1,720,963 research outputs found
Evaluation of the Impact of Cyber-Attacks Against Electric Vehicle Charging Stations in a Low Voltage Distribution Grid
No full textElectric Vehicles (EVs) are getting widely adopted in cities in order to move towards a more sustainable transport system. However, with the increased penetration of EVs and their charging infrastructure, the distribution grid becomes more vulnerable to cyber-attacks. Therefore, it is essential to analyse the impact that cyber-attacks can cause on a low-voltage distribution grid. This paper aims to evaluate the effect produced by a cyber-attack against EV charging stations in the pan-European context. The IEEE European Low-Voltage Test Feeder (ELVTF) is used as a standard model for this study. The simulations are carried out using MATLAB/Simulink platform. The results from different attack locations in the model are used to draw out the final conclusions
Securing Virtual Power Plants: Attack Vector Analysis of Cybersecurity Vulnerabilities in Ancillary Grid Services
No full textVirtual Power Plants (VPPs) have emerged as critical infrastructure for grid stability, aggregating diverse Distributed Energy Resources (DERs) to provide essential ancillary services, including frequency regulation, voltage support, and emergency response capabilities. However, the technical requirements that enable VPPs to deliver these time-critical services simultaneously create unique cybersecurity vulnerabilities that distinguish them from traditional power generation and conventional smart grid systems. This paper establishes systematic connections between VPP technical requirements and cybersecurity threats through the integrated application of NIST and MITRE frameworks. The objective is to reveal critical threats specifically pertaining to ancillary services, comprehensive attack vector classification using MITRE ATT&CK techniques adapted for VPP environments, and mitigation strategies that maintain operational performance while addressing identified vulnerabilities
Cybersecurity Issues in Electrical Protection Relays: A Systematic Review
No full textThe increasing digitalization of power systems has revolutionized the functionality and efficiency of electrical protection relays. These digital relays enhance fault detection, monitoring, and response mechanisms, ensuring the reliability and stability of power networks. However, their connectivity and reliance on communication protocols introduce significant cybersecurity risks, making them potential targets for malicious attacks. Cyber threats against digital protection relays can lead to severe consequences, including cascading failures, equipment damage, and compromised grid security. This paper presents a comprehensive review of cybersecurity challenges in digital electrical protection relays, focusing on four key areas: (1) a taxonomy of cyber attack models targeting protection relays, (2) the associated risks and their potential impact on power systems, (3) existing mitigation strategies to enhance relay security, and (4) future research directions to strengthen resilience against cyber threats
Detecting system fault/cyberattack within a photovoltaic system connected to the grid: A neural network-based solution
No full textThe large spread of Distributed Energy Resources (DERs) and the related cyber-security issues introduce the need for monitoring. The proposed work focuses on an anomaly detection strategy based on the physical behavior of the industrial process. The algorithm extracts some measures of the physical parameters of the system and processes them with a neural network architecture called autoencoder in order to build a classifier making decisions about the behavior of the system and detecting possible cyber-attacks or faults. The results are quite promising for a practical application in real systems
Reduction of the Delays within an Intrusion Detection System (IDS) based on Software Defined Networking (SDN)
No full textSoftware Defined Networking (SDN) is a very useful tool not only to manage networks but also to increase network security, in particular by implementing Intrusion Detection Systems (IDS) directly into the SDN architecture. The implementation of IDS within the SDN paradigm can simplify the implementation, speed up incident responses, and, in general, allow to promptly react to cyber attacks through proper countermeasures. Nevertheless, embedding IDS within SDN also introduces delays that cannot be tolerated in specific network environments, like industrial control systems. This paper focuses on the implementation of an IDS based on Machine Learning (ML) algorithms into an SDN architecture and proposes a very practical approach to reduce the delay by using the sequential implementation of prototypes of increasing software and hardware complexity so allowing quick tests to highlight the main problems, solve them and pass to the next operative step. A fully validated performance evaluation is then shown by exploiting all the presented solutions and by using further improved hardware features. The overall performance is very good and compliant with most, even if not yet all, industrial control systems constraints. Results show how the proposed solutions provide a significant improvement of the latency so opening the door to a real implementation in the field
