrective real and reactive power dispatch, etc [25].As the innovation of smart grid, the SCADA system isactively evolving, e.g, the smart grid control center is nowable to acquire the dynamic characteristics of transmission lineparameters and new vulnerabilities [26].

A typical SCADA system includes the following key com-ponents [27]:

• Control Servers: hosting control software and accessingsubordinate control modules.

• Human-Machine Interface (HMI): the platform that al-lows operators to monitor the system states, changecontrol settings, and manually override automatic controloperations in the event of an emergency.

• Remote Terminal Unit (RTU): the field devices withwireless radio interfaces to conduct data acquisition andcontrol.

• Programmable Logic Controller (PLC): the field devicesto perform the logic control functions executed by elec-trical hardware.

• Intelligent Electronic Devices (IED): a smart sensor andactuator to acquire data, communicate to other deives,and perform local processing and control.

As shown in Figure 3, the control center holds the controlserver, the HMI, engineering workstations, and the data histo-rian, which are all connected by a LAN and exposed througha router. It collects measurements and logs information fromthe field devices, visualize them to the HMI, and may generateactions based upon detected events. The wide area networksenable the communication protocols between the control cen-ter and the field sites, which are typically implemented usingpower/telephone line, cable, radio microwave and satellite.

Fig. 3. SCADA system general layout

3) Wide Area Measurement system: The traditionalSCADA system use data from remote terminal units (RTUs) toprovide information to system operators. However, the mech-anism used to retrieve data from the devices is asynchronousand relative low [28]. To be able to monitor, operate andcontrol power system in wide geographical area, Wide AreaMeasurement Systems (WAMS) are deployed. The overallcapability of WAMS is that data of the entire system canbe obtained at the same time and the same place [29].WAMS use a GPS satellite signal to time-synchronize fromphasor measurement units (PMUs) at important nodes in thepower system, send real-time phasor (angle and magnitude)data to a control center. The acquired phasor data providesdynamic information on power systems, which helps operatorsto initiate corrective actions to enhance the power systemreliability. Table II shows a comparison between the RTUsof SCADA and the PMUs of WAMS.

WAMS usually holds a hierarchical networked architecture[30] [31], as shown in Figure 4. In each area, a certain numberof PMUs are installed in the bus substations of the power grid.

5

TABLE IICOMPARISON BETWEEN RTUS AND PMUS

ATTRIBUTE RTU PMUMeasured Quantities Magnitude Magnitude and Phase AngelTime Synchronization No YesDomain Local area Wide area

In the middle level, there is a set of Phasor Data Concentrators(PDCs). Each PDC can share information with the PDCs inneighborhoods through communication channels. In the toplevel, there is a WAMS center which collects information fromPDCs supporting the system-wide monitoring task.

WAMS

PDC

PMU

PDC

PMU

PMU PMU PMU

Communication

Channel

Fig. 4. Hierarchical Architecture of WAMS in Smart Grid

IV. DATA GENERATION SECURITY

The security and privacy of Smart Grid data sources arevery crucial. In this section we focus on the security aspectsof data generation in Smart Grid.

A. Data Sources in Smart Grid

The numerous data generated in Smart Grids have varioustypes such as sensing or measurements data (e.g. energyconsumption or generation measurements), command and con-trol status information (e.g. power distribution or connectionstatus), social and economics related knowledge (e.g. energycost and pricing, demand).The data that get generated andcollected in Smart Grid ecosystem is huge in size, and froma variety of data sources. The explosion in data reflects thefact that Smart Grid involves a very wide range of intelligentdevices and assets spread across its distributed architecture.Overall the types of data sources in Smart Grid belong to thefollowing three subsystem in Smart Grid: (i) power generationsystem; (ii) power transmission and distribution system ; (iii)load management system. The overview of all these datasources is summarized in Table III.

1) Data sources in power generation:• Solar power plants incorporate automatically measured

solar irradiation data to achieve high photovoltaic perfor-mance. Data about plant status include yield reports aboutindividual component performance, tracking of invertersor strings, alarm management [32], [33].

• Wind turbines convert wind’s kinetic energy into elec-trical energy. These can be installed in open fields withenough wind speed or near the shore in the sea. The windplants need long-term historical and short-term data aboutwind and wave parameters [34], [33].

• Hydroelectric plants continuously monitor silt content(quantity and size in PPM) and the operating conditionssuch as water level, temperature level, flow rate in orderto diagnose the causes of fault or failure, and to determinereplacement measures or residual life [35].

• Marine turbines harness movement of the sea waveto generate electricity. The various data measured andused for stable operation and maintenance include long-term historical wave data from deep-water buoys as wellas the power plant’s site specific short-term wave data(measured using wave gauge that uses acoustic Dopplercurrent profiler), energy yield, mechanical and electricalintegrity measurements. The wave data include waveheight, period, energy density, power per unit wave width[36].

2) Data sources in power transmission and distribution:

• Phasor measurement unit (PMU) [37] measures pha-sor with respect to a highly precise and accurate timereference. It is basically a solid-state relay or digital faultrecorder with GPS clock. PMUs generate data about theinstantaneous voltage, current and frequency at specificlocations on the electrical grid. The measurements dataare sent to substation or control center and stored indatabase at Phasor Data Concentrator (PDC) [37], [38].

• Microgrids are local and decentralized electric grids that,based on situation (e.g. natural disaster), can disconnectfrom traditional electric grid for autonomous operations.Its measurement unit consists of interface circuit workingwith PT (Power Transformer) and CT (Current Trans-former), conversion circuit for analog signal to digitaldata. The voltage and current measurements data atconsumer side is acquired and used to control power sys-tem and calculate the electrical power consumption. TheHistorical Information System (HIS) provides archive tostore power system historical data. This data is utilized toforecast both consumer load profile and power generation[39] [40].

• Fault detectors are critically important in Smart Grid forfinding faults and taking actions to control failure spread.The devices consist of sensors to detect faults/problemsin power network, and intelligent switches to control thepower flow in the network. The measurement data typesinclude relay statistics, earth potential rise monitor data,soil thermal resistance monitor data, insulator leakagecurrent monitor data, transmission line sag monitor data[41], [42].

3) Data sources in load management:

• Smart Meters measure energy consumption in real-time,and communicate energy usage data between customersand their utility companies. By July 2014, the number ofsmart meter installations in the U.S. exceeded very largescale of 50 million. These covered more than 43% of the

6

TABLE IIITYPICAL DATA SOURCES IN SMART GRID ECOSYSTEM.

Data Source Category Functionality Different Data TypesSolar plants Power generation Convert solar energy into electricity Measured and projected energy yield, solar irradiation data,

structural and electrical integrity measurementsOnshore andoffshore windturbines

Power generation Convert wind kinetic energy into electricity Wind and wave parameters (such as wind speed, wave height),rated power generation information, vibration measurements

Hydroelectricplants

Power generation Convert kinetic energy in flowing or fallingwater into electricity

Slit content monitoring data, water level, temperature level,flow rate, vibration measurements

Marineturbines

Power generation Convert movement of the sea wave (utilizeboth tide and ebb) into electricity

Wave parameters (e.g. wave height, period, energy density,power per unit wave width), energy yield, mechanical andelectrical integrity measurements

Phasormeasurementunit (PMU) orSynchrophasor

Power transmission,distribution and control

Provides near-real-time snapshots of the sys-tem state across locations, and help containspread of power outage

Phasor measurements of alternating current, GPS clock datafor precise and accurate time reference

Microgrid Power transmissionand distribution

Can disconnect from traditional electric gridfor autonomous operations and prevent cas-caded failure

Voltage and current measurements data at consumer side, localpower generation profile data

Fault detectors Power transmissionand distribution

Finding faults in power distribution lines Relay statistics, earth potential rise monitor data, soil thermalresistance monitor data, insulator leakage current monitor data,transmission line sag monitor data

Smart Meters Load management Measure consumer side energy consumption inreal-time

Electric usage readings, control command

SmartAppliances

Load management Provide demand-response capability for resi-dential loads

Energy consumption measurement, control commands to op-erate load at different power states

ElectricVehicles (EVs)

Load management Power consumption and storage with mobility Variety of vehicle measurements data such as battery current,traction battery potential, ambient temperature, vehicle axlepulse counts, genset current, genset voltage

U.S. homes, which is an increase from 46 million smartmeters from the year before [43], [44]. Smart Metersrecord electric usage readings at least every hour or less(e.g. every 15 minutes in many cases).

• Smart Appliances also play an essential role in demandside management of Smart Grid. They allow flexibleusage and operations in off-peak periods than peak hours,reducing peak and average electricity usage. Studies byFederal Energy Regulatory Commission (FERC) [45][46] find that only 17% of U.S demand response potentialis provided by residential customers. But with ongoingwide adoption of Smart Meters and Smart Appliances,the can be increased to 45%. The Smart Appliancesgenerate data regarding measured energy consumption,and operate (among on, off or varied power level states)based on both user and the grid control commands.

• Electric Vehicles are bringing new perspectives forpower consumption and storage in Smart Grid. The elec-tric vehicle’s data acquisition system [47] continuouslymeasure and store varied data, such as: battery current,traction battery potential, ambient temperature, vehicleaxle pulse counts, etc. EVs are the emerging source oflarge streams and archives of important and actionabledata in Smart Grid.

B. Security in - Data GenerationIn this subsection we elaborate security aspects in the

discussed three categories of data sources in Smart Grid.1) Data Source Security in - Power Generation: Energy

security is defined in [48] by the European Commission (EC)as “uninterrupted physical availability of energy products onthe market, at a price which is affordable for all consumers

(private and industrial)”. The report by International EnergyAgency (IEA) [49] has discussed renewable energy technolo-gies and statistical analysis for assuring energy security. It ismainly focused on solutions to mitigate risks due to: physicalsecurity threats (can happen due to intentional attacks orweather events), technical system failures (e.g. outage suchas blackouts and brownouts), energy market dynamics (due toeconomics, geopolitical and other factors). It assessed impactsof these different categories of risks in hydropower, solarphotovoltaics (PV), concentrating solar power (CSP) plants,wind power, biomass combustion, geothermal power, andocean energy.

A report in [50] has suggested detailed categorical measuresin designing cyber security capability at the State level forenergy assurance in Smart Grids. The report also stressedon the importance of information or data oriented securitymeasures. According to the Energy Independence and SecurityAct of 2007 (EISA 2007), the first referenced characteristicsof smart grid security is “Increased use of digital informationand controls technology to improve reliability, security, andefficiency of the electric grid”. The work in [51] analyzes var-ious aspects of energy security for renewable energy systems.Based on work in [52], this work has discussed an analyticalframework to assess relationships between energy and security.It is divided into two branches: (a) energy system as an objectexposed to security threats, and (b) energy system as a subjectgenerating or enhancing insecurity. The first aspect includesecurity of supply and security of demand. The second aspectinclude economic and political risk factors, technological riskfactors, environmental risk factors.

2) Data Source Security in - Power Transmission andDistribution: The existence of interacting embedded devices

7

is prevalent in power transmission and distribution system.From a general perspective, the work in [53] has addresses theoverall security challenges in these embedded and hardwaredevices, which includes data provenance and integrity, trustmanagement, identity management, and privacy. A genericlayered Internet of Things (IoT) architecture is presented withthe corresponding threat model. The threat model considersattacks on various layers: individual sensors, particular sensornodes, actuators, gateway, federated infrastructure. For thedata provenance and integrity, concept of Sensor PhysicalUnclonable Function (PUF) is employed that merges sensingwith cryptography. Unlike traditional PUF [54] (whichproduces response based on the challenge), Sensor PUFproduces the response based on challenge as well as thesensed physical quantity. Sensor PUF can also be used inidentity management by providing unique IDs. For trustmanagement in legacy as well as low-cost systems, usageof hardware performance counters (HPCs) is suggested. Thehardware performance counters are registers that can monitorcertain events occurring during the lifetime of a program.Thus HPCs are present in all commodity processors. Forprivacy, light-weight encryption is suggested. In anotherwork [55], different physical attacks against sensing deviceshardware are evaluated. The physical attacks are categorizedwith decreasing severity as follows: (i) gaining completeread/write access to the microcontroller; (ii) reading outRAM or flash memory, in whole or in part; (iii) influencingsensor readings; and (iv) manipulating radio communications.In the following, we specifically investigate the data sourcesecurity within two embedded systems: Phasor MeasurementUnit(PMU) and Microgrid.

Securing PMUs. Phasor Measurement Unit (PMU) is one ofthe most critical measurement devices in power transmissionand distribution system. PMUs are prone to security andprivacy attacks. A recent work in [15] has surveyed relevantworks considering security vulnerabilities in PMU networks.The PMUs currently communicate typically with IEEEPMU communications standard C37.118 [56]. The protocoldefines data conventions, measurement accuracies, andcommunications formats for synchrophasors or PMUs. Sincethe networked PMU data are reported to PDC through TCP/IPcommunication, it is prone to cyber-attacks. The attacks aregenerally classified into four categories as follows (basedon [16]): (a) interruption, (b) interception, (c) modification,and (d) fabrication. The authors have also discussed aboutcorresponding countermeasure methods. The interruptionattack include: physical attacks damaging the hardware orinfrastructure (e.g. cutting a network connection betweenthe PMU and PDC, sabotaging PMU); software attacks thataffect hardware (e.g. Stuxnet); PMU Specific DoS or denialof service attack (the realtime measurement data servicesmake PMU vulnerable to DoS attacks). The interceptionattack can be either passive with packet sniffing or canbe active with man-in-the-middle attack. The side-channelattack can also occur, extracting information by observingimplementation artifacts. The modification attack tries toexploit some security vulnerabilities to corrupt, highjack

or alter a legitimate process. Such attack include PMUspecific insertion attacks such as malicious code injection andreturn-oriented programming. The fabrication attack involvecreating fictitious asset or entity on the network, such assending fabricated data across network through data spoofingand man-in-the-middle attacks. Also future research directionand opportunity is indicated through security gateway systemthat is capable of neutralizing these attacks. The securitygateway system can remove security vulnerabilities in thePMU - PDC - Super PDC network.

Securing Microgrids. Microgrid is another key factor inincreasing the electric grid reliability, the microgrid controlsystems are needed to be secure against adversarial attacks.The report in [57] has categorized the vulnerabilities in themicrogrid control systems. There are two kinds of vulnerabil-ities: (i) vulnerabilities existing in traditional Internet Protocol(IP) network (control communications of data in microgridhappen commonly over IP networks); and (ii) vulnerabilitiesspecific to Industrial Control System (ICS) systems. IP net-work specific vulnerabilities include following attacks: Denialof service (DoS), eavesdropping, man-in-the-middle (MITM),masquerading, message modification, message replay, trafficanalysis, unauthorized access. The ICS specific vulnerabilitiesinclude various attacks as follows: attacks on field devices;backdoor or malicious software installed on command andcontrol network; database attacks; devices with few or no secu-rity features; improper configuration of actors in ICS network;improper cyber-security procedures or training for internaland external personnel; improper or no network perimeterdefinition; improper or non-existent patching of software andfirmware; insecure coding techniques; lack of ICS-specificmitigation technologies and security tools; lack of redundancyfor critical actors; unauthorized personnel having access to ICSactors; vulnerabilities in common communication and controlprotocols in ICS. The report has then paired some nationalincident scenarios with the combination of vulnerabilities fromthe ones described above. Here are few examples. (A) TheICS operation was disrupted by delaying or blocking the flowof data through corporate or control networks. This had ledto denial of availability of the networks to operators andcausing information transfer bottlenecks or denial of serviceby information technology (IT)-resident services (such asdomain name resolution). This was caused by a combination ofDoS attack and improper or no network perimeter definitionvulnerability. (B) Another national incident was false infor-mation being sent to ICS control operators either to disguiseunauthorized changes or to initiate inappropriate actions bysystem operators. This was a combination of a number of at-tacks/ vulnerabilities: database attack, improper or no networkperimeter definition, MITM, message modification, messagereplay. Finally a microgrid threat model is proposed, whichis more complete (i.e. not site or installation specific). Thisthreat model integrates an architecturally driven model with ageneric threat profile that integrates information from cyber-security issues and incidents in real-world control systems.Based on work on generic threat matrix in [58], the threatlevels (3 levels for high threat, 3 levels for medium threat, 2

8

levels for low threat) are categorized based on indicators ofthreat profile. The threat profile indicators are: intensity, stealthand time in “commitment” related issues; technical personnel,cyber, kinetic and access in “resource” related issues.

