Security risk models against attacks in smart grid using big data and artificial intelligence

Motivation for this study

According to this study, secure models are necessary for the smart grid’s security. It is the basis for any security architecture and technology developed in a smart grid and improves the system’s dependability and resistance to cyberattacks. The electric grid’s adaptability, reliability, dependability, and productivity can be improved by using big data to make decisions about its management and operation. Smart grids are being built to handle more complex electricity generation and distribution. They are powered by cloud-connected technologies that use artificial intelligence (AI).

Contribution of the study

Attacks are common, and it is important to consider who the attacker is, what vulnerabilities are used, what vulnerabilities are targeted, and the consequences of the attack. Security flaws occur when the confidentiality, integrity or availability of information, systems or other services are at risk. Each cybersecurity incident poses a different threat to an individual or organization’s systems and networks.

In this study we see architecture and components of smart grid and also study smart grid security infrastructure in big data and artificial intelligence. We also study different types of applications in which big data and AI playing very imoportant role and most common are healthcare. AI and big data teacniques are playing very important role to protect any sytem and most of the attcks on system can be reduced due to these teachniques. We also study different types of attacks on smart grid like scanning, exploitation black hole,and cybersecurity attcaks.We also study different types of machine learning,deep learning and AI teachniques and also some security models that are used against these attcaks.At the end we study different types of challenges that are faced to implements AI and big data teachniques in smart grid.

Organization of the study

The remaining article is organized as follows. Section ‘Related work’ describes the related work in detail. Section ‘Methods and Materials’ discusses the methodology in which research questions, exclusion and inclusion of AI, and big data techniques and their use in health are concerned. Section ‘Results’ discusses the results of the research questions, and Section ‘Risk Modeling Techniques’ concludes the work. Figure 3 shows the organization of the article.

Research questions

The primary objective of this study is to conduct an SLR that identifies, analyzes, and summarizes empirical evidence related to using smart grid security using AI and big data. The review focuses on different types of attacks on the smart grid. It also focuses on the solution of these issues by using AI and big data techniques. The research questions and the motivation behind each question have been formulated to guide the review process to achieve this goal. Figure 5 illustrates the proposed methodology and Table 4 illustrates the query results from data sources.

1-

What are the different types of attacks on the smart grid?

2-

What are the security challenges of smart grids using AI and big data methods?

3-

What is the role of big data in healthcare?

4-

What are possible solutions to overcome security challenges of smart grid?

Select data sources

Data sources are the libraries or repositories from where the research studies should be retrieved. Five digital libraries, IEEE, Springer, Science Direct, ACM, and Wiley, have been chosen to extract the primary data, as depicted in Fig. 6. Documents are searched to identify the prior studies. There are various options available to search each digital library for pertinent information. To find the most relevant literature, the search strategy is modified to satisfy the respective needs. Table 5 presents the query results from data sources.

Formulate search string

A search string is a carefully crafted combination of keywords and search operators used to identify relevant studies that address the research question or topic of the review. This step focuses on specific keywords and synonyms from the identified research questions to create the search string. These keywords are combined using the ‘AND’, ‘OR’ conditions in the order listed to complete the following search string. Figure 7 and Table 6 illustrate the process of formulating a search string.

Define inclusion and exclusion criteria

Inclusion criteria in an SLR refer to the predefined rules used to determine which studies would be included in the review. In this review, the following inclusion criteria will be considered:

• Studies must have been published in English from 2014 to 2023. The subject of the study should be centered on smart grid security utilized in the domain of security and AI.

• The investigations undertaken in the study should relate to the attacks on smart grids.

• The investigations undertaken in the study should relate to the solution of attacks on smart grids.

• The scope of selected articles should be confined to publications in reputable journals, conferences, or books.

The following categories of studies have been designated for exclusion:

• Those published before 2014. Studies that lack empirical analysis results

• Exclusion criteria in an SLR refer to predesigned conditions to determine which studies will be excluded from the review.

• Those whose primary focus is not on smart grid security and AI.

Define quality assessment criteria

Quality assessment criteria in an SLR refer to the predefined standards or guidelines used to assess the included studies’ quality, reliability, and validity. Defining quality assessment criteria ensures that the selected primary studies offer sufficient details to effectively analyze the identified research question. In this step, a standard is defined against each research question. Each quality assessment criterion is denoted by C and its respective number, as shown in Table 7.