Industrial Control System-Anomaly Detection Dataset (ICS-ADD) for Cyber-Physical Security Monitoring in Smart Industry Environments
No full textThe increasing integration of cyber-physical systems in industrial environments has underscored the critical need of robust security mechanisms to counteract evolving cyber threats. To allow a full performance evaluation of these security mechanisms as well as the extension of their detection skills concerning new cyber-physical-attacks, this paper introduces an open-source dataset, called Industrial Control System - Anomaly Detection Dataset (ICS-ADD). ICS-ADD would like to be a valuable resource for researchers and practitioners who aim to develop, test, and benchmark new cyber-physical security monitoring and detection technologies. ICS-ADD comprises raw network traffic captures of an industrial control system (ICS) subjected to a variety of simulated cyber-attacks, including but not limited to denial of service (DoS), man-in-the-middle (MITM), and malware infiltration. In addition to raw network traffic, ICS-ADD includes the output of two widely utilized open-source security monitoring tools, OSSIM (Open Source Security Information Management) and Suricata, which offer insights concerning the detection and analysis capabilities of existing security frameworks against threats. The analysis appearing in this paper highlights the complexity and variety of modern cyber threats in industrial environments and the novelty of ICS-ADD with respect to publicly available datasets. The reported performance analysis of OSSIM and Suricata by using ICS-ADD reveals areas of improvement for the detection of new attacks, which will be object of future research concerning the protection of industrial control systems
Toward a Security Operation Center for Operational Technology in Industrial Networks
No full textThe integration of cyber-physical systems into critical infrastructures, such as power grids and manufacturing plants, necessitates robust security measures to safeguard Industrial Control Systems from malicious threats. Due to the unique operational demands of ICS environments, traditional IT security measures are often unsuitable. To address these challenges, we present our approach for enhancing cybersecurity in energy generation plants by correlating and consolidating alerts and logs from various monitoring devices, thereby providing real-time dashboards for anomaly and threat detection. The approach is based on the development of a platform that aids Security Operation Center (SOC) teams in monitoring operational technology within industrial networks. The paper outlines the functionalities of the platform, that will be developed within the "SOC OT Impianti Generazione Energia" (SOC-OT IGE) project
Neural network architecture to detect system faults / cyberattacks anomalies within a photovoltaic system connected to the grid
No full textAnomaly detection is an important issue heavily investigated within different research areas and application domains. Its application in the industrial systems sector may be essential also for the protection of critical infrastructures. Due to the huge amount of involved data and to their complexity the use of machine learning may be the clue. The basic idea is describing an industrial process by a series of key attributes whose measures (the features) compose a state vector including heterogeneous types of measurements. Each feature should be a key attribute which can help discriminate between a normal functioning condition and an anomaly. In this context, the paper presents the use of a deep neural network architecture called autoencoder to detect anomalies due to either system faults or cyberattacks. The chosen application field is a photovoltaic system connected to the grid. The results, even if preliminary, are really promising
A Security Operation and Event Management (SOEM) Platform for Critical Infrastructures Protection
No full textIndustrial Control Systems (ICS) in Operational Technology (OT) environments face unique cybersecurity challenges due to legacy systems, critical operational needs, and incompatibility with standard IT security practices. To address these challenges, this paper presents the Security Operation and Event Management (SOEM) platform, a software designed to support Security Operations Centers (SOCs) in reaching full visibility of OT environments. SOEM integrates diverse log sources and intrusion detection systems, including logs generated by the control system itself and additional on-the-shelf products, to enhance situational awareness and enable rapid incident response. The pilot project was carried out within the funded project SOC-OT-IGE from the “Centro di Competenza Start 4.0” and is being developed in partnership with Ansaldo Energia and HWG Sababa. The validation has been conducted in a real-world pilot project. Thanks to the mapping to requirements for compliance with IEC 62443, the platform demonstrates its effectiveness through defined key performance indicators (KPIs). This work bridges the gap between IT-centric SOC methodologies and the specialized needs of industrial cybersecurity
- …
