In a false data injection attack targeting power system state estimation, the measurement data communicated to the control center is altered. The attacker cannot manipulate measurements arbitrarily as it can be easily detected by the bad data module. Moreover, the attacker's constraints limit his/her freedom in choosing attack vectors. In this seminar, a novel concept called degrees of freedom in attack vectors will be introduced. The degrees of freedom in attack vectors is the maximum number of measurements into which the attacker can stealthily inject arbitrary magnitude with his/her available budget. Higher degrees of freedom poses a higher risk to the utility. An algorithm is developed to determine the degrees of freedom in attack vectors. We show that securing a selected set of few measurements can minimize the attacker's degrees of freedom for all values of the attacker's budget. Case studies on IEEE test systems will be presented.