The use of information technology and the automation of control systems in the energy sector enables a more efficient transmission and distribution of electricity. However, in addition to the many benefits that the deployment of intelligent and largely autonomous systems brings, it also carries risks associated with information and cyber security breaches. Technology systems form a specific and critical communication infrastructure, in which powerful control elements integrating IoT principles and IED devices are present. It also contains intelligent access control systems such as RTU, IDE, HMI, and SCADA systems that provide communication with the data and control center on the outer perimeter. Therefore, the key question is how to comprehensively protect these specialized systems and how to approach security implementation projects in this area. To establish rules, procedures, and techniques to ensure the cyber security of smart grid control systems in the energy sector, it is necessary to understand the security threats and bring appropriate measures to ensure the security of energy distribution. Given the use of a wide range of information and industrial technologies, it is difficult to protect energy distribution systems using standard constraints to protect common IT technologies and business processes. Therefore, as part of a comprehensive approach to cyber security, specifics such as legislative framework, technological constraints, international standards, specialized protocols or company processes, and many others need to be considered. Therefore, the key question is how to comprehensively protect these specialized systems and how to approach security implementation projects in this area. In this article, a basic security concept for control systems of power stations, which are part of the power transmission and distribution system, is presented based on the Smart Grid domain model with emphasis on substation intelligence, according to the Purdue model. The main contribution of the paper is the comprehensive design of mitigation measures divided into mandatory and recommended implementation based on the standards defined within the MITRE ATT&CK matrix specified, concerning the specifications of intelligent distribution substations. The proposed and industry-tested solution is mapped to meet the international security standards ISO 27001 and national legislation reflecting the requirements of NIS2. This ensures that the security requirements will be met when implementing the proposed Security Baseline.

Department of Information Technologies Faculty of Informatics and Management 500 03 Hradec Kralove Czech Republic

Zobrazit více v PubMed

Gunduz M.Z., Das R. Cyber-security on Smart Grid: Threats and Potential Solutions. Comput. Netw. 2020;169:107094. doi: 10.1016/j.comnet.2019.107094. DOI

Pavon W., Inga E., Simani S., Nonato M. A Review on Optimal Control for the Smart Grid Electrical Substation Enhancing Transition Stability. Energies. 2021;14:8451. doi: 10.3390/en14248451. DOI

Abrahamsen F.E., Ai Y., Cheffena M. Communication Technologies for Smart Grid: A Comprehensive Survey. Sensors. 2021;21:8087. doi: 10.3390/s21238087. PubMed DOI PMC

Adamiak M., Falk H. Wide Area Implementations of IEC 61850 Substation Systems. In: Bishop P., Nair N.K.C., editors. IEC 61850 Principles and Applications to Electric Power Systems. Springer; Cham, Switzerland: 2022. (CIGRE Green Books).

Chehri A., Fofana I., Yang X. Security Risk Modeling in Smart Grid Critical Infrastructures in the Era of Big Data and Artificial Intelligence. Sustainability. 2021;13:3196. doi: 10.3390/su13063196. DOI

Lázaro J., Astarloa A., Rodríguez M., Bidarte U., Jiménez J. Survey on Vulnerabilities and Countermeasures in the Communications of the Smart Grid. Electronics. 2021;10:1881. doi: 10.3390/electronics10161881. DOI

Zhang H., Liu B., Wu H. Smart Grid Cyber-Physical Attack and Defense: A Review. IEEE Access. 2021;9:29641–29659. doi: 10.1109/ACCESS.2021.3058628. DOI

Pandey J.C., Kalra M. A Review of Security Concerns in Smart Grid. In: Raj J.S., Kamel K., Lafata P., editors. Innovative Data Communication Technologies and Application. Volume 96 Springer; Singapore: 2022. (Lecture Notes on Data Engineering and Communications Technologies).

Mavale S., Katade J., Dunbray N., Nimje S. Review of Cyber-Attacks on Smart Grid System. In: Bindhu V., Tavares J.M.R.S., Du K.L., editors. Proceedings of Third International Conference on Communication, Computing and Electronics Systems. Volume 844 Springer; Singapore: 2022. (Lecture Notes in Electrical Engineering).