Primary study selection

Primary studies refer to the individual articles or book sections that directly address the research questions or topic of the review. This review has selected prior studies using the tollgate approach, a structured methodology of five phases (Kitchenham & Charters, 2007). This approach was instrumental in carefully curating 49 primary studies, considering the specified quality criteria for prior studies. The primary study selection is illustrated in Table 8, and the overall process is presented in Fig. 8. The prism diagram is shown in Fig. 9.

Attack in smart grid

Hackers get access and control via scanning, monitoring, performing maintenance, and modifying equipment. The observation stage of an attack is when the attacker learns as much as possible about the target. Finding the system’s weaknesses is the second stage. Through these tasks, students will learn about maintaining and detecting problems with the open port operating system (Ghiasi et al., 2023). By losing system control, they try to win during goal manipulation. Once access has been provided to the appropriate administrative levels, the transfer process is complete; at this point, it must be granted permanently. They do this by secretly installing software on the target system that enables them to return whenever they want without being noticed. Due to this security failure, attackers must follow SG’s security policies. They use different strategies at each level to breach the SG’s defenses. Therefore, we can use these methods to categorize cyberattacks (Goudarzi et al., 2022). It demonstrates the several kinds of attacks that may take place throughout the define stage. Attacks and bad things have happened everywhere. Attacks like traffic analysis and social engineering are used in military missions. In social engineering, relationships with other people and people skills come before technical knowledge. An attacker will use trickery and seductive language to gain a victim’s trust and acquire sensitive information, such as login passwords. For instance, SE has several.

Passwords and phishing attempts. Using network traffic monitoring, managers can determine which servers and devices connect to an incoming attack. Most computer systems are vulnerable to compromise through social engineering and traffic analysis. Figure 10 explains the attacking cycle.

Scanning

The next stage is a scanning attack to determine which hosts and PCs are still running. When scanning, IP addresses, ports, utilities, and security flaws must be considered (Hasan et al., 2022a). An attacker usually performs an IP scan of the hosts connected to a network using newly acquired IP addresses when they first get access. They then travel a little further to each port to consider their options. Every host network that has been found runs a scan. The next step taken by the attacker is a service scan to identify the kind of device or service that is listening on each open port (Hasan et al., 2022a). The vulnerability scanning phase follows, looking for weaknesses, goals, and weak points in each service system on the targeted devices. Industrial protocols that are vulnerable to scan attacks include Modbus and DNP3. To stop hackers from breaking into the communication system via Modbus network scanning, TCP/Modbus was developed. Every machine on the network receives a message that the attacker sends that seems safe. This message is sent to such devices to steal their data. Mods scan a well-known SCADA Modbus network scanner that can find and open TCP/Modbus connections, system IP addresses, and slave IDs. Figure 11 explains the scanning process (Zhang, Liu & Wu, 2021).

Exploitation

Attack activities use the SG system’s components in the subsequent “extraction” phase to take over control and locate weak points (Musleh, Yao & Muyeen, 2019). Such attacks include man-in-the-middle, denial of service, and replay assaults. Other examples include privacy violations, channel jamming, integrity breaches, viruses, worms, and Trojan horses that compromise human-machine interfaces. Malicious software created to transmit from one computer to another is a virus in the smart grid (Hussain et al., 2022). A “worm” is a piece of software that can duplicate itself. It makes copies of itself and spreads them to other devices and computers (Mollah et al., 2020). Trojan horses are harmful programs that give the impression of helping the computer they are installed on. However, in this case, it runs destructive code. This kind of malicious software is used by criminals to infect target systems with viruses and worms (Mohammadpourfard et al., 2021). Figure 12 explains the Exploitation process.

