Our partners from KTH got another publication, the chapter titled “Early detection and recovery measures for smart-grid cyber-resilience” is published in the book “Decision Support Systems and Industrial IoT in Smart Grid, Factories, and Cities” by IGI. The chapter discusses the vulnerabilities of smart grid and EPES systems. Since these need to be protected against cyberattacks, therefore, robust algorithms are needed for the efficient intrusion detection system (IDS). This chapter presents the classification of IDSs according to the source of audit data and detection methodologies. It also proposes a method for early-stage detection of cyber-security incidents and protection against them through applicable security measures. Moreover, security techniques such as anomaly detection, threat investigation through a highly automated DSS as well as incident response and recovery for smart grid systems are introduced. The proposed framework can be applied to industrial environments such as cyber-threats targeting the production generator as well as the electricity smart meters etc. The chapter also illustrates the framework’s cyber-resilience against zero-day threats and its ability to distinguish between operational failures as well as cyber-security incidents. With respect to these classification methods, an overview and problems of existing schemes are presented. Industry best practices are also provided as part of Security information and event management (SIEM). The abstract is as follows:
The internet of things (IoT) has recently brought major technological advances in many domains, including the smart grid. Despite the simplicity and efficiency that IoT brings, there are also underlying risks that are slowing down its adoption. These risks are caused by the presence of legacy systems inside existing infrastructures that were built with no security in mind. In this chapter, the authors propose a method for early-stage detection of cyber-security incidents and protection against them through applicable security measures. This chapter introduces security techniques such as anomaly detection, threat investigation through a highly automated decision support system (DSS), as well as incident response and recovery for smart grid systems. The introduced framework can be applied to industrial environments such as cyber-threats targeting the production generator as well as the electricity smart meters, etc. The chapter also illustrates the framework’s cyber-resilience against zero-day threats and its ability to distinguish between operational failures as well as cyber-security incidents.