Anomaly Detection for Securing Communications in Advanced Metering Infrastructure

s
Activity Leads: 
Industry Collaborators: 
  • IBM Research
  • Cisco Systems
  • Schneider Electric
Summary Statement: 

This activity aims at identifying control decisions that impact power grid resilience and that are based on measurements in Advanced Metering Infrastructure (AMI). Cyber attack models include attacks on control systems, by compromising the measurements that drive those controls, in a manner that leads to loss of resiliency. There are currently no tools for validating measurements before using them to make important control decisions. We plan to develop tools that help mitigate the impact of attacks on resilience, and the benefit of this mitigation is quantified through theory and simulation. In addition, anomalies indicating cyber attacks on AMI communications will be extracted from those indicating non-malicious deviations in meter data (false positives).

Energy Delivery System (EDS) Gap Analysis: 

There are currently no analytic tools to validate AMI data before making control decisions that impact power grid resilience. Also, there are insufficient measures taken to prevent large scale DDoS attacks in AMI. With such tools and measures, operators can prevent failures due to DDoS attacks and attacks on DER dispatch.

How does this research activity address the Roadmap to Achieve Energy Delivery Systems Cybersecurity?

  • Assess and Monitor Risk: This activity assesses the risk of control algorithms in practice, and evaluates whether they can be manipulated by an adversary to cause loss of resiliency.
  • Develop and Implement New Protective Measures to Reduce Risk: This activity aims to provide protective measures to reduce the risk of two problems:
    • DDoS attacks in AMI
    • Spoofing attacks on AMI data
Status of Activity: 
Inactive