Maintaining access

In the last stage of an attack, the attacker uses a specific attack technique, like a backdoor, virus, or Trojan horse, to get unrestricted access to the target system. Installing a backdoor or other undetected malware enables quick and easy access to the target (Abideen et al., 2023). Let’s say the enemy successfully surrounds and controls the SCADA server. They might start a series of attacks against it in this situation, which would be dreadful for the electrical grid (Wasel & Maan, 2020). An IT network’s four most important components are availability, honesty, accessibility, and privacy. They stand out in the SG for their transparency, integrity, openness, and privacy. As a result, attacks that could decrease the usefulness of smart grid networks are taken very seriously. Privacy threats, however, are generally not taken seriously by people. Each attack has a chance of happening and a level of risk. They are complex and challenging to use, albeit (Kolomvatsos, Anagnostopoulos & Hadjiefthymiades, 2015). Because of this, even though these viruses are dangerous, they do not regularly spread (Demir & Suri, 2017). Fig. 13 explains the maintenance access process.

Impact of the cyber attack

A significant financial hurdle for the SG is integrating a substantial proportion of renewable energy into the system. Current and future transactions are available to dealers in the energy market. A day market focused on forecasting and optimizing load at the lowest cost. At each bus stop, the optimization problem determines the local maximum power price (Chen et al., 2021). This is significant because FDI CAs on the day-ahead market might affect load predictions. The real-time market, in contrast, continuously tracks the energy consumption and production rates for each route.

The power capacity of each line can be determined using real-time LMP, which shows the congestion pattern. This suggests that FDI state calculation significantly impacts the current market, as mentioned briefly in Hasan et al. (2022a). Attacks against the FDI have significantly harmed technological and material infrastructure. A stable steady-state smart grid is typically present during FDI attacks and has immediate effects. Attacks by FDI on steady-state stability have significantly impacted smart grid voltage control and energy management. Although FDI can affect how the SG regulates frequency, the objective is to keep the rotor angle constant. Every assault took place inside the SG defense network (Majidi, Hadayeghparast & Karimipour, 2022). Table 9 illustrates previous BC, ML, and smart grid work summaries.

Security aware of SG infrastructures in the era of big data and artificial intelligence

Smart meters are particularly vulnerable to SG flaws because they constantly change as electricity is generated and used. This depends on where the meters are and the encryption key used to protect the data from the energy analysis tools (Avelar et al., 2015). The use of digital technologies in the electricity grid’s physical architecture is called the “smart grid.” Because of this, it is simple for utility providers and customers to develop solutions that guarantee the reliability and continuity of the electrical supply while ensuring optimal performance because the system runs independently. Some SCADA systems and components are no longer in use because they have been around for a while. Some were created before the widespread understanding of cybersecurity best practices. Because SCADA systems are not Internet-connected, their manufacturers may claim that cybersecurity is not essential. However, SCADA systems expanded as the internet developed, and many were built without security. Modern, safer technology might easily replace the traditional system, which is frequently delayed owing to cost. The SCADA network is required to protect the larger plant’s control system against attack. The SCADA network and the company network could each have a second firewall with more restrictive rules placed between them. The implementation of security measures, analysis of log files, and distribution of updates would be possible by authorized service engineers to assist and monitor security. The communication network needs of the main SG applications for local air networks, near air networks (NAN), and global air networks are examined in critical communications studies. The most crucial security services to look at were listed by the author. Different technologies are present in the Internet of Things. Examples include Bluetooth, ZigBee, Wi-Fi, NB-IoT, and LTE. The many ICTs that can be used in a power grid are shown in Fig. 14.

The enormous potential of big data

On May 6, 2017, The Economist announced that data had overtaken heavy crude as the most valuable resource in the world. In the absence of a universally accepted definition, “big data” is defined as “a vast quantity of information that requires the use of tools other than those found in standard applications programmed to analyze it (Soundararajan et al., 2014). Due to the size of the database, it is challenging to gather data, store it, analyze it, keep it current, search it, send it, see it, update it, and protect it. Three main approaches—pooled data analysis, a meta-analysis of summary data, and federated data analysis—can be used to analyze synchronized information from various sources (Kolomvatsos, Anagnostopoulos & Hadjiefthymiades, 2015). Figure 15 explains that 5Vs reflect the properties of big data.

Due to knowledgeable algorithms, the SG can see the overall picture of these energy sources and needs in real-time or in advance. The smart grid might automatically modify the network’s energy flow using this information. As a result, areas with high energy needs are supplied with electricity, mostly from renewable sources. Producers of electricity are working on big data and open data at the same time. big data is the term used to describe the rapid growth of digital data (Tsai et al., 2015).

