1

Critical Infrastructure Interdependency Modeling:

Using Graph Models to Assess the Vulnerability of
Smart Power Grid and SCADA Networks
Pravin Chopade1

Marwan Bikdash

Computational Science and Engineering

North Carolina A&T State University
Greensboro, NC, USA
pvchopad@ncat.edu

Computational Science and Engineering

North Carolina A&T State University
Greensboro, NC, USA
bikdash@ncat.edu

AbstractWe discuss a framework for quantitative vulnerability

assessment of critical infrastructure systems. We focus on the
smart electric power delivery systems, i.e., electricity
transmission and distribution smart grids, along with SCADA
and EMS systems. We introduce concepts and results from graph
and social network theories, and apply them to the study of the
WSCC-Smart Power Grid Network-SCADA-EMS (WSSE)
System. We also calculate values of the topological characteristics
of the networks and compare their error and attack tolerances,
i.e., their performance when vertices are removed, randomly or
in a malicious way. Also, we study the possible topology
generation models such as the random graph, small-world, and
scale-free models. The WSEE system was found to follow the
scale-free graph model of social network theory.
Keywords- Smart Grid, SCADA, Graph, Network, Vulnerability.

I.

INTRODUCTION

On August 14, 2003, many north-eastern metropolitan

cities were hit by a historic blackout. According to the USCanada Power Systems Outage Task Force [1], the event left
millions of American and Canadian citizens without power for
more than four days. It cost the U.S. economy between 4 and
10 billion dollars in lost wages, productivity, and overtime.
The event was not terrorism-related, but brought infrastructure
vulnerabilities to the forefront of homeland security [1]. The
blackout is an example of the potential ramifications of a
failure or attack on the supervisory control and data
acquisition, or SCADA systems. SCADA systems and their
components can be found in a number of national
infrastructures including the water, oil, and gas industries.
SCADA systems are computer controlled devices that perform
and relay physical changes in infrastructure systems to
technical operators. They are capable of monitoring millions
of data points simultaneously, and can therefore be
manipulated by a cyber attack. An adversary thus can
penetrate the electrical power grid, or other control system,
with little more than a laptop and an Internet connection. This
is a major threat.
SCADA systems were originally designed for reliability
and efficiency, not security, and before the advent of the
Internet. Today, corporations use the Internet to monitor

SCADA and other control system activity. Many prominent

security flaws, including sub-par firewalls and non-unique
passwords, continue to exist within these SCADA systems
creating the potential for a devastating attack [2].
Section II addresses the vulnerability of critical
infrastructures. Section III discuses a framework for
quantitative vulnerability assessment of critical infrastructure
systems. In Section IV, we study the possible topology model
generators for the WSSE. In Section V, we evaluate the
vulnerability of the WSSE to widespread attacks.
II.

VULNERABILITY OF CRICTICAL INFRASTRUCTURES

A. Vulnerability of Electric Power Delivery Network

The infrastructure of a society consists of facilities such as
communications, power supplies, transportation, water
supplies, and the stock of buildings [3]. Infrastructure systems
can be subjects to threats and hazards of different kinds that
can make them totally collapse. Threats and hazards include
natural disasters, adverse weather, technical failures, human
factors, labor conflicts, sabotage, terrorism, and acts of war.
Here, the sensitivity to such threats and hazards is the
vulnerability of the system. Thus, the concept of vulnerability
is used to characterize a lack of robustness and resilience of a
system [4].
Robustness signifies that the system will retain its function
and resources largely unchanged or nearly unchanged when
exposed to perturbations. Resilience implies that the system
can adapt to regain a stable acceptable level of performance
after perturbations but the new state may be significantly
different [5].
B. Need for interdependency modeling
The electric power system must always maintain a balance
between loads and generation levels while satisfying load flow
dynamic constraints.
In general, there are three levels of control:
i.)
The control center or Energy Management System
(EMS);
ii.)
The data collection system called SCADA
(supervisory control and data acquisition system);

This work is supported by Pennsylvania State University and

The Defense Threat Reduction Agency (DTRA) under contract DTRA01-03D-0010/0020 and sub-contract S03-34.
(1 Author doing PhD at NCATSU, USA and Associate Professor at Bharati
Vidyapeeth Deemed University College of Engineering, Pune, INDIA)

978-1-4577-1591-4/11/$26.00 2011 IEEE

2
iii.)

