Hackathon 2022
Abstract : A tutorial in cybersecurity paradigms in critical infrastructures of electricity power networks. With an objective of gaining knowledge, awareness and knowhow of a real-world aspect addressing the use of AI&ML applications for bolstering the preparedness with case studies and practical hands-on preceded with theoretical lectures.
Introduction : The electricity power grid is made up of three parts: generation, transmission, and distribution. It also includes DERs, or distributed energy resources taking into account of growing trend of harnessing renewable energy for the aim of achieving sustainibility. The interconnected network allows energy and information to move both ways. This means that data is being created at an insanely fast rate all the time, believable or not. The huge amount of data, fig 1 that needs to be collected and managed in the online world makes network systems more vulnerable. Concerns about cyber threats to the power utility are raised by the growing complexity of systems that combine information technology (IT) and operations technology (OT) as a potential hacker, Fig 2, being invisible likely to stealthily select an unknown vulnerability for gaining access. The intrusion detection and prevention system in an IT-OT interwoven regime in addition to rule-based approach should also explore the growing potential of artificial intelligence/machine learning. Since the data collection is in astronomical scale, it also provide a scope of purposefully utilize the deep and generative learning. As deep learning are poised to take care of huge data and generative learning are capable to create new and unknown type of data, it is naturally worth considering for exploring the advantage in this cross-over domain of knowledge complexity. Interestingly, people who use the dark web are likely to becoming just as sophisticated, as the threat landscape oddly suggest in the electricity industry. In the field of cyber security thus, machine learning, and deep learning are likely to make utility network defense stronger.
The historical cyber security incidents viz. Stuxnet [1], INDUSTROYER [2], INDUSTROYER 2 [3] in the past has provided an awareness and scope of preparing the defense for the future preparedness.
Figure 1: Smart Grid comprising many facets in the electricity domains
The fig 1 depicts the complexity of modern power grid critical infrastructure which comprises of SCADA/PMU/WAMS, intelligent electronic device (IED), advance metering infrastructure (AMI), application/simulation software and lateral data generation like weather updates, social media and traffic updates depending upon the size and complexity of utility need and application.
Figure 2: Cyber hacker and the interconnected smart grid
The fig 2 depicts different components of smart grid i.e., generation, transmission and distribution including renewable energy, smart home with electronic appliances connected to the grid. This is made possible by the participation of private power producers and the end-users where smart meters are also being used for threat and pilferage prevention purpose. Ironically, a hacker is potentially looking for an access to intrude in the system for malicious purpose like ransomware, or even cyberwarfare are also not ruled out in the current complex global dynamics and perspective.
Outline of the Tutorial :
Resources : Available Open-source Datasets – UCI repository, GITHUB [12], [13], open-source softwares for network protocol analyzer – Wireshark, smart grid OT malwares
Expected Length of the Tutorial : 8 hours
First Half : Theoretical: Cybersecurity perspective as above in outline of proposal
Second Half : Hands-On & Practical: Use of domain specific software, type of data capture in wireshark [14] for smart grid, type of input and output, type of files, conversion of file format
Cybersecurity Network Protocol Analyser Open-source software Use Wireshark Use, capturing packet files, filtering data, visualization of data, exporting data in other formats
Machine Learning & Deep Learning in Google colab Few ML/DL algorithms – supervised & unsupervised learning, approach of using classification and clustering, comparison from real-world scenario
Dealing with packets file, Deep and Generative Learning Data Analytics based on pcap captures through wireshark and processing in colab[15] enviornment,
Use of GAN in real-world cybersecurity problems – time series data, anomaly detection in intrusion detection, autoencoder, LSTM, etc
Level of the Tutorial : Advanced
Whether any hands-on are proposed : Included through open-source data, softwares, jupyter notebook sharing with problem statements
References :
[1] E. T. H. Library, “Stuxnet,” no. 4, 2017.
[2] A. Cherepanov, “WIN32/INDUSTROYER: A new threat for industrial control systems,” Eset, p. 17, 2017.
[3] “Industroyer2: Industroyer reloaded.”
[4] A. Daneels and W. Salter, “What Is Scada ?,” Int. Conf. Accel. Large Exp. Phys. Control Syst. Trieste, Italy, pp. 339–343, 1999.
[5] S. Mustard, “The NIST cybersecurity framework,” InTech, vol. 61, no. 1–2, 2014, doi: 10.4018/978-1-6684-3698-1.ch003.
[6] K. Scarfone and P. Mell, “Guide to Intrusion Detection and Prevention Systems (IDPS),” Natl. Inst. Stand. Technol., vol. 800–94, no. February, p. 127, 2007, [Online]. Available: https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-94.pdf
[7] K. Stouffer, M. Pease, C. Tang, T. Zimmerman, V. Pillitteri, and S. Lightman, Guide to Operational Technology (OT) Security Revision 3. 2022. [Online]. Available: https://doi.org/10.6028/NIST.SP.800-82r3.ipd
[8] D. E. C. Na and C. Hipertensiva, “Cybersecurity Capability Maturity Model”.
[9] I. Goodfellow, Y. Bengio, and A. Courville, Deep learning. MIT press, 2016.
[10] “MITRE ATT&CK®.”
[11] “ATLAS Navigator | MITRE ATLASTM.”
[12] R. Kelly, Markelle; Longjohn and K. Nottingham, “The UCI Machine Learning Repository.”
Instructor :
Hillol Biswas, B.E. University of North Bengal; M.Sc. (AI&ML), Liverpool John Moores University; PGRTC-Neuroscience, CAMCID, beginning with an initial software developer background, has work experience spanning 30 years in various disciplines of the power sector in some countries across four continents. A member of Cigre since 2006 and, among other things, of the Indian Society of Remote Sensing, IEEE and the National Academy of Psychology, his interests are cognitive science, human and machine intelligence, and consciousness studies. He has papers in conference proceedings, journal papers, and book chapters. His experience includes delivering lectures and professional training in industry-specific areas of the Power sector, and he has experience as a resource person in academic institutes for bridging the industry-academy interface.
ORCID ID : https://orcid.org/0000-0001-5451-4515