Power system state estimation is a prerequisite for detecting faults, directing power flows, and other tasks of Energy Management Systems. State estimators have conventionally filtered out so-called bad data or outliers, but in recent years a number of attacks and mitigation mechanisms have been proposed involving deliberate injection of bad data. In this paper, we introduce a constrained attack mechanism which will be feasible where the communication channel for measurements is authenticated and integrity-protected. We demonstrate that re-ordering of measurements is sufficient to cause errors in state estimation or preventing convergence and propose an algorithm to introduce such attacks. Based on this, we introduce two security metrics to quantify the effort required for sparse and minimum magnitude reordering attacks, respectively, in the form of security indices based on the assumption of the adversary’s full or partial knowledge of previous measurement vectors. We demonstrate success by presenting the Mean Square Error (MSE) for the attacks described and also evaluate the attack model for both the standard IEEE-14 and 30-bus test cases.