Impact Assessment of Credible Contingency and
Cyber Attack on Australian 14-Generator
Interconnected Power System
B M Ruhul Amin
School of Engineering Dept of strategy and innovation
Macquarie University
Sydney, NSW 2109, Australia Melbourne, VIC 3000, Australia
ruhul.amin@students.mq.edu.au msrahman@ieee.org
Abstract—This paper analyses the impacts of credible contin-
gency and an event of cyber attack on the dynamic performance
of a real large-scale interconnected power grid. Any credible
contingency, for example, short circuit fault or unnatural be-
haviour of protective devices due to cyber intrusion could create
catastrophic consequences and even complete blackout to the
power systems. In order to protect power systems against cyber
events, it is necessary to analyse the impacts of both faults and
cyber attacks on the dynamic behaviour of the power system
to identify cyber events from credible contingencies. In this
paper, a simplified model of an Australian 14-generator intercon-
nected system is considered as a testbed and MATLAB/Simulink
Simpowersystems Toolbox is used for the analyses. A real-life
incident of faults has considered as case study and an event
of a cyber attack on protection relay function is simulated to
explore the possible similar impacts on the same page. The
systematic analyses of different properties of the system will help
to design the detection and counter measure techniques to ensure
the system is protected from cyber threats.
Index Terms—credible contingency, cyber attack, intercon-
nected power grid.
I. I NTRODUCTION
A power system is one of the most imperative and complex
infrastructures human has ever built. Newer technologies are
being coalesced with the power system to ensure faster,
economic and reliable operation of the grid. Integration of
automated control devices, interconnected communication net-
works, smart meterings, and advanced energy management
systems (EMS) added wider monitoring and controlling of the
grid but as aftermath, they have introduced cyber vulnerabili-
ties to the power system. Reports of cyber attacks targeting to
the energy sector are increasing every year and some of them
led the system to complete shutdown, i.e. Ukraine blackout
2015 [1].
The secure operating environment of the power system
might be violated by credible or non-credible contingency
events. According to the Australian Energy Market Commis-
sion (AEMC), natural events such as single or double phase
faults in the transmission line, loss of single generator from
the grid are considered as credible contingencies [2]. In most
cases, secure power systems are designed to withstand single
978-1-7281-1981-6/19/$31.00 ©2019 IEEE
Authorized licensed use limited to: Macquarie University. Downloaded on November 10,2020 at 04:02:28 UTC from IEEE Xplore. Restrictions apply.
M. S. Rahman M. J. Hossain
School of Engineering
AEMO Macquarie University
Sydney, NSW 2109, Australia
jahangir.hossain@mq.edu.au
contingency event. All contingencies except credible events
are referred to non-credible contingency events. Usually, non-
credible contingencies such as cyber attacks cause unsatisfac-
tory state within the power system and result load shedding,
cascading failure, tripping of motors and generators and mal-
operation of computers and electronic controls. Immediate
control actions are required to maintain the secure operation
of the power system.
The control actions of modern cyber-physical power sys-
tems (CPS) fully rely on distributed meter measurements and
digital device settings. During power system disturbances,
i.e. transmission line faults, the control devices utilize the
measurement data obtained from the Intelligent Electronic
Devices (IEDs) and provide action signals to the tripping
devices by utilizing user defined control logics. The existing
protection systems are designed to react only with the predeter-
mined credible contingency events such as faults, but it is not
sufficient enough to defend the non-credible contingencies like
malicious cyber attacks in the grid. Sometimes, the attackers
are clever enough to inject malicious switching commands to
the circuit breakers and cause simultaneous tripping to the
transmission line. To ensure protection against cyber attacks
in the power system, it is necessary to develop a robust
cyber secured protection system by analyzing the dynamic
performance of a real large-scale interconnected power system
during different credible events and cyber attacks.
A significant number of research projects have been per-
formed on the stealthiness and detection of False Data In-
jection (FDI) attack in state estimation process of an EMS.
More details of this type of attack constructions and detec-
tions are available in [3]. But the detection of these type
of attacks is limited to only the state estimation process of
the power system and unable to ensure the overall security
of the power system. Other type of cyber attacks like replay
attack, DoS attack, data integrity attacks are also possible in
power systems. The data acquisition rate in present SCADA
system is also very slow. (once in every 2s to 10s). But, the
invention of the Phasor Measurement (PMU) has solved the
low data rate (120 samples per second). Again, this PMU is
also vulnerable to cyber attacks [4]. A PMU based test-bed
for cyber security study was developed by Adhikari et al. by
utilizing real-time simulator (RTDS) and a Hardware-in-the-
loop (HIL) based testbed [5]. They incorporate the protective
devices status log with the PMU measurements to detect those
type of cyber attacks which replay the disturbance data into the
control center. Novel data mining based detection algorithms
were proposed in [6], [7] by using the test-bed described in
[5]. Multi-agent based approach for the detection of cyber-
