Stochastic Edge Based Anomaly Detection for Supervisory Control and Data Acquisitions Systems: Considering the Zambian Power Grid
Authors: Lukumba Phiri, Simon Tembo, Kumbuso Joshua Nyoni
Abstract:
In Zambia, recent initiatives by various power operators like ZESCO, CEC, and consumers like the mines, to upgrade power systems into smart grids, target an even tighter integration with information technologies to enable the integration of renewable energy sources, local and bulk generation, and demand response. Thus, for the reliable operation of smart grids, its information infrastructure must be secure and reliable in the face of both failures and cyberattacks. Due to the nature of the systems, ICS/SCADA cybersecurity and governance face additional challenges compared to the corporate networks, and critical systems may be left exposed. There exist control frameworks internationally such as the NIST framework, however, they are generic and do not meet the domain-specific needs of the SCADA systems. Zambia is also lagging in cybersecurity awareness and adoption, and therefore there is a concern about securing ICS controlling key infrastructure critical to the Zambian economy as there are few known facts about the true posture. In this paper, we present a stochastic Edged-based Anomaly Detection for SCADA systems (SEADS) framework for threat modeling and risk assessment. SEADS enables the calculation of steady-steady probabilities that are further applied to establish metrics like system availability, maintainability, and reliability.
Keywords: Anomaly detection, SmartGrid, edge, maintainability, reliability, stochastic process.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 324References:
[1] “The National Energy Policy 2019.” Ministry of Energy Integrated Resource Plan, 21 Oct. 2021, https://www.moe.gov.zm/irp/download/the-national-energy-policy-2019-2/.
[2] Final Report - Moe.gov.zm. https://www.moe.gov.zm/?wpfb_dl=45.
[3] “Home.” Ministry of Energy Integrated Resource Plan, 1 Sept. 2021, https://www.moe.gov.zm/irp/.
[4] Energy Sector Report 2020 - Erb.org.zm. https://www.erb.org.zm/reports/esr2020.pdf.
[5] Awad, A.; Bazan, P.; German, R. SGsim: A simulation framework for smart grid applications. In Proceedings of the 2014 IEEE International Energy Conference (ENERGYCON), Cavtat, Croatia, 13–16 May 2014; pp. 730–736.
[6] Al Ghazo, Alaa, "A framework for Cybersecurity of Supervisory Control and Data Acquisition (SCADA) Systems and Industrial Control Systems (ICS)" (2020). Graduate Theses and Dissertations. 17834.
[7] Davis, Katherine R., et al. “A Cyber-Physical Modeling and Assessment Framework for Power Grid Infrastructures.” University of Illinois Urbana-Champaign, Institute of Electrical and Electronics Engineers Inc., 1 Sept. 2015, https://experts.illinois.edu/en/publications/a-cyber-physical-modeling-and-assessment-framework-for-power-grid-3.
[8] Handa, A., Sharma, A., and Shukla, S. K. Machine learning in cybersecurity: a review. WIREs Data Mining Knowl Discov. 9, e1306.doi:10.1002/widm.1306
[9] Johnson, J., Onunkwo, I., Cordeiro, P., Wright, B.J., Ja-cobs, N. and Lai, C. Assessing DER network cybersecurity defenses in a power-communication co-simulation environment. IET Cyber-Physical Systems: Theory & Applications, 5: 274-282. https://doi.org/10.1049/iet-cps.2019.0084
[10] Li, Beibei & Xiao, Gaoxi & Lu, Rongxing & Deng, Ruilong & Bao, Haiyong. (2019). On Feasibility and Limitations of Detecting False Data Injection Attacks on Power Grid State Estimation Using D-FACTS Devices. IEEE Transactions on Industrial Informatics. PP. 10.1109/TII.2019.2922215
[11] Christopher Baker, by J., & Air Force Base, M.. Cybersecurity for critical infrastructure a Research Report Submitted to the Faculty In Partial Fulfillment of the Graduation Requirements for the Degree of master of operational arts and sciences advisor: wing commander Air Force Base the United States, 2015.
[12] Office of Electricity Delivery and Energy Reliability. Cybersecurity risk management process (RMP). 2011.