3) Data Source Security in - Load Management: Loadmanagement is one of the key functionalities in smart grid,enabled by the deployment of smart meters and electricalvehicles. Different approaches such as trust model, policymaking, key management, and authentication schemes areemployed to secure the data generation in these two devices.

Securing Smart Meters. The work in [59] addresses issueof cyber-attacks against connected smart meters by proposingan independent, distributed and lightweight trust evaluationmodel. The trust model is implemented in two levels(individual smart meters and then collective nodes), whichhelps in detecting and isolating malicious nodes. The trustmanagement process is based on three features: compositionof trust components, aggregation of information from eachcomponent, formation of overall trust from collective trustcomponents. The three major possible threats are considered:network availability, data integrity and information privacy.Another work in [60] has presented the security issuesspecifically for smart meters from the policy point of view.The authors address the issues in electricity fraud, privacy,strategic vulnerabilities and over-regulation, the conflict ofinterests. Policies and economics issues about smart metersin home area networks are listed. Key management systemconsiderations for smart grid devices (including smart meters)is presented in [61]. Smart Grid device manufactures areincreasingly deploying different encryption technologies toprovide valuable properties like Confidentiality/ Integrity/Availability (termed as CIA) of the data to ensure operationspolicy and compliance. Current vulnerability and threats tosmart grid devices (including smart meters) are categorizedas: consumer threats, naturally occurring threats (i.e. hazards),individual and organizational threats, impacts on consumers,impacts on availability, financial impacts, and likelihood ofattack. There are various cryptosystems necessary to providean end-to-end turnkey CIA services, covering all layers ofthe protocol stack as well as cyber-physical boundaries. Fortesting such numerous cryptosystems, example testbed ofnetworked smart meters is discussed in this work. The uniquechallenges in key management are presented as: effectivelymodeling security requirements and implementations, andmanaging keys and key distribution process.

Securing Electric Vehicles. The electric vehicles are bothopportunities and challenges of the Smart Grid system dynam-ics. One challenge is the security and privacy concern. In thisregard, the work in [62] proposes two authentication schemesto address the security and privacy issues of electric vehicles.The first authentication scheme is between the EV and atrusted Smart Grid server directly, while second authenticationscheme is via a non-trusted third party entity with a robustprivacy-preserving agenda. The electric power for the electri-

TABLE IVACCOUNTS ACCESSED FOR POWER AND SERVICE CHARGES DURING

ELECTRICAL VEHICLES CHARGING TRANSACTIONS.

Location Service Credit Power Charge DebitHAN NIL Smart GridBAN Building Smart GridHost Host HostIAN NIL/ Company CompanyPublic Entity/ Service

providerEntity/ Serviceprovider

Station Station Smart Grid

TABLE VSUMMARY OF RELATED WORKS ON DATA GENERATION SECURITY IN

SMART GRID

Category Relevant worksPowergenera-tion

• Assurance of energy supply and its security factors[48], [50]

• Energy security for renewable energy systems [51]• Analytical framework for relation between energy and

security [52]

Powertransmis-sion anddistribu-tion

• Security challenges in embedded systems [53] - dataprovenance and integrity, trust management, identitymanagement, privacy

• Cyber-attacks on PMUs [16] - interruption, intercep-tion, modification, fabrication

• Vulnerabilities in microgrid [57] - IP network specificattacks and ICS specific vulnerabilities

Loadmanage-ment

• Two level trust model regarding cyber-attacks againstsmart meters and three features of trust managementprocess [59]

• Security policies for smart meters [60]• Cryptosystem based security key management in Smart

Grid devices [61]• Security and privacy of communication and transac-

tions in electric vehicle infrastructure [62]

cal vehicles is delivered to its area via the distribution network,based on the seven domains structure model presented in[9]. But the location of electrical vehicles can be in any ofthe following, referred to as Charging Points (CPs), HomeArea Network (HAN), Building Area Network (BAN), Host,Industry Area Network (IAN), public infrastructure, and thirdparty power station. Then the main challenge is to providesecured authentication for such transactions of EV charging inall those varied locations. This is complex because transactionsin each of these location scenarios need to access a numberof accounts for service credit and power charge debit. This isillustrated in Table IV.

C. Summary on Security of Data Generation

Finally we have summarized some of the key works aboutdata generation security in Table V.

V. DATA ACQUISITION SECURITY

With such a large range of data sources and data typesin Smart Grid ecosystem, the data acquisition process isalso complex and varied. There are various communication

9

technologies, protocols and standards being used for dataacquistion at different levels in Smart Grid. Usually inside thehome or other local facilities, there is ZigBee communicationprotocol for data collection. Then these facilities are connectedto the internet or the aggregator via wireless mesh networks(WMN), internet protocol (IP) or powerline communication(PLC). Aggregator acts as collector of information aboutconsumer loads demand and availability of distributed small-scale energy supplies, and then offering these distributedenergy resources to the energy consumers. In another commu-nication mode, the substations in Smart Grid connect to theinternet or the aggregator via internet protocol (IP), powerlinecommunication (PLC), or IEC (International ElectrotechnicalCommission) standard protocol such as IEC 61850 [63]. Theseare illustrated in Figure 5. In this section we present thesemethods and standards for data acquisition in Smart Grid, witha focus on security issues.

Fig. 5. Communication methods in Smart Grid.

A. Communication Methods for Data Acquisition in SmartGrid

ZigBee communication protocol [64] [65] [66] is used inSmart Grid for wireless personal area network (WPAN) ap-plications. It follows the IEEE 802.15.4 standard, and isdesigned for relatively low data rate communication amonglow-power devices in a small local area such as inside thehome or building. Zigbee protocol stack consists of four layers:physical (PHY) sub-layer and the medium access control(MAC) sub-layer defined by IEEE 802.15.4, then the networklayer and application layer. ZigBee has two device classes: fullfunction device (FFD), and reduced function device (RFD).FFD can perform all the tasks defined by ZigBee, while RFDcan perform only limited tasks. FFD can form any topologyand become a network coordinator (responsible for overallnetwork management). RFD is limited to star topology andconsume low power. ZigBee has following components orentities defined: coordinator, end device, router, ZigBee trustcenter (ZTC), and ZigBee gateway. The packet frame structurein IEEE 802.15.4/ ZigBee communication is illustrated inFigure 6. The preamble consists of 32 bits for synchronizationpurpose. The PSDU (PHY Service Data Unit) size rangesfrom 0-127 Bytes and consists of PC (for addressing modeflags), ADDR (for address information), DSN (Data Sequence

Number), Link Layer PDU, and CRC (Cyclic RedundancyCheck).

Fig. 6. ZigBee packet structure.

Wireless Mesh Networks (WMN) communication protocolis used in Smart Grid for wireless metropolitan area networkapplications. WMN form a wireless communication backbonewith interconnection among WiFi (IEEE 802.11 family ofa, b, g, n etc.) or WiMax (IEEE 802.16 family of d ande) routers. WMN can be connected to the internet or otherexternal networks through gateway router. The IEEE 802.16d/e WiMAX provides fixed (wireless local loop), portable, andmobile high data rate wireless service at speeds of up to 72Mbps and direct reach up to 6 miles. The MAC Convergencesub-layer in IEEE 802.16 receives IP, Ethernet packets fromupper layer and outputs it to MAC SDU (Service Data Unit).Then the MAC common part and privacy sub-layer receives theSDU from the MAC convergence layer and outputs to MACPDU (Protocol Data Unit). Finally the PHY layer receivesthe MAC PDU and outputs the IEEE 802.16 frame. The WiFiIEEE 802.11 a/ b/ g/ n respectively provide typical throughputof upto 25/ 7/ 14/ 100 Mbps and outdoor range of upto100/ 300/ 300/ 600 ft. The PHY layer in IEEE 802.11 is offour types: 802.11a 5 GHz, 802.11b 2.4 GHz, 802.11g 2.4GHz, and 802.11n 2.4 and 5 GHz PHY. Overall the reportin [67] has surveyed the wireless communication technologiesbased on following performance requirements in Smart Griddata collection: latency, data rate, resilience, security, distance,scalability.

IEC 61850 [68] [69] is a object-oriented communicationprotocol defining communication across Intelligent ElectronicDevices (IEDs). It is mainly focused on communication forelectric substation automation. IEC 61850 provides a compre-hensive model for enabling easy organization of data in powersystem devices, with the support of consistency across devicetypes and plug-and-play capability. The core parts of IEC61850 include following: Substation Configuration Language(SCL), Abstract Communications Service Interface (ACSI)and base types, Common Data Classes (CDC), Logical Nodes,Specific Communications Service Mappings (SCSM) withMMS and ethernet, sampled values over ethernet, conformancetesting. The standard has defined data types to be transmittedfor each logical device, with object name, data class name(data structure), data description, mandatory/ optional prefer-ence.

Power Line Communication (PLC) [70] [71] is wired com-munications technology that uses power transmission con-

10

ductor line to transmit data. It provides lower cost thanwireless communication modes because it utilizes alreadyexisting power line infrastructure. There are 3 classes of PLCcommunication technology: broadband, narrowband, and ultranarrowband. The broadband provides up to 200 Mbps data rateand is applicable to residential AMI (advanced metering infras-tructure)/ AMR (automatic meter reading), but not suitable forsub-stations. The narrowband provides up to 500 kbps data rateand is applicable to sub-station communications. The ultra-narrowband provides up to 100 bps and is applicable to AMI,AMR, Demand Response (for direct load control purpose).

In summary, the U.S. Department of Energy (DoE) report[72] has suggested communication parameter needs for var-ious Smart Grid functionalities. This is illustrated in TableVI. There also exist other communication technologies andstandards for Smart Grid data collection and aggregation,such as: IEC 61970 and IEC 61969 for energy manage-ment systems, IEC 60870-6/ TASE.2 for inter-control centercommunications, IEEE P2030 for customer-side applications,IEEE P1901 for in-home Smart Grid applications, OpenADRfor load control in Demand Response, BACnet in buildingautomation, Z-Wave as alternative to ZigBee for home areanetworking, etc.

B. Security in - Data Acquisition

Data Acquisition is a very essential function in SmartGrid for monitoring varied states of entities such as powerconsumption, load balancing, resource allocation, etc. TheSmart Grid data are collected very frequently to support smartelectricity distribution, consumption and management. But thisalso introduces new security and privacy challenges.

1) Secure data collection and aggregation: The non-IPbased networks deployed in utility power grids are limited incommunication and security capability. The largely distributeddata generating sensors around Smart Grid architecture aretypically constrained (in terms of computation, memory, com-munication bandwidth), requiring scalable and secure trans-port and data collection protocols design. The work in [73]has proposed SSTP, a scalable and light-weight transportprotocol over power grid wide area network. It supportslifetime-lived, secure and reliable sensor data delivery, byexploiting the notion of state-token. The state-token is issuedwith each server message and attached to corresponding clientmessage subsequently delivered to the server. The work hasalso compared different transport protocol based on differ-ent features. SSTP has been proved to significantly reducecomputation and memory overhead, compared to the existingtransport protocols.Secure and scalable data collection proto-col for Smart Grid is proposed in [74] and [75], containinga hierarchical architecture consisting of measurement devices,data collectors, and power operator. The measurement devicesencrypt generated data, the data collectors relay those datafrom the measurement devices to power operator. While thedata collectors can verify the data integrity, they cannot accessthe content of the data, thus preserving data confidentiality.

This feature removes the requirements of trusted or honest-but-curious data collectors from the data collection model.The authors further extend this work in [76] by couplingthe secure data collection requirements with objective oftime minimization, such that the total data collection time isreduced while ensuring confidentiality of data. In [77], thetime minimization objective is specifically studied within atree-based smart grid data collection environment. Anotherwork in [78] has proposed a secure data transmission schemebased on compressive sensing. Only simple linear operationsare required in the encryption process. The proposed schemecan achieve perfect secrecy under certain conditions.

2) Privacy preserving data collection and sharing: A num-ber of works have proposed and designed privacy-preservingframeworks and policies for data sharing in Smart Grid. As thebusiness model in Smart Grid gets a transformation, businessother than utilities might even sell electricity or collect energyusage/ production data directly from consumers [79]. Utilitiesmay also get into new services outside traditional powerdistribution and provision. This motivations increasing risksof privacy violation within Smart Grid. The work in [80] hassummarized privacy policies, laws, regulations and standardsin this regard. The corresponding privacy-enhancing schemessuch as encryption, steganography, aggregation methodologies,de-identification methodologies, access control systems, andprivacy seals for websites are discussed. The newest privacyconduct code from the U.S. Department of Energy (DoE) isavailable in [81].

First, the work in [82] has proposed a privacy-protectedsmart meter data collection scheme. The original data arehomomorphic encrypted to protect users’ privacy. Proposedscheme is able to check the correctness of the collecteddata by directly examining the homomorphic-encrypted onesinstead of the original ones, such that the users’ privacy ispreserved while data correctness is ensured. Another work in[83] addresses the issue of privacy protection where individualsmart meter measurements are kept secret from outsiders(including the utility provider itself), while processing privatemeasurements under encryption. The authors first list theinvolved parties in a smart meter scenario and the smartmetering architecture. Then they use total energy consumptionas the aggregation function, and compare different privacy-preserving approaches to implement the aggregation function.Finally, challenges related to hardware limitations, securitycryptographic protocols and signal processing are discussed.

Moreover, grid users and standardization committees usu-ally prevent the utilities and third parties from collectingaggregated meter data at the household granularity. Dataperturbation is a technique used to provide a trade-off betweenthe privacy of individuals and the precision of the aggregatedmeasurements. The work in [84] presents an interesting deci-sional attack on aggregation with data perturbation. It showsthat it is possible to detect the presence or absence of anindividual’s data inside an aggregate by exploit the temporalcorrelation within the measurements. Similarly, the work in[85] has considered a decisional attack on data aggregationwith data-perturbation, showing that a curious entity canexploit the temporal correlation of Smart Grid measurements

11

TABLE VINETWORK COMMUNICATION REQUIREMENTS IN DIFFERENT APPLICATIONS OF SMART GRID

Application Bandwidth Latency Reliability Security Backup powerAMI 10 - 100 kbps per node,

500 kbps for backhaul2 - 15 sec 99-99.99% High Not necessary

Demand-Response 14 - 100 kbps per node/device

500 ms - several min-utes

99-99.99% High Not necessary

Wide Area SituationalAwareness

600 - 1500 kbps 20 ms - 200 ms 99.999-99.9999% High 24 hour supply

Distribution EnergySources and Storage

9.6 - 56 kbps 20 ms - 15 sec 99-99.99% High 1 hour

Electric Transportation 9.6 - 56 kbps, 100 kbpsis a good target

2 sec - 5 min 99-99.99% Relativelyhigh

Not necessary

Distribution Grid Man-agement

9.6 - 100 kbps 100 ms - 2 sec 99-99.999% High 24-72 hours

to detect presence or absence of individual data generatedby a specific user, inside the aggregate. Another work in[86] has proposed an efficient and privacy-preserving dataaggregation scheme, by using a superincreasing sequence tostructure multidimensional data and encrypting the structureddata by the homomorphic paillier cryptosystem. For datacommunications from user to Smart Grid operation center,data aggregation is performed directly on ciphertext at localgateways, without decryption.