attacks in substations were developed in [8], [9]. Recently, F.
Taha et al. proposed dynamic state estimation based system to
combat the cyber attacks and unknown inputs in the grid [10].
The above discussed approaches are relevant to specific
functionalities of power systems. Some papers focused on
the FDI in DC state estimator and ignored the upcoming
almost real-time measurement capabilities of the PMUs. Some
considered that PMUs’ dynamic and static data are vulnerable
to cyber attacks and the control center can experience replay
type attacks. Dynamic state estimation based cyber attack
mitigation techniques can not describe the attacks targeted to
the protective devices like relays, CBs etc. All the approaches
are limited to their relevant fields of interest, but no work has
thoroughly analyzed and searched for the distinctive behavior
dissimilarities of natural disturbances and attacks.
In this paper, the dynamic performance analyses of credible
events and cyber attacks are performed in a simplified model
of South East (SE) Australian power grid which validate
the practical aspect of this research. The research outcomes
clearly illustrate that, there are distinctive dissimilarities in
the dynamic behavior during faults and cyber attacks. The
main contribution of this paper is, it analyses the dynamic
performance of an interconnected power system during cred-
ible contingencies and cyber attacks and opens horizon for
developing new detection and mitigation techniques of cyber
attacks in the power grid by utilizing distinctive dynamic
responses of the technical parameters.
The next section (section II) illustrates the problem for-
mulation of the research work, description of the Australian
grid model, impact of different types of credible events and
cyber attacks, and protective relay functionality. In the section
III, we throughly discussed the outcomes of our simulation
results. Section IV presents the conclusion followed by future
directions.
II. P ROBLEM F ORMULATION
Secure operation is one of the fundamental objectives of
power systems designing. Inappropriate or delayed operation
of the protective devices cause power system instability. As
a consequence, the system might experience cascading failure
of loads, under frequency load-shedding (UFLS) and in severe
cases, complete blackout. Recently, in 25 August, 2018, the
Australian national grid experienced an improbable event in
the Queensland (QLD) and New south Wales (NSW) iner-
connectors (QNI). According to the Australian Energy Market
Operator (AEMO) report, this operating incident occurred in
the QNI and two adjacent single circuit transmission lines
Authorized licensed use limited to: Macquarie University. Downloaded on November 10,2020 at 04:02:28 UTC from IEEE Xplore. Restrictions apply.
simultaneously tripped due to lightening strikes which was an
unusual incident in the power system. As an aftermath, New
South Wales (NSW), Victoria (VIC) and Tasmania (TAS) state
regions experienced under-frequency load shedding for several
hours and caused separation of the South Australian (SA)
region from rest of the National Electricity Market (NEM).
Almost hundred thousand (95,000) customers experienced
load shedding due to this phenomena for several hours [11].
This type of unusual contingency events could also be
initiated by malicious cyber attackers in near future. In the
future power grid, the protective relays will be more dis-
tributed and their functionality will be more dependent on
the computerized communication facilities. The attacker might
take the advantages of security flaws and weaknesses in the
communication networks, devices and softwares and initiate
various known or unknown operating incidents in the grid. For
the power engineers, it is very important to analyze the system
dynamic behaviors subsequent to the faults and possible cyber
attacks and clearly distinguish them to take preventive and
protective actions.
A. Power System Description
To analyze the dynamic performance of a large scale
interconnected power system, a simplified benchmark model
of SE Australian power system is considered. Unlike Europe
or USA, the Australian grid is a linear, long interconnected
system. The schematic of the power system is depicted in
figure 1. For convenience, the complete model is divided into
5 interconnected areas which represent the Australian Central
Territory (ACT)/Snowy Hydro(SH), New South Wales (NSW),
Victoria (VIC), Queensland (QLD) and South Australia (SA)
regions.
There are 14 generators in the model. Actually, each gen-
erator represents a large power station comprising 2 to 12
generators. During peak hour total generation is 25430 MW
and total demand load is 24800 MW. Area 2 and 1 are more
closely coupled and maximum steady-state inter-area flow
from area 2 to area 1 is 1134 MW. Other inter-area power
flows are following: from area 4 to area 2 and from area
3 to area 5 is 500 MW and from area 1 to area 3 is 1000
MW. The main interconnectors are Queensland and New South
Wales Interconnectors(QNI), New South Wales and Australian
Central Territory Interconnectors (NSI), Australian Central
Territory and Victoria Interconnectors (SVI) and Victoria ans
South Australia Interconnector (VSAI). The operating system
frequency is 50 Hz and nominal device base is 100 MVA
[12]. Different power system contingency events like faults
and cyber-attacks targeted to the large-scale inter-connected
grid are simulated in this benchmark SE Australian grid model
and the significant changes of the inter-connector power flows,
line voltages and currents, generator transient behaviors etc.
are observed and analyzed in the subsequent sections.
B. Impact of Credible Contingency and Cyber Attacks
The impact of credible contingencies and cyber attacks are
briefly described below:

Fig. 1: Simplified Model of SE Australian Power System
1) Short circuit faults: Short circuit faults are common
contingencies of power systems. Single line to ground
(SLG), double line to ground (DLG) and three phase
to ground (LLLG) faults are occurred when a short
circuit in the line appears due to natural disasters like
lightening. Voltages and currents change abruptly during
faults and unstabilize the system if not removed on time.
2) Integrity attack: The false command injection attack is
a form of integrity attack where an attacker alter the
control logics of a digital relay or change the relay
settings so that the protective devices operate wrongly.
3) Man-in-the-middle attack: In this case, an attacker acts
as a middleman between two parties for example, the
information log and the actuating devices. Then two
parties believe that they are communicating each other
but in reality their communication is controlled by the
attacker.
4) Replay attack: The attacker gains access to the commu-
nication network and store the system parameters such
as voltages, currents, sequence components etc. during
disturbances. While initiating an attack, the attacker
simply replays those previously occurred disturbance
data to deceive the operator for initiating unnecessary
control actions.
Authorized licensed use limited to: Macquarie University. Downloaded on November 10,2020 at 04:02:28 UTC from IEEE Xplore. Restrictions apply.
5) Remote tripping command injection: This attack is also
an integrity attack especially targeted to the digital
protective devices (CBs) so that the CBs start operat-
ing from an outside source other than the relay trip
command. This type of attack can destroy the rotating
physical components of the grid.
6) False Data injection (FDI) attack: In the FDI attack, the
attacker compromises the valid system measurements
and digital relay configurations to obtain wrong system
states and completely disable the relay function in the
time of emergency.
7) Denial of Service (DoS) attack: This type of attack
overwhelms a system’s communication resources so that
the system becomes unresponsive to service requests. As
a result the control center loses the availability of the
monitored information and fails to decide proper control
actions.
C. Relay Functionality
In the modern power system protective functionality, the
PMU measurement data are collected and processed in the
Phasor Data Concentrator (PDC), then send it to the relay for
taking operational decisions. The transmission line currents
could vary from zero to a very high level depending on the
operational situations. In the normal operation period, currents
vary from zero to the rated value. At the initial stage of
the faults and overloading situations currents remain in the
warning zone. But, if the fault is not cleared in time, the
fault current grows and crosses the threshold limit. Different
threshold limits for protective relay operation could be math-
ematically defined as:

IHigh ,
 I T H ≤ IR
IR = IW arning , IN ≤ IR < IT H

IN ormal , 0 ≤ IR < IN

In this paper, a single-phase over-current relay is designed
which operates if the phase current exceeds the predetermined
current threshold setting i.e. IT H . The threshold limit is taken
200% of the rated current which complied with the practical
range of the relay setting (50% to 200%) [13]. If the current
IW arning stays longer than certain limit the relay will also
trip the CB.
III. S IMULATION R ESULTS
In order to analyze the system dynamic performance during
credible events and cyber attacks, the simplified model of
SE Australian power system model is designed in MAT-
LAB/Simulink by utilizing SimPowerSystems toolbox. First,
symmetrical and asymmetrical faults are applied in the QN
interconnectors and the system dynamic performances are
evaluated. Secondly, a random switching attack which alters
the CBs’ tripping command frequently is applied in the QN
interconnectors. The switching time period of the malicious
tripping injection is chosen as 1 s. Two types of switching
attacks are illustrated. One attack is targeted to the single
phase circuit breaker and another attack is targeted to the three
phase circuit breaker. Ideal relay operation is considered for
the tripping of the circuit breakers during abnormal behaviors
of the system dynamics.

A. System Response for Credible Contingency Events

1) Single Line to Ground Fault: In this case study, a
(a) (b)
single phase to ground fault is applied in phase A in the
QN interconnectors at 10.0 s. Current in the faulty phase
increases immediately and the relay trips to clear the fault.
As a consequence, phase currents of phase B and C increased
upto 50% of the rated current as shown in Figure 2a. The mean
frequency is also decreased by 0.1% (Figure 2b). Power flow in
the QNI abruptly falls for a short period of time but recovered (c) (d)
soon. The steady state power flow in the interconnector is 500
MW. From the figure 2d, it is clear that, the impact of SLG Fig. 3: System Response: (a) Different phase currents in relay,
fault in the VSAI is not severe and the power flow between (b) Overall system frequency, (c) Active power flow in QNI,
Victoria (VIC) and South Australia remains in steady-state and (d) Active power flow in VSAI during three phase fault
condition after few seconds of the fault clearing. in QNI.

malicious tripping command to the CBs and can isolate the

circuit breaker from the relay.

(a) (b)

(a) (b)

(c) (d)
Fig. 2: System Response: (a) Different phase currents in relay,
(b) Overall system frequency, (c) Active power flow in QNI,
and (d) Active power flow in VSAI during single phase fault (c) (d)
in phase A of QNI.

2) Three Phase to Ground Fault: In this case, a three phase

to ground fault is applied to the QN interconnectors. As three
phase fault is a symmetrical fault, all the phase currents will
depict same responses in faults. The fault is applied at 10.0
s of the simulation and from the figure 3a, 3b and 3c, it is
obvious that the QN interconnector is totally out of operation
and Queensland become isolated from the grid. As no power
is flowing from the Queensland (QLD) area, the power flow
at VSAI decreased from 500 MW to 440 MW (Figure 3d). As
a consequence, the generators in South Australis (SA) region
need to supply extra power to meet the demand or should
perform load shedding to minimize the fault effects.
B. System Response for Cyber events
Switching attack which is one of integrity attacks are
applied to the QN interconnectors in order to observe the phase
voltage and current responses and power flows in the inter-
connectors. It is assumed that, the attacker is able to inject
(e)
Fig. 4: System Response: (a) Different phase currents in
relay, (b) Overall system frequency, (c) Active power flow
in QNI, (d) Active power flow in VSAI, and (e) Random
switching attack signals generated by the attacker during
random switching attack in phase A in QN Interconnectors.
1) Random Switching Attack in Single Phase Circuit
Beaker: In this case, the attacker injects malicious injection
in phase A of the QN interconnector at 10 s and continue
sending the tripping commands. The system switching signal
is depicted in the figure 4e. From the figure 4a, it is observed
that, the breakers at phase B and phase C detect the abnormal
behavior at 34 s and 37 s respectively. From 10 s to 38 s

