Anomaly Detection in Automatic Generation Control Systems Based on Traffic Pattern Analysis and Deep Transfer Learning

In modern highly interconnected power grids, automatic generation control (AGC) is crucial in maintaining the stability of the power grid. The dependence of the AGC system on the information and communications technology (ICT) system makes it vulnerable to various types of cyber-attacks. Thus, information flow (IF) analysis and anomaly detection became paramount for preventing cyber attackers from driving the cyber-physical power system (CPPS) to instability. In this paper, the ICT network traffic rules in CPPSs are explored and the frequency domain features of the ICT network traffic are extracted, basically for developing a robust learning algorithm that can learn the normal traffic pattern based on the ResNeSt convolutional neural network (CNN). Furthermore, to overcome the problem of insufficient abnormal traffic labeled samples, transfer learning approach is used. In the proposed data-driven-based method the deep learning model is trained by traffic frequency features, which makes our model robust against AGC's parameters uncertainties and modeling nonlinearities.Comment: Editor: Geert Deconinck. 18th European Dependable Computing Conference (EDCC 2022), September 12-15, 2022, Zaragoza, Spain. Fast Abstract Proceedings - EDCC 202

Deep Learning-Based Intrusion Detection System for Advanced Metering Infrastructure

Smart grid is an alternative solution of the conventional power grid which harnesses the power of the information technology to save the energy and meet today's environment requirements. Due to the inherent vulnerabilities in the information technology, the smart grid is exposed to a wide variety of threats that could be translated into cyber-attacks. In this paper, we develop a deep learning-based intrusion detection system to defend against cyber-attacks in the advanced metering infrastructure network. The proposed machine learning approach is trained and tested extensively on an empirical industrial dataset which is composed of several attack categories including the scanning, buffer overflow, and denial of service attacks. Then, an experimental comparison in terms of detection accuracy is conducted to evaluate the performance of the proposed approach with Naive Bayes, Support Vector Machine, and Random Forest. The obtained results suggest that the proposed approaches produce optimal results comparing to the other algorithms. Finally, we propose a network architecture to deploy the proposed anomaly-based intrusion detection system across the Advanced Metering Infrastructure network. In addition, we propose a network security architecture composed of two types of Intrusion detection system types, Host and Network-based, deployed across the Advanced Metering Infrastructure network to inspect the traffic and detect the malicious one at all the levels.Comment: 7 pages, 6 figures. 2019 NISS19: Proceedings of the 2nd International Conference on Networking, Information Systems & Securit

Implementation of Secure DNP3 Architecture of SCADA System for Smart Grids

With the recent advances in the power grid system connecting to the internet, data sharing, and networking enables space for hackers to maliciously attack them based on their vulnerabilities. Vital stations in the smart grid are the generation, transmission, distribution, and customer substations are connected and controlled remotely by the network. Every substation is controlled by a Supervisory Control and Data Acquisition (SCADA) system which communicates on DNP3 protocol on Internet/IP which has many security vulnerabilities. This research will focus on Distributed Network Protocol (DNP3) communication which is used in the smart grid to communicate between the controller devices. We present the DNP3 SAv5 and design a secure architecture with Public Key Infrastructure (PKI) on Asymmetric key encryption using a Certificate Authority (CA). The testbed provides a design architecture between customer and distribution substation and illustrates the verification of the public certificate. We have added a layer of security by giving a password to a private key file to avoid physical tampering of the devices at the customer substations. The simulation results show that the secure communication on the TLS layer provides confidentiality, integrity, and availability

Cybersecurity in Power Grids: Challenges and Opportunities

Increasing volatilities within power transmission and distribution force power grid operators to amplify their use of communication infrastructure to monitor and control their grid. The resulting increase in communication creates a larger attack surface for malicious actors. Indeed, cyber attacks on power grids have already succeeded in causing temporary, large-scale blackouts in the recent past. In this paper, we analyze the communication infrastructure of power grids to derive resulting fundamental challenges of power grids with respect to cybersecurity. Based on these challenges, we identify a broad set of resulting attack vectors and attack scenarios that threaten the security of power grids. To address these challenges, we propose to rely on a defense-in-depth strategy, which encompasses measures for (i) device and application security, (ii) network security, and (iii) physical security, as well as (iv) policies, procedures, and awareness. For each of these categories, we distill and discuss a comprehensive set of state-of-the art approaches, as well as identify further opportunities to strengthen cybersecurity in interconnected power grids