AGC (automatic generation control) for maintaining

the instantaneous power balance.

consequence Q in the context of power outages can be

described by power loss (MW) or unserved energy (MWh).
Let Q(t ) be consequence of a disturbance that occurs at
time t , t T . Then, the vulnerability of the infrastructure
system is measured by the probability
P(max Q(t ) q).

(1)

tT

Let Ai be an initiating event, then its effect on the conditional

vulnerability can measured using [7]
Figure 1. Physical Architecture Representation of Smart Power Grid with
SCADA

P(max Q(t ) q | Ai ).

In some initiating events, such as failure of technical

components, P( Ai ) can be estimated by using its frequency of
occurrence. For other events, such attacks P( Ai ) is not
available because those attacks can be extremely rare and
hence very difficult to estimate. Only the conditional
probability can be used (Eq. 2). The total vulnerability is a
sum over all potential initiating events.
P(max Q(t ) q)
tT

Figure 2. Graph Analytical Representation

The impact of a major power outage (Blackout) will be

determined by the nature of the affected area, the duration of
the disturbance, the time of day, the weather conditions etc. [6].
Especially
critical
is
the
dependence
between
telecommunications and power systems. This emphasizes the
need of developing
interdependent models of critical
infrastructures. In Figure 1, we illustrate such interdependent
models. Figure 2 shows graph-analytical representation for the
same interdependent Smart Power Grid Network (SPGN) and
SCADA network.
III.

FRAMEWORK FOR VULNERABILITY ANALYSIS

In Figure 3, we present a generic framework for

vulnerability analysis captured by the following questions [3]
i.
ii.
iii.
iv.

What can go wrong?

What are the consequences?
How likely is it to happen?
How is a normal state restored?

The vulnerability of an infrastructure system is related to the

probability that the disturbance produces a consequence Q
(societal, technical, etc) which is larger than some large
(critical) value q, during a given period of time T . The

(2)

tT

P( A ). P(max Q(t ) q | A ).
i

tT

(3)

Crisis management consists of a number of phases; for

example: prevention, mitigation, response, recovery, and
learning. In some cases, it can be more suitable to concentrate
on resources to abort an ongoing disturbance, rather than using
the resources to prevent the disturbance from taking place.
The aim of a vulnerability analysis is then to identify events
that can lead to critical situations (large negative
consequences), and study how the function of the system can
be restored. A vulnerability analysis can, thus, facilitate the
development of responses to possible crisis situations, and find
the basis for prioritization between different alternatives to
improve system performance.
Vulnerability assessment also includes an evaluation of the
level of vulnerability, and (if needed) an analysis of options
for enhancing the robustness and/or resilience of the system
see Figure 3.
An important difference between risk analysis and
vulnerability analysis is that the latter emphasizes post-failure
response towards recovery. Traditional risk analysis focuses
mainly on the probability of failures emerging. Vulnerability
analysis is an all hazards approach, thus including both
threats from planned (antagonistic) attacks and unintentional
threats and hazards in the vulnerability analysis.

3
CC

Figure 3. A framework for vulnerability assessment, and vulnerability

analysis.

IV.

GRAPH THEORETIC VULNERABILITY ANALYSIS

SPGN and SCADA can often be represented in a useful

way as networks, The structure (topology) of networks is
mathematically described in terms of graphs, i.e., sets of
vertices (nodes) and edges (links). For a smart electric power
grid, the vertices can be power plants, stations and power users,
and the edges power lines. Here, the aim of network analysis is
to study how the performance of networks is affected by the
removal of vertices and edges, to compare the structure of
different networks, and analyze of how the change of structure
affects the vulnerability of networks.
There has been a revival of network modeling in the past
years due to increased computing power, the computerization
of data acquisition, and the intense interest in complex systems.
New Emphasis has been placed on statistical measures, and
numerical simulations [7, 8]. In the following, the graphs will
be undirected and initially connected, even though directed
graphs can better represent actual flow of power in the
network. Vega-Redondo [8], Bhandari [9], and Ahuja, et
al.[10] review recent advances made in the field of graph
theory and survivable network analysis.
A number of statistical measures have been proposed to
characterize the structure of complex networks. The following
concepts are central:
Average path length: the distance between two vertices is
defined as the number of edges along the shortest path
connecting them. Many complex networks, despite their
often-large size, have a relatively short average path
length between any two vertices.
Clustering coefficient: The clustering coefficient, CCi , of
a vertex i is the ratio between the actual number of edges
that exist between the vertex and its neighbors and the
maximum number of possible edges between these
neighbors. The CC of the network is defined as [11]:

1
n

CC

iV

1
n

k (k
iV

Mi
,
i 1) / 2

(4)

where CCi is the local clustering coefficient, M i is the

number of edges that exist between the neighbors of
vertex i, and ki is the number of neighbors for vertex i.
The denominator ki (ki 1) / 2 is the maximum possible
number of edges that can exist between the neighbors of
vertex i.
Degree distribution : The number of edges connected to a
vertex is called its degree. The degree distribution P(k )
of many empirical networks has a power law,
P(k ) ~ k , where is typically between 1 and 3 [12].

