With the enhanced capabilities of the SCADA system, the power system can monitor its operating states in real-time. On the other hand, it also makes the power system more vulnerable to various kinds of attacks. One attack that has serious consequences is the False Data Injection (FDI) attack against the state estimation process. Although some techniques have been proposed to select meters to protect, none of them considers the cost of protecting meters, and thus will not perform well when only a limited number of meters can be protected due to budget limitation. In this paper, we consider a new problem: Given a limited budget, how to select the most critical meters to protect so that the probability of attackers launching successful stealthy FDI attack is minimized? We first formalize this problem which is NP-complete, and then propose heuristic based solutions. The idea is to rank and select meters based on a metric called vulnerability index, which considers two factors: How likely the meter will be targeted by the attacker to launch FDI attacks and how much damage will be caused by compromising the meter in case of a successful stealthy FDI attack. Evaluation results show that our algorithm can significantly reduce the probability of successful attacks, as well as the potential damage caused by FDI attacks.