Detecting the cyber-physical-social cooperated APTs in high-DER-penetrated smart grids: Threats, current work and challenges

Abstract

Large-scale renewable distributed energy sources (DERs) penetrating into smart grids (SGs) is an inevitable trend. Such high-DER-penetrated SGs entail heavy reliance on information and communication technologies and increasing impact of social behaviors on system operation and management. In this sense, the SGs become cyber-physical-social systems. However, the deeply coupling of cyber networks, physical grids, and societies leads SGs more complex and openness, and therefore a higher possibility of facing to various threats, especially advanced persistent threats (APTs) that disrupt system operations at a large scale. To better study the threats, current APTs detection work and challenges of the SGs, we first analyze the key features of high-DER-penetrated SGs, and the vulnerabilities of devices, networks, and applications in the SGs introduced by system design, limitation of deployed security measures, and social behaviors. On this basis, we analyze APTs faced by the SGs and deem that the APTs are in the form of cyber-physical-social cooperated and multi-stage APTs. The possible attacking methods for each stage of the APTs, typically stealthy attacks at the early stages and coordinated attacks at the action stage, are also summarized. Thereafter, a review of current work on security architectures for APT detection and intelligent intrusion detection methods is provided. Finally, we discuss the key challenges, research needs, and potential solutions of future work for the SGs against the APTs from the aspects of threat modeling, threat detection, threat hunting, and implementation technology.