Following the high expectations that modern grids will benefit from information and communication technologies (ICTs), cyber security issues have also become non-negligible concerns, threating the security and economy of grid operations [
1,
2]. An FDI attack involves the deliberate manipulation of data within energy-management systems [
3]. Unlike conventional cyberattacks that aim to disrupt system operations through denial-of-service or direct damage to the infrastructure, FDI attacks are more insidious [
4,
5]. They subtly alter the data used for decision-making processes in energy systems, leading to erroneous system operations, inefficient resource allocation, and potentially hazardous conditions. The methodologies employed in FDI attacks are diverse and they are evolving. Common strategies include tampering with sensor readings, corrupting data communication channels, and exploiting vulnerabilities in data-aggregation processes. These methods are designed to bypass conventional detection systems, making FDI attacks particularly challenging to identify and counter [
6,
7]. State estimation (SE) plays a vital part in detecting false data injection (FDI) attempts via filtering out inaccuracies from measurements [
8]. In the realm of power system operations, SE plays a pivotal role. It involves the application of algorithms to deduce the most likely state of an electrical network [
9] by utilizing observed measurements like voltages and power flows [
10]. This process is critical in ensuring accurate and reliable data for grid management [
11]. However, these measurements are susceptible to various sources of errors [
12,
13]. These errors could stem from instrument inaccuracies, data transmission issues, or even deliberate manipulations, as observed in cyberattacks. Inaccurate measurements can lead to incorrect decisions in grid management, making the grid vulnerable to inefficiencies, instability, or even systemic failures [
14]. Therefore, understanding and improving state estimation is essential in bolstering the robustness of power systems against such vulnerabilities. Nevertheless, stealthily designed FDI attacks are able to compromise the measurement without being detected [
15]. Recent history has witnessed several high-profile intrusions into power grid systems. There has been a wide variety of reports demonstrating the significant FDI-based cyber threats. Ukraine experienced major power outages affecting nearly 250,000 people due to cyberattacks. While these attacks primarily involved malicious software to gain control of and disable critical power infrastructure, they exposed systemic vulnerabilities in the grid’s cybersecurity. Such vulnerabilities could potentially be exploited by FDI attacks, where false data are injected to manipulate the grid’s operational decisions, leading to similar, if not more severe, disruptions [
16]. The Olympic Destroyer malware incident during the Winter Olympics in Pyeongchang demonstrated the potential for cyber threats to disrupt critical infrastructure, including power grid systems. This event serves as a poignant reminder that, if FDI attacks were to target similar vulnerabilities, they could manipulate data to cause operational chaos without the immediate detection typically associated with more overt forms of cyberattacks [
17]. The activities of the SandWorm group, which included spear-phishing and exploiting zero-day vulnerabilities, primarily targeted energy companies and critical infrastructure operators. This group’s method of compromising power grid systems signals a risk that is also pertinent in the context of FDI attacks [
18].
1.1. Related Work
In order to mitigate the attack consequences, existing works have provided valuable insights to explore effective mitigation models [
19]. The authors of [
20] studied a trust value determination framework to indicate the trustworthiness of the obtained measurements. Distributed energy resources rely on the trust values of the control protocols to decelerate and mitigate FDI attacks. The authors of [
21] attempted to design a two-stage detection and mitigation approach against electric vehicle (EV) switching attacks to avoid grid instability conditions. A back propagation neural network approach is applied to detect and delay the abnormal switching request. In [
22], a hybrid FDI-mitigation scheme based on ensemble empirical mode decomposition is devised for concurrent attacks in DC microgrids. An event-driven mitigation method is adopted to eliminate the attack signal with the reconstruction of trustworthy signals. To enhance the robustness of cyber–physical control systems, the authors of [
23] designed a reactive attack-mitigation method. The attack is formulated via a Markov decision process, and a Q-learning-based linear approximation is employed to solve the problem. A diversified software deployment for cyber risk mitigation is studied in [
24] under the exposure of coordinated cyberattacks. A long-term optimization model ensures the expected minimal risk considering the worst-case scenario. The authors of [
25] proposed a robust incentive-reduction strategic model against financially motivated FDI attacks, which targets the very short term load predictor and deceives the system operator with an uneconomic operation scheme. However, the existing literature solely relies on the emergency response measure to mitigate the attack consequences, which can be strengthened by involving pre-attack risk-management approaches, considering the likelihood of potential cyberattacks. The work in [
26] is crucial as it addresses a timely and critical issue—the vulnerability of low-voltage distribution grids to cyberattacks precipitated by the increased integration of EV charging stations. One of the most commendable aspects of this paper is its focus on using the IEEE European Low-Voltage Test Feeder (ELVTF) as a standard model. This choice is particularly praiseworthy because it allows for a highly relevant and standardized approach to simulation, ensuring that the results are robust, reliable, and widely applicable. By utilizing the ELVTF, the study not only enhances its credibility but also contributes significantly to standardizing cybersecurity assessments within the smart grid domain.
