L7 Defense Israel LTD contributes to the Energy Shield project with their tool Ammune™. Ammune is a state-of-the-art AI (Artificial intelligent) and ML (Machine learning) cyber-security solution to be applied to the identified scenarios to defend the smart grid against DDoS attacks.

Proof of concept

As proof of concept, a smart meter network was selected. Using the Ammune capabilities, whilst implementing a novel smart meter business logic model, the excellent protection of Ammune against realistic DDoS attack simulations was demonstrated. The service normal activity was preserved within 30 seconds of the attack initiation while preventing long-term damage. The source IPs rotation mechanism that was used to simulate real world attacks was overcome by Ammune, which repeatedly captured new source IPs of the campaign and blocked them almost immediately. During simulations, most of the attacks were blocked immediately by Ammune, while a small portion (2-3%) of the attacking traffic reached the servers. In the simulations, there was not enough evidence that some bots belonged to the botnet.

Significance for real life

However, in real life more aggressive attacks are expected, and the new bots would accumulate incriminatory evidence much faster within Ammune. The results of the L7 Defense LTD Israel simulated attacks were compared to an epidemic analytical model (IA-DDoS) developed by CITY. These simulated attacks aimed to show the efficiency of the Ammune defense system by reducing the impact of the botnet targeting an IT system to almost 0. The model was able to achieve similar results to the simulation. The SAC model, also developed by CITY, is conceptual at this stage as it deals with inter-dependency between IT and OT systems. Whilst it expands the view into the impact of attacks on IT targets on dependent OT systems, further testing with realistic smart grid scenarios is needed.