Analysis of cyber-attacks on smart grid applications
M. Zekeriya Gunduz
Department of Computer Science and Technology
Vocational School of Technical Sciences, Bingol University
Bingol, Turkey
mzgunduz@bingol.edu.tr
Abstract—Cyber-security is the whole process of preventing
damage to the confidentiality, integrity, and availability of in-
formation assets as a result of the use of vulnerabilities in
information assets by threats. So, confidentiality, integrity, and
availability (CIA) which are the key elements of the cyber-
security must be provided properly. One of the biggest problems
in implementing today’s critical infrastructures is the cyber
security threats and cyber-attacks. Smart grids stand out in
terms of providing efficiency in the generation, transmission, and
distribution of electrical energy which is the main element of
critical infrastructures. The widespread use of the smart grids
requires to identify and classify the threats also precautions to
be taken against them. Affected of smart grids at the minimum
level by cyber attacks requires that the essential elements of
information security must be provided at the maximum level. In
this context, in the study; Attacker types, attack types in smart
grids and huge cyber-attacks on power systems are introduced.
Furthermore, the key objectives and requirements of cyber-
security in smart grids are presented. Also, attack types that
can be performed in smart grids are classified according to
confidentiality, integrity and availability principles. Lastly, the
study is evaluated.
Index Terms—IoT security, smart grid security, cyber-security,
cyber-attacks
I. I NTRODUCTION
Managing the devices using the internet infrastructure re-
veals the concept of Internet of Things (IoT). IoT can be
defined as the communication network that physical objects
that communicate through various communication protocols
[1]. There are many IoT applications such as smart city,
smart home, smart transportation. Equipping traditional power
networks with IoT technologies reveals the concept of the
smart grid. Smart grids represent the modernization of the
traditional electrical systems. Smart grids require real-time
monitoring of parameters such as frequency, power, voltage
and current. This means that the interconnected elements of
the system can automatically optimize its operations, monitor
itself, and protect against cyber-attacks. Smart grids include
two separate transmission lines; power transmission line and
data transmission line. The communication infrastructure pro-
vides coordination and data flow through network entities
bidirectionally [2]. The integration of different technologies,
such as energy storage technologies, renewable energy sources,
electric vehicles, remote reading systems into smart grids
causes the communication infrastructure to become complex
978-1-5386-6878-8/18/$31.00 ©2018 IEEE
Resul Das
Department of Software Engineering
Technology Faculty, Firat University
23119 Elazig, Turkey
rdas@firat.edu.tr
[3]. This leads to problems in ensuring the security of data
in smart grids, which are cyber-physical systems [3], [4].
Therefore, in order to ensure security in all cyber-physical
systems, three important security principles - confidentiality,
integrity, and availability - have to be met [5].
In this study, the need to provide integrity, availability, and
confidentiality which are the key elements of cyber-security
in smart grids, has been sought. The rest of this study is
organized as follows. In section 2, the type of attacks and type
of attackers in smart grids and also the major cyber-attacks that
have been made on critical infrastructures are investigated.
In section 3, the main security principles and requirements
in smart grids are listed. In section 4, types of attacks in
smart grids are classified according to availability, integrity
and confidentiality principles. Finally, the study is evaluated.
II. S MART G RID AND C YBER -S ECURITY
Every kind of data produced by smart grids has a significant
role in facilitating the life of human beings in terms of
generation and consumption. Data security precautions must
be taken in order to prevent attacks that may occur in the
collection and sharing of the data. Data security precautions
are generally the provision of the integrity, confidentiality, and
availability of the data. The expected results from smart grids
depend on providing effective and secure data communication
between the parties involved in the network [6]. The security
of the smart grids predominantly can be considered as the
provision of the security of the communication channels and
AMI (Advanced Metering Infrastructure) [7]. There are seven
areas in smart grids [8]. These seven areas, where almost all
of them communicate with each other, are shown in Fig. 1
[8]. Each of these seven domains’ interfaces has different
security requirements in terms of the availability, integrity,
and confidentiality, of the data. Additionally, privacy, quality
of access to data, preventing unauthorized access, ensuring
system continuity and quality of service are the cyber-security
requirements of the smart grid domains.