Distributed intrusion detection/prevention system design and implementation for secure SCADA communication in smart grid

Cybersecurity, one of the expanding research area has tremendous importance towards critical infrastructures. Organizations like power, oil, and gas use SCADA communication to manage and control their outstations across a wide area. Some of the standard SCADA protocols used are DNP3, Modbus, IEC 61850 to control, share, and exchange real-time information. The communication involves both cyber-physical system processes and requires high availability and integrity of the data. DNP3, a TCP based protocol, is widely used in these infrastructures. With the involvement of the cyber, the systems are susceptible to network-based intrusions and cyber attacks. Since the communication is between the control center and its vast network of outstations, it becomes a challenge to monitor and control the network activity of the whole system. It creates a demand in the visualization of different network areas and a need to monitor their network activity from a single console. This work presents a framework to bring the distributed setup of the Intrusion detection system and provide an optimal solution to detect network intrusions and abnormal behavior. The main focus of the work is to provide a single dashboard view to monitor the network activities of different outstations. Further, the design and implementation of the distributed setup are explained in various architectures. Different types of IDS rules based on packet payload, packet flow, and time threshold are generated to show how an attack surface of the system can be reduced and detect different types of cyber attacks. Then IDS testing and evaluation is performed with a set of rules in different sequences. The detection time is measured for different IDS rules, and the results are plotted. All the experiments are conducted in Power Cyber Lab, ISU using two-area and 39-Bus power model and presented in CPS and Grid-Ex based training. After successful testing and evaluation, the knowledge and implementation are transferred to field deployment. In the last section, the conclusion of the work is summarized, a possible extension of future work is discussed

Real-Time Machine Learning Models To Detect Cyber And Physical Anomalies In Power Systems

A Smart Grid is a cyber-physical system (CPS) that tightly integrates computation and networking with physical processes to provide reliable two-way communication between electricity companies and customers. However, the grid availability and integrity are constantly threatened by both physical faults and cyber-attacks which may have a detrimental socio-economic impact. The frequency of the faults and attacks is increasing every year due to the extreme weather events and strong reliance on the open internet architecture that is vulnerable to cyber-attacks. In May 2021, for instance, Colonial Pipeline, one of the largest pipeline operators in the U.S., transports refined gasoline and jet fuel from Texas up the East Coast to New York was forced to shut down after being attacked by ransomware, causing prices to rise at gasoline pumps across the country. Enhancing situational awareness within the grid can alleviate these risks and avoid their adverse consequences. As part of this process, the phasor measurement units (PMU) are among the suitable assets since they collect time-synchronized measurements of grid status (30-120 samples/s), enabling the operators to react rapidly to potential anomalies. However, it is still challenging to process and analyze the open-ended source of PMU data as there are more than 2500 PMU distributed across the U.S. and Canada, where each of which generates more than 1.5 TB/month of streamed data. Further, the offline machine learning algorithms cannot be used in this scenario, as they require loading and scanning the entire dataset before processing. The ultimate objective of this dissertation is to develop early detection of cyber and physical anomalies in a real-time streaming environment setting by mining multi-variate large-scale synchrophasor data. To accomplish this objective, we start by investigating the cyber and physical anomalies, analyzing their impact, and critically reviewing the current detection approaches. Then, multiple machine learning models were designed to identify physical and cyber anomalies; the first one is an artificial neural network-based approach for detecting the False Data Injection (FDI) attack. This attack was specifically selected as it poses a serious risk to the integrity and availability of the grid; Secondly, we extend this approach by developing a Random Forest Regressor-based model which not only detects anomalies, but also identifies their location and duration; Lastly, we develop a real-time hoeffding tree-based model for detecting anomalies in steaming networks, and explicitly handling concept drifts. These models have been tested and the experimental results confirmed their superiority over the state-of-the-art models in terms of detection accuracy, false-positive rate, and processing time, making them potential candidates for strengthening the grid\u27s security

Modelo de ciberseguridad en las Unidades de medición fasorial (PMU) del nuevo sistema inteligente de supervisión y control avanzado de tiempo real (ISAAC) del sistema eléctrico Nacional

