Skip to main content
OSTI.GOVU.S. Department of Energy Office of Scientific and Technical Information
U.S. Department of Energy
Office of Scientific and Technical Information
 

Cybersecurity Anomaly Detection in SCADA-Assisted OT Networks Using Ensemble-Based State Prediction Model

Technical Report ·
DOI:https://doi.org/10.2172/1996392· OSTI ID:1996392
 [1];  [1];  [2];  [3];  [4];  [1]
  1. National Renewable Energy Laboratory (NREL), Golden, CO (United States)
  2. Virginia Polytechnic Inst. and State Univ. (Virginia Tech), Blacksburg, VA (United States)
  3. Southern Company Services, Birmingham, AL (United States)
  4. Utilicast, Seattle, WA (United States)
+ Show Author Affiliations
The cybersecurity threats of power system gradually grow due to the increased sophisticated interactions between Information Technology (IT) and Operational Technology (OT) networks. False data injection attack (FDIA) that aims to compromise the Supervisory Control and Data Acquisition (SCADA) measurement and disturb the system operation is one of such cyber threats. Such attacks can potentially lead to significant operational issues at the control centers and substations, and hence, result in severe physical consequences. To avoid catastrophic failure across the power grid resulting from these attacks, it is essential to arm the OT network with real-time vulnerability assessment tools. To this end, this paper outlines various drawbacks of the Purdue architecture model to defend against cyberattacks in the OT network. Furthermore, a novel ensemble-based state prediction model is proposed to detect cybersecurity anomalies in SCADA assisted OT networks. The proposed model uses control center level generation and load forecasts, scheduled, and forced outages, power flow solutions, and the substation level historical data. The hypothesis of the proposed scheme relies on the fact that additional control center and substation data can hardly be accessed and compromised by attackers. One of the vital features of the proposed scheme is an hour-ahead prediction of the operational feasibility of the SCADA measurement range at the control center and substation in real time helps in detecting anomalies in measurements across both substation and the control center.
Research Organization:
National Renewable Energy Laboratory (NREL), Golden, CO (United States)
Sponsoring Organization:
USDOE Office of Electricity (OE)
DOE Contract Number:
AC36-08GO28308
OSTI ID:
1996392
Report Number(s):
NREL/TP--5D00-84582; MainId:85355; UUID:d6411a6f-2fe9-4d7d-9e5d-8a277c288568; MainAdminID:70245
Country of Publication:
United States
Language:
English

Similar Records

Distributed Intrusion Detection System using Semantic-based Rules for SCADA in Smart Grid
Conference · Mon Oct 12 00:00:00 EDT 2020 · 2020 IEEE/PES Transmission and Distribution Conference and Exposition (T&D) · OSTI ID:1985672
Architecture and Methods for Substation SCADA Cybersecurity: Best Practices
Conference · Thu Sep 01 00:00:00 EDT 2016 · OSTI ID:1341355

Related Subjects

24 POWER TRANSMISSION AND DISTRIBUTION
Anomaly Detection
Cybersecurity
EMS
Operational Technology
Purdue Model