Krause T., Ernst R., Klaer B., Hacker I., Henze M. Cybersecurity in power grids: Challenges and opportunities. Sensors. 2021;21:6225. doi: 10.3390/s21186225. PubMed DOI PMC

Mokhor V., Honchar S., Onyskova A. Cybersecurity Risk Assessment of Information Systems of Critical Infrastructure Objects; Proceedings of the 2020 IEEE International Conference on Problems of Infocommunications. Science and Technology (PIC S&T); Kharkiv, Ukraine. 6–9 October 2020; pp. 19–22.

Daria G., Massel A. Intelligent System for Risk Identification of Cybersecurity Violations in Energy Facility; Proceedings of the 2018 3rd Russian-Pacific Conference on Computer Technology and Applications (RPC); Vladivostok, Russia. 18–25 August 2018; pp. 1–5.

Xiao S., Ye Y., Kanwal N., Newe T., Lee B. SoK: Context and Risk Aware Access Control for Zero Trust Systems. Secur. Commun. Netw. 2022;2022:7026779. doi: 10.1155/2022/7026779. DOI

Mrabet Z.E., Kaaboucha N., Ghazi H.E., Ghazi H.E. Cyber-security in smart grid: Survey and challenges. Comput. Electr. Eng. 2018;67:469–482. doi: 10.1016/j.compeleceng.2018.01.015. DOI

Rawat D.B., Bajracharya C. Cyber security for smart grid systems: Status, challenges and perspectives. SoutheastCon. 2015;2015:15240672.

Khan Z.A., Herrmann P. Recent Advancements in Intrusion Detection Systems for the Internet of Things. Secur. Commun. Netw. 2019;2019:4301409. doi: 10.1155/2019/4301409. DOI

Gunduz M.Z., Das R. A comparison of cyber-security oriented testbeds for IoT-based smart grids; Proceedings of the 2018 6th International Symposium on Digital Forensic and Security (ISDFS); Antalya, Turkey. 22–25 March 2018; pp. 1–6.

NIST . NIST Framework and Roadmap for Smart Grid Interoperability Standards Release 2.0. National Institute of Standards and Technology, Special Publication 1108R2; NIST; Gaithersburg, MD, USA: 2012.

López G., Moura P., Moreno J.I., Camacho J.M. Multi-Faceted Assessment of a Wireless Communications Infra-structure for the Green Neighborhoods of the Smart Grid. Energies. 2014;7:3453–3483. doi: 10.3390/en7053453. DOI

Baul A., Sarker G.C., Sadhu P.K., Yanambaka V.P., Abdelgawad A. XTM: A Novel Transformer and LSTM-Based Model for Detection and Localization of Formally Verified FDI Attack in Smart Grid. Electronics. 2023;12:797. doi: 10.3390/electronics12040797. DOI

Haq E.U., Xu H., Pan L., Khattak M.I. Smart Grid Security: Threats and Solutions; Proceedings of the 2017 13th Inter-national Conference on Semantics, Knowledge and Grids (SKG); Beijing, China. 13–14 August 2017; pp. 188–193.

EU . Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 Concerning Measures for a High Common Level of Security of Network and Information Systems across the Union. EU; Brusel, Belgium: 2016.

Leszczyna R. Cybersecurity in the Electricity Sector—Managing Critical Infrastructure. Springer; Cham, Switzerland: 2019.

EU . Proposal for a Directive of the European Parliament and of the Council on Measures for a High Common Level of Cybersecurity across the Union, Repealing Directive (EU) 2016/1148. EU; Brusel, Belgium: 2020.

Hernandez-Ramos J.L., Geneiatakis D., Kounelis I., Steri G., Fovino I.N. Toward a Data-Driven Society: A Technological Perspective on the Development of Cybersecurity and Data-Protection Policies. IEEE Secur. Priv. 2020;18:28–38. doi: 10.1109/MSEC.2019.2939728. DOI

Krzykowski M. Legal Aspects of Cybersecurity in the Energy Sector-Current State and Latest Proposals of Legislative Changes by the EU. Energies. 2021;28:14. doi: 10.3390/en14237836. DOI

Curtis P.D., Mehravari N. Evaluating and Improving Cybersecurity Capabilities of the Energy Critical Infrastructure; Proceedings of the 2015 IEEE International Symposium on Technologies for Homeland Security (HST); Waltham, MA, USA. 14–16 April 2015; pp. 1–6.