It is unrealistic to cover and defend against all cyber threats due to their unforeseeable and catastrophic nature. Cyber insurance is designed to mitigate the financial losses that are incurred by cyber risks, offering a mechanism for managing the economic impact of cyberattacks, e.g., data breaches and malicious cyberattacks from hackers [
27]. The insured party needs to pay the premium regularly, whilst the insurer is responsible for indemnity to cover the financial losses induced by cyberattacks. It is anticipated that the market size of commercial-based cyber insurance will reach into the multimillions by 2028. The American International Group (AIG) is a cyber insurance corporation at the forefront of the industry; it has offered protection services against cyber risks since the late 1990s. The CyberEdge policy is a well-known customized cyber insurance product which is a comprehensive cyber-risk-management solution, offering standalone schemes for business companies [
28]. After the cyber disaster that was launched against the Colonial Pipeline in May 2021, U.S. energy companies started to realize the importance of purchasing cyber insurance. The insurance premium of the energy sector used to be the lowest across all industries. However, insurance companies have already prepared to increase premiums by between 25% and 40% due to the increasing severity of attacks and the unprecedented growth of the market [
29].
Prior studies that have investigated cyber insurance management for power grids have been limited to single-stage operation models. The authors of [
30] established an actuarial model to eliminate the riskiness and enhance the cyber insurance markets of power grids. A semi-Markov process (SMP) is applied to model the random cyber intrusion process, followed by sequential Monte Carlo simulations to assess the grid interruptions. As for applications in vehicle-to-grid systems, the authors of [
31] adopted cyber insurance to mitigate the risks of high energy costs induced by EV charging against the unavailability of data transmission. The original problem is transformed into an optimization problem. An optimal charging and insurance buying policy is obtained. The authors of [
32] devised a coalitional insurance investment framework as an alternative to the traditional insurance managed by third-party companies. The transmission operators serve as both the insured parties and the insurers. To hedge the economic losses against cyberattacks for EV charging stations, the authors of [
33] proposed an optimal insurance premium scheme for insurers. A coherent risk assessment approach is incorporated into the mechanism design to guarantee its robustness. However, existing works are limited in modelling EV charging behavior and energy trading against cyber intrusions; additionally, they failed to incorporate the complete grid structure information and grid physical constraints. Since cyber insurance management for energy grids is still at the very early stages, further exploration is required to effectively mitigate the cyber risks.