A. Attacker Types in Smart Grids
The vulnerabilities in smart grids can be exploited by
attackers or users consciously or unconsciously to damage
distinct levels to the system for different purposes. Some
consumers can attack certain system components to reduce the
electricity bills and it suffices for these attackers to connect

Fig. 1. Smart Grid Domains
to the nearest AMI system. Some end-users may also aim to
provide financial benefits by changing their generation and
consumption information or by accessing the billing system.
Attackers are classified according to their targets and mo-
tivations. The motives of cyber-attacks in smart grids range
from cyber warfare, terrorism, industrial espionage, activism,
economic reasons, disgruntled employees to jokes. Attackers
may be amateur attackers, professional attackers, terrorists,
employees, competitors, and even customers themselves [9].
Non-malicious attackers are curious attackers whose main
purposes are not harm to the system [10]. They see to solve
the security and operation of the system as a puzzle. These
attackers act with intellectual challenge and curiosity. Hobbyist
and script kiddies are generally harmless attackers in smart
grids. Some attackers who aim to provide personal benefit can
be malicious customers. These end-users can attack their smart
meters or data transmission lines in a way that benefits them.
With attack to power grid systems, terrorist attacks aim to
break the functioning of the critical infrastructure, make their
terrorist actions more effective and disrupt the public order.
Some employees who are angry to the customers or their
employers can intentionally attack the system. In addition,
a disgruntled employee who has the privilege of accessing
system components may change the settings of the software
algorithms or the devices’ configurations according to their
own benefits [10]. These disgruntled employees are often
referred to the inside attackers. For financial gains, competitors
can also attack each other. For example, corporate data or
private customer data may be stolen from the database due
to the competition between service providers. These kind
of attackers are called competitor attackers. State hackers,
organized crime attackers, hacktivists are also other attackers
that have different motives. Smart grids are the intersection
of intelligence, energy, politics and social concerns and this
explains the variety of attackers and their intentions [11]. So,
there may be more attackers who have different attack motives.
B. Attack Types in Smart Grids
Threats to a power system can be divided into three groups
as physical threats, environmental threats and cyber threats.
While physical threats involve unauthorized threats to physical
accessibility, environmental threats include threats such as
natural disasters, extreme heat, extreme cold. Smart grids are
cyber-physical systems and this study examines the threats
to the cyber part of smart grids. Manipulation, sabotage
and espionage are the three leading causes of smart grid
attacks. These cyber attacks can be happened consciously or
unconsciously. Conscious attacks intentionally aim to harm
one of the ACI principles in the system. Hackers, organized
crimes, cybercrimes, terrorists, anti-governments, vandals are
conscious attackers. In addition, end-users who have smart
meters may attack to energy infrastructure for various purposes
such as energy theft, fraud, sabotage, vandalism. Unconscious
attacks are attacks that are not intentionally committed by end
users who are generally uneducated in cyber security issues.
These users are usually manipulated by conscious attackers.
These attacks sometimes cause serious problems in the system.
Two types of security attacks that may compromise security
in a smart grid are existing:
1) Passive Attacks: The attacker aims to obtain the trans-
mitted data to learn the system configuration, architecture and
normal behavior. It is difficult to detect such attacks because
of there is no change in the data. For this reason, the focus
should be on prevention of passive attacks rather than detection
of passive attacks. Eavesdropping attacks and traffic analysis
attacks are passive attacks. Passive attacks cause violation of
confidentiality principle.
2) Active Attacks: An active attack aims to affect the
operation of the system by modifying the transmitted data
or by adding manipulated data. An active attack results in
violation of availability, integrity, or partially confidentiality
principles. Passive and active attacks are carried out by third
parties consciously or unconsciously.
C. Cyber Attacks to Power Systems:Stuxnet
The vulnerabilities in the calculation systems and in the
software may be the main reasons of large power failures.
Therefore, it is a high priority to address the security of
electricity networks. So, it is important to examine the cyber
attacks carried out in critical infrastructures. In this section,
the most important attack on critical infrastructures, known as
stuxnet is examined.
