In this paper, we examine the factors that influence the success of false data injection (FDI) attacks in the context of both
cyber and physical styles of reinforcement. Existing research considers the FDI attack in the context of the ability to change
a measurement in a static system only. However, successful attacks will require first intrusion into a system followed by
construction of an attack vector that can bypass bad data detection to cause a consequence (such as overloading). Furthermore,
the recent development of moving target defences (MTD) introduces dynamically changing system topology, which is beyond
the capability of existing research to assess. In this way, we develop a full service framework for FDI risk assessment. The
framework considers both the costs of system intrusion via a weighted graph assessment in combination with a physical, line
overload-based vulnerability assessment under the existence of MTD. We present our simulations on a IEEE 14-bus system
with an overlain RTU network to model the true risk of intrusion. The cyber model considers multiple methods of entry for the
FDI attack including meter intrusion, RTU intrusion and combined style attacks. Post-intrusion, our physical reinforcement
model analyses the required level of topology divergence to protect against a branch overload from an optimised attack vector.
The combined cyber and physical index is used to represent the system vulnerability against FDIA.