[13] North American Electricity Reliability Council (NERC). Critical infrastructure protection (CIP) reliability standards. 2009.
[14] National Institute of Standards and Technology (NIST). Nistir 7628: Guidelines for smart grid cyber security. 2010.
[15] Hassan Bevrani. Robust power system frequency control. Springer, 2014.
[16] Jaime De La Ree, Virgilio Centeno, James S Thorp, and Arun G Phadke. Synchronized phasor measurement applications in power systems. IEEE Transactions on Smart Grid, 1(1):20{27, 2010.
[17] “The Cyber-Physical Security of the Power Grid.” IEEE Smart Grid, https://smartgrid.ieee.org/bulletins/november-2019/the-cyber-physical-security-of-the-power-grid.
[18] W. Wang, Y. Xu, and M. Khanna, A survey on the communication architectures in smartgrid," Computer Networks, vol. 55, no. 15, pp. 3604{3629, 2011.
[19] Hamid Gharavi and Bin Hu. Synchrophasor sensor networks for grid communication and protection. Proceedings of the IEEE, 2017
[20] Abdul Mohsen Afaf Almalawi. 2014. Designing Unsupervised Intrusion Detection for SCADA Systems. Ph.D. Dissertation. RMIT University, School of Computer Science.
[21] Andrea Carcano, Alessio Coletta, Michele Guglielmi, Marcelo Masera, Igor Nai Fovino, and Alberto Trombetta. 2011. A multidimensional critical state analysis for detecting intrusions in SCADA systems. IEEE Transactions on Industrial Informatics 7, 2 (May 2011), 179–186.
[22] Igor Nai Fovino, Alessio Coletta, Andrea Carcano, and Marcelo Masera. 2012. Critical state-based filtering system for securing SCADA network protocols. IEEE Transactions on Industrial Electronics 59, 10 (October 2012), 3943–3950.
[23] Adnan Anwar, Abdun Naser Mahmood, and Mohiuddin Ahmed. 2014. False data injection attack targeting the LTC transformers to disrupt smart grid operation. In International Conference on Security and Privacy in Communication Systems. Springer International Publishing, Cham, 252–266.
[24] Adnan Anwar, Abdun N. Mahmood, and Zahir Tari. 2017. Ensuring data integrity of OPF module and energy database by detecting changes in power flow patterns in smart grids. IEEE Transactions on Industrial Informatics 13, 6 (2017), 3299–3311.
[25] Cristina Alcaraz and Javier Lopez. 2014. Diagnosis mechanism for accurate monitoring in critical infrastructure protection. Computer Standards & Interfaces 36, 3 (2014), 501–512. DOI:https://doi.org/10.1016/j.csi.2013.10.002
[26] Cristina Alcaraz and Javier Lopez. 2014. WASAM: A dynamic wide-area situational awareness model for critical domains in smart grids. Future Generation Computer Systems 30 (2014), 146–154.
[27] Digitalbond.com. 2013. IDS-signatures/modbus-tcp. Retrieved December, 2018 from http://www.digitalbond.com/index.php/research/ids-signatures/modbus-tcp-ids-signatures/.
[28] Mohiuddin Ahmed, Adnan Anwar, Abdun Naser Mahmood, Zubair Shah, and Michael J. Maher. 2015. An investigation of performance analysis of anomaly detection techniques for big data in SCADA systems. EAI Endorsed Transactions on Industrial Networks and Intelligent Systems 2 (2015), 1–16. Issue 3,e5. DOI:https://doi.org/10.4108/inis.2.3.e5
[29] https://github.com/sarahtattersall/PIPE
[30] F. Bause and P. S. Kritzinger, Stochastic Petri Nets: An Introduction to the Theory, 2nd ed. Braunschweig, Germany: Vieweg, 2002.
[31] Helerea, Elena. “Interconnections between Reliability, Maintenance, and Availability.” IFIP Advances in Information and Communication Technology, 19 Aug. 2016, https://www.academia.edu/27901809/Interconnections_between_Reliability_Maintenance_and_Availability.
[32] M. Kim, A Survey on Guaranteeing Availability in Smart Grid Communications," in Proc.ICACT, Korea, February 2012.