El mapa de implementación del proyecto Sistema Inteligente de Supervisión y Control Avanzado (ISAAC) desarrollado por la compañía XM SA ESP, está basado en dispositivos PMU (Unidades de medición fasorial) los cuales hacen parte de la infraestructura eléctrica colombiana, éstos, son la base para el control de la frecuencia, sirven para dar respuesta efectiva de la oferta y demanda de energía. Éste proyecto ha definido un modelo de ciberseguridad del proyecto ISAAC, para lo cual, se estableció (i) Una estimación de los riesgos asociados a ciberataques sobre dispositivos de supervisión PMU, (II) se definió un modelo para la implementación de controles, que reduzcan los niveles de riesgos sobre los dispositivos de supervisión PMU y (III) se implementó un ambiente de prueba que permita valorar los resultados del modelo propuesto y el impacto de los controles de seguridad sobre las funcionalidades de los equipos. Este proyecto no contempla la implementación de elementos de seguridad en su diseño ni controles complementarios sobre las PMU, Los ciberataques cada vez más complejos y elaborados (ataques de hombre en el medio, alteración de datos, ataques de denegación de servicios distribuidos, suplantación, inserción de código, botnet, entre otros), el surgimiento de grupos especializados en construir software malicioso (malware, troyanos, APTS -amenazas persistentes en el tiempo, secuestro de información), el ciberespionaje y la situación compleja de nuestro país hacen que sea necesario la implementación de controles y modelos de ciberseguridad para proteger la infraestructura que soporta el sistema eléctrico Dado lo anterior en éste trabajo de maestría, se diseñó un modelo de ciberseguridad para los elementos PMU en el proyecto ISAAC asociado al sistema eléctrico colombiano, que permite realizar una operación confiable y segura, mitigando con ello riesgos y mejorando la resiliencia ante posibles eventos de ciberseguridad sobre dichas PMU.The implementation map of the Intelligent Advanced Monitoring and Control System (ISAAC) project developed by the company XM SA ESP, is based on PMU devices (Fasorial measurement units) which are part of the Colombian electrical infrastructure, these are the basis for frequency control, they serve to effectively respond to the supply and demand of energy. This project has defined a cybersecurity model of the ISAAC project, for which, it was established (i) An estimate of the risks associated with cyber attacks on PMU monitoring devices, (II) a model for the implementation of controls was defined, which reduce the risk levels on the PMU monitoring devices and (III) a test environment was implemented to assess the results of the proposed model and the impact of safety controls on the functionalities of the equipment. This project does not include the implementation of security elements in its design or complementary controls on PMUs, The increasingly complex and elaborate cyberattacks (man-in-the-middle attacks, data alteration, attacks on denial of distributed services, impersonation, code insertion, botnet, among others), the emergence of groups specialized in building malicious software (malware , Trojans, APTS - persistent threats over time, kidnapping of information), cyber espionage and the complex situation of our country make it necessary to implement controls and cybersecurity models to protect the infrastructure that supports the electrical system Given the above in this master's work, a cybersecurity model was designed for the PMU elements in the ISAAC project associated with the Colombian electricity system, which allows a reliable and safe operation, thereby mitigating risks and improving resilience to possible events cybersecurity about these PMU

Intelligent Buildings in Smart Grids: A Survey on Security and Privacy Issues Related to Energy Management

During the last decade, the smart grid (SG) concept has started to become a reality, mainly thanks to the technical progress achieved in telecommunications, informatics and power electronics, among other domains, leading to an evolution of the traditional electrical grid into an intelligent one. Nowadays, the SG can be seen as a system of smart systems that include cyber and physical parts from different technologies that interact with each other. In this context, intelligent buildings (IBs) constitute a paradigm in which such smart systems are able to guarantee the comfort of residents while ensuring an appropriate tradeoff of energy production and consumption by means of an energy management system (EMS). These interconnected EMSs remain the objective of potential cyber-attacks, which is a major concern. Therefore, this paper conducts a survey, from a multidisciplinary point of view, of some of the main security and privacy issues related to IBs as part of the SG, including an overview of EMS, smart meters, and the main communication networks employed to connect IBs to the overall SG. Future research directions towards a security enhancement from both technical and human perspectives are also provided