Finally, there are also relevant works in the literature forassuring privacy while sharing smart meter data. The work in[87] has proposed a privacy-preserving data sharing method toprevent stakeholders from obtaining identifiable smart meter-ing data, while still enabling them to perform their respectivefunctions. The authors first introduce a data sanitization-basedmechanism to protect sensitive information before sharing datafor external usage. Then they present solutions based on securemulti-party computing to enable the third parties to performaggregation operations on smart metering data in a privacy-preserving manner. Another work in [88] presents a privacy-preserving framework for the analysis of sensor data fromsmart homes. The authors propose an approach to achievedata privacy throughout the complete data cycle including: datageneration, transfer, storage, processing and sharing. The mainobjective of the privacy preservation is to ensure that privateinformation remains protected, while processing or releasingdata.

The key discussed works about data acquisition security aresummarized in Table VII.

VI. DATA STORAGE SECURITY IN SMART GRID

Data storage is one of the most vital components in theSmart Grid ecosystem for assuring a number of services andfunctionalities (such as grid failure detection - isolation -restoration, demand-response, prediction of energy generation,micro-grids, customer analysis and billing etc.). The data fromvery broad range of sources are needed to be stored in asystematic manner for efficient and contextual retrieval. Thesedata are needed to be queried and retrieved meaningfully forprocessing and analysis for intelligence extraction.

TABLE VIISUMMARY OF RELATED WORKS ON DATA ACQUISITION SECURITY IN

SMART GRID

Category Relevant worksSecuredata col-lectionand ag-gregation

• Data confidentiality with hierarchical architecture: [74]and [75]

• Data collection time and overhead minimization: [73][76]

• Decisional attack on data aggregation: [84], [85]

Privacypreserv-ing datacollec-tion

• Summary of privacy policies, laws, regulations andstandards [80]

• Smart Grid data privacy - U.S. Department of Energy(DoE) [81]

• Data and user privacy [82], [83]

Privacypreserv-ing datasharing

• Privacy preserving sharing of data - Third partiesperforming aggregation [87]; Analysis of sensor datain Smart Home [88]

Fig. 7. Different components in cloud-based Smart Grid data storage.

12

A. Methods and Practices for Data Storage

Cloud-based data storage and analysis has become largelypopular in Smart Grids due to advantages like performance,scalability, availability and interoperability, facilitating dataanalysis both in real-time and long-term historical. As il-lustrated in Figure 7 the different components of cloud-based data storage systems for Smart Grid are: data centerfacilities, data storage arrays, storage area network, serverplatforms, database, and virtualization of server or storageor network devices. While a number of these componentsare infrastructure or maintenance related, the database isvery important component requiring more design efficiencyand security protection. The maintenance and operations inSmart Grid database consists of standard data managementoperations such as: schema or format creation, data insertionwith update and delete routines, data query and contextual in-formation retrieval, performance optimization of data retrieval,data access control, backup and recovery.

Fig. 8. Different database types for Smart Grid data storage.

For more traditional database management system (DBMS)in Smart Grid, different relational database are popular suchas: Oracle (proprietary), Microsoft SQL Server (proprietary),IBM DB2 and Informix (proprietary), SAP Sybase (propri-etary), MySQL (open source), PostgreSQL (open source).But recently NoSQL (Not only SQL) based post-relationaldatabase systems are being adopted for Smart Grid database,such as: document-oriented database (e.g. MongoDB), XMLdatabase (e.g. BaseX), graph database (e.g., InfiniteGraph),key-value store (e.g., Apache Cassandra), multi-value database(e.g., OpenQM), object-oriented database (e.g., db4o), RDF(resource description framework) database (e.g., MeronymySPARQL), tabular database (e.g., BigTable), tuple database(e.g., Jini), column-oriented database (e.g., c-store). Moreover,the parallel and distributed file systems are getting increasinglypopular in Smart Grid database design, due to large-scale,distributed and geographically scattered nature of Smart Gridresources. Most popular distributed file system include ApacheHadoop and Google MapReduce. These database types arealso illustrated in Figure 8. Database management for SmartGrids is discussed in detail in [89].

Different database designs and configurations need to beaware of data types and operations specific to the applicationdomain. In this regard the work in [90] has presented a surveyof Smart Grid data operations in cloud-based system. Specificproperties of Smart Grid data are discussed: heterogeneityof device types, interfaces and capabilities; time-stamped;high data generation rate; unboundedness of data streams;evolving nature with temporal locality and structural breaks;unordered data streams (not always following the order ofdata generation). Smart Grid stream data analysis in the cloudrequires following basic set of operations: storage, indexing,aggregation, clustering, sampling, searching, and auditing.

Now we briefly discuss some application/ service specificdata management system in Smart Grid. The work in [91] hasaddressed a series of system architectures to store and processsmart meters reading data. These different data managementarchitectures are classified based on following components:Concentrator Node (CN) and Central Data Processing Node(CDPN). The Concentrator Node (CN) gathers, stores and re-turns electricity consumption information from multiple smartmeters. The Central Data Processing Node (CDPN) managesthe CNs. While operations of CNs are more passive (receivingand executing queries), CDPNs are active with highest levelof control. CDPNs are responsible for managing and coordi-nating tasks assigned to CNs, and also calculating electricityconsumption statistics and monthly billing information. Nowbased on configuration of CNs and CDPNs, there are followingfour architectures for smart meter data storage and manage-ment: (i) single relational database (one CDPN, a set of CNs,and one Relational Database Management System or RDBMSlocated at the CDPN); (ii) distributed relational database (anRDBMS per CN for parallel database access); (iii) key-valuedistributed database (storing all monthly readings for eachhousehold into a single row, instead of writing a databaserow per smart meter; the single row of readings consist ofa household identifier and an xml structured string); and (iv)hybrid storage (combination of one CDPN with a singleRDBMS database and a set of CNs with their local FileSystems). Another work in [92] has presented the IBM storageinfrastructure for smart grid data management. The work alsoemphasizes data security issues and compliance with the NorthAmerican Electric Reliability Corporations’s (NERC) CriticalInfrastructure Protection (CIP) program.

B. Security in - Data Storage1) Security factors for cloud-based data storage: Large-

scale spatial temporal data storage in Smart Grids mostlyrequire and use cloud-based distributed architecture. ThereforeSmart Grid data storage also has those fundamental securityand privacy challenges as in cloud-based data storage. Thework in [93] has surveyed existing works for following datastorage security objectives within cloud-based platform: dataintegrity, data confidentiality, and data availability. Anotherwork in [94] has analyzed security and privacy issues inSmart Grids software architecture operating on different cloudenvironments. Due to various services in Smart Grids thereis much less opportunity to compress information throughaggregation, before storing them, causing data bloat.

13

There are a number of federal and state regulations (e.g.guidelines in [95]) regarding Smart Grid data storage, in orderto protect consumer data and assure transparency about energypricing. Long-term analysis of historical data in Smart Gridsneed longer duration of data preservation. But this bringsa number of unique challenges such as: security codes andprivacy policies evolving over time; large-scale data migrationbetween cloud vendors when original vendor is unable tocontinue service (also bringing issues in migrating securityand privacy policies); simultaneous local and global contextbringing multiple jurisdiction issues in protecting data andenforcing mechanisms.

2) Security factors for data storage on field deployeddevices: Malware protection and secure access issues forfield deployed devices in Smart Grid are discussed in [96].Importance of both secure software development and securesoftware upgrade are discussed. The predominant method forsecure storage is use of keying mechanism for validation.Typically the device is configured with public key of a securesigning server. With this key, the device can validate any newlydownloaded software prior to running it or new batch of dataaccess. This proactive approach can provide higher levels ofassurance.

3) Access control and authentication: The different accesscontrol and authentication mechanisms in Smart Grid arediscussed in [97]. Role-based access control (RBAC) canenhance the system reliability and can eliminate potentialsecurity threats. The different user roles in Smart Grid includeoperators, engineers, technicians, managers, etc. These roleshave different access privileges to grid devices, the stored data,and system functionalities. The work in [98] has proposedsmart-grid role-based access control (SRAC) model. In themodel, users role hierarchy and role constraints are predefined.An XML-based security policy managing method is designed.For authentication, the work in [99] has proposed a lightweighttwo-step mutual authentication protocol by combining the pub-lic key encryption scheme and Diffie-Hellman key agreementscheme. The works in [99] and [100] are based on publickey cryptography. Public key infrastructure (PKI) is a classicpublic key management system, where users obtain certificates(including public keys) from pre-defined certificate authorities(CAs), and the CAs belong to a hierarchical structure. In SmartGrid with PKI, each grid device obtains a certificate from alocal CA. Two grid devices belonging to the same regionalnetwork may have their certificates issued by different CAs,and they will not recognize each other’s certificate.

Another work in [101] has discussed how unauthorizedaccess and malicious codes can affect Smart Grid data storagesecurity. In the U.S., there are requirements, policies andregulatory issues pre-defined by the NERC, NIST and DOE[102]. But there are alarming evidence that an adversary canmanage to get critical access to the network data stored ina Smart Grid related database and can even manipulate thestored data [101] [103]. These can lead to compromise andfailure spread in Smart Grid infrastructure. In this regard theOptimal Power Flow (OPF) is a power system analysis toolwhich is widely adopted in the control centres. The OPFoperations are highly dependent on network configuration data

TABLE VIIISUMMARY OF SOME RELATED WORKS ON DATA STORAGE SECURITY IN

SMART GRIDS.

Category Relevant worksCloud baseddata storage • Data integrity, confidentiality and availability in

cloud-based platforms [93]• Federal and state regulations for assuring secure

data storage in Smart Grid [95] [102]

Data storage onfield deployedgrid devices

• Malware protection with secure software devel-opment and secure software upgrade [96]

Access controland authentica-tion

• User role based access control [98]• public key cryptography [99] [100]• Vulnerability to unauthorized access and ma-

licious modifications to stored grid data [101][103]

and data measured from SCADA system. The interruption inpower systems due to the malicious modification of Smart Gridstored data is discussed in [103]. A method based on PrincipleComponent Analysis (PCA) is proposed to detect anomaliesrelevant to this kind of attacks. This method is applied in IEEEbenchmark test systems and has shown significant impact onfalse alarm reduction.

C. Summary on Security of Data Storage

Finally in Table VIII we have summarized some of the keydiscussed works on Smart Grid data storage security.

VII. DATA PROCESSING SECURITY IN SMART GRID

In this section, we focus on security challenges within dataprocessing phase, where the data are actually used for ap-plications. Specifically, we investigate the security issue fromthe perspectives of three well known Smart Grid applications:demand response, state estimation and energy theft detection.

A. Demand Response

Demand Response (DR) is a fundamental aspect of smartgrid that gains relevance when smart metering and advancedcommunications infrastructures among different elements ofthe grid are in place. In smart grids, a demand responsemanagement strategy utilizes smart metering data and pricingsignals, and alters the energy consumption patterns of end-user customers in timing or level, in response to changes inthe price of electricity over time [104]. For utility companies,demand response motivates changes in electricity use andinduces lower system load at times when grid reliability isjeopardized, and helps to stabilize volatile electricity prices inregions with centrally organized wholesale electricity markets.For end-use customers, demand response enables them notonly to reduce their bills, but also use energy more efficientlyby turning off and on an appliance in accordance with theenvironmental requirements. Demand response basically fallsinto two categories: load control techniques and pricing poli-cies. In load control approach, the residential users agree to

14

transfer their energy consumption control to the utility, whilepricing policies provide incentives for the users to adjust theirenergy usage according to a global optimization constraints.

1) OpenADR: OpenADR, developed by the OpenADRAlliance, is a set of standards and open data exchange modelsto facilitate the automated demand response between serviceprovides and consumers [105]. The OpenADR specificationsdefines various XML-based messages that can be exchangedover any IP-based network using protocols such as HTTP,SOAP or XMPP [106]. It is expected to be a dominatingmechanism for at least next 10 years, contributing to lowerproduct development costs [107]. Figure 9 is a generic Ope-nADR architecture [108]. It consists of the Demand ResponseAutomation Server (DRAS) and the DRAS Client. As shown,

Utility

OperatorsInformation

systems1

Internet

DRAS

2

Aggregated Loads

DRAS Client

Electric loads

Gateway

Control Networks

L L L

Electric loads

Smart Client

Control Networks

L L L

Electric loads

EMCS

Control Networks

L L L

Simple Client

3

4

5

Fig. 9. Generic Open Automated DR Interface Architecture

the data flow in OpenADR architecture is typically in fivesteps [108]:

• The utility company defines DR event and price signalsto send to DRAS.

• DR event and price services are published on DRAS.• DRAS clients, which can be either a client and logic

with integrated relay (CLIR) or a web service will requestevent data from the DRAS every minute.

• Preprogrammed DR strategies determine action based onevent and price.

• Facility Energy Management Control System (EMCS)carries out load reduction based on DR event signals andstrategies.

2) Security issues and requirements: In [106], the generalsecurity guidelines specifically for demand response processare listed:

• Confidentiality: Demand response is naturally a dis-tributed decision making problem, in which each ofthe utility companies and customers only has partialinformation of the entire decision making problem andthey need to negotiate with one another to reach a globalconsensus. The negotiations among the decision makersare through sharing and exchanges of privacy-sensitivedata, which may include: smart meter measurements,

billing and personal information, demographic data, etc.Confidentiality ensures that these data is encrypted duringthe network transmission as well as in the storage, toprevent unauthorized access and privacy violation.

• Integrity: Demand response requires accurate energyconsumption, price signals and event information. Themanipulations of these data could result in grid instabilityand even blackout. The integrity of these data should beprotected during communications.

• Availability: Demand response, especially fast-DR, re-quires timely information sharing between utility compa-nies and end-use customers. Thus, the real time availabil-ity of information like energy demand, is crucial.

• Authentication: It has to guarantee that only an legiti-mate party can issue DR event signals.

• Non-repudiation: Verifiable evidences about the trans-actions between utility companies and end-use customersshould be kept.

• Auditing and Logging: Reliable auditing has to beconducted by employing the secure logs of events andsensitive operations.

3) Secure demand response schemes: In this part, weoverview the existing schemes to enhance demand responsesecurity.

We first address the works that intend to preserve privacy.In [109], Liang et al. apply homomorphic encryption to thedemand aggregation process within the proposed dynamicpricing scheme to achieve privacy-preserved demand response.Similarly, in [110], Li et al. present EPPDR, another privacy-preserving demand response scheme. This scheme also em-ploys a homomorphic encryption to the energy demand ag-gregation process. Differently, an adaptive key evolution tech-nique is further incorporated such that the privacy preservationof forward secrecy of users’ session keys and the evolution ofusers’ private keys, are also implemented. The computationand communication overhead to achieve forward secrecy inEPPDR are evaluated to demonstrate its better performancein comparison with existing techniques. As an alternativeapproach, Zhu in [111] formulates demand response games fordemand allocation and shedding, and propose correspondingdistributed privacy preserving algorithms based on securemulti-party computation. The existence of Nash equilibriumand the algorithms’ convergence are presented. The authorsconsider the privacy preserving against semi-honest adver-saries, who attempt to infer private information from thereceived messages. Both proposed algorithms are resilientagainst at most N-2 adversaries, which means that in a gamewith N players, even if there are as many as N-2 adversaryplayers, the private information of the left 2 legitimate playerscan still be protected.