In 2011, it was confirmed by the Iranian government that
the Bushehr nuclear power plant had been attacked. This
complex attack is called stuxnet. This attack on Iranian nuclear
power plants once again demonstrated the importance of cyber
security. It is the most destructive example of a cyber weapon
[12]. It has become the first malware damaged to a critical
infrastructure directly by manipulating the control system. This
malware was distributed via a USB stick and infected all the
windows machines in the system [13]. Later, a special control
system used to operate high-speed centrifuges that help enrich
nuclear fuel was searched by this malware. After this malware
had found the control system, it updated itself automatically, it
caused a physical malfunction in the centrifuges and reported
that the system was working steadily by providing false
feedback to the control system. Stuxnet is not a traditional
malware. It is the most complicated, advanced and effective
malware so far. It is almost 20 times more complex than any
other previous malware. It is a hybrid of worm, trojan, rootkit
and virus. It has four steps:
1) Spreading like a worm or a virus using a trojan
2) Discovering the target system
3) Destroying the target
4) Evading of detection.
Stuxnet attack vectors cover distinct parts of the system
[12]. It was designed to target specific SCADA systems using
at least four vulnerabilities of the operating system and so
it caused a destruction of over a thousand Iranian nuclear
centrifuges. Stuxnet targeted security vulnerabilities of the
control system. The success of stuxnet has raised a lot of
questions about the security of such critical systems. So,
it shows that governments should take the security of their
existing power networks more seriously. Stuxnet shows the
development trend of cyber wars and terrorism in the future.
Particularly, it shows that cyber-security must be inherently
embedded into any smart grid system as a foundation of next
generation critical infrastructure [14].
Existing cyber attack events [11] indicate that electrical
energy systems are vulnerable to potential cyber security
threats. So, researching cyber-security problems in smart grids
are an important engineering mission.
III. C YBER S ECURITY F UNDAMENTALS IN S MART G RIDS
A smart grid system must support all or some of the
electricity generation, distribution, transmission, and control
operations [13]. To ensure that these transactions communicate
securely, enable to the main security objectives and bidirec-
tional communication. Also providing a layered communica-
tion architecture with a secure communication channel is a
necessity.
Smart grids consist of many devices connected to each other.
There are two types of data transmitted between these devices.
1) Private Data: It refers to privacy related data such
as user data, consumption data, log data, reporting data.
Capturing such data by attackers usually means violation of
privacy.
2) Operational Data: It involves instructions containing
commands. Operational data requires a high level of security
to protect smart grid systems from any attacks that may
cause power interruption [15]. Operational data indicates the
current loads of transformer feeders, transformer tap changers,
capacitors, fault locations, the status of relays,the real-time
current and voltage values, the status of circuit breakers etc.
Capturing such data by attackers can lead to damage to the
operation of the whole system.
The main security objectives are confidentiality, integrity,
and availability. Confidentiality prevents unauthorized access
to private information. Integrity guarantees the truth of infor-
mation. Availability provides guarantee of the services. How-
ever, in conventional communication networks, the importance
order of the security requirements is CIA (Confidentiality,
Integrity, Availability), while in smart grids it is AIC (Avail-
ability, Integrity, Confidentiality).
A. Main Security Objectives in Smart Grids
In smart grids, three key security principle must be met
absolutely. So, availability, integrity and confidentiality must
be ensured in smart grids.
1) Availability: It provides to ensuring authorized parties
can access to the information when needed. It guarantees that
unauthorized persons or devices can not access the system.
In Smart Grids, availability relates to all cyber systems such
as SCADA, distributed control centers, and distribution man-
agement systems (DMS), as well as communication networks
between these systems and external networks [14]. Denial
of service (DoS) and distributed DoS (DDoS) attacks target
availability of the system. So, they aim to disrupt the data
transfer and can delay, prevent, or disrupt the transmission of
data in smart grids. This, causes blackouts, brownout or denial
of data exchange. Loss of control messages or accessibility of
the data stream cause to the effect of the power distribution
and the system. Thus, availability is generally considered to
be the most important cyber-security necessity in Smart Grids.
2) Integrity: It prevents tampering of critical data in sen-
sors, control commands, software and electronic devices to
disrupt data exchange and decision making. For example,
smart meters should provide the integrity of source validation
and software update. It may be exposed to an attack that
may corrupt the integrity of the data during transfer of the
smart meter data to the distribution company [16]. Since the
transmitted consumption data used for billing, integrity must
be protected. Otherwise, the unauthorized alteration of this
data may cause damage to the company or the end user.
