TY - JOUR
T1 - SPEAR SIEM
T2 - A Security Information and Event Management system for the Smart Grid
AU - Radoglou-Grammatikis, Panagiotis
AU - Sarigiannidis, Panagiotis
AU - Iturbe, Eider
AU - Rios, Erkuden
AU - Martinez, Saturnino
AU - Sarigiannidis, Antonios
AU - Eftathopoulos, Georgios
AU - Spyridis, Yannis
AU - Sesis, Achilleas
AU - Vakakis, Nikolaos
AU - Tzovaras, Dimitrios
AU - Kafetzakis, Emmanouil
AU - Giannoulakis, Ioannis
AU - Tzifas, Michalis
AU - Giannakoulias, Alkiviadis
AU - Angelopoulos, Michail
AU - Ramos, Francisco
N1 - Publisher Copyright:
© 2021
PY - 2021/7/5
Y1 - 2021/7/5
N2 - The technological leap of smart technologies has brought the conventional electrical grid in a new digital era called Smart Grid (SG), providing multiple benefits, such as two-way communication, pervasive control and self-healing. However, this new reality generates significant cybersecurity risks due to the heterogeneous and insecure nature of SG. In particular, SG relies on legacy communication protocols that have not been implemented having cybersecurity in mind. Moreover, the advent of the Internet of Things (IoT) creates severe cybersecurity challenges. The Security Information and Event Management (SIEM) systems constitute an emerging technology in the cybersecurity area, having the capability to detect, normalise and correlate a vast amount of security events. They can orchestrate the entire security of a smart ecosystem, such as SG. Nevertheless, the current SIEM systems do not take into account the unique SG peculiarities and characteristics like the legacy communication protocols. In this paper, we present the Secure and PrivatE smArt gRid (SPEAR) SIEM, which focuses on SG. The main contribution of our work is the design and implementation of a SIEM system capable of detecting, normalising and correlating cyberattacks and anomalies against a plethora of SG application-layer protocols. It is noteworthy that the detection performance of the SPEAR SIEM is demonstrated with real data originating from four real SG use case (a) hydropower plant, (b) substation, (c) power plant and (d) smart home.
AB - The technological leap of smart technologies has brought the conventional electrical grid in a new digital era called Smart Grid (SG), providing multiple benefits, such as two-way communication, pervasive control and self-healing. However, this new reality generates significant cybersecurity risks due to the heterogeneous and insecure nature of SG. In particular, SG relies on legacy communication protocols that have not been implemented having cybersecurity in mind. Moreover, the advent of the Internet of Things (IoT) creates severe cybersecurity challenges. The Security Information and Event Management (SIEM) systems constitute an emerging technology in the cybersecurity area, having the capability to detect, normalise and correlate a vast amount of security events. They can orchestrate the entire security of a smart ecosystem, such as SG. Nevertheless, the current SIEM systems do not take into account the unique SG peculiarities and characteristics like the legacy communication protocols. In this paper, we present the Secure and PrivatE smArt gRid (SPEAR) SIEM, which focuses on SG. The main contribution of our work is the design and implementation of a SIEM system capable of detecting, normalising and correlating cyberattacks and anomalies against a plethora of SG application-layer protocols. It is noteworthy that the detection performance of the SPEAR SIEM is demonstrated with real data originating from four real SG use case (a) hydropower plant, (b) substation, (c) power plant and (d) smart home.
KW - Anomaly detection
KW - Cybersecurity
KW - Deep learning
KW - Intrusion detection
KW - Machine learning
KW - SCADA
KW - Security Information and Event Management
KW - Smart Grid
UR - http://www.scopus.com/inward/record.url?scp=85104067685&partnerID=8YFLogxK
U2 - 10.1016/j.comnet.2021.108008
DO - 10.1016/j.comnet.2021.108008
M3 - Article
AN - SCOPUS:85104067685
SN - 1389-1286
VL - 193
JO - Computer Networks
JF - Computer Networks
M1 - 108008
ER -