The increasing digitalization of the Energy System Operators (SOs) and owners of energy critical infrastructure has exposed them to a heightened risk of cyberattacks. Over recent years, the energy operators have found themselves squarely in the crosshairs of malicious actors with intentions to disrupt their operations. Notable instances include the 2015 Ukraine power grid attack, which caused widespread power outages, and the 2017 WannaCry ransomware attack that impacted organizations globally, including energy utilities, health care providers and financial institutions. These incidents underscore the urgent need for robust cybersecurity measures. Implementing these measures is imperative to ensure the seamless operation, resilience, and uninterrupted provision of critical services in the energy sector. Yet this is not enough, as with the rise of AI, the attacks are becoming ever more sophisticated. However, the landscape of cybersecurity in the energy sector is constantly evolving, and simply relying on traditional security measures is no longer sufficient.
With the rapid advancement of Artificial Intelligence (AI), cyberattacks have grown increasingly sophisticated, surpassing the capabilities of conventional security measures in terms of both detection and mitigation. This escalating threat landscape demands a proactive and adaptive approach to cybersecurity in the energy sector. It necessitates the integration of AI-driven solutions that can not only detect but also respond to these sophisticated attacks in real-time.
In the context of AI4CYBER, Public Power Corporation (PPC) holds the role of such energy operator as one of the biggest energy providers in southeast Europe, applying the project’s solutions to the Energy sector use case.
In more detail, the use case explores AI-powered attacks and adversarial attack scenarios against business assets belonging to multiple application domains of the Energy sector. The three types of attacks are tested on an isolated lab infrastructure of the PPC Innovation Hub that replicates the following energy-related setups:
- Wide Area Measurement System (WAMS)
- Building Automation System
- Electric Vehicle (EV) Charging infrastructure
A multi-step attack scenario is investigated against an infrastructure replicating a WAMS system that performs advanced real-time monitoring of the power grid. Through multi-step lateral movements, the adversary aims to compromise critical systems and deploy malware that compromises the data stored on the infected systems. As a result, the SOs (i.e., Distribution System Operators (DSOs) and Transmission System Operators (TSOs)) lose situational awareness of the grid, a situation that can be further exploited to launch other attacks (e.g., False Data Injections) that can harm the grid infrastructure. It is worth mentioning that the scenario under study is inspired by real-world incidents, like BlackEnergy with the KillDisk module which was used by the Sandworm Team against the Ukrainian power distribution grid in 2015, affecting 225,000 citizens during the winter.
Moreover, the energy use case studies a smart fuzzing attack against a KNX infrastructure as well as an adversarial attack against AI-based detectors, which are employed to detect Denial of Service (DoS) attacks against a Charging Station Management System (CSMS) platform.
To mitigate the potential threats in the scenarios, the AI4CYBER services will interact with security mechanisms deployed in the testbed, such as Software-Defined Network (SDN) controller, Network Intrusion Detection System (NIDS) for threat detection in network traffic, and Host-based Intrusion Detection System (HIDS) on endpoints and a Security Information and Event Management (SIEM) system.
Summing up, this use case aims to showcase the value that the AI4CYBER solution brings in securing the energy infrastructure against advanced and AI-powered threats by employing AI to increase the efficiency and performance of both detection and response to those threats.
Author: Dimitrios Merkouris, Christos Dalamagkas (PPC)