Nazir H.M.J., Han W. Proliferation of Cyber Situational Awareness: Today’s Truly Pervasive Drive of Cybersecurity. Secur. Commun. Netw. 2022;2022:6015253. doi: 10.1155/2022/6015253. DOI

Sarker E., Halder P., Seyedmahmoudian M., Jamei E., Horan B., Mekhilef S., Stojcevski A. Progress on the Demand Side Management in Smart Grid and Optimization Approaches. Int. J. Energy Res. 2021;45:36–64. doi: 10.1002/er.5631. DOI

Lyulyov O., Vakulenko I., Pimonenko T., Kwilinski A., Dzwigol H., Dzwigol-Barosz M. Comprehensive assessment of smart grids: Is there a universal approach? Energies. 2021;14:3497. doi: 10.3390/en14123497. DOI

Omitaomu O.A., Niu H. Artificial Intelligence Techniques in Smart Grid: A Survey. Smart Cities. 2021;4:548–568. doi: 10.3390/smartcities4020029. DOI

Guru D., Perumal S., Varadarajan V. Approaches towards Blockchain Innovation: A Survey and Future Directions. Electronics. 2021;10:1219. doi: 10.3390/electronics10101219. DOI

Alrowais F., Marzouk R., Nour M.K., Mohsen H., Hilal A.M., Yaseen I., Alsaid M.I., Mohammed G.P. Intelligent Intrusion Detection Using Arithmetic Optimization Enabled Density Based Clustering with Deep Learning. Electronics. 2022;11:3541. doi: 10.3390/electronics11213541. DOI

Figueiredo J., Serrão C., de Almeida A.M. Deep Learning Model Transposition for Network Intrusion Detection Systems. Electronics. 2023;12:293. doi: 10.3390/electronics12020293. DOI

Rabie O.B.J., Balachandran P.K., Khojah M., Selvarajan S. A Proficient ZESO-DRKFC Model for Smart Grid SCADA Security. Electronics. 2022;11:4144. doi: 10.3390/electronics11244144. DOI

Mazhar T., Irfan H.M., Haq I., Ullah I., Ashraf M., Shloul T.A., Ghadi Y.Y., Imran, Elkamchouchi D.H. Analysis of Challenges and Solutions of IoT in Smart Grids Using AI and Machine Learning Techniques: A Review. Electronics. 2023;12:242. doi: 10.3390/electronics12010242. DOI

Urrea C., Morales C. Enhancing Modbus-RTU Communications for Smart Metering in Building Energy Management Systems. Secur. Commun. Netw. 2019;2019:7010717. doi: 10.1155/2019/7010717. DOI

Xiao L. Construction Technology and Quality Control of Power and Electrical Engineering Based on Convolutional Neural Network. Secur. Commun. Netw. 2021:1–15. doi: 10.1155/2021/8964532. DOI

Alazab M., Tang M., editors. Deep Learning Applications for Cyber Security. Springer; Cham, Switzerland: 2019.

Nguyen T.T., Reddi V.J. Deep Reinforcement Learning for Cyber Security. IEEE Trans. Neural. Netw. Learn Syst. 2021;34:3779–3795. doi: 10.1109/TNNLS.2021.3121870. PubMed DOI

Liu H., Lang B. Machine Learning and Deep Learning Methods for Intrusion Detection Systems: A Survey. Appl. Sci. 2019;9:4396. doi: 10.3390/app9204396. DOI

Susilo B., Sari R.F. Intrusion Detection in IoT Networks Using Deep Learning Algorithm. Information. 2020;11:279. doi: 10.3390/info11050279. DOI

Thapa N., Liu Z., KC D.B., Gokaraju B., Roy K. Comparison of Machine Learning and Deep Learning Models for Network Intrusion Detection Systems. Future Internet. 2020;12:167. doi: 10.3390/fi12100167. DOI

Gupta C., Johri I., Srinivasan K., Hu Y.-C., Qaisar S.M., Huang K.-Y. A Systematic Review on Machine Learning and Deep Learning Models for Electronic Information Security in Mobile Networks. Sensors. 2022;22:2017. doi: 10.3390/s22052017. PubMed DOI PMC

