Securing Smart Grids Locally using a Power Flow-based Intrusion Detection System

As the ongoing energy transition requires more communication infrastructure in the electricity grid, this introduces new possible attack vectors. Current intrusion detection approaches for cyber attacks often neglect the underlying physical environment, which makes it especially hard to detect data injection attacks. We follow a process-aware approach to evaluate the communicated measurement data within the electricity system in a context-sensitive way and to detect manipulations in the communication layer of the SCADA architecture. This paper proposes a sophisticated tool for intrusion detection, which integrates power flow analysis in real-time and can be applied locally at field stations mainly at the intersection between the medium and low voltage grid. Applicability is illustrated using a simulation testbed with a typical three-node architecture and six different (attack) scenarios. Results show that the sensitivity parameter of the proposed tool can be tuned in advance such that attacks can be detected reliably.