Preserving grid stability is another key concern for se-cure demand response. Maharjan et al. in [112] formulate aStackelberg game between utility companies and consumersto achieve distributed and dependable demand response man-agement. First, the intrinsic distributed nature of the proposedalgorithm is resilient to the failure or noncooperation of anyplayer, such that the global equilibrium can always be achievedto maximize each one’s benefit. Second, the authors shows that

15

the algorithm will converge to the global equilibrium withonly local information available, which means each playerdoesn’t have to expose private sensitive energy consumptionand generation information to others. Last but not least, thepaper is the first to study and evaluate the impact of cyberattacks on demand response management system, from theperspectives of both the economic aspect and the physicalaspect. The attacker intends to create monetary and physicaldamage by manipulating the price information between theutility companies and consumers. Countermeasure based onindividual reserve power and common reserve power areproposed to avoid the physical damage. In [113], Nguyan etal. illustrate the error-prone nature of collaborative demandresponse, due to users’ erratic behavior, limited commitments,device insecurity, and possible misconfigurations. To assurethe safety of demand response under these contingencies, thepropose approach incorporates a real-time secure assessmentmodule before the load management process, which adoptstimes-to-being-unsafe (TTBU), the minimum remaining timeuntil the grid becomes unsafe as the safety metric. As a result,the load management process is divided into two phases toassure the safety: a load curtailment phase and a load sheddingphase. When TTBU drops below a warning threshold, thesystem enters the load curtailment phase to induce customersto decrease consumptions collaboratively. If the curtailment isnot fully realized by the customer and the TTBU drops to anemergent threshold, the system enters the load shedding phase,which simply shutdown a subset of loads to prevent furtherfailures.

B. State Estimation

State estimation is a key system monitoring process de-ployed in power system control center to estimate the systemunknown state variables based on the collected meter measure-ments [25]. The outputs of state estimation lay the foundationfor a series of subsequent critical control processes, such ascontingency analysis, security constrained economic dispatch,and real-time pricing in electrical market, etc. Therefore, thesafety of state estimation process is a key concern in SmartGrid cyber security. Traditionally, the state estimation processis formulated as a static weighted-least-square (WLS) problemand solved in a centralized control center, which need tocollect all the measurements through SCADA system acrossthe entire network [25]. In [114], Liu et al. first introduce theconcept of false data injection attacks against state estimation,which opens up a brand new perspective to attack the process.Inspired by the work in [114], a series of further developmentsare made in [115] [116] [117] [118], etc. This kind of attacksmainly expose and rely on the vulnerabilities of the traditionalcentralized weighted-least-square state estimation model andits corresponding bad data detection method. Meanwhile,Smart Grid is characterized by the intermittent renewablepower generations and frequent grid topology changes, and theunprecedentedly large amount of data generated in real time bythe new measurement devices like phasor measurement units(PMUs). The traditional static WLS state estimation modelis not suitable to capture the system dynamics in real time

and the centralized online data processing is even practicallyinfeasible due to the communication bottleneck. Therefore,new state estimation methods should be proposed not onlyjust as countermeasures against false data injection attacks,but also as new approaches to process the measurementdata in more timely and robust way. In this section, recentresilient state estimation methods are presented, which canbe categorized into two major classes: methods employingdistributed architecture, and methods adopting new models.Figure 10 gives the taxonomy of resilient state estimators wehave covered.

Weighted Least Square

New problem formulations

Distributed State Estimation

[119] [120][121][122]

Least Absolute Value [128]

Kalman Filter [129], [130]

Kernel Ridge Regression

[131]

Factor Graph [132]

Minimax Optimization

[133]

Static Estimator Dynamic Estimator

Fig. 10. A Taxonomy of Resilient State Estimators

1) Distributed state estimation: Distributed state estimatorsmainly still employ the traditional static WLS formulation.Differently, they partition the power network into severalcontrol regions, and distribute the computation and bad datadetection requirements among these local control centers, toincrease the online measurement processing capabilities andbad data detection sensitivity. Each local control center onlyhas knowledge of local measurements and network structure,and iteratively coordinate the local state estimates with othercontrol centers to achieve the global state convergence.

Pasqualetti et al. [119] employs the traditional centralizedWLS state estimation model and distribute the computationamong local control centers using two interaction structures:the incremental interaction and the diffusive interaction. Inincremental interaction, the estimated result flows in a sequen-tial manner from one control center to another. In diffusiveinteraction, each control center communicates with all itsneighbors. Although both interaction structures have proofedconvergence to the centralized WLS solution, local observabil-ity is required, which means the local Jacobian matrix afterpartition must be full rank. Xie et al. in [120] and Kekatoset al. in [121] respectively propose distributed methods whichdon’t require local observability. In [120], a first order adaptivediffusion-based algorithm is presented, which combines alocal descent step with a diffusion step. In [121], the wellknown alternating direction method of multipliers (ADMM)is employed. As further improvement, [122] proposes a robustand fully decentralized adpative re-weighted state estimationscheme, which essentially a generalization of the Gossip basedGauss-Newton algorithm. It demonstrates faster convergence

16

rate and is completely adaptable to measurement meter failuresand communication network failures.

All the above distributed state estimation methods are ac-companied by the corresponding distributed bad data detectiontechniques. These distributed models decrease the chanceof success of false data injection attacks, since they canincorporate more meter measurements and divide the wholenetwork into smaller and more observable regions, but arenot specifically designed for false data attack detections. In[123], the authors particularly propose a false data injectionattack detection scheme based on extended distributed stateestimation (EDSE). The whole network is partitioned into sev-eral regions using graph partition algorithms and each regionalso incorporates the adjacent buses and tie lines. By thisapproach, the detection sensitivity is dramatically increased,such that the false data stands out distinctively from normalobservation errors in the chi-square test. In [124], the authorspropose a decentralized false data injection detection schemeby creating Markov graph of the bus phase angles. Powernetwork topology is learned by the conditional covariancetest. It shows that in normal conditions, the Markov graphshould be consistent with the power network topology, suchthat a discrepancy between the calculated Markov graph andthe learned topology will indicate a false data injection attack.The set of the malicious meters can be determined withoutany extra hardware resources.

Although distributed state estimators are proposed as thefuture state estimation alternative to enhance performanceas well as resilience, they are not flawless. Recent work in[125] particularly addresses the security vulnerabilities withindistributed state estimation. The authors show that by compro-mising the communication links of a single control center ina interconnected system, an attacker could launch a denial-of-service attack to blind the monitoring of every region.In [126], false data injection attacking strategies are evenspecifically designed against distributed state estimation modelin [121]. These indicate how to design a secure distributedstate estimation model is still quite challenging.

2) New formulations for state estimation: Traditional staticWLS formulation for state estimation has the limitation inthe presence of bad data [127] and lacks the ability toproduce real-time snapshot of the highly dynamic Smart Gridsystem. To overcome these issues, other formulations for stateestimation problem are proposed.

Gol et al. in [128] present the feasibility of Least AbsoluteValue (LAV) estimator for robust state estimation when PMUmeasurements are employed. The least absolute value (LAV)estimator is traditionally known to be more robust than theWLS estimator in the presence of bad data, and the baddata can be rejected automatically due to their producedlarge normalized residuals. However, since the traditionalmeasurements for state estimation only include bus powerinjections, branch power flows and bus voltage magnitudes,the formulated LAV estimator would require extremely highcomputational cost to find the solution. Therefore, the WLS es-timator is widely adopted instead of LAV. In [128], the authorssuggest that with the help of PMU measurements, which arethe voltage and current phasor measurements, the estimation

problem is linearized and LAV estimator would demonstratecompetitive computational performance with WLS while pre-serving its robustness.

The penetration of renewables and sudden changes in theload, generation and topology make the Smart Grid sys-tem much more dynamic. To cope with such dynamics, anew line of researches about dynamic state estimators aremotivated, to facilitate the major needs for robust onlinestate estimation. One solution is to employ Kalman Filters.Weng et al. in [129] propose a new Kalman filter basedstate estimation method, which first use historical data toconduct maximum likelihood parameter estimation, then usethe estimated parameters with online measurements to esti-mate the system state. The Kalman filter is employed in aphysically meaningful kernel feature space, such that missingdata can be tolerated. A similar approach is proposed in [130],which combines Kalman filters with real-time PMU data.The authors introduce a novel state estimator, viz. adaptiveKalman Filter with inflatable noise variances, and suggestits resilience against wrong system modeling and bad datainjection through extensive simulations. To further improvethe robustness of state estimator against topology changes,bad data and malicious attacks, the authors in [131] introducea robust data-driven state estimator. Specifically, the stateestimator first uses historical state and system topology to copewith topology changes, then historical data are employed toremove the bad data. Subsequently, to identify a maliciousattack, a maximum agreement algorithm is executed uponcollected states. Finally, the resulting information is used ina kernel ridge regression process within Bayesian inferenceframework, which leads to a highly robust data-driven state es-timator. However, this estimator suffers a large computationaloverhead. To accommodate online data processing, dimensionreduction and k-dimensional tree indexing are utilized to speedup the process. As a most recent alternative approach, Chavaliet al. in [132] propose a dynamic robust state estimator basedusing Factor Graphs. They model the power system as afactor graph, in which the state vectors corresponding toeach area at each time are considered as factor nodes. Thedependencies between state vectors and their neighbor areavectors, and the dependencies between state vectors at differenttimes, are captured into the factor graph. This state estimationmethod is naturally distributed since the sum-product messagepassing algorithm on factor graphs are distributed. Since thefactor graph can capture the nonlinear relations, this stateestimator introduces less errors than the traditional extendedKalman filter based methods, in which nonlinear power systemmeasurement model is approximated as a linear model. Theauthors further suggest that the proposed method is morerobust to bad data, since once an area has bad data, the weightscorresponding to the state samples in that area will becomevery small.

Another interesting idea we have found is in [133]. Theauthors measure the robustness of the estimator by the worsecase mean square error, and seek to construct an optimalrobust estimator based on the attackers’ ability to launchdata integrity attacks. A Minimax Optimization problem isformulated, which intends to minimize the mean square error

17

resulted from the most destructive attack. A very importantissue we have captured from this work is: for state estimators,the concept of robustness and security should be distinguishedfrom each other. In other words, a robust estimator may notnecessarily be secure. This suggests that future research aboutstate estimators should have clear definitions of robustnessand security, and the corresponding assessment standards andmethodologies would also be indispensable.

C. Energy Theft Detection

Energy theft is a notorious security problem in power sys-tems, which causes significant economic losses and threatensgrid stability. Due to the ease of intrusion and economic bene-fits [134], energy theft is a widespread practice. In developingcountries, up to 50 percent of electricity is acquired via theft[135]. In United States, the utility companies lose approxi-mately six billion dollars per year due to this problem [136].Energy theft can be caused by physical and cyber attacks, suchas directly connecting loads to the electricity distribution lines,hacking and reprogramming smart meters, etc. The detectionof energy theft has traditionally been addressed through phys-ical checks of tamper-evident seals by field personnel withbalance meters [137]. As the high-resolution data collectionfrom smart meters in AMI, utility companies are now ableto timely gather more data from these devices and employanalytics to turn these data into actionable information, suchas detecting energy theft and abnormal consumption trends.The authors in [138] specifically summarize the energy theftdetection schemes by detectors, such as classification based,state estimation based and game theory based. Here we adoptthe data-driven perspective, which categorize the approachesinto single data source based, multiple data source basedand privacy-preserving data source based. Figure 11 givesthe taxonomy of energy theft detection approaches we havecovered.

Energy Theft Detection

Single Data Source[139][140][141]

Multiple Data Sources

[142][143][144]

Privacy-Preserving Data Sources

[145][146]

Fig. 11. A Taxonomy of Energy Theft Detection Approaches

1) Single data source: The single data source based ap-proaches only employ the smart meter data in AMI. In [139],the authors use the fine-grained anomaly detection from smartmeters and formulate the problem as a game between theelectric utility and the electricity thief. The Nash equilibriumof the game is a probability density function that both partieshave to choose when reporting AMI measurements. The goalof the electricity thief is to steal a predefined amount ofelectricity while minimizing the likelihood of being detected,while the electric utility wants to maximize the probability

of detection. In [140], the authors propose a new threatmodel that could be used either by adversarial classificationand adversarial learning, and evaluate the threat model onseveral detectors including Average Detector, ARMR-GLR,nonparametric satistics, unsupervised learning (Local OutlierFactor). In [141], the smart meter data are integrated within thestate estimation process, and the amount of energy stolen bya smart meter is modeled as a measurement bias. As a result,a weighted least square based state estimation approach canbe applied to detect the energy thefts, in which a zero biasrepresents a truthful smart meter.

2) Multiple data sources: Recently works about energytheft detection tend to employ the data from multiple datasources, which are the multiple data source based approaches.[142] proposes AMIDS, an AMI intrusion detection systemthat uses information fusion to combine the sensors andconsumption data from smart meters to detect energy theft.AMIDS combines meter audit logs of physical and cyberevents with consumption data to model and detect energy theft.It differs previous works by evaluating multiple AMI datasources under a combination of techniques. It uses an attackgraph based information fusion technique to combine collectedinformation from three data sources: cyber-side network andhost-based intrusion detection system, on-meter anti-tamperingsensors, and power measurement-based anomalous consump-tion detectors. [143] proposes a temperature dependent predic-tive model which uses both smart meter data and data fromdistribution transformers to detect electricity theft. Load profileanalysis of customers to detect abnormal energy consump-tion pattern. These methods cannot be used where there iscomplete bypass of meters. Technical losses and energy theftare accurately calculated using the energy balance betweenthe energy supplied from the distribution transformer and theenergy consumption reported by the users. Another work in[144] presents a novel consumption pattern-based energy theftdetector (CPBETD), which leverages the predictability prop-erty of customers’ normal and malicious consumption patterns.By employing transformer meters as well as smart meters,the total consumption of each neighborhood is measured, andis compared with the total amount of energy consumptionreported by the smart meters. If energy theft is detected at thislevel, for each customer in the suspicious area, a multiclasssupport vector machine is trained using historic data as well assynthetic attack data set.T he classifier is then used to decidewhether a new sample reported by the customer is tamperedor not.

3) Privacy-preserving data sources: Since the smart meterdata contain sensitive users’ energy profile information, con-ducting energy theft detection while preserving data sourceprivacy draws great attention to another line of research worksrecently. [145] is the first to investigate the energy theftdetection problem considering users’ privacy issues. Previousschemes all require users to send their private information,e.g., load profiles or meter reading at certain times to theutility companies, which invades users’ privacy. This paperutilizes peer-to-peer computing, and propose three distributedalgorithms to solve a linear system of equations (LSE) foruser’s honesty coefficients. The users’ privacy can be preserved

18

because they do not need to disclose any of their energyconsumption data to others. The propose privacy-preservingdistributed LU and QR decomposition to solve a linear systemof equations, which adaptively account for both constant andvariable honesty coefficients. The work in [146] also achievesprivacy preserving by proposing a centralized energy theftdetection scheme using the Kalman filter, called SEK. Basedon SEK, it develops a privacy-preserving distributed energytheft scheme called PPBE, which privately finds the energythieves by decomposing the Kalman filter into two parallel andloosely coupled filters. The main idea is to model the amountof energy stolen by a smart meter as a measurement bias, anduse optimal state estimation techniques to solve for all themeters’ biases. A zero bias indicates a faithful meter. One filter(bias-ignorant filter) estimates the state variable vector andthe other filter (bias filter) estimate the bias vector. The bias-ignorant filter first conducts state estimation in a private anddistributed manner, such that users’ measurements are hiddenfrom the system operators to preserve privacy. The resultedresidual will be further employed by the system operatorto carry out bias filter. The privacy preserving energy theftdetection would be a promising research direction in the future.

