Cyber Attack Detection and Trust Management Toolkit for Defence-Related Microgrids

Part 3: Workshop on Defense Applications of AI – (DAAI 2021)International audienceThe rise of microgrids in defence applications, as a greener, more economical and efficient source of energy and the consequential softwarization of networks, has led to the emerge of various cyber-threats. The danger of cyber-attacks in defence microgrid facilities cannot be neglected nor undermined, due to the severe consequences that they can cause. To this end, this paper presents a cyberattack detection and cyber attack severity calculation toolkit, with the aim to provide an end-to-end solution to the cyberattack detection in defense IoT/microgrid systems. Concretely, in this paper are presented and evaluated the SPEAR Visual Analytics AI Engine and the SPEAR Grid Trusted Module (GTM) of the SPEAR H2020 project. The aim of the Visual Analytics AI Engine is to detect malicious action that intend to harm the microgrid and to assist the security engineer of an infrastructure to easily detect abnormalities and submit security events accordingly, while the GTM is responsible to calculate the severity of each security event and to assigns trust values to the affected assets of the system. The accurate detection of cyber-attacks and the efficient reputation management, are assessed with data from a real smart home infrastructure with an installed nanogrid, after applying a 3-stage attack against the MODBUS/TCP protocol used by some of the core nanogrid devices

SDN-Based Resilient Smart Grid: The SDN-microSENSE Architecture

The technological leap of smart technologies and the Internet of Things has advanced the conventional model of the electrical power and energy systems into a new digital era, widely known as the Smart Grid. The advent of Smart Grids provides multiple benefits, such as self-monitoring, self-healing and pervasive control. However, it also raises crucial cybersecurity and privacy concerns that can lead to devastating consequences, including cascading effects with other critical infrastructures or even fatal accidents. This paper introduces a novel architecture, which will increase the Smart Grid resiliency, taking full advantage of the Software-Defined Networking (SDN) technology. The proposed architecture called SDN-microSENSE architecture consists of three main tiers: (a) Risk assessment, (b) intrusion detection and correlation and (c) self-healing. The first tier is responsible for evaluating dynamically the risk level of each Smart Grid asset. The second tier undertakes to detect and correlate security events and, finally, the last tier mitigates the potential threats, ensuring in parallel the normal operation of the Smart Grid. It is noteworthy that all tiers of the SDN-microSENSE architecture interact with the SDN controller either for detecting or mitigating intrusions

SDN-Based Resilient Smart Grid: The SDN-microSENSE Architecture

The technological leap of smart technologies and the Internet of Things has advanced the conventional model of the electrical power and energy systems into a new digital era, widely known as the Smart Grid. The advent of Smart Grids provides multiple benefits, such as self-monitoring, self-healing and pervasive control. However, it also raises crucial cybersecurity and privacy concerns that can lead to devastating consequences, including cascading effects with other critical infrastructures or even fatal accidents. This paper introduces a novel architecture, which will increase the Smart Grid resiliency, taking full advantage of the Software-Defined Networking (SDN) technology. The proposed architecture called SDN-microSENSE architecture consists of three main tiers: (a) Risk assessment, (b) intrusion detection and correlation and (c) self-healing. The first tier is responsible for evaluating dynamically the risk level of each Smart Grid asset. The second tier undertakes to detect and correlate security events and, finally, the last tier mitigates the potential threats, ensuring in parallel the normal operation of the Smart Grid. It is noteworthy that all tiers of the SDN-microSENSE architecture interact with the SDN controller either for detecting or mitigating intrusions. Keywords: anomaly detection; blockchain; cybersecurity; energy management; honeypots; intrusion detection; islanding; privacy; Smart Grid; Software Defined Networkin