Cybersecurity and artificial intelligence

The field of cybersecurity has many uses for AI (Avelar et al., 2015). Robot-assisted process automation, ML, and NLP are frequently used in the digitization of manufacturing processes (Chehri, Fofana & Yang, 2021). Consider the filtering system, which has been used since the early 2000s (Dada et al., 2019), as an example of how ML might be useful. It is clear that techniques have changed over time, and modern algorithms can make more complex choices. Recent AI developments have significantly improved smart grids’ digital security, enhancing defenses against various threats. Security privacy, business, and information technology are the five main uses of ML. Many people may be unaware of how widely AI is used. AI enables businesses to quickly identify risks, speeding up response times and ensuring they meet the best security standards. The energy sector must continue investing to remain ahead of cyberattacks, even while technologies like AI and 5G are ready to aid in problem-solving (Hassani et al., 2020). Deep learning systems are skilled at user monitoring, and AI is essential in detecting and preventing breaches in computer networks. Identities if needed. Figure 16 describes the relationship between AI and cybersecurity.

AI algorithms can detect anomalies such as accessed databases, frequent location changes, and unusual access times (Necip Kurt et al., 2018). ML, on the other hand, makes it easier to find data patterns that support automated learning (Ahmed et al., 2018). By utilizing their understanding of cyber threats, smart grid users can quickly address problems. While current security systems are excellent at observing and preventing typical threats, they cannot keep up with the changing requirements for cybersecurity. Zero-day vulnerabilities, which are used by extremely slow cyberattacks, cannot be mitigated by them. Examining datasets and finding hidden security flaws requires a more flexible methodology (Li et al., 2019b). Through adaptive baseline behavior models, machine learning has successfully identified novel dangers. The security landscape could significantly change if machine intelligence and predictive analytics are combined with known and unknown datasets (Singh, Yassine & Benlamri, 2018). A summary of how AI can improve cyber security measures is shown in Table 10.

Big data and health awareness

Most big data that positively affects health may be seen in three areas: illness prevention, identifying important. Health risk factors and enhancing healthcare interventions (Fanta, Pretorius & Nunes, 2021; Sheth et al., 2017; Aflaki et al., 2021). By giving detailed information about each person’s medical history, big data aims to boost the use of electronic health records (El Samad et al., 2022). Efficiency, rapid diagnosis, and individualized therapy may be where the advantages of technology, particularly the capacity to store and transmit large amounts of clinical data, are most readily apparent (Shams et al., 2022). Due to recent biotechnological developments, the “individual” can now be treated in all of their individuality” (Gligorijević, Malod-Dognin & Pržulj, 2016). This has critical medical advantages (Parimi & Chakraborty, 2020). A detailed analysis using many machine learning algorithms and the delivery of consistent, appropriate, safe, and flexible solutions are used.

This is more patient-centered and effective. Predictions made with BDA technology speed up the reporting of at-risk patients, resulting in more effective and efficient care and better overall health outcomes (Radanliev et al., 2020). Following population movements and trends is crucial for early diagnosis and personalized health care, made possible by the data’s diversity, volume, and velocity. All research in this field in 2021 has shown that big data management is crucial to raising the standard of healthcare and patient outcomes (Dicuonzo et al., 2022). AI-based diagnosis-based techniques and algorithms might be used to find outbreaks before they spread. Several technologies could help control the SARS-CoV-2 virus and the associated sickness. COVID-19. This would increase the efficiency of medical resources and decrease the possibility of a pandemic starting in a single nation. AI, Industry 4.0, the Internet of Things, the Internet of Medical Things big data (BD), virtual reality, drone technology, autonomous robots, 5G, and blockchain have all contributed to the control of COVID-19′s spread (Shamila, Vinuthna & Tyagi, 2019). Another often-used technology is wireless body area networks (WBANs). The new way of doing things may completely change how healthcare is provided and provide several patient advantages (Hossain et al., 2018). Figure 17 explains the use of big data in health.