The studies of networks has given birth to several classes

of abstract network models. Erds and Rnyi introduced the
idea of random graphs in the late 1950s [10]. The simple
random graph model combines low clustering with an
exponential degree distribution. Watts and Strogatz introduced
the so-called small-world model in 1998 [11]. This model
combines high clustering and a short average path length [11].
In 1999, Barabsi and Albert presented the scale-free network
model that has a power-law degree distribution [13,14].
Application to IEEE 14-Bus Network :
We first use a simple power network to illustrate the
graph statistics and their calculation. Shown in Figure 4 is the
standard IEEE 14-Bus network. Figure 5 shows the abstracted
topology of the 14-Bus network [4] which has 14 nodes and
20 edges.
The degree the critical path length, and the clustering
coefficient of each node are calculated and tabulated in Table
I. The average degree is 2.857; the average critical path length
is 2.374 and the average clustering coefficient is 0.367. A
random graph with the same number of nodes, and same
degree of 2.857, would have lRandom = 2.51 and CCRandom =
0.204. The critical path length of the 14-Bus network is close
to that of the random graph, but the clustering coefficient is
twice that of the random graph. Hence the 14-Bus network
can be thought of as a random graph.
As the number of nodes in the power network increases, it
looks less random and more like the small-world and scalefree networks.
The key topological characteristic of small-world
networks is the presence of a small fraction of very long-range
global edges, which contract otherwise-distant parts of the
graph, while most edges remain local, thus contributing to the
high clustering coefficient. Since the qualitative nature of a
systems connectivity is important in determining both its
structural and dynamic properties, the removal of a node, e.g.,
the outage of a generator or substation transformer, or a
sudden pull-out of a large load or an edge (a transmission
line), could affect the functionality of other nodes as well.

4
the characteristics of a scale-free network. A scale-free
network is a connected graph or network with the property
that the number of links k originating from a given node
exhibits a power law distribution. A scale-free network can be
constructed by progressively adding nodes to an existing
network and introducing links to existing nodes with
preferential attachment so that the probability of linking to a
given node i is proportional to the number of existing links
k that node has, i.e.,
kj
.
(5)
P(linking to node i) ~
k
j j

Figure 4. IEEE 14 Bus Network [4]

Scale-free networks occur in many areas of science and

engineering. The power grid of the WSCC has been argued to
posses the scale-free property [12].
V.

GRAPH MODELING AND VULNERABILITY ANALYSIS OF

WESTERN STATES US GRID

Figure 5. Topology of 14-Bus Network

TABLE I. GRAPHICAL PROPERTIES OF THE 14-BUS NETWORK

Node
Degree, Critical
Number
Path
ki
Length l i

Clustering
Coefficient,

2.692

1.0

2.154

0.5

2.615

1.0

1.836

0.3

1.923

0.333

2.077

0.167

2.231

0.333

3.154

0.0

1.923

0.167

10

2.462

0.0

11

2.538

0.0

12

2.769

1.0

13

2.462

0.333

14

2.385

0.0

2.374

0.367

Average 2.857

CCi

When the SPGN and the SCADA networks are

considered simultaneously, the network exhibits more clearly

Figure 6. Illustrating the type of connections in the WSCC model of SPGN

and SCADA system

Next we consider the combined SPGN, SCADA and EMS

system (WSSE) of WSCC US Grid. The topology of the
network and the interactions involved are illustrated in Figure
6. Power system failures sometimes progress across the
boundaries of balancing authorities, where sensor data are
aggregated, through EMS and SCADA systems. Across these
boundaries, the models are often less useful. Furthermore,
even within a balancing authority, cascading failures can
progress more quickly than the communications and
computational processes from which eigenvalues are
calculated. Therefore there is a need for tools that can identify
emerging risks without detailed, highly accurate, network
models. The full model of the WSSE network [15] has 4941