The authors of [
34] explored an integrated risk-management strategy that combines insurance and security investments to reduce overall security expenses. It evaluates the optimal investment under different insurance policies and concludes that the effectiveness of mixed strategies depends on factors like potential loss and vulnerability, often reverting to insurance-alone approaches under specific conditions. The authors of [
35] investigated whether cyber insurance can enhance network security through a market-based analysis, including regulated monopolistic and competitive markets. The findings suggest that, while unique market equilibriums exist in both market types, their efficiency and impact on improving network security vary, with challenges highlighted in monopolistic markets due to issues around contract discrimination and insurer profitability. The authors of [
36] presented analytical models for optimizing cybersecurity spending and cyber insurance, focusing on their effectiveness in reducing cyber threats. The study emphasizes the importance of private sector involvement in countering cybercrimes and proposes innovative cyber insurance approaches; these would be particularly beneficial for small- and medium-sized enterprises, through customized, threat-specific coverage and risk management support. The authors of [
37] presented a mathematical analysis of cyber insurance in a non-competitive market, addressing concerns about cyber insurance leading to reduced security investments. The authors demonstrate that, with the right pricing strategy, it is possible to ensure that security investments remain high, even with insurance. Their theoretical analysis, supported by CARA and CRRA utility functions, provides insight into balancing insurance with maintaining robust security measures. This study investigates the dynamics of self-defense investments in Internet security in the context of cyber insurance coverage. The authors of [
38] proposed a mathematical framework for understanding how cooperative and non-cooperative Internet users decide on their self-defense investments under full and partial insurance coverage. The results indicate that cooperative behavior enhances self-defense investment efficiency, and that partial insurance coverage motivates more prudent self-defense investments compared to full coverage. In this comprehensive survey [
27], the authors provide an in-depth analysis of the burgeoning field of cyber insurance. They discuss its peculiarities, provide a formal background, and review the existing literature on the topic. The paper explores the applicability of cyber insurance in various technological systems, identifies unique challenges in this market, and proposes directions for future research, making it a valuable resource for understanding the landscape of cyber insurance.
The Distributionally Robust Optimization (DRO) method is developed to hedge against the system uncertainties for energy management, including renewable generation fluctuation, load variation, natural disasters, etc. The authors of [
39] applied DRO to evaluate the operation costs affected by uncertain wind generation and EV charging delays. A linear decision rule model is adopted to approximate the second-stage formulation, assuming that real-time decisions are an affine relationship of uncertainty realizations. In [
40], a DRO-based chance-constrained program is utilized to account for the load uncertainty in a multistage distribution-expansion planning model. The intractable nonlinear constraints are reformulated into second-order conic constraints. DRO is effective in mitigating the overfitting effects and in reducing the estimation errors of classical stochastic optimization to characterize a single distribution. DRO also contributes to weakening the over-conservativeness of robust optimization.
The implementation of effective cyber insurance management for insured parties is faced with numerous challenges. These include the unpredictability of demand for security services [
41], the inherent uncertainty of the severity of cyber risks [
42], and the prohibitive costs of insurance premiums [
43]. To date, no power grid utility providers have purchased cyber insurance coverage, largely due to the difficulties associated with the design of a comprehensive cyber-risk-assessment and -mitigation program [
44]. The lack of a one-size-fits-all approach to cyber insurance, with each customer having unique requirements and needs, exacerbates the problem. The challenge of unpredicted demand for security services is particularly acute as cyber threats continue to evolve at an exponential pace, making it difficult to anticipate future security needs [
45]. Furthermore, the unpredictable nature of cyber risks, combined with the lack of historical data, makes it challenging to estimate the potential impact of a cyberattack [
46]. This lack of certainty is reflected in the high cost of cyber insurance premiums, which, in turn, makes it difficult for power grid utility providers to justify the investment. Given these challenges, it is crucial to design customized solutions for cyber insurance management that effectively contain risk. This could involve a combination of risk transfer mechanisms, such as insurance coverage, and risk-mitigation strategies.
1.2. The Proposed Approach and Novelties
This work introduces a cyber insurance model specifically designed for ICT-integrated multi-energy systems to mitigate the risks associated with cyberattacks, particularly false data injection (FDI) threats. Tailored to meet the critical needs of these systems, the model covers immediate post-attack expenses such as system diagnosis, component isolation, and restoration, focusing on risks to data and control systems that may disrupt operations. It calculates premiums based on the system’s risk profile, incorporating factors like complexity and past cyber incidents. The model strategically combines risk management with financial tools to ensure continuous operation, which is crucial for multi-energy systems. Additionally, it proposes a novel two-stage hierarchical cyber insurance planning (TCIP) model that optimizes insurance costs and operational efficiencies through risk transfer and real-time defense strategies. The TCIP model employs a moment-based Distributionally Robust Optimization (DRO) method, ensuring adaptability to FDI threats. Its effectiveness is demonstrated through simulations in a 33-20 distribution multi-energy grid (MEG) system, showing significant reductions in load shedding and operational costs.