By downloading apps directly to their smartphones and tablets, patients can keep tabs on their health and report on it. This is possible given how mobile healthcare has developed from digital healthcare (Fanta, Pretorius & Nunes, 2021). Therefore, IoT facilitates faster and more accurate patient diagnosis and healthcare delivery, especially in rural areas with no medical experts (Sheth et al., 2017). In the present SARS-CoV-2 pandemic, technology must be used to prevent and treat COVID-19 infections. Smart tags with monitoring and data scanning capabilities, other wearable devices that can detect essential parameters and forward emergency calls in the event of a problem, and a Real-Time Location System, a satellite-based system, are examples of wearable devices with sensors for monitoring vital signs. Most of these devices are designed for people with circulatory diseases and diabetes (Sarosh et al., 2021). Combining various big data sources and applying them cleverly and efficiently might help health professionals do several activities either alone or in groups in precision medicine, predictive medicine, and preventive medicine (Dicuonzo et al., 2021). It is claimed that digital technology can help the healthcare sector transition to a circular economy. These techniques can facilitate the collection, recycling, repair, and disposal of traditional medical devices, especially IoT.

Deep learning-based cybersecurity techniques in smart grids

Deep learning models can be used when conventional techniques fall short because of the number of dimensions wrath (Poggio et al., 2017). Deep learning models contain advanced training tools designed to extract useful features. The problem of SG cybersecurity has been addressed using various deep-learning techniques. Two convolutional layers, two pooling layers, one fully convolutional, a hidden layer, and an output layer are the layers that make up this kind of network. However, many deep learning algorithms have been used to identify cyberattacks on smart grids, including deep neural networks, recurrent neural networks, and artificial neural networks. A Kaltman filter and a recurrent neural network may be used to identify FDIAs. The dynamic threshold is investigated to identify an FDI attack. This clearly shows how and where to determine FDIA utilizing the input and output signals of a power-togas and gas-fired generation facility scheduler. In addition, a hybrid neural network can locate FDIA without labelling the training set of data (Sawas, Khani & Farag, 2020). Also, the authors could recognize cyberattacks specifically directed at IEC 61850 communication protocols using deep learning techniques. The work has advanced this field on frameworks for energy theft detection, the Parlier algorithm, and intelligent grid energy privacy protection using convolutional neural networks (Albarakati et al., 2019). A security system created to protect an IEEE 1815.1-compliant power grid was presented. To find anomalies and confirm the viability of the proposed method, a range of attacks, including malware, FDI, and DR, are tested using a deep learning algorithm trained on a bidirectional recurrent neural network. A GAN-based intrusion detection system called MENSA was created to identify and categorize attacks on Modbus and Distributed Network Protocol 3. He et al. (2022) developed a DL-based neural network model to calculate the bypass state and determine the root causes of transmission line congestion.To recognize false results, researchers also used ensemble-based DL (Abdulaal et al., 2022). Two deep learning models are trained with data using a decreasing window of observations. The ensemble-based detector uses the most accurate model to identify instances of incorrect data. He presents a DNN-based classification method for determining energy theft from smart grids. A Bayesian optimizer is used to adjust the hyperparameters to make it simpler to spot energy theft (Lepolesa, Achari & Cheng, 2022).

Machine learning-based cybersecurity techniques in smart grids

Smart grids frequently use machine learning techniques to identify and stop cyberattacks. Our focus was on using machine learning to identify cyberattacks on smart meters, which are a significant factor in the high cost of electricity. The authors used ML techniques to predict future electricity costs. Datasets are pre-processed in machine learning, and features are extracted using methods like Joint Mutual Information Maximization Kernel Principal Component Analysis and principal component analysis (Khan et al., 2021). The model is then trained using algorithms for machine learning. The results are then produced using the trained ML model. FDI attacks on state estimation through the use of machine learning. Commonly, supervised and unsupervised classifier ensemble learning is used to lessen the impact of dimensionality reduction (Ashrafuzzaman et al., 2020). Principal component analysis is used on historical data to quantify errors brought on by changes in data distribution. The plan works, and the most accurate results are obtained using the K-NN algorithm at the conclusion. As additional tools for identifying covert cyberattacks, researchers developed the algorithm for extremely randomized trees and kernel principal component analysis (Acosta et al., 2020). The SVMLDT was employed to find issues with smart grids. A dynamic load rejection scheme guards against denial-of-service attacks; corrective actions are taken when necessary. The pulse, replay trip, and replay types of data integrity attacks are all considered in a new framework for identifying and preventing anomalies (Ravikumar & Govindarasu, 2020).