TABLE II. Statistical graph measures for WSCC Network

Total Nodes or vertices NN

4941

Number of Connected Nodes

Number of disconnected Nodes
Edges or links NL

4923
18
11305

Power in scale-free degree distribution Alpha

2.2

Average Node Degree

Fraction of reciprocal links
Clustering Coefficient CC

2.30
0.39 %
0.0024

Average Clustering Coefficient

0.002 %

10

Incoming Outgoing Node Degree Distribution

P(k)

10

10

10

10
0
10

10
k,Degree

10

Figure 7. Node Degree Distribution

Performing Random and Targeted of attacks on the network :

Next, we compare how the networks disintegrate when
vertices are disabled. This is the structural vulnerability
analysis [5, 12]. To do so, we simulated two kinds of attacks
on the network
a) Random attack - By removing random nodes until the
graph is no longer connected.
b) Targeted attack - By removing the most connected nodes
first; i.e. those with highest outgoing degree.

Number of components

200

Random
Targeted
150

100

50

1000

3000

2000

4000

5000

Step

Figure 8. Network behavior under Random and Targeted

attack.
Number of Nodes in connected components

nodes (buses). The data can be found at the database of the

North American Electric Reliability Corporations (NERC)
[15]. We have analyzed its graph-theoretic properties using
MATLAB Graph Functions [16]. We calculated statistical
graph measures as shown in table II, including the degree
distribution P(k ) of the original 4941-node network. The data
shown in Table II suggest that the WSSE does indeed follow
the scale-free model. It does not fit the random-graph model
well [17]. The WSEE has a clustering coefficient significantly
larger than the equivalent random graph, and the average path
length is larger than twice in the random graph. The WSSE
demonstrates approximately a power law degree distribution.
However, we point out that the CC is not an ideal measure
for meshed networks such as power grids. The degree
distribution P(k ) of the WSCC network combined with
SCADA and EMS (WSSE) is shown in Figure 7. Clearly it
follows the degree power law of scale-free networks. This
characteristic feature of power transmission grids is supported
by earlier studies of the WSCC network [18,19].

5000
Random
Targeted

4000

3000

2000

1000

1000

2000

3000

4000

5000

Step

Figure 9. Network behavior under Random and Targeted attack

Next, we find all strongly connected components. Each

strongly connected component is a set of nodes each of which
is reachable from any other. The empirical networks exhibit
similar disintegration patterns [20, 21, 22].
We apply this analysis to the combined WSSE system. We
find that the combined network disintegrates considerably
faster when the vertices are removed deliberately than
randomly, i.e. they have a lower attack tolerance than error
tolerance as shown in Figure 8 and Figure 9. Figure 10
illustrates the emergence of a large number of components
occurring after the removal of about 500 nodes. This is
interpreted as a phase change, where the network topology
changes qualitatively from a single component to a chattered
network with a large number of components. The peak of the
size of the second-largest component marks the phase
transition.
The above measures used to classify graphs reflect only
the average topological properties of the network. Only large
changes of the networks topology will be visible by studying
these indicators [23]. The relation between the vulnerability of
a network and the values of the above graph measures is not
straightforward. We argue that the generic topological analysis
may be too imprecise to enable a realistic study of an
upgrading of the transmission grid.

6
Size of SECOND largest component

200

[3]
Random
Targeted

150

[4]

Component Size
100
Size

[5]

50

[6]
0

1000

2000

3000

4000

5000

Step

Figure 10. Size of second largest cluster under Random and Targeted
attack.

VI.

CONCLUSIONS

Graph modeling gives a conceptual picture of the studied

network, and graphs can serve as simple reference models for
comparison. In this paper we used graph-theoretic
vulnerability analysis to study the performance of networks.
We proved that WSSE network follows the power law of
scale-free network. This Network is affected by the removal of
vertices and edges and compared the structure of different
networks, and analyzed the affects of vulnerability on the
structure of the networks. The major drawback with the
generic graph analysis is that the performance measures are
not related to the practical decision-situation, and involve
unrealistically high failure rates (removal of fractions of
vertices in the graph). We must be careful to note that the
analysis of error and attack tolerance is perhaps too imprecise
to enable a realistic study of an upgrading of the transmission
grid. We conclude that structural vulnerability can lead to
major blackouts which will affect all functions in a society.
This emphasizes the need of developing interdependent
models of critical infrastructures.

[7]

[8]
[9]
[10]
[11]
[12]

[13]
[14]
[15]
[16]
[17]

[18]

ACKNOWLEDGMENT
The authors gratefully acknowledge Pennsylvania State
University and The Defense Threat Reduction Agency (DTRA)
for their support and finance for this Project.