Malicious alteration or repetition of data flow, control
messages and sensor values indicate that the system is being
attacked. This is called loss of integrity. The loss of integrity
is the unauthorized alteration and destruction. This may cause
the system involved in power management to make incor-
rect decisions. Non-repudiation and authenticity are important
components of data integrity. The goal of integrity attacks
are modifying customer information such as customer account
data, billing data or network operation data like operating
status of the devices, voltage readings. In other words, such
attacks attempt to deliberately alter the original data in the
smart grid communication system to disrupt critical data
exchange in the smart grid [11].
3) Confidentiality: It is ensured that the stored and trans-
mitted data can only be accessed by the relevant receivers.
Confidentiality also prevents unauthorized users from ac-
cessing data to protect personal privacy and security. Smart
grids transmit data range from consumption data to consumer
specific data, varying levels of sensitivity and privacy. An Sharing user passwords with third parties destroys the ac-
end user’s consumption data should only be known by the countability. So, every user in the system should have specific
end user and the energy provider. Capturing control messages responsibilities for information security and they must explain
or data streams by attackers may cause the system to be all of their actions about cyber-security.
compromised. Confidentiality refers to the disclosure of secret The specific security requirements are essential for protec-
data to unauthorized users [17]. From a smart grid perspec- tion of cyber infrastructure in order to reduce liability and
tive, this refers to privacy of customer data, electric market increase competence in the electric market place [3]. So, any
data and critical enterprises data. Violation of confidentiality vulnerabilities that may arise in security key elements and
results from disclosure of private data. With the increasing requirements may cause serious problems in the cyber or even
accessibility of customer data on the Internet, confidentiality the physical security of the smart grids.
is becoming more and more significant [14].
IV. C LASSIFYING OF S MART G RID ATTACKS
B. Security Requirements in Smart Grids
Smart Grid Attacks are classified considering CIA. While
There are also some other security requirements that must CIA triad is important in Information Technology systems in
be with availability, integrity and confidentiality which is the terms of security, CIA triad is important in smart grids. Firstly,
basic security components in smart grids [15], [16], [18], [19]. availability must be ensured since smart grids must provide
Prominent requirements are as follows: efficiently use of electrical infrastructure. Integrity is second
1) Privacy: Privacy requires that user data can not be used priority while confidentiality is third. Table I lists the attacks
for different purposes without user’s approval, can not be that are blocking the CIA in smart grids.
obtained by different people, and can only be used for specified
purposes. For example, energy consumption data used for TABLE I
billing purposes can not be used for other purposes. TAXONOMY OF THE C YBER -ATTACKS IN S MART G RIDS
2) Authorization: Ensures that an authenticated object or
Confidentiality References
person has predetermined rights to perform certain operations Man in the Middle [3]
on certain resources. For example, an officer who must man- Password Pilfering [14]
ually configure on a smart meter must have predetermined Spoofing [16]
Unauthorized Access [17]
authority and access control rights. Traffic Analysis [18]
3) Non-Repudiation: Verification that a particular action Eavesdropping [20]
performed by a system or user can not be denied later. The goal Integrity -
Tampering, Wormhole [5]
of the non-repudiation is to be able to prove that a particular Replay [13]
message is associated with a particular individual. Spoofing [16]
Data Injection [21]
4) Identification: It is the ability to identify uniquely a user Time Synchronization [21]
of a system or an application that is running in the system. Data Modification [22]
5) Authentication: It is the process of verifying the identify Availability -
Wormhole, Flooding [5]
of a user. Authentication is the ability to prove that a user Puppet Attack [11]
or application is genuinely who that person or what that DoS/DDoS [15]
application claims to be. It proves the identity of the user Jamming [19]
Buffer Overflow [23]
or client machine attempting to log in.