Consequently, attacks are classified with a 96.5% accuracy rate using machine learning algorithms like KNN and DT. A cyber-physical anomaly detection system can locate data integrity threats and communication errors. A classification model can be produced with the help of the machine learning algorithm DT and variation mode decomposition. The functionality of CPADS is tested and evaluated using a typical IEEE 39 bus system. FDI attacks using machines with a high learning rate and ensemble learning capabilities. A focal-loss-light GBM ensemble classifier is built using optimized feature sets that automatically label FDIA (Mazhar et al., 2022) behavior to identify FDIA (Cao et al., 2020). Extreme learning machines perform better when their weights are set with a Gaussian random distribution, as shown (Wu et al., 2020). The state estimation process is hampered by FDI and DoS attacks, which can be located using a hierarchical clustering technique. The process is sped up and made more accurate through Kalman filters (Aflaki et al., 2021). The threat is moved using the DT algorithm.

Challenges of artificial intelligence in smart grids

Sizeable conventional power systems are often analyzed and controlled using numerical calculations and physical modelling. The transition from the traditional to the new power grid and the development of smart grids that mainly rely on renewable energy and micro-networks have made the environment even more unpredictable and complicated. In the meantime, using new smart grid technology is uncertain because the existing energy system is supported by traditional infrastructure. The communication network must manage enormous amounts of frequently changing data because it relies on power systems. For intelligent grids, this is still a challenge. Additionally, researchers are still working to ensure AI systems’ stability, dependability, and online functionality (Cherifi & Hamami, 2018). Even though there are numerous information approaches to the problems facing the smart grid, there are still several significant problems, such as those listed below.

Making use of renewable energy.

Smart networks must include a sizable part of renewable energy. However, renewable energy is unpredictable and challenging to measure due to its power output changing frequently and quickly. This leads to several serious issues.

Data security and confidentiality.

Since smart grid systems involve a variety of devices and two-way communication, they are more vulnerable to hacking than traditional power grids since they are readily available to those who wish to harm. The last part showed how different security techniques had been created to quickly identify cybersecurity threats such as fake data injection, system data theft, and electricity theft, among others (Mazhar et al., 2023b). The current smart grid is vulnerable to various dangers because of how its network protocols, operating systems, and physical devices function. Performance and security are exchanged in current AI-based smart grid security systems.

Rapid data analysis and storage.

Another critical challenge is enhancing the efficiency of storing and retrieving large amounts of smart grid data for AI applications.

The ability of AI algorithms.

AI algorithms typically have a “black box” problem, which means they are difficult to understand or explain. The solution to this problem currently requires AI systems.

AI-based algorithms’ limitations.

How AI is used in innovative grid systems varies greatly depending on how far AI technology has progressed. However, knowing the smart grid’s limitations is essential before introducing new technology.

CORAS method for security risk analysis

A summary of the CORAS method for security risk analysis is presented in Table 11.

Cyber security risk assessment methods for SCADA systems

In-depth analysis is the primary goal of this study. This article examines how SCADA systems are utilized to analyze cybersecurity risks by looking at relevant content smart Grid and SCADA system attack analysis, classification, and location using wireless sensor networks (Ravikumar & Govindarasu, 2020). Searching for temporal trends is the second technique for finding cyberattacks (Mazhar et al., 2022). Firewall idea that uses CPI to safeguard SCADA systems in networks for smart grids (Cao et al., 2020). Combining ensemble approaches and social media indicators can increase the accuracy of the One-Class Class Support Vector Machine. For the IEC 60780—5—101 SCADA protocol, Method 5 (Radanliev et al., 2020) explains how to implement absolute security realistically. A SCADA-like technique as a service for interoperability of micro-network platforms The interoperability of microgrid platforms was investigated in this study in light of the growth of the smart grid. There are now many levels of interoperability, each created to meet a particular need. The main goal of this study was to present a feasible hybrid cloud-based private SCADA architecture that met various requirements for micro-network platform interoperability while taking security standards into account. Micro-network interoperability allows academic institutions to share and exchange data, pool resources, and eventually borrow related infrastructure for on- or off-site research (Aflaki et al., 2021). A platform for critical infrastructure vulnerability analysis simulation and cybersecurity (Ravikumar & Govindarasu, 2020).