[19]

[20]

REFERENCES
[1]

[2]

U.S.-Canada Power System Outage Task Force, Final report on the

August 14, 2003 blackout in the United States and Canada: causes and
recommendations, April 2004.
A. Bobbio, E. Ciancamerla, S. Di Blasi, A. Iacomini, F. Mari, I. Melatti,
M. Minichino, A. Scarlatti, E.Tronci, R.Terruggia, and E. Zendri, Risk
analysis via heterogeneous models of SCADA interconnecting Power
Grids and Telco Networks, IEEE Transactions on Smart Grid : 978-14244-4497-7/09/$25.00 2009 IEEE, pp. 90-97.

[21]
[22]

[23]

A. Murray, and T. Grubesic, Critical Infrastructure-Reliability and

Vulnerability, Advances in Spatial Science, Springer Publications, 2007.
Charles J. Kim, Obinna B. Obah, Vulnerability Assessment of Power
Grid Using Graph Topological Indices, International Journal of
Emerging Electric Power Systems, Vol. 8, Issue 6, 2007, Article 4, pp.
1-17.
A. J. Holmgren, Using Graph Models to Analyze the Vulnerability of
Electric Power Networks, Int. Journal of Risk Analysis, Vol. 26, No.
4, 2006, pp.955-969.
J. Bigger, M. Willingham and F. Krimgold, Consequences of critical
infrastructure interdependencies: lessons from the 2004 hurricane season
in Florida, Int. J. Critical Infrastructures, Vol. 5, No. 3, 2009, pp. 199219.
L. Mili, Q. Qiu, and A. G. Phadke, Risk Assessment of catastrophic
failures in electric power systems, Int. Journal on Critical
Infrastructures, Vol. 1, No. 1, 2004, pp. 38-63.
Vega-Redondo, Complex Social Networks, Economic Society
Monographs, Cambridge University Press, 2007.
Bhandari, Survivable Networks- Algorithms for Diverse Routing, Kumar
Academic Publishers, 1999.
R. K. Ahuja, T. L. Magnanti, and James B. Orlin. Network Flows:
Theory, Algorithms and Applications, PrenticeHall, 1993.
Watts, D. J. and Strogatz, S. H., Collective dynamics of small-world
networks, Nature, Vol. 393, No. 6, June 1998, pp. 440-442.
Ke Sun, Complex Networks Theory: A New Method of Research in
Power Grid, 2005 IEEE/PES Transmission and Distribution
Conference & Exhibition: Asia and Pacific Dalian, China, pp. 1-6.
A. Barabasi, and R. Albert. Emergence of scaling in random networks,
Science, 286 (5439),1999, pp. 509-512.
R. Albert, and A. Barabsi, "Statistical mechanics of complex
networks". Reviews of Modern Physics, 74, 2002, pp. 47-97.
The North American Electric Reliability Corporations (NERC)
http://www.nerc.com/
http://www.mathworks.com/matlabcentral
Erds, and Rnyi, "On Random Graphs-I". Publicationes Mathematicae
6:, 1959, pp. 290-297.
http://www.mathworks.cn/matlabcentral/fileexchange/4206-erdos-renyirandom-graph
Z. Wang, A. Scaglione, and R. Thomas, Generating Statistically
Correct Random Topologies for Testing Smart Grid Communication and
Control Networks, IEEE Transctions on Smart Grid, 1949-3053/$26.00
2010 IEEE, pp. 1-12.
E. Bompard, R. Napoli, and F. Xue, Analysis of structural
vulnerabilities in power transmission grids, International Journal of
Critical Infrastructure Protection, Vol. 2, 2009, pp. 5-12.
Massoud Amin, National Infrastructures as Complex Interactive
Networks, Automation, Control, and Complexity: An Integrated
Approach, Samad & Weyrauch (Eds.), John Wiley and Sons, 2000, pp.
263-286.
WSCC, US Power Grid system Data
http://www.solcomhouse.com/uspowergrid.htm
Western System Coordinating Council (WSCC) Disturbance Report for
the Power System Outage that occurred on the Western Interconnection
on August 10th, 1996 at PAST, October 1996.
Kostereve, Taylor, and Mittelstadt, Modal Validation for the August
10, 1996 WSCC System Outage, IEEE Transaction on Power Systems,
Vol.14,
No.3,
August
1999,
pp.
967-979.