VIII. SECURITY ANALYTICS IN SMART GRID

From the security perspective, data in Smart Grid are boththe problem and the solution. On one hand, as suggested inprevious sections, the security and privacy of the big datain Smart Grid are among the most challenging issues forSmart Grid innovation. On the other hand, big data analyticsalso holds the big promises for solving Smart Grid securityproblems. By exploiting the historical and real time data inSmart Grid, system operators are able to uncover hiddenrelationships, improve situational awareness, discover patternsand facts about security threats, and predict and even preventthe potential new issues before they occur. All these relatedtechniques are called security analytics, i.e., the applicationof big data analytics techniques to cyber security [147]. Assuggested in [148], in the next three to five years, securityanalytics will disrupt the status quo in most informationsecurity product segments and evolve to enable a wide rangeof security intelligence with advanced predictive capabilitiesand automated real-time controls, which are also called data-driven security or intelligence-driven security.

The applications of data analytics for power system securityis not new [149]. However, in Smart Grid, as the massiveamounts of data generation and increasingly sophisticatedcyber attacks, the traditional security solutions are rapidlyrendered obsolete. For example, traditional security solutionsare not working since 97% of breaches led to compromisewithin days or less, of which 72% leading to data exfiltration inthe same time [150]. Figure 12 describes the evoluation of dataanalytics in security [150]. Specifically, the security analyticsin Smart Grid should meet the following requirements [148][150]:

• Diverse data sources: leveraging multiple data sourcesand creating a synergistic learning effect as new security-related information becomes available.

Fig. 12. Evolution of Data Analytics in Security

• Big data infrastructure: employing a fast and scalableinfrastructure to conduct real time and long term analysis.

• High performance analytics engine: being capable ofprocessing large volumes of data in real time to detect,investigate and prioritize threats.

• Integrated intelligence: supporting recommendations anddecision making.

• Comprehensive visibility: visualizing the trends andevents effectively with appropriate normalization.

In this section, we review the start-of-art works in securityanalytics in Smart Grid. Specifically, we first discuss the po-tential data sources for security analytics, and then analyze thecorresponding feasible data analysis methods and visualizationmethods.

A. Data sources for security analytics

TABLE IXEXAMPLE DATA SOURCES FOR SECURITY ANALYTICS IN SMART GRID

Source DataRemote Terminal Unit Node voltage and branch flow magnitudes

Phasor measurement UnitStandardized frequencies,node voltage magnitudes and phase angles,Branch flow magnitudes and angles

Planning and operations

Generation and transmission outages,Maintenance logs,Equipment operating limits,Load forcasts

Transactions

Historical LMPs, price forecasts,Transmission reservations,Energy sales and purchases,Transmission loading relief incidents

Networking devicesTraffic data, operating system logs,User activity logs, firewall rule sets,DNS events

Digital protective relay

Current and voltage waveforms,Status of input and output contacts,Internal protection and control elements,Relay settings

Smart metersUser load consumption,Appliance setting points,Billing and identity information

Data concentrators Aggregation of smart meter dataAMI Headend Aggregation of data concentrator data

As the integration of cyber infrastructure within smart grid, thesecurity related data expands considerably and a multitude ofpotential data sources become available. The security analyticsin smart grid collect and integrate a wide variety of new datafor analysis and investigation. These new data mainly comesfrom an increasing number of new enhanced systems [151]:

• Advanced Metering Infrastructure (AMI)

19

• Meter Data Management Systems (MDMS)• Outage Management Systems (OMS)• Distribution Management Systems (DMS)• Enterprise Asset Management Systems (EAS)

Specifically, we summarize both the traditional and new datasources in literature [152] [153] [148] [154] [155] in TableIX.

B. Data analysis

Data analysis is the most important part of security ana-lytics, the goal of which is to extract insights, detect andrecognize patterns, derive conclusions and support decision-making. In smart grid, due to the great diversity of dataproperty and objective systems, the data analysis methods forsecurity analytics differ significantly. In [151], according to thedepth of analysis, the authors classify the general data analysismethod into the following three categories:

• Descriptive analytics: extracts the what have occurred andcurrent system status.

• Predictive analytics: predicts the future trend and fore-casts the potential risks.

• Prescriptive analytics: supports decision making andproblem prevention.

The above classification captures the functional features ofdifferent methods.

As an alternative approach, the authors in [10] classify thedata analysis methods from a technical perspective:

• Statistical analysis: is to model randomness and uncer-tainty by probability theory.

• Data mining: is the computational process of discoveringpatterns and relationships in data sets.

• Data visualization: is to represent data through pictorialand graphical format.

In this subsection, we adopt this technical perspective andfocus on the smart grid security analysis methods usingstatistical analysis and data mining. Data visualization basedmethods are discussed in detail in next subsection.

1) Statistical analysis methods: In [156], Moreno et al.present a safe and intelligent management platform for thedistributed generations in smart grid. In particular, in order todetect power quality events, such as sags, swells, and transientfaults, etc, the system integrates the skewness and kurtosisstatistical estimators, as well as a real-time cumulative sum(CUSUM) algorithm. The CUSUM algorithm directly uses allthe samples in sequence and plots the cumulative sums of thedeviations of the sample values from a target value. In [157],Sedghi et al. propose an attack detection scheme for SCADAsystem in smart grid, based on Markov graph of bus phaseangles. Using convential and PMU measurements, ConditionalCovariance Test (CCT) is adopted to learn the structure of thepower network. Ali et al. in [158] propose the configuration-based intrusion detection system for advanced metering in-frastructure. The authors employ event logs collected at smartmeters and model them by fourth order Markov Chain todemonstrate deterministic and predictable behavior of AMI,which can be used accurately to develop intrusion detection

system (IDS). The IDS essentially leverages a device config-uration based stochastic model checking technique. Anotherimportant aspect of the work is that a real-world dataset ofthousands of meters collected at the AMI of a leading utilityprovider is used in the evaluation process, which significantlyimproves the soundness of the proposed method.

TABLE XSECURITY DATA ANALYSIS METHODS IN SMART GRID

Ref. No Objective System Method Data set

[156] Distributed generations Skewness, kurtosis estimators,CUSUM Synthetic

[157] SCADA CCT, Markov graph Synthetic[158] AMI Markov chain Real

[159] Power plant Feature extraction, UDC,QDC, LDC, TREEC, PARZENC Synthetic

[155] Transmission system Rule-based expert system Real[160] Transmission system Common path mining Synthetic

[161] AMI

Hoeffiding tree with majorclass and naive Bayes,Hoeffiding tree with naive Bayes,Hoeffiding decision tree,Adaptive size Hoeffding Tree

Real

2) Data mining methods: Hurst et al. in [159] achieve in-depth defense of a nuclear power plant against cyber threatsby using behavior observations and data analysis. Specif-ically, feature extraction and data classification techniquesare employed to evaluate data sets and detect changes inbehavioral patterns. In the training mode, features are ex-tracted to form feature vectors for both normal and abnormalbehavior. Once all the required data processed, the featurevectors are sent to the evaluation process, where specific dataclassification techniques are applied, including uncorrelatednormal density based classifier (UDC), quadratic discrimi-nant classifier (QDC), linear discriminant classifier (LDC),decision tree (TREEC), and parzen classifier (PARZENC).The performances and accuracy of the above classifiers arelisted and compared. In [155], Popovic et al. implementa fault analysis platform for power transmission system byparticularly focusing on the practical use of digital protectiverelays (DPR) data. An rule-based expert system is employedto conduct the data analysis for fault detection. Recently, Panet al. [160] develop a hybrid intrusion detection system insmart grid, which learns temporal state-based specificationsfor power system scenarios, such as normal control operations,disturbances, and cyber attacks. The common path miningtechnique is employed to learn patterns for those scenariosfrom a fusion of PMU data, and system audit logs. In [161],data stream mining is used to enhance the security of AMIthrough intrusion detection. Based on the difference in datastream properties, individual intrusion detection technique isspecifically designed for each part of AMI, including smartmeter, data concentrator and AMI headend. Moreover, toexplore the performance and accuracy, seven implementationsof data stream classifiers from massive online analysis (MOA)data stream mining framework, are evaluated using the realisticKDD Cup 1999 data set. Besides MOA, more data streammining implementations can be found in [90].

The above data analysis methods for smart grid security

20

analytics are summarized in Table X. We explicitly list thedata set used in the evaluation of each proposed method sincethey are critical to the validity of data analysis methods.

C. Data visualization

Visualization is the most direct and effective approach todemonstrate and inspire ideas to human [162]. It would begreatly beneficial to leverage visualizations to address thesecurity issues in smart grid. Data visualization is an essentialpart of security analytics [163]. The smart grid innovationenables the generation of more and more data from bothinfrastructures as well as applications, such as logs andmeasurements. With the ever changing threat landscape anddynamic infrastructure configurations, visualization of thesedata enables individuals to uncover hidden patterns, detect at-tacks, identify emerging risks and vulnerabilities, and responddecisively with countermeasures that are far more likely tosucceed than conventional approaches, which is an essentialpart of future actionable security intelligence. In this section,we present the existing works about security visualizationsin smart grid, and identify the research challenges for futurework.

1) Existing security visualization works: As an early work,Klump et al. in [152] visualize the security threats ofpower system by displaying data from phasor measurementunits(PMUs) and SCADA data sources simultaneously. TheSCADA data sources provide a comprehensive capture ofsystem states but at a slow refresh rate. As a comparison, thePMU measurements can capture the system transient dynamicsand generate data at a much higher rate. The integrationof SCADA data and PMU data for visualization can helpdirectly identify the security threats in the system. The pro-posed platform characterizes the properties of PMU data andaddresses specifically the challenges of employing distributeddata sources with different data generating rate. PowerWorldis employed to provide dynamic geographical view.

Recently, [164] presents a general visualized monitoringtool for distributed power generations in smart grid. Thevisualization tool uses an expert system to filter and analyzereal-time measurements from the smart meters at transformerstations of the distribution grid, and generate diagnosis forfailures and recommendation corresponding actions. It pro-vides a geographic based main view for the current state ofthe grid, as well as the additional views to highlight detailsabout the particular points of interests on demand. The statusof communication network and weather are also integrated.Another work in [165] is promising since it presents a 3Dvisualization scheme for contingency and security in smartgrid. In this work, the proposed approach employs AdvancedVisual Systems Express 7.3 software, and is devoted to visu-alizing the physics of power grids. Specifically, the systemreal-time dynamics when a generator fails are visualized.The implementation consists of large data transfer program,numerical analysis program, visualization program, visualiza-tion matrix, data acquisition and data segmentation functions.Instead of just providing geographic layout, the work in [166]deals with the different hierarchical layers that exist at both

topological and geographical levels, and it is highlighted bythe seamlessly integration of the geographical and topologicallayers, allowing to understand a single node’s contributionto the security of entire system from different perspectives.As the most recent work, [167] demonstrates in-progressapplications of large scale data processing technologies forsecurity visualization in Smart Grid. By using a distributeddata processing model, both data from smart meter profiles andAMI networks are streamed and spatiotemporally visualizedin real-time, in order to facilitate cyber attacks identification,alert and response.

Another line of works are focused on the visualizations ofsome particular security aspect in smart grid. In [168], Yan etal. present an integrated visualization platform for smart grid,specifically for demonstrating the cascading failures in powertransmission system caused by cyber attacks. The systememploys ESRI ArcGIS software as visualization platform andimplement its interface with MATLAB, where the attacks anddefense algorithms are simulated. In [169], Matuszak et al.describe the design of CyberSAVe, a visualization tool forcyber trust for SCADA system in Smart Grid. The authors firstdefine the mathematical model of cyber trust, which consistsof availability, detection and false alarm trust values, as wellas a model of predictability. By employing an aggregationalgorithm for all these models, CyberSAVe incorporates andvisualizes the aggregated trust, which could be used by thesystem operator to detect, identify, and mitigate various attackson Smart Grid system.

TABLE XISUMMARY OF SECURITY DATA VISUALIZATION

Ref. Objective Layout Implementation Key features

[152] Transmission system Geographical PowerworldDistributed datasources with differentgenerating rate

[164] Generation system Geographical From scratchCommunication,power network,and weather data

[165] Transmission system 3D AVS Express Physical dynamics,3D visualization

[168] Transmission system Geographical ArcGIS, Matlab Cascading failuredemonstration

[169] SCADA system Geographical Open API, GIS Mathematical trustmodel visulization

[166] Transmission, SCADA Geographical,topological GeoViz Both geographical

and topological

[167] AMI system Charts, linesApache flume,Kafka, Storm,Kibana, Jquery

Big data processingfor visualization

2) Remaining challenges: The properties and comparisonsbetween the above works are summarized in Table XI. We cansee the visualization tools are mostly for the transmission sys-tems with a geographical display. Moreover, since these worksmainly leverage the existing visualization tools, the applicationof advanced visualization techniques, such as 3D visualization,is still rare. Through our studies, we find that even though atremendous amount of research have examined visualizationsfor cyber security, the works specifically addressing the se-curity of smart grid are surprisingly limited. As mentionedin [154], data visualization for smart grid security remainsextremely elementary, dominated by pie charts, graphs, andExcel spreadsheet pivot tables. The smart grid data has its

21

own features and dimensions, more efforts should be made toadvance the security visualization in smart grid system.

Based on our studies, we identify a number of remainingchallenges in visualization as the following:

• The objectives of security visualization can be expanded.Instead of limiting to transmission system, SCADA andAMI, more efforts should be made for power distributionsystem, smart buildings and energy management system,etc, where lies higher security risks due to extensive userinvolvements.

• The security visualization tools should address the di-versity of heterogeneous data sources, such as datagenerating rate, geographical locations, and duty cycles,etc. Customized visualization will also be desirable tohighlight particular interests on demand.

• Advanced implementation techniques for visualization,such as cloud based large scale data sanitation, 3D repre-sentations and human interactions, should be integrated tofacilitate the capabilities of real-time security monitoringand analysis.

• Predictive functions and models can be implementedwithin visualization to illustrate potential security risks.

IX. LESSONS LEARNED AND FUTURE RESEARCH

In this section, we present our learned lessons throughoutthe process of conducting our survey works and identifyseveral potential future research directions.

A. Lessons learnedIn this paper, we have adopted a data-driven approach to

survey the existing related works about cyber security in SmartGrid. Even though it is really difficult to draw insights aboutthe relations from the huge amount of research publications,we find following the trace of data (generation, acquisition,storage and processing) is a straightforward and efficientapproach to systematically organize and analyze. Based onthis, we believe it would be also beneficial to conduct futuresecurity research in a data-driven way, which is a data-drivencyber security research framework. The framework itselfshould strive to bring security, big data analytics and cloudcomputing technologies all together, and capture the entirelifecycle of data in cyber security research. As shown inFigure 13, the research framework could consist of cybersecurity testbeds (data generation), cloud-based infrastructure(data storage and processing), and security analytics (dataapplication). The security testbed incorporates software sim-ulation, emulation and physical hardware to conduct cybersecurity analysis, which provides an experiment environmentto validate cyber security strategies while generating data suchas system traces and logs, etc. The security testbed storesgenerated data in the Cloud-based Infrastructure for SecurityAnalytics, while retrieves required data from the Cloud-basedInfrastructure when conducting the validation about SecurityAnalytics. These three components work together to facilitatethe future cyber security research in a data-driven way. Thiskind of full-stack approach would be also applicable to futuresecurity research in other general cyber-physical systems, suchas smart transportation system and smart buildings.

