Detection of Microgrid Cyberattacks Using Network and System Management

Microgrids, as a major domain of smart grids, facilitate the integration of distributed and renewable energy sources. They are capable of operating autonomously when the connection to the main grid is difficult or cost-ineffective. As the presence of microgrids in the smart grid becomes more common, it becomes more urgent to protect the microgrid from cyberattacks. In this paper, we present the first design and implementation of a microgrid security monitoring platform based on IEC 62351–7:2017 Network and System Management (NSM). The capabilities of this platform are demonstrated on a detailed microgrid model that is deployed on a real-time co-simulation testbed. A hybrid rule-based and machine learning anomaly detection approach is developed to detect attacks targeting the microgrid. To investigate the effectiveness of the NSM security monitoring platform, evaluate the proposed detection schemes, and observe the impact of cyberattacks on the microgrid operation, several formulated attacks against the microgrid are simulated. The effectiveness of different parameters and architectures for the anomaly detection schemes are compared against one another, including Long Short-Term Memory (LSTM) and Gated Recurrent Unit (GRU). The obtained results demonstrate the strengths and gaps of security monitoring based on NSM, and can be seen as first step towards the design of more comprehensive monitoring platforms that integrate NSM along with complementary mechanisms such as passive network traffic inspection and device log analysis.