Barreto Andrade, SergioPignati, MarcoDán, GyörgyLe Boudec, Jean-YvesPaolone, Mario2016-12-052016-12-052016-12-052018-07-0110.1109/TSG.2016.2634124https://infoscience.epfl.ch/handle/20.500.14299/131770Smart-grid applications based on synchrophasor measurements have recently been shown to be vulnerable to timing attacks. A fundamental question is whether timing attacks could remain undetected by bad-data detection algorithms used in conjunction with state-of-the-art situational-awareness state estimators. In this paper, we analyze the detectability of timing attacks on linear state-estimation. We show that it is possible to forge delay attacks that are undetectable. We give a closed form for an undetectable attack; it imposes two phase offsets to two or more synchrophasor-based measurement units that can be translated to synchrophasors’ time delays. We also propose different methods for combining two-delays attacks to produce a larger impact. We simulate the attacks on a benchmark power- transmission grid, we show that they are successful and can lead to physical grid damage. To prove undetectability, we use classic bad-data detection techniques such as the largest normalized residual and the χ²-test.Time synchronization attackFalse data injectionphasor measurement unitPMULinear state estimationepfl-smartgridstext::journal::journal article::research article