6) Access Control: It refers to the management of admis-
sion to system and network resources. So, authenticated users Cyber attacks compromise the CIA triad directly or indi-
can access to specific resources based on company policies. It rectly. Virus, spyware, worm, trojan, logic bomb, back-door,
often includes authentication. and trapdoor are general types of malware. Generally, all kinds
7) Auditing: It means a systematic evaluation of the secu- of the attacks are generated from the aforementioned malware
rity of an information system by measuring how well it fits to a and their combinations. Logic bomb, back-door, trap-door can
set of established criteria. A whole audit typically assesses the be deliberately embedded into software by developers which
security of the system’s physical configuration environment, may be utilized to initate attacks later. DoS or DDoS attacks
processes, user practices, information handling, and software. attempt to delay, obstruct or damage information transmission
Auditing ensures that both users and administrators are in and exchange between nodes in a Smart Grid [21]. Spoof-
compliance with security policies. Auditing is an effective ing attacks consist of man in the middle, message replays,
method for ensuring accountability. spoofing, and software exploitation attacks. Man in the middle
8) Reliability/Consistency: It refers to the trustworthiness attacks may be performed in the multiple layers. An attacker
to do what the system is expected or designed to do. only needs to connect to the communication channel for a
9) Accountability: It means that every user’s traceability of jamming attack. A zero-day attack is a previously unknown
actions performed on a system must be provided. The use of security vulnerability [24] and it can be realized after the attack
user identification and authentication supports accountability. finished. Stuxnet is a zero-day attack. Eavesdropping is a form
of passive attack and the attacker overhear messages between
two nodes over a communication line [20].
Man in the middle, password pilfering, spoofing, traffic
analysis, unauthorized and eavesdropping attacks obstruct the
confidentiality principle in the smart grid. Wormhole, data
tampering, data injection, spoofing, time synchronization at-
tacks damage to the integrity principle in the smart grid.
Wormhole, flooding, DoS, DDoS, jamming, buffer overflow
and puppet attacks damage to the availability principle in the
smart grid.
V. C ONCLUSION
Cyber-security incidents and academic literature show that a
large number of potential cyber attacks are increasingly prob-
able on systems as complicated and various as the emerging
smart grid. Also, recent technologies and the customer’s active
involvement in the smart grid can lead to arising new security
threats. So, it is required to improve the CIA triad of the
system by building a robust and effective smart grid cyber
infrastructure. The classification of cyber-attacks considering
the key elements of information security will provide a sys-
tematic and convenient way to produce effective solutions for
existing and future attacks in smart grids. Furthermore, due to
the characteristics of the smart grids, tailored solutions must be
designed for its own needs. In this context, the most important
security objectives called CIA triad and how they are applied
in the smart grids are outlined in the study.
R EFERENCES
[12] L. Kotut and L. A. Wahsheh, “Survey of Cyber Security Challenges
and Solutions in Smart Grids,” in 2016 Cybersecurity Symposium
(CYBERSEC), pp. 32–37, Apr. 2016.
[13] V. Delgado-Gomes, J. F. Martins, C. Lima, and P. N. Borza, “Smart grid
security issues,” in 2015 9th International Conference on Compatibility
and Power Electronics (CPE), pp. 534–538, June 2015.
[14] Y. Yang, T. Littler, S. Sezer, K. McLaughlin, and H. F. Wang, “Impact
of cyber-security issues on Smart Grid,” in 2011 2nd IEEE PES
International Conference and Exhibition on Innovative Smart Grid
Technologies, pp. 1–7, Dec. 2011.
[15] S. Shapsough, F. Qatan, R. Aburukba, F. Aloul, and A. R. A. Ali, “Smart
grid cyber security: Challenges and solutions,” in 2015 International
Conference on Smart Grid and Clean Energy Technologies (ICSGCE),
pp. 170–175, Oct. 2015.
[16] W. Wang and Z. Lu, “Cyber security in the Smart Grid: Survey and
challenges,” Computer Networks, vol. 57, pp. 1344–1371, Apr. 2013.
[17] N. Komninos, E. Philippou, and A. Pitsillides, “Survey in Smart Grid and
Smart Home Security: Issues, Challenges and Countermeasures,” IEEE
Communications Surveys Tutorials, vol. 16, no. 4, pp. 1933–1954, 2014.
