Cyber Recovery From Dynamic Load Altering Attacks: Linking Electricity, Transportation, and Cyber Networks

The dynamic load alternating attack (DLAA) that manipulates the load demands in power grid by compromising internet of things (IoT) home appliances has posed significant threats to the grid’s stable and safe operation. Current effort is mainly devoted to the investigation of detecting and mitigating DLAAs, while, for a holistic cyber-resiliency-enhancement process, the last but not least cyber recovery from DLAAs (CRDA) has not been paid enough attention yet. Considering the interconnection among electricity, transportation, and cyber networks, this paper presents the first exploration of the CRDA, where two essential sub-tasks are formulated: i) Optimal design of repair crew routes to remove installed malware and ii) Robust adjustment of system operation to eliminate the mitigation costs with stability guarantee. Towards this end, linear stability constraints are established by utilising a sensitivity-based eigenvalue estimation method, where the eigenvalue sensitivity information is appropriately ordered and strategically selected to guarantee the estimation accuracy. Moreover, to assure the CRDA solution’s robustness to the adversary’s follow-up movement, the worst-case attack strategies in all attack scenarios during the recovery process are integrated. A mixed-integer linear programming (MILP) problem is subsequently developed for the CRDA with the primary objective to restore the secure but cost-inefficient mitigation operation mode to the cost-efficient one and secondarily to repair compromised IoT home appliances. Case studies are performed in IEEE power system cases to validate the eigenvalue estimation’s accuracy, the CRDA solution’s effectiveness and robustness, as well as the proposed CRDA’s extensibility.