Publications

Publications / SAND Report

Securing Inverter Communication: Proactive Intrusion Detection and Mitigation System to Tap, Analyze, and Act

Hossain-McKenzie, Shamina S.; Chavez, Adrian R.; Jacobs, Nicholas J.; Jones, Christian B.; Summers, Adam; Wright, Brian J.

The electric grid has undergone rapid, revolutionary changes in recent years; from the addition of advanced smart technologies to the growing penetration of distributed energy resources (DERs) to increased interconnectivity and communications. However, these added communications, access interfaces, and third-party software to enable autonomous control schemes and interconnectivity also expand the attack surface of the grid. To address the gap of DER cybersecurity and secure the grid-edge to motivate a holistic, defense-in-depth approach, a proactive intrusion detection and mitigation system (PIDMS) device was developed to secure PV smart inverter communications. The PIDMS was developed as a distributed, flexible bump-in-the-wire (BITW) solution for protecting PV smart inverter communications. Both cyber (network traffic) and physical (power system measurements) are processed using network intrusion monitoring tools and custom machinelearning algorithms for deep packet analysis and cyber-physical event correlation. The PIDMS not only detects abnormal events but also deploys mitigations to limit or eliminate system impact; the PIDMS communicates with peer PIDMSs at different locations using the MQTT protocol for increased situational awareness and alerting. The details of the PIDMS methodology and prototype development are detailed in this report as well as the evaluation results within a cyber-physical emulation environment and subsequent industry feedback.