Addressing vulnerabilities in the Operational Technology (OT) environment is crucial to ensure the security of Distributed Energy Resources (DERs) and the power grid, mitigating potential damage to the electrical infrastructure and minimizing outages. The interconnectedness of OT and IT creates a pathway for cyberattacks to begin in business systems and then spread to DER energy control systems within OT environments, demanding uninterrupted availability. Existing cybersecurity tools and technologies in the energy-distributed OT environment are centralized and resource-guzzling, and most of them utilize pre-engineered mitigation for reconfiguring the malicious setting.
OT-Healer fills this gap by providing a decentralized ML-powered solution in threat monitoring, detection, and self-healing mitigation at the OT level. OT-Healer implements cybersecurity enhancements for DER OT using an AI-powered hybrid behavior-based IDS (Intrusion Detection System) with optimal self-healing OT control generation for automatically mitigating the malicious disturbance in an effective, distributive, and decentralized way.
OT-Healer provides real-time lightweight hybrid IDS at OT Units by using the behavior-based ML approach for effectively classifying both IT/OT communication traffic, while allowing the custom-engineered nature of most OT systems by retaining the original OT protocol properties. OT-Healer also provides decentralized optimal self-healing OT control policy generation at OT units by restoring malicious-disturbed VV/VW curve back to the normal state in real-time, while codifying minimal control requirements in IEEE 1547 std., due to false data injection effect, voltage unbalance, voltage oscillations, etc. Finally, OT-Healer allows for resiliency of time-coordinated static/dynamic reactive power support at OT units by providing the reactive power control voltage to the grid for self-healing from a malicious disturbance in voltage stability and voltage security.
OT in commercial Electric Vehicle Charging Infrastructure (EVCI) allows cyber-attacks to migrate into business systems like Charging Station Management Systems (CSMS), which authorize charging sessions, collect billing information, etc. The adversarial EV first sends malicious charging requests to the Electrical Vehicle Supply Equipment (EVSE) through ISO 15118 which governs all EV IDs, payment info, etc. Based on a given request, the EVSE coordinates power flow and information between the EV and the grid and CSMS by Open Charge Point Protocol (OCPP). These lossy communication protocols like ISO 15118 and OCPP make it easy for cybercriminals to intercept and obstruct. For example, Log4Shell vulnerability, which gained widespread attention in late 2021, was also discovered in commonly used OCPP servers/clients within EV charging systems and CSMS. Successful exploitation of this vulnerability could result in data theft, Denial-of-Service (DoS) attacks, or even physical damage to the chargers.
OT-Healer fills this gap by providing a decentralized ML-powered solution in the real-time threat monitoring, detection, and self-healing mitigation at the OT level for “last mile” cyber-physical resiliency at the commercial level-2/3 EVSE (charging station). The design of OT-Healer enables deploying into a off-the-shelf small and single-board computer (Raspberry Pi) connected in a Bumpin-the-Wire (BitW) configuration by tapping common CP/PP pin (signal line communication function) of various charging plugs (SAE J1772, Tesla, or CSS2). In addition to handle cyber-physical security for Level 2 AC charging EVSE, OT-Healer also provides IPv6-based data protection/management for Directcurrent fast charger (DCFC) aka Level 3 DC charging EVSE, i.e., OT-Healer monitors IPv6 data flow between the vehicle, DCFC charger, and the substation (incl. internet), while OT-Healer inserts commands to execute the cyber-physical resiliency through another IPv6-based management port.
Specifically, it analyzes both packet-level traffic of CSMS charging requests and raw voltage/current data, while enabling compromised EVSE nodes to automatically execute self-healing techniques in a way to ensure the operation continuity from system abnormality, intrusion, or malicious attacks.
Are you interested in learning about OT-Healer?