Authorized licensed use limited to: Macquarie University. Downloaded on November 10,2020 at 04:02:28 UTC from IEEE Xplore. Restrictions apply.
the phase currents fluctuated at intolerable oscillation rate.
The overall system frequency oscillates more than 0.2% and
decreases gradually (figure 4b). The power flow in the VSA
Interconnectors changes from 300 MW to 720 MW (figure
4d), whereas the steady state power flow limit is 500 MW. As
random switching signals are injected to the circuit breakers,
the system will experience abnormal harmonics in the system.
2) Random Switching Attack in Three Phase Breaker: In
this section, it is considered that the attacker is able to inject
malicious tripping signals to the three phase circuit breaker.
From the figure 5a to 5d, it is clear that the situation is worst
among all the situations described in the earlier sections. The
phase currents are fluctuating from zero to 4000 ampere, the
system frequency lost its synchronism and the power flows are
very inconsistent in the interconnectors. Immediate detection
and mitigation actions are required for these type of system
contingencies to protect the power system from complete
blackout.
(a) (b)
(c) (d)
(e)
Fig. 5: System Response: (a) Different phase currents in relay,
(b) Overall system frequency, (c) Active power flow in QNI,
(d) Active power flow in VSAI, and (e) Random switching
attack signals generated by the attacker during random three
phase switching attack in QN Interconnectors.
IV. C ONCLUSION
The dynamic performance of a real large-scale inerconnec-
tor system is simulated and analyzed for credible contingency
events and cyber attacks on a simplified model of Australian
14-Generator Interconnected Power System. Two physical
events, single phase to ground faults and three phase faults
are considered as credible contingency events and random
malicious tripping command injection in single phase and
three phase circuit breaker are considered as cyber attack
Authorized licensed use limited to: Macquarie University. Downloaded on November 10,2020 at 04:02:28 UTC from IEEE Xplore. Restrictions apply.
events. Relay currents, overall system frequency and power
flows in the interconnectors are considered as key parameters
to analyze the dynamic performance of the system. Ideal
over-current relays are considered as protective devices. The
research outcomes demonstrate the severity of cyber attacks in
the power grid than the credible contingencies. The dynamic
behavior of the system parameters also show distinct patterns
for credible events and cyber attacks.
Though only one type of cyber attacks is considered in this
paper, there are unbounded number of possible cyber attacks
in the power system. The future scope will extend the work to
analyze the harmonics of the fault current as a parameter to
detect the event of cyber attack and distinguish it from credible
contingency events, and to some extent determine the possible
counter measures.
R EFERENCES
[1] G. Liang, S. R. Weller, J. Zhao, F. Luo, and Z. Y. Dong, “The 2015
Ukraine Blackout: Implications for False Data Injection Attacks,” IEEE
Transactions on Power Systems, vol. 32, no. 4, pp. 3317–3318, 2017.
[2] AEMC. [Online]. Available: https://www.aemc.gov.au/energy-
system/electricity/electricity-system/security
[3] G. Liang, J. Zhao, F. Luo, S. R. Weller, and Z. Y. Dong, “A Review
of False Data Injection Attacks Against Modern Power Systems,” IEEE
Transactions on Smart Grid, vol. 8, no. 4, pp. 1630–1638, 2017.
[4] T. Morris, S. Pan, J. Lewis, J. Moorhead, N. Younan, R. King,
M. Freund, and V. Madani, “Cybersecurity risk testing of substation
phasor measurement units and phasor data concentrators,” Proceedings
of the Seventh Annual Workshop on Cyber Security and Information
Intelligence Research - CSIIRW ’11, no. October, p. 1, 2011.
[5] U. Adhikari, T. Morris, and S. Pan, “WAMS Cyber-Physical Test
Bed for Power System, Cybersecurity Study, and Data Mining,” IEEE
Transactions on Smart Grid, vol. 8, no. 6, pp. 2744–2753, 2017.
[6] U. Adhikari, T. H. Morris, and S. Pan, “Applying hoeffding adaptive
trees for real-time cyber-power event and intrusion classification,” IEEE
Transactions on Smart Grid, vol. 9, no. 5, pp. 4049–4060, Sept 2018.
[7] S. Pan, T. Morris, and U. Adhikari, “Developing a hybrid intrusion de-
tection system using data mining for power systems,” IEEE Transactions
on Smart Grid, vol. 6, no. 6, pp. 3104–3113, Nov 2015.
[8] M. S. Rahman, H. R. Pota, and M. J. Hossain, “Cyber vulnerabilities
on agent-based smart grid protection system,” IEEE Power and Energy
Society General Meeting, vol. 2014-Octob, no. October, 2014.
[9] M. S. Rahman, M. A. Mahmud, A. M. T. Oo, and H. R. Pota,
“Multi-Agent Approach for Enhancing Security of Protection Schemes
in Cyber-Physical Energy Systems,” IEEE Transactions on Industrial
Informatics, vol. 13, no. 2, pp. 436–447, 2017.
[10] A. F. Taha, J. Qi, J. Wang, and J. H. Panchal, “Risk mitigation for
dynamic state estimation against cyber attacks and unknown inputs,”
IEEE Transactions on Smart Grid, vol. 9, no. 2, pp. 886–899, 2018.
[11] AEMO, “Preliminary Report- Quensland and South Australia
system separation on 25th August 2018,” no. September. [Online].
Available: https://www.aemo.com.au/Electricity/National-Electricity-
Market-NEM/Market-notices-and-events/Power-System-Operating-
Incident-Reports
[12] M. Gibbard and D. Vowles, “Simplified 14-Generator Model of the SE
Australian Power System,” (The University of Adelaide), pp. 1–45, 2010.
[13] M. S. Almas, R. Leelaruji, and L. Vanfretti, “Over-current relay model
implementation for real time simulation amp;amp; hardware-in-the-loop
(hil) validation,” in IECON 2012 - 38th Annual Conference on IEEE
Industrial Electronics Society, Oct 2012, pp. 4789–4796.