Cybersecurity Research and Training for Power Distribution Grids -- A Blueprint

Henze, Martin; Bader, Lennart; Filter, Julian; Lamberts, Olav; Ofner, Simon; Velde, Dennis van der

doi:10.1145/3372297.3420016

Cited by 9 publications

(6 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Notably, proper preparation for cybersecurity incidents also requires to regularly train the response to cybersecurity incidents, e.g., using a corresponding training simulator [ 132 , 133 ]. To be valuable for training employees of grid operators, such training environments need to closely model typical process control network as found in power grids [ 17 , 134 ].…”

Section: Providing Cybersecurity For Interconnected Power Gridsmentioning

confidence: 99%

Cybersecurity in Power Grids: Challenges and Opportunities

Krause

Ernst

Klaer

et al. 2021

Sensors

Self Cite

View full text Add to dashboard Cite

Increasing volatilities within power transmission and distribution force power grid operators to amplify their use of communication infrastructure to monitor and control their grid. The resulting increase in communication creates a larger attack surface for malicious actors. Indeed, cyber attacks on power grids have already succeeded in causing temporary, large-scale blackouts in the recent past. In this paper, we analyze the communication infrastructure of power grids to derive resulting fundamental challenges of power grids with respect to cybersecurity. Based on these challenges, we identify a broad set of resulting attack vectors and attack scenarios that threaten the security of power grids. To address these challenges, we propose to rely on a defense-in-depth strategy, which encompasses measures for (i) device and application security, (ii) network security, and (iii) physical security, as well as (iv) policies, procedures, and awareness. For each of these categories, we distill and discuss a comprehensive set of state-of-the art approaches, as well as identify further opportunities to strengthen cybersecurity in interconnected power grids.

show abstract

Section: Providing Cybersecurity For Interconnected Power Gridsmentioning

confidence: 99%

Cybersecurity in Power Grids: Challenges and Opportunities

Krause

Ernst

Klaer

et al. 2021

Sensors

Self Cite

View full text Add to dashboard Cite

show abstract

“…While a full reproducibility study is infeasible without the original dataset, we can still validate whether the original implementation and the version on top of IPAL produce identical results when presented with the same input. To this end, we generated our own IEC-104 network trace using a simulation framework for power distribution grids [54] and the attack tool by the authors to add equivalent attacks to this network trace [29]. We performed the same procedure as in the original paper [38], i.e., performing a 50/50 train/test split, applying the attack tool ten times for each attack type, and counting the number of state and transition violations compared to the trained DTMC.…”

Section: Dtmc (Communication)mentioning

confidence: 99%

Facilitating Protocol-independent Industrial Intrusion Detection Systems

Wolsing

Wagner

Henze

2020

Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security

Self Cite

View full text Add to dashboard Cite

The increasing interconnection of industrial networks with the Internet exposes them to an ever-growing risk of cyberattacks. A well-proven mechanism to detect such attacks is industrial intrusion detection, which searches for anomalies in otherwise predictable communication or process behavior. However, efforts to improve these detection methods mostly focus on specific domains and communication protocols, leading to a research landscape that is broken up into isolated silos. Thus, existing approaches cannot be applied to other industrial scenarios that would equally benefit from powerful detection approaches. To better understand this issue, we survey 53 detection systems and conclude that there is no fundamental reason for their narrow focus. Although they are often coupled to specific industrial protocols in practice, many approaches could generalize to new industrial scenario in theory. To unlock this potential for intrusion detection across industrial domains and protocols, we propose IPAL, our industrial protocol abstraction layer, to decouple intrusion detection from domain-specific industrial communication protocols. We show the practical applicability and correctness of IPAL through a reproducibility study in which we re-implement eight detection approaches from related work on top of IPAL. Finally, we showcase the unique benefits of IPAL for industrial intrusion detection research by studying the generalizability of existing approaches to new datasets and conclude that they are indeed not restricted to specific domains or protocols.

show abstract

“…Besides, a comprehensive integrated framework of modeling, simulation, and analysis of cyber-attacks is investigated in [15], which is finally reported various types of cyber-attack detection in power grids. In [16], a blueprint of reducing cyber security threats approach is introduced, trained technical personnel, evaluated the cyberattack impacts, and tested the proposed approach. Another cyber security approach for integration systems of electric power systems and renewable energy sources is proposed in [17], which is developed a new deep reinforcement learning method.…”

Section: Introductionmentioning

confidence: 99%

Multi-Agent Distributed Deep Learning Algorithm to Detect Cyber-Attacks in Distance Relays

Rajaee

Mazlumi

2023

IEEE Access

View full text Add to dashboard Cite

Distance relays are critical components in protection systems of power grids that can be attacked by cyber-attackers. Indeed, a cyber-attacker injects fake data into a distance relay to pretend a fault has happened, and the distance relay must be tripped. Thus, a new powerful approach, named Multi-Agent Distributed Deep Learning (MADDL) method is proposed to tackle cyber-attacks in distance relays. Unlike centralized methods, the protection system with several distance relays is mapped to a multi-agent distributed system by employing the graph theory, in which the distance relays are considered as the agents of the multi-agent system or the nodes of the considered graph. Each agent is only connected to the neighboring agents to exchange voltage and current data. Then, a deep neural network as a cyber-attack detection structure is assumed for each agent that utilizes the local voltage and current data and the received data from the neighboring agents to detect the attacks. Hence, the considered detection structures are tuned by employing train data, obtained by simulating the grid in different types of faults. Then, the tuned detection structures are evaluated by a test dataset, including data from the grid under various faults and the normal situation by injecting fake data as cyber-attacks. The developed method has been employed for three different case studies, including IEEE 6-bus, IEEE 14-bus, and IEEE 118-bus power grids. According to the simulation results, the proposed algorithm has succeeded in identifying more than 99.88% of faults and cyber-attacks.

show abstract

Cybersecurity Research and Training for Power Distribution Grids -- A Blueprint

Cited by 9 publications

References 6 publications

Cybersecurity in Power Grids: Challenges and Opportunities

Cybersecurity in Power Grids: Challenges and Opportunities

Facilitating Protocol-independent Industrial Intrusion Detection Systems

Multi-Agent Distributed Deep Learning Algorithm to Detect Cyber-Attacks in Distance Relays

Contact Info

Product

Resources

About