SPEAR and SDN-microSENSE are co-organizing the 2021 IEEE CSR Workshop on Electrical Power and Energy Systems Security, Privacy and Resilience (EPES-SPR).
The smart technologies digitize the conventional model of the Electrical Power and Energy Systems (EPES) into a new architectural paradigm, known as the Smart Grid (SG), thus introducing multiple services, such as two-way communication, pervasive control and self-healing. Based on the current situation of the COVID-19 pandemic and future pandemics, this evolution and in general the complete digitization of the cyber-physical infrastructures become necessary than ever. However, despite the benefits, this progression leads to challenging cybersecurity issues due to the vulnerabilities of the new technologies and the necessary presence of the legacy systems, such as Supervisory Control and Data Acquisition (SCADA) / Industrial Control Systems (ICS) that rely on insecure communication protocols. Moreover, the automatic and autonomous nature of the Industrial Internet of Things (IIoT) entities raises additional cybersecurity and privacy concerns. Current Advanced Persistent Threats (APTs) have demonstrated the aforementioned cybersecurity issues such as TRITON, DragonFly, BlackEnergy3 and Crashoverride.
On the other side, anticipating the critical issues of EPES/SG, both academia and industry have developed appropriate countermeasures, considering the advances in the Artificial Intelligence (AI) and the networking domains. An indicative example is the IEC 62351 standard composed of 14 parts that define a set of security controls and guidelines for EPES. Moreover, AI and especially Machine Learning (ML) and Deep Learning (DL) allow the implementation of detection mechanisms capable of discriminating malicious behaviors as well as zero-day vulnerabilities. Emerging solutions in this sector include Security Information and Event Management (SIEM) systems and Intrusion Detection and Prevention Systems (IDPS). Other emblematic technologies that can mitigate or even prevent cyberattacks are honeypots, Software-Defined Networking (SDN), Network Function Virtualization (NFV) and intentional islanding.