Alkahtani H., Aldhyani T.H.H. Developing Cybersecurity Systems Based on Machine Learning and Deep Learning Algorithms for Protecting Food Security Systems: Industrial Control Systems. Electronics. 2022;11:1717. doi: 10.3390/electronics11111717. DOI

Akhtar M.S., Feng T. Detection of Malware by Deep Learning as CNN-LSTM Machine Learning Techniques in Real Time. Symmetry. 2022;14:2308. doi: 10.3390/sym14112308. DOI

Xu C., Liao Z., Li C., Zhou X., Xie R. Review on Interpretable Machine Learning in Smart Grid. Energies. 2022;15:4427. doi: 10.3390/en15124427. DOI

Moti M.M.M.A., Uddin R.S., Hai M.A., Saleh T.B., Alam M.G.R., Hassan M.M., Hassan M.R. Blockchain Based Smart-Grid Stackelberg Model for Electricity Trading and Price Forecasting Using Reinforcement Learning. Appl. Sci. 2022;12:5144. doi: 10.3390/app12105144. DOI

Piotrowski P., Baczyński D., Kopyt M., Gulczyński T. Advanced Ensemble Methods Using Machine Learning and Deep Learning for One-Day-Ahead Forecasts of Electric Energy Production in Wind Farms. Energies. 2022;15:1252. doi: 10.3390/en15041252. DOI

Alrasheedi A., Almalaq A. Hybrid Deep Learning Applied on Saudi Smart Grids for Short-Term Load Forecasting. Mathematics. 2022;10:2666. doi: 10.3390/math10152666. DOI

Habbak H., Mahmoud M., Metwally K., Fouda M.M., Ibrahem M.I. Load Forecasting Techniques and Their Ap-plications in Smart Grids. Energies. 2023;16:1480. doi: 10.3390/en16031480. DOI

Ibrahim B., Rabelo L., Gutierrez-Franco E., Clavijo-Buritica N. Machine Learning for Short-Term Load Forecasting in Smart Grids. Energies. 2022;15:8079. doi: 10.3390/en15218079. DOI

Mazhar T., Irfan H.M., Khan S., Haq I., Ullah I., Iqbal M., Hamam H. Analysis of Cyber Security Attacks and Its Solutions for the Smart grid Using Machine Learning and Blockchain Methods. Future Internet. 2023;15:83. doi: 10.3390/fi15020083. DOI

Strom B.E., Applebaum A., Miller D.P., Nickels K.C., Pennington A.G., Thomas C.B. MITRE ATT&CK: Design and Philosophy. 2020. [(accessed on 8 February 2023)]. Available online: https://attack.mitre.org/docs/ATTACK_for_ICS_Philosophy_March_2020.pdf.

Ackerman P. Industrial Cybersecurity: Efficiently Secure Critical Infrastructure Systems. 1st ed. Packt Publishing; Birmingham, NI, USA: 2017.

Few C., Thompson J., Awuson-David K., Al-Hadhrami T. A Case Study in the Use of Attack Graphs for Predicting the Security of Cyber-Physical Systems; Proceedings of the 2021 International Congress of Advanced Technology and Engineering (ICOTEN); Taiz, Yemen. 4–5 July 2021; pp. 1–7.

Jha A.V., Ghazali A.N., Appasani B., Mohanta D.K. Risk Identification and Risk Assessment of Communication Networks in Smart Grid Cyber-Physical Systems. In: Awad A.I., editor. Security in Cyber-Physical Systems, Proceedings of the 2021 International Conference on Advanced Informatics for Computing Research (ICAICR), Gurugram, India, 18–19 December 2021. Springer; Singapore: 2021. pp. 97–107.

The MITRE Enterprise Matrix. [(accessed on 8 February 2023)]. Available online: https://attack.mitre.org/matrices/enterprise/

Information Technology—Security Techniques—Information Security Risk Management. Česká agentura pro standardizaci; Prague, Czech Republic: 2019.

Common Vulnerability Scoring System Version 3.1 Calculator. Forum of Incident Response and Security Teams, 2015–2022. [(accessed on 21 July 2022)]. Available online: https://www.first.org/cvss/calculator/3.1.

Industrial Communication Networks—Network and System Security—Part 3-3: System Security Re-Quirements and Security Levels. Czech Agency for Standardization; Prague, Czech Republic: 2019.