Security Testbed Security Analytics

Cloud-based Infrastructure

Data

Storage

Data Stream

processing

Interactive

Query

Machine

Learning

Statistical

Analysis

Security

VisualizationSimulation Emulation Physical

Fig. 13. Data-driven cyber security research framework

B. Potential future research

Many challenges in the smart grid security still need moreresearch attentions in the future. Below, we list some of theidentified open issues:

• Security of plug-in electric vehicles (PEVs): The largescale integration of PEVs is listed as the top seven keyfunctions of Smart Grid [170], which could significantlyincrease the use of renewable energy resources, provideenergy storage to ameliorate peak load demands, anddramatically reduce the carbon footprint. As suggestedin [171], the potential security issues related to PEVsinclude privacy of movement, security payment, andintegration security with critical infrastructure, etc. Fromour survey, most existing authentication systems merelyapply security schemes directly to the smart grid, leavinggaps of the PEVs protection, except the most recent workin [172]. Also, more future work should look into theattack detection and vulnerability assessment methods[173]. The recent project about PEVs from EuropeanNetwork for Cyber Security [174] shows an increasingurgency about this research topic.

• Security of transactive energy: Transactive energy is asystem of economic and control mechanisms that allowsthe dynamic balance of supply and demand across theentire electrical infrastructure using value as a key oper-ational parameter [175]. As an integral part of the pacificnorthwest smart grid demonstrate project [176], transac-tive energy is a new concept that provides an approach tomaintain the reliability and security of the power system.It increases efficiency by coordinating the behaviors ofa large number of distributed energy resources, whichembraces both the economics and engineering of smartgrid system. The implementation of transactive energyrequires massive distributed controls and interactionsbetween independent entities, which would impose a sig-nificant of amount of security challenges. Sophisticatedcyber-physical attacks against transactive energy couldlead to serious unstable power operating conditions oreven blackout. Future research should particularly explorethe security solutions for this scenario.

• Security assessment tools: As the emerging of variousdesign and implementation of security architectures forsmart grid, it is essential to formally evaluate the strengthand weakness of each security solution, when the se-

22

curity assessment tools would come into the picture.Even though there exists quite a few of theories aboutthe assessment of smart grid security, which includeprobabilistic risk assessment, graph based assessment andsecurity metric based assessment [6], the implementedavailable tools are still rare. One of the leading in-progress efforts is from [177], which applies formal andsystematic analysis of different types of security assess-ment techniques to provide an integrative tool for large-scale real-world smart grid systems security assessment.Future research should focus on the implementations andevaluations for security assessment tools, especially witha real-time interactive paradigm.

• Security architectures and frameworks in context ofInternet-Of-Things: Security architectures and frame-works are the full-stack models from a global perspectiveand provides a complete security solution to smart gridsystem. As shown in our previous works, most of theworks about cyber security in smart grid are concentratedon particular scenarios and specific contexts. As the con-vergence of smart grid system with Internet-Of-Things,these security solutions should not be isolated and thereshould be a overall view to organize all the solutions.[178] firstly presents a security architecture model forsmart grid communication network, which incorporatessubsystems including AMI, demand response (DR), elec-tric vehicles, distributed resources and energy storagesystems, and distribution grid management. [179] alsopresents the security framework, security policies andcountermeasures for IoT in smart grid, or called powerinternet of things. The proposed security framework con-sisting of three layers: perception layer, network layer andapplication layer. [180] presents the security requirementsand architectures for IoT and specifically analysis ofsecurity architecture in smart home applications. Futureworks should consider the general IoT architecture andits corresponding security challenges, then emphasize onthe End-to-End security through a bottom-up approach.For example, how to implement security control at eachlevel of IoT architecture, such as device level, networklevel, and system level.

X. CONCLUSION

In this paper, we present the recent security advances inSmart Grid. By adopting a data driven approach, we char-acterize the security vulnerabilities and solutions within theentire lifecycle of Smart Grid data, including data generation,data acquisition, data storage and data processing. Moreover,security analytics for Smart Grid are described and discussed.Finally, potential research directions for Smart Grid securityare identified. This data-driven security analysis brings newand promising perspectives and methodologies to future re-search in Smart Grid.

REFERENCES

[1] S. Collier, “The emerging enernet: Convergence of the smart grid withthe internet of things,” in Rural Electric Power Conference (REPC),2015 IEEE, April 2015, pp. 65–68.

[2] D. of Energy and D. of Homeland security, “Roadmap to secure controlsystems in the energy sector,” Tech. Rep., 2008.

[3] G. Ericsson, “Cyber security and power system communication2014;essential parts of a smart grid infrastructure,” Power Delivery,IEEE Transactions on, vol. 25, no. 3, pp. 1501–1507, July 2010.

[4] Y. Yan, Y. Qian, H. Sharif, and D. Tipper, “A survey on cyber securityfor smart grid communications,” Communications Surveys Tutorials,IEEE, vol. 14, no. 4, pp. 998–1010, Fourth 2012.

[5] J. Liu, Y. Xiao, S. Li, W. Liang, and C. L. P. Chen, “Cyber securityand privacy issues in smart grids,” Communications Surveys Tutorials,IEEE, vol. 14, no. 4, pp. 981–997, Fourth 2012.

[6] W. Wang and Z. Lu, “Cyber security in the smart grid: Survey andchallenges,” Comput. Netw., vol. 57, no. 5, pp. 1344–1371, Apr. 2013.[Online]. Available: http://dx.doi.org/10.1016/j.comnet.2012.12.017

[7] Z. Baig and A.-R. Amoudi, “An analysis of smart grid attacks andcountermeasures,” Journal of Communications, vol. 8, no. 8, Aug 2013.

[8] N. Komninos, E. Philippou, and A. Pitsillides, “Survey in smart gridand smart home security: Issues, challenges and countermeasures,”Communications Surveys Tutorials, IEEE, vol. 16, no. 4, pp. 1933–1954, Fourthquarter 2014.

[9] “Guidelines for smart grid cyber security,” NIST Smart Grid Interop-erability Panel, NISTIR 7628 Cyber Security Working Group, 2010.

[10] H. Hu, Y. Wen, T.-S. Chua, and X. Li, “Toward scalable systems forbig data analytics: A technology tutorial,” Access, IEEE, vol. 2, pp.652–687, 2014.

[11] M. Line, I. Tondel, and M. Jaatun, “Cyber security challenges in smartgrids,” in Innovative Smart Grid Technologies (ISGT Europe), 20112nd IEEE PES International Conference and Exhibition on, Dec 2011,pp. 1–8.

[12] F. Cleveland, “Cyber security issues for advanced metering infrasttruc-ture (ami),” in Power and Energy Society General Meeting - Conversionand Delivery of Electrical Energy in the 21st Century, 2008 IEEE, July2008, pp. 1–5.

[13] B. Zhu, A. Joseph, and S. Sastry, “A taxonomy of cyber attackson scada systems,” in Internet of Things (iThings/CPSCom), 2011International Conference on and 4th International Conference onCyber, Physical and Social Computing, Oct 2011, pp. 380–388.

[14] Y. Deng and S. Shukla, “Vulnerabilities and countermeasures: A surveyon the cyber security issues in the transmission subsystem of a smartgrid,” Journal of Cyber Security and Mobility, vol. 1, pp. 251–276,2012.

[15] C. Beasley, X. Zhong, J. Deng, R. Brooks, and G. Kumar Venayag-amoorthy, “A survey of electric power synchrophasor network cybersecurity,” in Innovative Smart Grid Technologies Conference Europe(ISGT-Europe), 2014 IEEE PES, Oct 2014, pp. 1–5.

[16] W. Stallings, Network and Internetwork Security: Principles and Prac-tice. Upper Saddle River, NJ, USA: Prentice-Hall, Inc., 1995.

[17] U. Department of Energy, “Smart grid system re-port 2009,” Tech. Rep., 2009. [Online]. Available:http://energy.gov/sites/prod/files/2009SmartGridSystemReport.pdf

[18] “Nist framework and roadmap for smart grid interoperability standards,release 1.0,” National Institute of Standards and Technology, 2010.[Online]. Available: http://dx.doi.org/10.6028/NIST.SP. 1108r1

[19] D. of Energy and U. K. Climate Change, “Smart grid vision androutemap,” Tech. Rep., 2014.

[20] D. Hart, “Using ami to realize the smart grid,” in Power and EnergySociety General Meeting - Conversion and Delivery of ElectricalEnergy in the 21st Century, 2008 IEEE, July 2008, pp. 1–2.

[21] R. Habash, V. Groza, D. Krewski, and G. Paoli, “A risk assessmentframework for the smart grid,” in Electrical Power Energy Conference(EPEC), 2013 IEEE, Aug 2013, pp. 1–6.

[22] U. S. NETL, “Advanced metering infrastructure,” Tech. Rep., 2008.[Online]. Available: http://www.smartgrid.gov/white papers

[23] S. Uludag, s. Zeadally, and B. Mohamad, “Techniques, taxonomy,and challenges of privacy protection in the smart grid,” ComputerScience, Engineering and Physics, May 2015. [Online]. Available:http://deepblue.lib.umich.edu/handle/2027.42/111644

[24] A. Metke and R. Ekl, “Smart grid security technology,” in InnovativeSmart Grid Technologies (ISGT), 2010, Jan 2010, pp. 1–7.

[25] A. Abur and A. Exposito, Power System State Estimation: Theory andImplementation, 2004.

[26] U. Department of Energy, “Smart grid sys-tem report 2014,” Tech. Rep., 2014. [Online].Available: http://energy.gov/sites/prod/files/2014/08/f18/SmartGrid-SystemReport2014.pdf

23

[27] K. Stouffer, J. Falco, K. Scarfone, K. Stouffer, J. Falco, and K. Scar-fone, “Guide to supervisory control and data acquisition (scada) andindustrial control systems security,” in in SPIN, 2006.

[28] M. Mynam, A. Harikrishna, and V. Singh, “Synchrophasors redefiningscada systems,” Tech. Rep., 2013.

[29] M. Shahraeini and M. H. Javidi, “Wide area measurementsystems,” in Advanced Topics in Measurements. InTech, Inc, 2012.[Online]. Available: http://www.intechopen.com/books/advanced-topics-in-measurements/wide-area-measurement-systems

[30] M. Larsson, P. Korba, and M. Zima, “Implementation and applicationsof wide-area monitoring systems,” in Power Engineering Society Gen-eral Meeting, 2007. IEEE, June 2007, pp. 1–6.

[31] V. Terzija, G. Valverde, D. Cai, P. Regulski, V. Madani, J. Fitch,S. Skok, M. Begovic, and A. Phadke, “Wide-area monitoring, pro-tection, and control of future electric power networks,” Proceedings ofthe IEEE, vol. 99, no. 1, pp. 80–93, Jan 2011.

[32] I. F. C. (IFC), “Utility scale solar power plants - a guide for developersand investors,” Tech. Rep., 2012.

[33] M. R. Patel, Wind and Solar Power Systems: Design, Analysis, andOperation, Second Edition. CRC Taylor and Francis, 2006.

[34] T. report by National Renewable Energy Laboratory (NREL), “In-stallation, operation, and maintenance strategies to reduce the cost ofoffshore wind energy,” Tech. Rep., 2013.

[35] A. Kumar, T. Schei, A. Ahenkorah, R. C. Rodriguez, J.-M. Devernay,M. Freitas, D. Hall, . Killingtveit, and Z. Liu, Cambridge UniversityPress, Cambridge, United Kingdom and New York, NY, USA, 2011, ch.Hydropower.

[36] S. report prepared for the city and county of San Francisco, “Wavepower feasibility study report,” Tech. Rep., December 2009.

[37] M. Adamiak, W. Premerlani, and B. Kasztenny, “Synchrophasors:Definition, measurement, and application,” Tech. Rep.

[38] R. by North American Electric Reliability Corporation (NERC), “Real-time application of synchrophasors for improving reliability,” Tech.Rep., October 2010.

[39] H. jae Yoo, J.-W. Seo, M.-C. Shin, and H. seok Suh, “Study ofdata acquisition and communication equipment for micro-grid system,”in Consumer Electronics, 2009. ISCE ’09. IEEE 13th InternationalSymposium on, May 2009, pp. 671–675.

[40] R. by Siemens, “Deep dive on microgrid technologies,” Tech. Rep.,March 2015.

[41] R. I. Monitoring, A. S. G. Measurement Report, and S. C. trial, “Gridapplications stream: Fault detection, isolation and restoration,” Tech.Rep., 2012.

[42] S. G. I. G. P. Report by U.S. Department of Energy (DOE), “Reli-ability improvements from the application of distribution automationtechnologies - initial reults,” Tech. Rep., December 2012.

[43] A. o. E. I. C. A. Whitepaper by Edison Electric Institute (EEI) andU. T. C. (UTC), “Smart meters and smart meter systems: A meteringindustry perspective,” Tech. Rep., March 2011.

[44] T. E. F. Report by Institure for Electric Innovation (IEI), “Utility-scalesmart meter deployments: Building block of the evolving power grid,”Tech. Rep., September 2014.

[45] A. report prepared as part of the EIE project: Smart Domestic Appli-ances in Sustainable Energy Systems (Smart-A), “Synergy potential ofsmart appliances,” Tech. Rep., 2008.

[46] R. by Pike Research, “Executive summary: Smart appliances,” Tech.Rep., 2012.

[47] M. Svendsen, M. Winther-Jensen, A. Pedersen, P. Andersen, andT. Sorensen, “Electric vehicle data acquisition system,” in ElectricVehicle Conference (IEVC), 2014 IEEE International, Dec 2014, pp.1–7.

[48] B. COM(2000) 769 final, European Commission, “Green paper -towards a european strategy for the security of energy supply,” Tech.Rep., 2000.

[49] I. P. by International Energy Agency (IEA), “Contribution of renew-ables to energy security,” Tech. Rep., 2007.

[50] R. by National Association of State Energy Officials, “Smart grid andcyber security for energy assurance,” Tech. Rep., 2011.

[51] B. Johansson, “Security aspects of future renewable energy systemsashort overview,” Elsevier Energy Journal, vol. 61, pp. 598 – 605, 2013.

[52] J. B., “A broadened typology on energy and security,” Elsevier EnergyJournal, vol. 53, 2013.

[53] A. Kanuparthi, R. Karri, and S. Addepalli, “Hardware and embeddedsecurity in the context of internet of things,” in Proceedings of the2013 ACM Workshop on Security, Privacy: Dependability for CyberVehicles, ser. CyCAR ’13. New York, NY, USA: ACM, 2013, pp. 61–64. [Online]. Available: http://doi.acm.org/10.1145/2517968.2517976

[54] G. E. Suh and S. Devadas, “Physical unclonable functions for deviceauthentication and secret key generation,” in In Proceedings of the 44thannual Design Automation Conference, 2007, pp. 9–14.

[55] A. Becher, Z. Benenson, and M. Dornseif, “Tampering with Motes:Real-World Physical Attacks on Wireless Sensor Networks,” Proceed-ings of the 3rd International Conference on Security in PervasiveComputing (SPC), pp. 104–118, 2006.

[56] e. a. K.E. Martin, “Exploring the ieee standard c37.118?005 syn-chrophasors for power systems,” IEEE Transactions on Power Delivery,vol. 23, no. 4, pp. 1805–1811, 2008.

[57] R. by Sandia National Laboratories, “Microgrid cyber security refer-ence architecture,” Tech. Rep., July 2013.

[58] S. N. Laboratories, “Categorizing threat: Building and using a genericthreat matrix,” Tech. Rep., September 2007.

[59] A. Alnasser and N.-E. Rikli, “Design of a trust securitymodel for smart meters in an urban power grid network,” inProceedings of the 10th ACM Symposium on QoS and Securityfor Wireless and Mobile Networks, ser. Q2SWinet ’14. NewYork, NY, USA: ACM, 2014, pp. 105–108. [Online]. Available:http://doi.acm.org/10.1145/2642687.2642703

[60] R. Anderson and S. Fuloria, “Smart meter security: a survey,” Tech.Rep., 2014.

