Advancements and Research Trends in Microgrids Cybersecurity

Microgrids are growing in importance in the Smart Grid paradigm for power systems. Microgrid security is becoming crucial since these systems increasingly rely on information and communication technologies. Many technologies have been proposed in the last few years for the protection of industrial control systems, ranging from cryptography, network security, security monitoring systems, and innovative control strategies resilient to cyber-attacks. Still, electrical systems and microgrids present their own peculiarities, and some effort has to be put forth to apply cyber-protection technologies in the electrical sector. In the present work, we discuss the latest advancements and research trends in the field of microgrid cybersecurity in a tutorial form

A Possible Smart Metering System Evolution for Rural and Remote Areas Employing Unmanned Aerial Vehicles and Internet of Things in Smart Grids

The way of generating and distributing energy throughout the electrical grid to all users is evolving. The concept of Smart Grid (SG) took place to enhance the management of the electrical grid infrastructure and its functionalities from the traditional system to an improved one. To measure the energy consumption of the users is one of these functionalities that, in some countries, has already evolved from a periodical manual consumption reading to a more frequent and automatic one, leading to the concept of Smart Metering (SM). Technology improvement could be applied to the SM systems to allow, on one hand, a more efficient way to collect the energy consumption data of each user, and, on the other hand, a better distribution of the available energy through the infrastructure. Widespread communication solutions based on existing telecommunication infrastructures instead of using ad-hoc ones can be exploited for this purpose. In this paper, we recall the basic elements and the evolution of the SM network architecture focusing on how it could further improve in the near future. We report the main technologies and protocols which can be exploited for the data exchange throughout the infrastructure and the pros and cons of each solution. Finally, we propose an innovative solution as a possible evolution of the SM system. This solution is based on a set of Internet of Things (IoT) communication technologies called Low Power Wide Area Network (LPWAN) which could be employed to improve the performance of the currently used technologies and provide additional functionalities. We also propose the employment of Unmanned Aerial Vehicles (UAVs) to periodically collect energy consumption data, with evident advantages especially if employed in rural and remote areas. We show some preliminary performance results which allow assessing the feasibility of the proposed approach

Detecting System Fault/Cyberattack within a Photovoltaic System Connected to the Grid: A Neural Network-Based Solution

The large spread of Distributed Energy Resources (DERs) and the related cyber-security issues introduce the need for monitoring. The proposed work focuses on an anomaly detection strategy based on the physical behavior of the industrial process. The algorithm extracts some measures of the physical parameters of the system and processes them with a neural network architecture called autoencoder in order to build a classifier making decisions about the behavior of the system and detecting possible cyber-attacks or faults. The results are quite promising for a practical application in real systems

A Framework for Network Security Verification of Automated Vehicles in the Agricultural Domain

The agricultural sector increasingly relies on automated vehicles. These machines are often based on a CANbus control network and equipped with different wireless interfaces to implement different functionalities, such as remote control through radio links, GPS-based localization, and Wi-Fi-based data exchange. Nevertheless, CANbus presents severe vulnerabilities that expose these vehicles to cyberattacks. In this context, it is crucial to develop efficient procedures for network security verification of automated agricultural vehicles. The present work proposes a framework for evaluating the network security of agricultural vehicles based on four main dimensions: CANbus Security and Network Segmentation, Remote control based on Radio-Links, Wireless Gateways, and GPS security. We presents a testbed we are developing to test the proposed procedures, also discussing the related methods and procedures

Cybersecurity Issues in Communication-Based Electrical Protections

Cybersecurity is becoming a fundamental issue in Smart Grids. In the last past years, there have been remarkable advances in technologies for enhancing the security of electrical systems. Still, some systems shows severe vulnerabilities. One of them is represented by communication-based electrical protection. The present work analyzes vulnerabilities in such type of control networks. We analyze the attack models to communication-based electrical protection systems, discussing the impact of the implementation of IEC 62351 on these vulnerabilities. We also discuss possible countermeasures which can be useful to address the discussed vulnerabilities

Toward the Integration of Cyber and Physical Security Monitoring Systems for Critical Infrastructures

Critical Infrastructures (CI) are sensible targets. They could be physically damaged by natural or human actions causing service disruptions, economic losses, and, in some extreme cases, harm to people. They, therefore, need a high level of protection against possible unintentional and intentional events. In this paper, we show a logical architecture that exploits information from both physical and cyber security systems to improve the overall security in a power plant scenario. We propose a Machine Learning (ML)-based anomaly detection approach to detect possible anomaly events by jointly correlating data related to both physical and cyber domains. The performance evaluation shows encouraging results - obtained by different ML algorithms -, which highlights how our proposed approach is able to detect possible abnormal situations that could not have been detected by using only information from either the physical or cyber domain

Detecting Cyberattacks on Electrical Storage Systems through Neural Network Based Anomaly Detection Algorithm

Distributed Energy Resources (DERs) are growing in importance Power Systems. Battery Electrical Storage Systems (BESS) represent fundamental tools in order to balance the unpredictable power production of some Renewable Energy Sources (RES). Nevertheless, BESS are usually remotely controlled by SCADA systems, so they are prone to cyberattacks. This paper analyzes the vulnerabilities of BESS and proposes an anomaly detection algorithm that, by observing the physical behavior of the system, aims to promptly detect dangerous working conditions by exploiting the capabilities of a particular neural network architecture called the autoencoder. The results show the performance of the proposed approach with respect to the traditional One Class Support Vector Machine algorithm

METHOD AND APPARATUS FOR DETECTING ANOMALIES OF A DNS TRAFFIC

The present invention relates to a method and an apparatus for detecting anomalies of a DNS traffic in a network comprising analysing, through a network analyser connected to said network, each data packets exchanged in the network, isolating, through the network analyser, from each of the analysed data packets the related DNS packet, evaluating, through a computerized data processing unit, each of the DNS packets generating a DNS packet status, signaling, through the computerized data processing unit, an anomaly of the DNS traffic when the DNS packet status defines a critical state, wherein the evaluating further comprises assessing, through the computerized data processing unit, each of the DNS packet by a plurality of evaluating algorithms generating a DNS packet classification for each of the evaluating algorithms, aggregating, through the computerized data processing unit, the DNS packet classifications generating the DNS packet status, and wherein the critical state is identified when the DNS packet status is comprised in a critical state database stored in a storage medium