Security for Industrial Automation and Control Systems—Part 4-2: Technical Security Requirements for IACS Components. Czech Agency for Standardization; Prague, Czech Republic: 2019.

Information Technology—Security Techniques—Information Security Management Systems—Requirements. Czech Agency for Standardization; Prague, Czech Republic: 2014.

The MITRE Corporation Access Management. 2022. [(accessed on 8 February 2023)]. Available online: https://attack.mitre.org/mitigations/M0801/

The MITRE Corporation Account Use Policies. 2022. [(accessed on 8 February 2023)]. Available online: https://attack.mitre.org/mitigations/M0936/

The MITRE Corporation Antivirus/Antimalware. 2022. [(accessed on 8 February 2023)]. Available online: https://attack.mitre.org/mitigations/M0949//

The MITRE Corporation Authorization Enforcement. 2022. [(accessed on 9 February 2023)]. Available online: https://attack.mitre.org/mitigations/M0800/

The MITRE Corporation Code Signing. 2021. [(accessed on 9 February 2023)]. Available online: https://attack.mitre.org/mitigations/M0945/

The MITRE Corporation Data Backup. 2022. [(accessed on 9 February 2023)]. Available online: https://attack.mitre.org/mitigations/M0953/

The MITRE Corporation Disable or Remove Feature or Program. 2022. [(accessed on 8 February 2023)]. Available online: https://attack.mitre.org/mitigations/M0942/

The MITRE Corporation Execution Prevention. 2022. [(accessed on 9 February 2023)]. Available online: https://attack.mitre.org/mitigations/M0938/

The MITRE Corporation Exploit Protection. 2022. [(accessed on 8 February 2023)]. Available online: https://attack.mitre.org/mitigations/M0950/

The MITRE Corporation Limit Hardware Installation. 2022. [(accessed on 11 February 2023)]. Available online: https://attack.mitre.org/mitigations/M0934/

The MITRE Corporation Mechanical Protection Layers. 2022. [(accessed on 8 February 2023)]. Available online: https://attack.mitre.org/mitigations/M0805/

The MITRE Corporation Network Allowlists. 2022. [(accessed on 11 February 2023)]. Available online: https://attack.mitre.org/mitigations/M0807/

The MITRE Corporation Network Segmentation. 2022. [(accessed on 8 February 2023)]. Available online: https://attack.mitre.org/mitigations/M0930/

The MITRE Corporation Operating System Configuration. 2022. [(accessed on 8 February 2023)]. Available online: https://attack.mitre.org/mitigations/M0928/

The MITRE Corporation Out-of-Band Communications Channel. 2022. [(accessed on 11 February 2023)]. Available online: https://attack.mitre.org/mitigations/M0810/

The MITRE Corporation Privileged Account Management. 2022. [(accessed on 5 February 2023)]. Available online: https://attack.mitre.org/mitigations/M0926/

The MITRE Corporation Restrict File and Directory Permissions. 2022. [(accessed on 11 February 2023)]. Available online: https://attack.mitre.org/mitigations/M0922/

The MITRE Corporation Restrict Registry Permissions. 2022. [(accessed on 12 February 2023)]. Available online: https://attack.mitre.org/mitigations/M0924/

The MITRE Corporation Restrict Web-Based Content. 2022. [(accessed on 12 February 2023)]. Available online: https://attack.mitre.org/mitigations/M0921/

The MITRE Corporation Vulnerability Scanning. 2022. [(accessed on 12 February 2023)]. Available online: https://attack.mitre.org/mitigations/M0916/

The MITRE Corporation Watchdog Timers. 2022. [(accessed on 12 February 2023)]. Available online: https://attack.mitre.org/mitigations/M0815/

The MITRE Corporation Active Directory Configuration. 2022. [(accessed on 15 February 2023)]. Available online: https://attack.mitre.org/mitigations/M0915/

The MITRE Corporation Application Developer Guidance. 2022. [(accessed on 15 February 2023)]. Available online: https://attack.mitre.org/mitigations/M0913/

The MITRE Corporation Application Isolation and Sandboxing. 2022. [(accessed on 14 February 2023)]. Available online: https://attack.mitre.org/mitigations/M0948/

