Improving Cybersecurity Situational Awareness in Smart Grid Environments

Demand response (DR) and peer-to-peer (P2P) energy trading in smart grids use distributed architectures and multiple data sources to enable more consumer involvement. Given the reliance on and behind-the-meter data and the distributed and heterogeneous setups, these data and processes are prone to various cybersecurity attacks. Hence, identification of security risks and continuous situational awareness is essential to establish system trust and resilience. In such a multi-layered, distributed system, data origin and the steps for processing, modifying and aggregating data are highly significant. Data provenance denotes metadata describing data derivation throughout the different layers of the system. Tracking data provenance can provide valuable information on data history and lineage. However, while provenance generates metadata for data history, security-relevant information to estimate relevant risks are not addressed. This chapter emphasises the need for security-aware data provenance in residential DR and P2P energy trading. Based on the existing Prov-IoT model for security-aware provenance in the Internet of Things applications, we present a refined model with entities and metadata specific to smart grids and microgrids. This instantiation named Prov-IoT-MG, demonstrates the importance and necessity of security-aware provenance graphs for continuously estimating risks against man-in-the-middle, false data injection and load altering attacks. We illustrate how Prov-IoT-MG graphs can be generated and evaluated at run-time and are useful in providing up-to-date information on active security controls and other security-relevant information. Finally, we discuss how these graphs help to improve the resilience of grid processes with higher situational awareness.