[61] R. Abercrombie, F. Sheldon, H. Aldridge, M. Duren, T. Ricci,E. Bertino, A. Kulatunga, and U. Navaratne, “Secure cryptographickey management system (ckms) considerations for smart grid devices,”in Proceedings of the Seventh Annual Workshop on Cyber Securityand Information Intelligence Research, ser. CSIIRW ’11. NewYork, NY, USA: ACM, 2011, pp. 59:1–59:1. [Online]. Available:http://doi.acm.org/10.1145/2179298.2179364

[62] H. Nicanfar, P. TalebiFard, S. Hosseininezhad, V. C. Leung, andM. Damm, “Security and privacy of electric vehicles in the smartgrid context: Problem and solution,” in Proceedings of the ThirdACM International Symposium on Design and Analysis of IntelligentVehicular Networks and Applications, ser. DIVANet ’13. NewYork, NY, USA: ACM, 2013, pp. 45–54. [Online]. Available:http://doi.acm.org/10.1145/2512921.2512926

[63] M. Adamiak, D. Baigent, and R. Mackiewicz, “Iec 61850 communica-tion networks and systems in substations: An overview for users,” inProc. of Syst. Protection Seminar, 2004.

[64] P. Yi, A. Iwayemi, and C. Zhou, “Developing zigbee deploymentguideline under wifi interference for smart grid applications,” SmartGrid, IEEE Transactions on, vol. 2, no. 1, pp. 110–120, March 2011.

[65] M. Armel, “Zigbee overview, lecture notes, the george washingtonuniversity,” Tech. Rep., 2007.

[66] S. C. Ergen, “Zigbee/ieee 802.15.4 summary, technical report, univer-sity of california - berkeley,” Tech. Rep., 2004.

[67] B. Akyol, H. Kirkham, S. Clements, and M. Hadley, “A surveyof wireless communications for the electric power system, a reportprepared for the u.s. department of energy,” Tech. Rep., 2010.

[68] Y. Liang and R. H. Campbell, “Understanding and simulating the iec61850 standard, a technical report,” Tech. Rep., 2008.

[69] T. Kostic, O. Preiss, and C. Frei, “Understanding and using the iec61850: a case for meta-modelling,” Computer Standards and Interfaces,vol. 27, no. 6, pp. 679 – 695, 2005.

[70] S. Galli, A. Scaglione, and Z. Wang, “Power line communications andthe smart grid,” in Smart Grid Communications (SmartGridComm),2010 First IEEE International Conference on, Oct 2010, pp. 303–308.

[71] M. Yigit, V. C. Gungor, G. Tuna, M. Rangoussi, andE. Fadel, “Power line communication technologies for smartgrid applications: A review of advances and challenges,” ComputerNetworks, vol. 70, pp. 366 – 383, 2014. [Online]. Available:http://www.sciencedirect.com/science/article/pii/S1389128614002369

[72] R. by The U.S. Department of Energy, “Communication requirementsof smart grid technologies,” Tech. Rep., 2010.

[73] Y.-J. Kim, V. Kolesnikov, H. Kim, and M. Thottan, “Sstp: A scalableand secure transport protocol for smart grid data collection,” in SmartGrid Communications (SmartGridComm), 2011 IEEE InternationalConference on, Oct 2011, pp. 161–166.

[74] G. Dan, K.-S. Lui, R. Tabassum, Q. Zhu, and K. Nahrstedt, “Selinda:A secure, scalable and light-weight data collection protocol for smartgrids,” in Smart Grid Communications (SmartGridComm), 2013 IEEEInternational Conference on, Oct 2013, pp. 480–485.

[75] S. Uludag, K.-S. Lui, W. Ren, and K. Nahrstedt, “Practical andsecure machine-to-machine data collection protocol in smart grid,” inCommunications and Network Security (CNS), 2014 IEEE Conferenceon, Oct 2014, pp. 85–90.

24

[76] ——, “Secure and scalable data collection with time minimization inthe smart grid,” Smart Grid, IEEE Transactions on, vol. PP, no. 99,pp. 1–1, 2015.

[77] H. Jin, S. Uludag, K.-S. Lui, and K. Nahrstedt, “Secure data collectionin constrained tree-based smart grid environments,” in Smart Grid Com-munications (SmartGridComm), 2014 IEEE International Conferenceon, Nov 2014, pp. 308–313.

[78] G. Li and Y. Wang, “A compressive sensing based secure data transmis-sion scheme,” in Green Computing and Communications (GreenCom),2013 IEEE and Internet of Things (iThings/CPSCom), IEEE Interna-tional Conference on and IEEE Cyber, Physical and Social Computing,Aug 2013, pp. 1272–1275.

[79] J.-F. M. Jess Rodrguez-Molina 1, Margarita Martnez-Nez and W. Prez-Aguia., “Business models in the smart grid: Challenges, opportunitiesand proposals for prosumer profitability,” in Energies, Sep 2014.

[80] R. Herold and C. Hertzog, Data Privacy for the Smart Grid. AuerbachPublications, Jan. 2015.

[81] “Data privacy and the smart grid: A voluntary code of conduct (vcc),”Department of Energy, United States, Jan 2015.

[82] N. Yukun, T. Xiaobin, C. Shi, W. haifeng, Y. Kai, and B. Zhiyong, “Asecurity privacy protection scheme for data collection of smart metersbased on homomorphic encryption,” in EUROCON, 2013 IEEE, July2013, pp. 1401–1405.

[83] Z. Erkin, J. Troncoso-Pastoriza, R. Lagendijk, and F. Perez-Gonzalez,“Privacy-preserving data aggregation in smart metering systems: anoverview,” Signal Processing Magazine, IEEE, vol. 30, no. 2, pp. 75–86, March 2013.

[84] C. Rottondi, M. Savi, D. Polenghi, G. Verticale, and C. Krauss, “Adecisional attack to privacy-friendly data aggregation in smart grids,” inGlobal Communications Conference (GLOBECOM), 2013 IEEE, Dec2013, pp. 2616–2621.

[85] ——, “A decisional attack to privacy-friendly data aggregation in smartgrids,” in Global Communications Conference (GLOBECOM), 2013IEEE, Dec 2013, pp. 2616–2621.

[86] R. Lu, X. Liang, X. Li, X. Lin, and X. Shen, “Eppa: An efficient andprivacy-preserving aggregation scheme for secure smart grid commu-nications,” Parallel and Distributed Systems, IEEE Transactions on,vol. 23, no. 9, pp. 1621–1631, Sept 2012.

[87] L. Yang, H. Xue, and F. Li, “Privacy-preserving data sharing in smartgrid systems,” in Smart Grid Communications (SmartGridComm), 2014IEEE International Conference on, Nov 2014, pp. 878–883.

[88] A. Chakravorty, T. Wlodarczyk, and C. Rong, “Privacy preserving dataanalytics for smart homes,” in Security and Privacy Workshops (SPW),2013 IEEE, May 2013, pp. 23–27.

[89] “Database systems for the smart grid,” in Smart Grids, ser. GreenEnergy and Technology, A. B. M. S. Ali, Ed., 2013.

[90] A. Bere, B. Genge, and I. Kiss, “A brief survey onsmart grid data analysis in the cloud,” Procedia Technology,vol. 19, no. 0, pp. 858 – 865, 2015, 8th InternationalConference Interdisciplinarity in Engineering, INTER-ENG 2014,9-10 October 2014, Tirgu Mures, Romania. [Online]. Available:http://www.sciencedirect.com/science/article/pii/S2212017315001243

[91] M. Arenas-Martinez, S. Herrero-Lopez, A. Sanchez, J. Williams,P. Roth, P. Hofmann, and A. Zeier, “A comparative study of datastorage and processing architectures for the smart grid,” in Smart GridCommunications (SmartGridComm), 2010 First IEEE InternationalConference on, Oct 2010, pp. 285–290.

[92] “White paper: Storage infrastructure for smart grid data management,”IBM Systems and Technology: Energy and Utilities, 2012.

[93] C.-T. Huang, L. Huang, Z. Qin, H. Yuan, L. Zhou, V. Varadharajan,and C. Kuo, “Survey on securing data storage in the cloud,” APSIPATransactions on Signal and Information Processing, vol. 3, 2014.

[94] Y. Simmhan, A. Kumbhare, B. Cao, and V. Prasanna, “An analysisof security and privacy issues in smart grid software architectureson clouds,” in Cloud Computing (CLOUD), 2011 IEEE InternationalConference on, July 2011, pp. 582–589.

[95] “Guidelines for smart grid cyber security: Privacy and the smartgrid,” NIST Smart Grid Interoperability Panel, Cyber Security WorkingGroup, 2010.

[96] A. Metke and R. Ekl, “Security technology for smart grid networks,”Smart Grid, IEEE Transactions on, vol. 1, no. 1, pp. 99–107, June2010.

[97] X. Li, X. Liang, R. Lu, X. Shen, X. Lin, and H. Zhu, “Securing smartgrid: cyber attacks, countermeasures, and challenges,” CommunicationsMagazine, IEEE, vol. 50, no. 8, pp. 38–45, August 2012.

[98] H. Cheung, A. Hamlyn, T. Mander, C. Yang, and R. Cheung, “Role-based model security access control for smart power-grids computer

networks,” in Power and Energy Society General Meeting - Conversionand Delivery of Electrical Energy in the 21st Century, 2008 IEEE, July2008, pp. 1–7.

[99] M. Fouda, Z. Fadlullah, N. Kato, R. Lu, and X. Shen, “A lightweightmessage authentication scheme for smart grid communications,” SmartGrid, IEEE Transactions on, vol. 2, no. 4, pp. 675–685, Dec 2011.

[100] Q. Li and G. Cao, “Multicast authentication in the smart grid withone-time signature,” Smart Grid, IEEE Transactions on, vol. 2, no. 4,pp. 686–696, Dec 2011.

[101] A. Anwar and A. Mahmood, “Cyber security of smart grid infrastruc-ture,” in The State of the Art in Intrusion Prevention and Detection.CRC Press, Taylor & Francis Group, USA, 2014, pp. 449–472.

[102] D. Dolezilek and L. Hussey, “Requirements or recommendations?sorting out nerc cip, nist, and doe cybersecurity,” in 64th AnnualConference of Protective Relay Engineers, 2011.

[103] J. Valenzuela, J. Wang, and N. Bissinger, “Real-time intrusion detectionin power system operations,” Power Systems, IEEE Transactions on,vol. 28, no. 2, pp. 1052–1062, May 2013.

[104] F. Rahimi and A. Ipakchi, “Demand response as a market resourceunder the smart grid paradigm,” Smart Grid, IEEE Transactions on,vol. 1, no. 1, pp. 82–88, June 2010.

[105] “Openadr 2.0 profile specification,” OpenADR Alliance, 2013. [Online].Available: http://www.openadr.org/specification-download

[106] A. Paverd, A. Martin, and I. Brown, “Security and privacy insmart grid demand response systems,” in Smart Grid Security,ser. Lecture Notes in Computer Science, J. Cuellar, Ed. SpringerInternational Publishing, 2014, vol. 8448, pp. 1–15. [Online].Available: http://dx.doi.org/10.1007/978-3-319-10329-7 1

[107] A. Mohan and D. Mashima, “Towards secure demand-response systemson the cloud,” in Distributed Computing in Sensor Systems (DCOSS),2014 IEEE International Conference on, May 2014, pp. 361–366.

[108] S. Kiliccote, M. Piette, and J. Dudley, “Open automateddemand response for small commercial buildings,” Ernest OrlandoLawrence Berkeley National Laboratory, 2009. [Online]. Available:http://drrc.lbl.gov/sites/all/files/lbnl-2195e.pdf

[109] X. Liang, X. Li, R. Lu, X. Lin, and X. Shen, “Udp: Usage-baseddynamic pricing with privacy preservation for smart grid,” Smart Grid,IEEE Transactions on, vol. 4, no. 1, pp. 141–150, March 2013.

[110] H. Li, X. Lin, H. Yang, X. Liang, R. Lu, and X. Shen, “Eppdr: Anefficient privacy-preserving demand response scheme with adaptivekey evolution in smart grid,” Parallel and Distributed Systems, IEEETransactions on, vol. 25, no. 8, pp. 2053–2064, Aug 2014.

[111] M. Zhu, “Distributed demand response algorithms against semi-honestadversaries,” in PES General Meeting — Conference Exposition, 2014IEEE, July 2014, pp. 1–5.

[112] S. Maharjan, Q. Zhu, Y. Zhang, S. Gjessing, and T. Basar, “Dependabledemand response management in the smart grid: A stackelberg gameapproach,” Smart Grid, IEEE Transactions on, vol. 4, no. 1, pp. 120–132, March 2013.

[113] H. H. Nguyen, R. Tan, and D. K. Y. Yau, “Safety-assuredcollaborative load management in smart grids,” in ICCPS ’14:ACM/IEEE 5th International Conference on Cyber-Physical Systems(with CPS Week 2014), ser. ICCPS ’14. Washington, DC, USA:IEEE Computer Society, 2014, pp. 151–162. [Online]. Available:http://dx.doi.org/10.1109/ICCPS.2014.6843719

[114] Y. Liu, P. Ning, and M. K. Reiter, “False data injection attacks againststate estimation in electric power grids,” in Proceedings of the 16thACM Conference on Computer and Communications Security, 2009.

[115] O. Kosut, L. Jia, R. Thomas, and L. Tong, “Malicious data attackson smart grid state estimation: Attack strategies and countermeasures,”in Smart Grid Communications (SmartGridComm), 2010 First IEEEInternational Conference on, 2010, pp. 220–225.

[116] S. Cui, Z. Han, S. Kar, T. Kim, H. Poor, and A. Tajer, “Coordinateddata-injection attack and detection in the smart grid: A detailed lookat enriching detection solutions,” Signal Processing Magazine, IEEE,vol. 29, no. 5, pp. 106–115, 2012.

[117] A. Giani, E. Bitar, M. Garcia, M. McQueen, P. Khargonekar, andK. Poolla, “Smart grid data integrity attacks,” Smart Grid, IEEETransactions on, vol. 4, no. 3, pp. 1244–1253, 2013.

[118] Y. Huang, M. Esmalifalak, H. Nguyen, R. Zheng, Z. Han, H. Li,and L. Song, “Bad data injection in smart grid: attack and defensemechanisms,” Communications Magazine, IEEE, vol. 51, no. 1, pp.27–33, 2013.

[119] F. Pasqualetti, R. Carli, and F. Bullo, “A distributed method for stateestimation and false data detection in power networks,” in SmartGrid Communications (SmartGridComm), 2011 IEEE InternationalConference on, Oct 2011, pp. 469–474.

25

[120] L. Xie, D.-H. Choi, S. Kar, and H. Poor, “Fully distributed state estima-tion for wide-area monitoring systems,” Smart Grid, IEEE Transactionson, vol. 3, no. 3, pp. 1154–1169, Sept 2012.

[121] V. Kekatos and G. Giannakis, “Distributed robust power system stateestimation,” Power Systems, IEEE Transactions on, vol. 28, no. 2, pp.1617–1626, May 2013.

[122] X. Li and A. Scaglione, “Robust decentralized state estimation andtracking for power systems via network gossiping,” Selected Areas inCommunications, IEEE Journal on, vol. 31, no. 7, pp. 1184–1194, July2013.

