Security of information flow in the electric power grid

The confidentiality of information in a system can be breached through unrestricted information flow. The formal properties of non-deducibility and non-inference are often used to assess information flow in purely cyber environments. However, in a "cyber-physical system" (CPS), i.e., a system with significant cyber and physical components, physical actions may allow confidential information to be deduced or inferred. This paper conducts an information flow analysis of a CPS using formal models of confidentiality. The specific CPS under study is the advanced electric power grid using cooperating flexible alternating current transmission system (FACTS) devices. FACTS devices exchange confidential information and use the. information to produce physical actions on the electric power grid. This paper shows that even if the information flow satisfies certain security models, confidential information may still be deduced by observation or inference of a CPS at its cyber-physical boundary. The result is important because it helps assess the confidentiality of CPSs.