The electric power grid is a cyber-physical system (CPS) that forms the lifeline of modern society. Sophisticated control applications that constantly monitor critical power system variables, such as voltage and frequency, enable system operators to deliver reliable and high-quality power. The advanced devices and communication infrastructure of the Supervisory Control and Data Acquisition (SCADA) system enable control applications ranging from substation-level voltage control schemes to system-wide automatic generation control (AGC). However, inherent cyber security vulnerabilities in the infrastructure put system operation at risk by providing an attack surface to cyber threat actors. A smart attacker, that is, a cyber threat actor with expertise in physical power system operation could cause severe damage to the power grid infrastructure and its reliability by stealthily manipulating SCADA operation. This dissertation explores such impacts to power grid operation from cyber attacks and more importantly, introduces novel mitigation schemes to minimize or negate the impacts. It has two primary components - risk modeling of coordinated cyber attacks and attack resilient control.

The first component of this thesis focuses on coordinated cyber attacks, that is, attacks target multiple power system components simultaneously. The notion of spatial and temporal coordinated cyber attacks and their impact on power system transmission infrastructure is introduced. The impact from these attacks was captured in terms of traditional power system stability metrics. The results reveal that these extreme events demand a rethink of both power system planning and operations methods by way of including cyber-originated contingencies within the scope. To this end, a systematic risk modeling framework is proposed as mitigation to be used in power systems planning. The risk for a substation is modeled as the product of the vulnerability of its SCADA infrastructure and the impact from its compromise. The vulnerability is obtained by modeling the SCADA network using Stochastic Petri Nets. Impact to system reliability is quantified in terms of transmission line overloads and the resulting forced load shedding. The methodology is applied to a test power system and the attack vectors are ranked according to risk. This methodology could therefore employed by system planners to evaluate infrastructural upgrade requirements and identify security enhancements. An enhancement to the contingency analysis application is proposed as mitigation during online operation. The proposed algorithm efficiently captures impactful coordinated vectors by significantly reducing the number of cases to be evaluated. Results reveal the algorithm's ability to identify almost all impactful attack vectors for a line under review without the need for a complete study.

The second component of the thesis explores the impact of data integrity attacks on power system control applications. Specifically, the impact of data integrity attacks on Automatic Generation Control (AGC) is examined and Attack-Resilient Control (ARC) is proposed as mitigation. ARC for AGC proposes the use of physical system information to design algorithms for detect and mitigation of cyber attacks. Specifically, model-based anomaly detection and attack mitigation algorithm was developed for AGC using short-term load forecast data. The performance of AGC was tested on a standard test system with and without ARC. The results show that ARC for AGC is able to detect data integrity attacks, maintain system within stability margins and enhance overall system security by providing defense-in-depth.

Future work includes expanding the risk analysis framework to include different types of coordinated attacks and to compare impact expressed in different power system metrics. Mitigation of temporal coordinated attacks and transient stability analysis of spatial and temporal attacks are also a part of future work. Finally, the attack resilient control framework should be enhanced to differentiate abnormal measurements due to cyber attacks from legitimate aberrations due to power system contingencies.