The MITRE Corporation Audit. 2022. [(accessed on 12 February 2023)]. Available online: https://attack.mitre.org/mitigations/M0947/

The MITRE Corporation Boot Integrity. 2022. [(accessed on 12 February 2023)]. Available online: https://attack.mitre.org/mitigations/M0946/

The MITRE Corporation Communication Authenticity. 2022. [(accessed on 12 February 2023)]. Available online: https://attack.mitre.org/mitigations/M0802/

The MITRE Corporation Data Loss Prevention. 2022. [(accessed on 15 February 2023)]. Available online: https://attack.mitre.org/mitigations/M0803/

The MITRE Corporation Encrypt Network Traffic. 2022. [(accessed on 15 February 2023)]. Available online: https://attack.mitre.org/mitigations/M0808/

The MITRE Corporation Encrypt Sensitive Information. 2022. [(accessed on 12 February 2023)]. Available online: https://attack.mitre.org/mitigations/M0941/

The MITRE Corporation Filter Network Traffic. 2022. [(accessed on 12 February 2023)]. Available online: https://attack.mitre.org/mitigations/M0937/

The MITRE Corporation Human User Authentication. 2022. [(accessed on 15 February 2023)]. Available online: https://attack.mitre.org/mitigations/M0804/

The MITRE Corporation Limit Access to Resource over Network. 2022. [(accessed on 15 February 2023)]. Available online: https://attack.mitre.org/mitigations/M0935/

The MITRE Corporation Minimize Wireless Signal Propagation. 2022. [(accessed on 25 February 2023)]. Available online: https://attack.mitre.org/mitigations/M0806/

The MITRE Corporation Mitigation Limited or Not Effective. 2022. [(accessed on 25 February 2023)]. Available online: https://attack.mitre.org/mitigations/M0816/

The MITRE Corporation Multi-Factor Authentication. 2022. [(accessed on 23 February 2023)]. Available online: https://attack.mitre.org/mitigations/M0932/

The MITRE Corporation Network Intrusion Prevention. 2022. [(accessed on 23 February 2023)]. Available online: https://attack.mitre.org/mitigations/M0931/

The MITRE Corporation Operational Information Confidentiality. 2022. [(accessed on 15 February 2023)]. Available online: https://attack.mitre.org/mitigations/M0809/

The MITRE Corporation Password Policies. 2022. [(accessed on 5 February 2023)]. Available online: https://attack.mitre.org/mitigations/M0927/

The MITRE Corporation Redundancy of Service. 2022. [(accessed on 26 February 2023)]. Available online: https://attack.mitre.org/mitigations/M0811/

The MITRE Corporation Restrict Library Loading. 2022. [(accessed on 26 February 2023)]. Available online: https://attack.mitre.org/mitigations/M0944/

The MITRE Corporation Safety Instrumented Systems. 2022. [(accessed on 15 February 2023)]. Available online: https://attack.mitre.org/mitigations/M0812/

The MITRE Corporation Software Configuration. 2022. [(accessed on 15 February 2023)]. Available online: https://attack.mitre.org/mitigations/M0954/

The MITRE Corporation Software Process and Device Authentication. 2022. [(accessed on 18 February 2023)]. Available online: https://attack.mitre.org/mitigations/M0813/

The MITRE Corporation SSL/TLS Inspection. 2022. [(accessed on 12 February 2023)]. Available online: https://attack.mitre.org/mitigations/M0920/

The MITRE Corporation Static Network Configuration. 2022. [(accessed on 3 February 2023)]. Available online: https://attack.mitre.org/mitigations/M0814/

The MITRE Corporation Supply Chain Management. 2022. [(accessed on 15 February 2023)]. Available online: https://attack.mitre.org/mitigations/M0817/

The MITRE Corporation Threat Intelligence Program. 2022. [(accessed on 19 February 2023)]. Available online: https://attack.mitre.org/mitigations/M0919/

The MITRE Corporation Update Software. 2022. [(accessed on 15 February 2023)]. Available online: https://attack.mitre.org/mitigations/M0951/

The MITRE Corporation User Account Management. 2022. [(accessed on 16 February 2023)]. Available online: https://attack.mitre.org/mitigations/M0918/

The MITRE Corporation User Training. 2022. [(accessed on 11 February 2023)]. Available online: https://attack.mitre.org/mitigations/M0917/