650 CHAPTER 25 Security and Privacy in the Smart Grid not a tractable problem to solve. Xie et al. [36] introduced false data injection attacks to another problem: deregulated electricity markets, where attackers can manipulate the prices while being undetected by the system operator. Replacing sensed data with false data is a very generic attack that can be extended to any smart grid application (as all of them are based on correct sensor measurements). It is important to develop intrusion detection mechanisms or rep- utation management systems smart grid applica- tions, where not all received data can be trusted. Anticipating New Vulnerabilities. One of the risks of introducing new functionalities, is the introduction of new vulnerabilities and incentives for an adversary to attack the system. For exam- ple, new functionalities such as demand response might allow an attacker to forge electricity price signals and cause undesired load ramping or load shedding. Another example of a new functionality in several AMI deployments is a remote discon- nect option where a utility can send a signal to remotely disconnect a residence from the net- work. Anderson and Fuloria [37] discuss the risks of including a remotely controllable off switch in smart meters, in particular when the control is centralized, such as the system deployed in the United Kingdom. In this model, if an attacker takes over the head-end, it can send messages to all meters to interrupt supply and so the question is if there are alternative metering architectures that have better attack resiliency. Authors offer a number of solutions including, shared control, key backup, and a PKI based solution. Each of these solutions have drawbacks that are discussed in this paper. As more functionalities are introduced on the smart grid, security researchers need to be aware of the new security vulnerabilities and consider solutions for mitigating these possible problems. Privacy. Privacy is one of the most important concerns in adopting smart grid solutions, which inevitably will collect detailed information about consumers' preferences. The following gives a small sample of research reported in this area. data by attackers trying to attack the power grid. An example of research in cyber-physical sys- tems that has received attention from academia in the past years is the problem of injecting false data into the sensors used in transmission and distribution automation in the power grid [33]. The main contribution of this work is in showing why safety and fault detection mechanisms cur- rently available in the grid for detecting sensor errors and sensor faults, cannot detect incorrect sensor data when an intelligent attacker injects malicious sensor data into the power grid. There- fore, instead of relying solely on fault detection algorithms to protect control algorithms in the power grid, we need to develop new attack detec- tion algorithms focusing on identifying malicious data in sensor and actuation devices in the power grid. Some preliminary results in this area of ´ research include the work of D an and Sand- berg [34], who consider a defender that can secure individual measurements by, for example, replacing an existing meter to a meter with bet- ter security mechanisms such as tamper resis- tance or hardware security support. Their goal is to protect the system under a limited budge and to that end they formulate the problem as identifying the best k measurements to protect (they assume the attacker cannot compromise these sensors) in order to minimize the impact of attacks. The mathematical problem they consider is a combinatorial optimization, so this problem is intractable for large systems. The main con- tribution of this work is to exploit the structure of the power system matrices to make the opti- mization problem efficient. Kosut et al. [35] also extend the basic false data injection attack to con- sider attackers trying to maximize the error intro- duced in the estimate, and defenders with a new detection algorithm that attempts to detect false data injection attacks. Their new detection algo- rithm performs better than the traditional bad data detection algorithms (since these algorithms were designed for detecting faults, not network attacks). Their detection algorithm is based on the generalized likelihood ration test, which is