A Graph Embedding-Based Risk Analysis Case Study of a 2000-bus Cyber-Physical Power System

Power systems are increasingly exposed to cyber threats. These threats elevate both operational and security risks and pose significant challenges to the resilience of critical infrastructure. To counter these threats in a generalizable and scalable way, it is important to develop effective methods to predict adversarial actions and conduct quantitative risk assessments. To address this need, this paper presents a comprehensive risk analysis of a 2000-bus cyber-physical power system test case using a Graph Embedding Approach for Cyber-physical Risk Analysis (GEACRA). GEACRA models the cyber-physical system as a graph and uses Node2Vec-based technique to identify high-risk components, access pathways, and the likelihood of each component being affected next. To demonstrate its application, we construct a scenario that models an Advanced Persistent Threat where an adversary gains Supervisory Control and Data Acquisition (SCADA) access through a spear phishing attack and remotely trips circuit breakers of the transformers at a substation to cause the loss of loads and line overloads. Further malicious activities, such as continuous remote tripping of breakers for lines or transformers, can lead to a potential cascading failure with widespread power outages if the intrusion is not mitigated. In the scenarios, GEACRA effectively identifies the cyber and physical nodes most likely to be compromised next, with 100% and 88.9% accuracy among the top 2 and top 18 high-risk nodes, respectively, when compared with the simulation results on affected components. The results highlight GEACRA’s capability to improve grid resilience and support proactive mitigation strategies in complex cyber-physical power systems.