The pre-distribution of keys for SCADA systems that recognize shared licenses (Mazhar et al., 2022). Using the internet, a mobile ad hoc network (MANET), and wireless sensors to create an impenetrable SCADA system (Cao et al., 2020). An analysis of a smart grid’s vulnerability to assaults that change load distribution using cascading dynamics (Wu et al., 2020). Put a lot of faith in the SCADA IoT-based industrial control system to ensure its functionality (Aflaki et al., 2021). A SCADA intrusion detection strategy based on optimization (Cherifi & Hamami, 2018).

Mitigating the risk of cyber attack on smart grid systems

To find smart grid system weaknesses and potential threats, engineers, IT managers, users, and security managers must work together more. This will help them avoid the cyber risks of today. Companies should consider alternative strategies as they plan for future cybersecurity developments. Planning and making repeated attempts to keep ahead of known threats is essential. The creation of an efficient cyber defense system must be continuous. Companies in the electricity sector need to develop a well-thought-out plan with a strong basis and straightforward steps. Traditional layered cybersecurity techniques are insufficient because they can only identify and stop low-level threats. On the other hand, modern cyber threats are designed to make it challenging for traditional security measures to counter them.

They achieve this by giving detection systems instructions on deleting their defenses. Even the most effective security measures can be overcome by threats of secret attacks by those with authorization. Cybersecurity solutions may give you the knowledge to make more informed choices about defending your smart grid from cyberattacks using AI and reducing big data analytics. They can help the power provider detect threats more quickly by monitoring the cyber world with the speed and accuracy that only computers can. To filter out harmful communications in reaction to an attack, solutions like antivirus, EDR systems, firewalls, and data loss prevention are examples of those that already use AI. Due to the growing number of vulnerabilities, the difficulty in determining their seriousness, and the difficulty in automatically selecting and distributing patches, operational teams are concerned about vulnerability management. Only a tiny portion of the millions of vulnerabilities yearly found and reported are used by bad actors. Some systems also have boundary walls to keep them safe. As a result, developers of vulnerability management systems are adding AI to their creations more frequently. Artificial intelligence is used in vulnerability management to speed up and improve procedures, including discovering assets, searching for vulnerabilities, evaluating risk based on threat data, prioritizing solutions, and deploying them.

The CORA’s method for security risk analysis is shown in Fig. 18.

Passwords and login names are insufficient for secure remote access. In this case, a VPN should be used to establish an encrypted connection (Noureen et al., 2019). These facts show that no security solution works for all firms, including energy providers (Sundararajan et al., 2018; Cai et al., 2017; Rice & AlMajali, 2014). Instead, each company must customize security protocols to meet its unique needs. This strategy is the only way to guarantee that everyone is sufficiently protected.

The first step is to control the flow of information. You can achieve this by using a firewall or another device that controls the direction of the protocols used by IT and OT systems when they communicate. If IT should only contact OT, limiting communication to the HTTPS protocol makes sense. As a result, attacks that rely on server message blocks are prevented (Sundararajan et al., 2018). Start by conducting a thorough risk analysis that considers internal and external threats. To develop security guidelines and risk mitigation strategies, experts will identify the weak spots (Cai et al., 2017). Every utility needs to create a security strategy and protocol. This is so because a company’s cybersecurity policy specifies employees’ rules. A utility’s security policy communicates to staff members, suppliers, and other authorized users the company’s expectations for protecting electronic information and assets and the consequences of breaking the rules. Examining your foundation once or twice a year is one way to keep it in good shape. It is crucial to choose a cybersecurity solution that complies with global norms and take the necessary steps to implement this plan. The electrical industry may benefit significantly from deep packet inspection, also called a “deep look” into data communication.

Additionally, it has a considerable impact on industry productivity. As a result, new communication protocols and measurements that vary from the norm can be found quickly. This reduces the possibility of damage by enabling quick response to a slowly spreading attack or error. The typical operation of the system is known after some initial understanding. An alert is set off when something deviates from the norm. Such a discrepancy may be caused by a virus assault, a broken sensor, or a service technician using a brand-new laptop. Figure 19 shows the mitigating the risk of cyber-attacks on smart grid systems (Rice & AlMajali, 2014).