The benefits of increased monitoring and control in energy distribution grids, in order to form a Smart Grid, have been widely recognised. For instance, this increased automation enables the inclusion of a greater number of renewable energy sources, and the potential for greater resilience. To achieve this, Smart Grids include a significant Information and Communications Technology (ICT) component. However, with this increased use of ICT, there is also a greater risk of cyber-attacks, thereby making Smart Grids more susceptible to a range of new security threats. Our increasing dependence on such critical infrastructure also means that targeted attacks can easily disrupt the functioning of our society. Thus, it is of paramount importance to make such systems resilient to malicious attacks and other challenges, such as operational anomalies, misconfigurations or equipment failures.
The goal of this project is to investigate and develop mechanisms and services that can be integrated into a future Smart Grid for addressing stringent security and resilience requirements. For the most part, existing security standards for the Smart Grid, such as the NIST-IR 7628 guidelines, prescribe static information security protection measures, e.g., encryption and authentication measures between sub-systems. Whilst this is important, we advocate the need for approaches to manage the dynamic behaviour that is necessary of a Smart Grid – a cyber-physical system – in order to respond to cyber-attacks or other challenges. We argue that because of the scale and complexity of a Smart Grid, attackers will inevitably breach the forms of security protections outlined in existing standards and architectures, thus techniques are required to detect and mitigate these occurrences, in order to ensure the continued availability of the power grid.
To achieve this, we advocate the use of dynamic network management techniques, such as policy-based management (PBM), for the coordination of monitoring and mitigation components that operate in the ICT and Supervisory Control and Data Acquisition (SCADA) infrastructure of a Smart Grid. These management techniques must take into consideration the properties of various control functions that operate in a future Smart Grid, e.g., to manage voltage levels of a photovoltaic (PV) deployment, and those necessary to mitigate a cyber-attack – they must operate in a coordinated fashion. A starting point for our research will be the D2R2 (Defend, Detect, Remediate, Recover) framework for resilience defined within the EU FP7 ResumeNet project.
Overview of the proposed project
Research Targets
Investigate Smart Grid security and resilience vulnerabilities
One of our primary aims is to understand the security risks and vulnerabilities of Smart Grids. We will initially engage with energy network operators to develop case studies that will identify potential attacks and threats to the infrastructure. Anticipated attacks, common exploitations and threats will be classified and catalogued, and will serve as guidelines for further investigations.
Develop attack and anomaly detection mechanisms
Monitoring network operation will be crucial for detecting malicious attacks and anomalies alike. We therefore intend to apply network monitoring techniques for identifying anomalies in all parts of the infrastructure. These techniques will be based on detecting anomalous network activity, which deviate from pre-defined usage patterns. According to the different types of anomalies detected, different mitigation and reconfiguration actions can be performed to protect the infrastructure and its users.
Implement a management architecture for security and resilience
The core of the project will be an integrated architecture for security and resilience for Smart Grids. Based on the evidence monitored and collected from the network, and the possible identification of attacks or threats, dynamic reconfiguration actions can be applied to mitigate the effects of an attack. We intend to apply consolidated network management techniques, such as policy-based management (PBM), to support this dynamic adaptation of the Smart Grid resources. Ultimately, we aim to promote policy configurations and resilience strategies that prove to be effective into management patterns. Our goal is to have management patterns that describe blueprints and best management practices against the vulnerabilities and threats previously identified.
Demonstrate results in real testbed environments
We will engage with energy network operators to validate monitoring and mitigation mechanisms, and policies in real testbed environments. We aim to be able to validate both anomaly detection mechanisms and corresponding mitigation strategies using real deployments.
Expected Impact
The project will provide an early identification of security risks and vulnerabilities for Smart Grids. We intend to identify best practices and policies for early detection and mitigation of security risks and attacks, and by the end of the project develop an integrated architecture for coordinated management of security and resilience in Smart Grids.