Stealthy and blind false injection attacks on SCADA EMS in the presence of gross errors

Vulnerability analysis of the State Estimation module have come under renewed interest in the control centres of a SCADA connected energy system. Existing researches show that the state estimation module can be compromised by a class of data integrity attacks known as 'False Data Injection (FDI)'. The stealthy FDI attack construction strategy requires the knowledge of the power system topology and electric parameters (e.g., line resistance and reactance). As an alternative to most of the existing approaches, this paper shows that stealthy attack vector can be constructed without any prior power system topological and electric parameter information and using only measurement data. Here, we demonstrate that the subspace transformation methods, e.g., Principle Component Analysis (PCA) of the measurement matrix can be used to generate a hidden attack. Next, we argue and clarify that the above claimed PCA based blind attack strategy is only valid for the measurements with Gaussian noises. In the presence of gross errors, the attacks will be detected with the traditional Bad Data Detector. Finally, we describe a technique that the attacker use to circumvent the gross error issue and construct stealthy attacks. IEEE benchmark test systems, different attack scenarios and state-of-the-art detection techniques are considered to demonstrate the proposed claims.