[18] J. Liu, Y. Xiao, S. Li, W. Liang, and C. L. P. Chen, “Cyber Security and
Privacy Issues in Smart Grids,” IEEE Communications Surveys Tutorials,
vol. 14, no. 4, pp. 981–997, 2012.
[19] Y. Yan, Y. Qian, H. Sharif, and D. Tipper, “A Survey on Cyber Secu-
rity for Smart Grid Communications,” IEEE Communications Surveys
Tutorials, vol. 14, no. 4, pp. 998–1010, 2012.
[20] C. Bekara, “Security Issues and Challenges for the IoT-based Smart
Grid,” Procedia Computer Science, vol. 34, pp. 532–537, Jan. 2014.
[21] A. Sanjab, W. Saad, I. Guvenc, A. Sarwat, and S. Biswas, “Smart Grid
Security: Threats, Challenges, and Solutions,” arXiv:1606.06992 [cs,
math], June 2016. arXiv: 1606.06992.
[22] X. Li, X. Liang, R. Lu, X. Shen, X. Lin, and H. Zhu, “Securing
smart grid: cyber attacks, countermeasures, and challenges,” IEEE
Communications Magazine, vol. 50, pp. 38–45, Aug. 2012.
[23] D. B. Rawat and C. Bajracharya, “Cyber security for smart grid systems:
Status, challenges and perspectives,” in SoutheastCon 2015, pp. 1–6,
Apr. 2015.
[24] M. Baykara and R. Das, “A novel honeypot based security approach
for real-time intrusion detection and prevention systems,” Journal of
Information Security and Applications, vol. 41, pp. 103–116, Aug. 2018.

[1] M. Z. Gunduz and R. Das, “Nesnelerin interneti (IoT): Gelisimi,

bilesenleri ve uygulama alanları,” Pamukkale University, Journal of
Engineering Sciences, vol. 24, no. 2, pp. 327–335, 2018.
[2] M. Z. Gunduz and R. Das, “A comparison of cyber-security oriented
testbeds for IoT-based smart grids,” in 2018 6th International Sympo-
sium on Digital Forensic and Security (ISDFS), pp. 1–6, Mar. 2018.
[3] R. K. Pandey and M. Misra, “Cyber Security Threats- Smart Grid
Infrastructure,” in 2016 National Power Systems Conference (NPSC),
pp. 1–6, Dec. 2016.
[4] M. H. Cintuglu, O. A. Mohammed, K. Akkaya, and A. S. Uluagac,
“A Survey on Smart Grid Cyber-Physical System Testbeds,” IEEE
Communications Surveys Tutorials, vol. 19, no. 1, pp. 446–464, 2017.
[5] A. Procopiou and N. Komninos, “Current and future threats framework
in smart grid domain,” in 2015 IEEE International Conference on Cyber
Technology in Automation, Control, and Intelligent Systems (CYBER),
pp. 1852–1857, June 2015.
[6] C. P. Vineetha and C. A. Babu, “Smart grid challenges, issues and solu-
tions,” in 2014 International Conference on Intelligent Green Building
and Smart Grid (IGBSG), pp. 1–4, Apr. 2014.
[7] E. B. Rice and A. AlMajali, “Mitigating the Risk of Cyber Attack on
Smart Grid Systems,” Procedia Computer Science, vol. 28, pp. 575–582,
Jan. 2014.
[8] V. Y. Pillitteri and T. L. Brewer, “NIST Guidelines for Smart Grid
Cybersecurity,” NIST Interagency/Internal Report (NISTIR) - 7628 Rev
1, Sept. 2014.
[9] E. U. Haq, H. Xu, L. Pan, and M. I. Khattak, “Smart Grid Security:
Threats and Solutions,” in 2017 13th International Conference on
Semantics, Knowledge and Grids (SKG), pp. 188–193, Aug. 2017.
[10] A. O. Otuoze, M. W. Mustafa, and R. M. Larik, “Smart grids security
challenges: Classification by sources of threats,” Journal of Electrical
Systems and Information Technology, Feb. 2018.
[11] B. Khelifa and S. Abla, “Security concerns in smart grids: Threats, vul-
nerabilities and countermeasures,” in 2015 3rd International Renewable
and Sustainable Energy Conference (IRSEC), pp. 1–6, Dec. 2015.