RAINCOAT: Randomization of Network Communication in Power Grid Cyber Infrastructure to Mislead Attackers

Though attackers aim to introduce different physical perturbations on power grids, they need to rely On periodic data acquisitions performed by control centers to estimate the physical state of the grid and thus to prepare for destructive activities. In this paper, we present Raincoat, which randomizes data acquisitions to disrupt and mislead attackers' preparations. We transform one data acquisition into multiple rounds. In each round, we dynamically manipulate network flows in the control networks so that randomly selected "online" devices respond with real measurements. Meanwhile, we intelligently spoof measurements for other "offline" devices to mislead attackers into designing ineffective strategies. Based on experiments using large-scale power systems and six real wide area networks, Raincoat is effective against false data injection and control-related attacks with small overhead. The probability of successful attacks can be reduced from 70% to 1%; attacks introduce little damage even if they are executed. Network latency of data acquisition increases on average by less than 6%.