[123] D. Wang, X. Guan, T. Liu, Y. Gu, C. Shen, and Z. Xu, “Extendeddistributed state estimation: A detection method against tolerable falsedata injection attacks in smart grids,” Energies, vol. 7, no. 3, p. 1517,2014. [Online]. Available: http://www.mdpi.com/1996-1073/7/3/1517

[124] H. Sedghi and E. Jonckheere, “Statistical structure learning to ensuredata integrity in smart grid,” Smart Grid, IEEE Transactions on, vol. 6,no. 4, pp. 1924–1933, July 2015.

[125] M. Ozay, I. Esnaola, F. Vural, S. Kulkarni, and H. Poor, “Sparse attackconstruction and state estimation in the smart grid: Centralized anddistributed models,” Selected Areas in Communications, IEEE Journalon, vol. 31, no. 7, pp. 1306–1318, July 2013.

[126] O. Vukovic and G. Dan, “Security of fully distributed power systemstate estimation: Detection and mitigation of data integrity attacks,”Selected Areas in Communications, IEEE Journal on, vol. 32, no. 7,pp. 1500–1508, July 2014.

[127] S. Tan, W.-Z. Song, M. Stewart, and L. Long, “Lpattack: Leveragepoint attacks against state estimation in smart grid,” in Global Com-munications Conference (GLOBECOM), 2014 IEEE, Dec 2014, pp.643–648.

[128] M. Gol and A. Abur, “Lav based robust state estimation for systemsmeasured by pmus,” Smart Grid, IEEE Transactions on, vol. 5, no. 4,pp. 1808–1814, July 2014.

[129] Y. Weng, R. Negi, and M. Ilic, “Historical data-driven state estimationfor electric power systems,” in Smart Grid Communications (Smart-GridComm), 2013 IEEE International Conference on, Oct 2013, pp.97–102.

[130] J. Zhang, G. Welch, N. Ramakrishnan, and S. Rahman, “Kalmanfilters for dynamic and secure smart grid state estimation,”Intelligent Industrial Systems, pp. 1–8, 2015. [Online]. Available:http://dx.doi.org/10.1007/s40903-015-0009-6

[131] “Robust data-driven state estimation for smart grid,” In submissionto IEEE transaction on Neural Networks and Learning. [Online].Available: https://www.ml.cmu.edu/research/dap-papers/dap weng.pdf

[132] P. Chavali and A. Nehorai, “Distributed power system state estimationusing factor graphs,” Signal Processing, IEEE Transactions on, vol. 63,no. 11, pp. 2864–2876, June 2015.

[133] Y. Mo and B. Sinopoli, “Secure estimation in the presence of integrityattacks,” Automatic Control, IEEE Transactions on, vol. 60, no. 4, pp.1145–1151, April 2015.

[134] B. Krebs, “Fbi: Smart meter hacks likely to spread,” Tech. Rep.,2012. [Online]. Available: http://krebsonsecurity.com/2012/04/fbi-smart-meter-hacks-likely-to-spread/

[135] W. Bank, “Reducing technical and non-technical losses inthe power sector,” Tech. Rep., 2009. [Online]. Available:http://documents.worldbank.org/curated/en/2009/01/20382190/reducing-technical-non-technical-losses-power-sector

[136] P. McDaniel and S. McLaughlin, “Security and privacy challenges inthe smart grid,” Security Privacy, IEEE, vol. 7, no. 3, pp. 75–77, May2009.

[137] E. de Buda, “System for accurately detecting electricitytheft,” 2010, uS Patent App. 12/351,978. [Online]. Available:http://www.google.com/patents/US20100007336

[138] R. Jiang, R. Lu, Y. Wang, J. Luo, C. Shen, and X. Shen, “Energy-theftdetection issues for advanced metering infrastructure in smart grid,”Tsinghua Science and Technology, vol. 19, no. 2, pp. 105–120, April2014.

[139] A. Cardenas, S. Amin, G. Schwartz, R. Dong, and S. Sastry, “A gametheory model for electricity theft detection and privacy-aware control inami systems,” in Communication, Control, and Computing (Allerton),2012 50th Annual Allerton Conference on, Oct 2012, pp. 1830–1837.

[140] D. Mashima and A. Crdenas, “Evaluating electricity theft detectors insmart grid networks,” in Research in Attacks, Intrusions, and Defenses,ser. Lecture Notes in Computer Science, D. Balzarotti, S. Stolfo, andM. Cova, Eds. Springer Berlin Heidelberg, 2012, vol. 7462, pp. 210–229.

[141] S. Salinas, C. Luo, W. Liao, and P. Li, “State estimation for energy theftdetection in microgrids,” in Communications and Networking in China

(CHINACOM), 2014 9th International Conference on, Aug 2014, pp.96–101.

[142] S. McLaughlin, B. Holbert, A. Fawaz, R. Berthier, and S. Zonouz, “Amulti-sensor energy theft detection framework for advanced meteringinfrastructures,” Selected Areas in Communications, IEEE Journal on,vol. 31, no. 7, pp. 1319–1330, July 2013.

[143] S. Sahoo, D. Nikovski, T. Muso, and K. Tsuru, “Electricity theftdetection using smart meter data,” in 2015 IEEE PES Innovative SmartGrid Technologies Conference (ISGT), Aug 2015.

[144] P. Jokar, N. Arianpoo, and V. Leung, “Electricity theft detection in amiusing customers consumption patterns,” Smart Grid, IEEE Transactionson, vol. PP, no. 99, pp. 1–1, 2015.

[145] S. Salinas, M. Li, and P. Li, “Privacy-preserving energy theft detectionin smart grids: A p2p computing approach,” Selected Areas in Com-munications, IEEE Journal on, vol. 31, no. 9, pp. 257–267, September2013.

[146] S. Salinas and P. Li, “Privacy-preserving energy theft detection inmicrogrids: A state estimation approach,” Power Systems, IEEE Trans-actions on, vol. PP, no. 99, pp. 1–12, 2015.

[147] T. Mahmood and U. Afzal, “Security analytics: Big data analytics forcybersecurity: A review of trends, techniques and tools,” in InformationAssurance (NCIA), 2013 2nd National Conference on, Dec 2013, pp.129–134.

[148] S. Curry, E. Kirda, E. Schwartz, W. Stewart, and A. Yoran, “Big datafuels intelligence-driven security,” RSA Security Brief, 2013. [Online].Available: http://www.emc.com/collateral/industry-overview/big-data-fuels-intelligence-driven-security-io.pdf

[149] B. Thuraisingham, L. Khan, M. Masud, and K. Hamlen, “Data miningfor security applications,” in Embedded and Ubiquitous Computing,2008. EUC ’08. IEEE/IFIP International Conference on, vol. 2, Dec2008, pp. 585–589.

[150] S. Porta, “Data analytics for a secure smart grid,” EMC Research GroupIreland COE, Feb 2015.

[151] S. Witt and A. Kapchonava, “Big data fuels intelligence-drivensecurity,” In-depth briefing in Smart Grid Update, 2014. [Online].Available: http://www.smartgridupdate.com/dataforutilities/pdf/data-2014.pdf

[152] R. Klump, R. Wilson, and K. Martin, “Visualizing real-time securitythreats using hybrid scada / pmu measurement displays,” in SystemSciences, 2005. HICSS ’05. Proceedings of the 38th Annual HawaiiInternational Conference on, Jan 2005, pp. 55c–55c.

[153] A. A. Cardenas, “Big data analytics and security intelligence insmart grid applications,” IEEE conference on Innovative Smart GridTechnology, Feb 2013.

[154] R. Alguliyev and Y. Imamverdiyev, “Big data: Big promises for in-formation security,” in Application of Information and CommunicationTechnologies (AICT), 2014 IEEE 8th International Conference on, Oct2014, pp. 1–4.

[155] T. Popovic, M. Kezunovic, and B. Krstajic, “Smart grid data analyticsfor digital protective relay event recordings,” Information SystemsFrontiers, vol. 17, no. 3, pp. 591–600, 2015. [Online]. Available:http://dx.doi.org/10.1007/s10796-013-9434-9

[156] I. Moreno-Garcia, A. Moreno-Munoz, F. Domingo-Perez, V. Pallares-Lopez, R. Real-Calvo, and J. Gonzalez-de-la Rosa, “Intelligent elec-tronic device for smart grid: Statistical approach applied to event de-tection,” in IECON 2012 - 38th Annual Conference on IEEE IndustrialElectronics Society, Oct 2012, pp. 5221–5226.

[157] H. Sedghi and E. Jonckheere, “Statistical structure learning of smartgrid for detection of false data injection,” in Power and Energy SocietyGeneral Meeting (PES), 2013 IEEE, July 2013, pp. 1–5.

[158] M. Q. Ali and E. Al-Shaer, “Configuration-based ids for advancedmetering infrastructure,” in Proceedings of the 2013 ACM SIGSACConference on Computer & Communications Security, ser. CCS’13. New York, NY, USA: ACM, 2013, pp. 451–462. [Online].Available: http://doi.acm.org/10.1145/2508859.2516745

[159] W. Hurst, M. Merabti, and P. Fergus, “Big data analysis techniquesfor cyber-threat detection in critical infrastructures,” in AdvancedInformation Networking and Applications Workshops (WAINA), 201428th International Conference on, May 2014, pp. 916–921.

[160] S. Pan, T. Morris, and U. Adhikari, “Developing a hybrid intrusiondetection system using data mining for power systems,” Smart Grid,IEEE Transactions on, vol. PP, no. 99, pp. 1–1, 2015.

[161] M. Faisal, Z. Aung, J. Williams, and A. Sanchez, “Data-stream-basedintrusion detection system for advanced metering infrastructure in smartgrid: A feasibility study,” Systems Journal, IEEE, vol. 9, no. 1, pp. 31–44, March 2015.

26

[162] M. Kazerooni, H. Zhu, and T. Overbye, “Literature review on theapplications of data mining in power systems,” in Power and EnergyConference at Illinois (PECI), 2014, Feb 2014, pp. 1–8.

[163] R. W. Griffin, “Security analytics and smart grid security,” EMCCorporation, Feb 2014.

[164] M. Steiger, T. May, J. Davey, and J. Kohlhammer, “Smart grid moni-toring through visual analysis,” in Innovative Smart Grid TechnologiesEurope (ISGT EUROPE), 2013 4th IEEE/PES, Oct 2013, pp. 1–5.

[165] P. Chopade, K. Flurchick, M. Bikdash, and I. Kateeb, “Modeling andvisualization of smart power grid: Real time contingency and securityaspects,” in Southeastcon, 2012 Proceedings of IEEE, March 2012, pp.1–6.

[166] M. Angelini, D. D. Santis, and G. Santucci, “Toward geographicalvisualizations for hierarchical security data,” in Visualization for CyberSecurity (VizSec), 2014 IEEE Symposium on, Nov 2014.

[167] D. Gurugubelli, C. Foreman, and D. Ebert, “Achieving a cyber-securesmart grid through situation aware visual analytics,” The Center forEducation and Research in Information Assurance and Security, 2015.

[168] J. Yan, Y. Yang, W. Wang, H. He, and Y. Sun, “An integratedvisualization approach for smart grid attacks,” in Intelligent Control andInformation Processing (ICICIP), 2012 Third International Conferenceon, July 2012, pp. 277–283.

[169] W. J. Matuszak, L. DiPippo, and Y. L. Sun, “Cybersave: Situationalawareness visualization for cyber security of smart grid systems,” inProceedings of the Tenth Workshop on Visualization for Cyber Security,ser. VizSec ’13. New York, NY, USA: ACM, 2013, pp. 25–32.[Online]. Available: http://doi.acm.org/10.1145/2517957.2517961

[170] “Nist framework and roadmap for smart grid interoperability standards,release 3.0,” National Institute of Standards and Technology, Sep2014. [Online]. Available: http://dx.doi.org/10.6028/NIST.SP. 1108r3

[171] “Smart grid cyber security potential threats, vulnerabili-ties and risks,” Public Interest Energy Research (PIER)Program INTERIM PROJECT REPORT, 2012. [Online].Available: http://www.energy.ca.gov/2012publications/CEC-500-2012-047/CEC-500-2012-047.pdf

[172] A.-F. Chan and J. Zhou, “Cyber-physical device authentication for thesmart grid electric vehicle ecosystem,” Selected Areas in Communica-tions, IEEE Journal on, vol. 32, no. 7, pp. 1509–1517, July 2014.

[173] S. Abedi, A. Arvani, and R. Jamalzadeh, “Cyber security of plug-in electric vehicles in smart grids: Application of intrusion detectionmethods,” in Plug In Electric Vehicles in Smart Grids, ser. PowerSystems. Springer Singapore, 2015, pp. 129–147.

[174] “European network for cyber security (encs) announces researchproject around electric vehicle (ev) smart charging with enexis andelaadnl.” [Online]. Available: https://www.encs.eu/news/european-network-cyber-security-encs-announces-research-project-around-electric-vehicle-ev-smart-charging-enexis-and-elaadnl

[175] “Gridwise transactive energy framework version 1.0,” TheGridWise Architecture Council, 2015. [Online]. Available:http://www.gridwiseac.org/pdfs/te framework report pnnl-22946.pdf

[176] “Pacific northwest smart grid demonstration project.” [Online].Available: http://www.pnwsmartgrid.org/transactive.asp

[177] “The integrative security assessment of smart grid cyber infrastructureat the advanced digital sciences center (adsc).” [Online]. Available:http://publish.illinois.edu/integrative-security-assessment

[178] H. Lim, J. Ko, S. Lee, J. Kim, M. Kim, and T. Shon, “Securityarchitecture model for smart grid communication systems,” in ITConvergence and Security (ICITCS), 2013 International Conferenceon, Dec 2013, pp. 1–4.

[179] Y. Zhang, W. Zou, X. Chen, C. Yang, and J. Cao, “The security forpower internet of things: Framework, policies, and countermeasures,”in Cyber-Enabled Distributed Computing and Knowledge Discovery(CyberC), 2014 International Conference on, Oct 2014, pp. 139–142.

[180] M. Leo, F. Battisti, M. Carli, and A. Neri, “A federated architectureapproach for internet of things security,” in Euro Med Telco Conference(EMTC), 2014, Nov 2014, pp. 1–5.

Song Tan is currently a PhD student in Department of Computer Science,Georgia State University. His current research is focused on the cyber-physicalsecurity in Smart Grid system, which includes bad data detection, electricalmarket security and design of cyber-physical security testbed for Smart Grid.He has a MS from Georgia State University, and a BS from Northeast NormalUniversity, China,

Debraj De is a postdoctoral research associate in Department of ComputerScience, Missouri University of Science and Technology. His current researchinterests are in the areas of cyber security, smart healthcare, smart environ-ments, smart cities, machine learning, and wireless sensor networks. De has aPhD in Computer Science from Georgia State University and MS from OhioState University.

Wen-Zhan Song is now a professor in Department of Computer Science,Georgia State University. His research mainly focuses on sensor web, smartgrid and smart environment where sensing, computing, communication andcontrol play a critical role and need a transformative study. His research hasreceived 6 million+ research funding from NSF, NASA, USGS, Boeing andetc since 2005. He is an IEEE Senior Member.

Jujie Yang is currently an associate professor in Department of Electric andInformation Engineering, Shanghai University of Electric Power, China. Hisresearch areas are intelligent demand response in Smart Grid, remote andonline monitoring of power substations, and wireless sensor networks. Hehas a PhD from Shanghai jiao Tong University, China.

Sajal K. Das is the Chair of Computer Science and Daniel St. Clair EndowedChair at the Missouri University of Science and Technology. His currentresearch interests include wireless sensor networks, smart healthcare, cyber-physical systems, mobile and pervasive computing, security and privacy, andsocial networks. Das has a PhD in Computer Science from the University ofCentral Florida. He is an IEEE Fellow.