Abstract
This work proposes an approach based on dynamic Bayesian networks to support the cybersecurity analysis of network-based controllers in distributed energy plants. We built a system model that exploits real world context information from both information and operational technology environments in the energy infrastructure, and we use it to demonstrate the value of security evidence for time-driven predictive and diagnostic analyses. The innovative contribution of this work is in the methodology capability of capturing the causal and temporal dependencies involved in the assessment of security threats, and in the introduction of security analytics supporting the configuration of anomaly detection platforms for digital energy infrastructures.
Highlights
In recent years, energy infrastructure has been evolving from a traditional architecture where the communications are intra-operator and private, to a new landscape that requires advanced functionalities such as distributed energy resource (DER) control, demand response from flexible loads, and electric vehicle charging management
This paper addresses the analysis of cyber attack processes targeting an operational technology (OT) architecture of significant grid users (SGU) with flexible energy resources possibly controlled by transmission system operators (TSO), distribution system operators (DSO), or aggregators
Our model considers imperfect analytics to render the real situation in which the deployment of a technique may go undetected, or viceversa, an alert which is raised when there is no attack: we assume a probability of 10−4 of both false positives and false negatives
Summary
Energy infrastructure has been evolving from a traditional architecture where the communications are intra-operator and private, to a new landscape that requires advanced functionalities such as distributed energy resource (DER) control, demand response from flexible loads, and electric vehicle charging management. New components have to interact with legacy ones with no or limited cyber security measures. In this setting, the exploitable attack surface widens and the cyber security management becomes a core process. In European member states, essential service operators (including energy operators) are required to implement the European Network and Information Security (NIS) Directive 2016/1148 [1]. It is of paramount importance that energy organisations and their employees, within the corporate offices, information technology (IT) and operational technology (OT) departments, and field engineers, are aware of possible threats that may target their cyber-power infrastructures and are prepared to cope with the expected evolution of cyber attacks
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