This paper introduces a novel, cooperative, risk-management strategy that revolutionizes traditional approaches to cyber risk in power grid systems. Unlike conventional methods that primarily focus on financial risk transfer, this innovative strategy fosters a dynamic collaboration between insurers and grid operators, embedding proactive and reactive measures to robustly counteract cyber threats. The insurer’s involvement extends beyond mere post-incident financial restitution; it encompasses active participation in incident management, supplying specialized expertise and advanced cybersecurity technologies that are critical for rapid and effective incident response. This collaborative effort not only expedites the recovery process but also minimizes downtime and operational disruptions. Insurers contribute their extensive knowledge and resources, which are crucial for swiftly identifying, containing, and mitigating cyberattacks. This enables grid operators to customize their response strategies to specific threats, significantly enhancing the system’s defensive capabilities. Moreover, the mutual engagement in developing and implementing comprehensive cybersecurity protocols, conducting thorough risk assessments, and maintaining ongoing system monitoring ensures that vulnerabilities are preemptively identified and addressed. The strategy introduced in this paper promotes a shared-responsibility framework, where both insurers and the insured party actively participate in the intricate web of decision making and risk management. This approach not only enhances immediate response capabilities but also bolsters long-term system resilience against cyber threats. It represents a paradigm shift in the understanding of cyber insurance, positioning it as a vital, integrated component of holistic cyber risk-management strategies for power grids. This cooperative risk management model is not just a theoretical construct but a practical, innovative solution that significantly advances the security and robustness of power systems, offering a blueprint for future approaches to infrastructure protection. In
Figure 1, a graphical summary illustrates the multifaceted rationale behind our study, highlighting the complex interplay between enhancing cybersecurity, optimizing economic outcomes, and advancing research methodologies in smart city energy systems. The first segment of the diagram emphasizes the critical need for robust cybersecurity measures to address inherent vulnerabilities and minimize the economic impacts of cyber incidents on the interconnected infrastructure of smart cities. This protection is essential in preventing operational disruptions and costly recoveries following cyber threats. The second segment focuses on the strategic implementation of cyber insurance as a financial risk management tool, which not only transfers financial risks to insurers but also enhances cost efficiency and encourages proactive technological investments. This ensures that smart cities can maintain resilience while fostering economic stability. The third segment outlines our commitment to advancing the knowledge and methodologies in cyber risk management. It depicts how empirical insights from our study inform policy making and promote an interdisciplinary approach, integrating cybersecurity, insurance economics, and energy management to effectively tackle the challenges faced by smart city infrastructures. Together, these elements provide a comprehensive understanding of the reasons why this research is critical, serving as a foundation for further investigation and development in the field.
In conclusion, this work presents a significant contribution to the field of cyber insurance management for ICT-enabled multi-energy grids, offering a comprehensive and effective solution for mitigating cyber threats.
- ✓
In comparison to prior studies in the realm of cyber insurance management for electric vehicle charging stations or local energy systems, the present work encompasses a more comprehensive scope; it takes a full array of physical constraints and system functionalities into account, including optimal power flow, generator dispatch, and energy-balancing conditions. The proposed cyber insurance framework does not merely represent a risk-transfer solution; rather, it represents a cooperative risk-management strategy for energy system operators.
- ✓
Cyberattacks in power systems are known to trigger a cascade of effects that propagate through interconnected subsystems. Previous work in the realm of MEGs has not considered the implications of such attacks on cyber insurance management. To address this, the present work leverages optimal coordination of system interdependencies in order to mitigate attack consequences and minimize losses.
- ✓
Given the lack of historical data and the unpredictable nature of cyberattacks, a novel two-stage DRO method is adopted to estimate the potential impact of such attacks and formulate the total cost of the TCIP model. Unlike traditional SMP methods, the DRO approach seeks an optimal solution under the worst-case uncertainty distribution and provides robust mitigation against cyberattacks.
The subsequent sections of this paper are arranged as follows:
Section 2 provides an overview of detection bypassing and cyber intrusion principles;
Section 3 formulates the TCIP model;
Section 4 outlines the DRO method and its solution procedures;
Section 5 presents case studies to test the performance of the TCIP model; the paper concludes in
Section 6.