InfoBeyond Technology is an innovative company specializing in AI, Computer Vision, Communications, and Cybersecurity within the Information Technology industry.

Contact Info

320 Whittington PKWY, STE 303
Louisville, KY, USA 40222-4917
[email protected]
(502) 919 7050

Learn More

Follow Us

OT-Healer: A Real-Time Decentralized Self-Security/Healing Tool for DER OT Resiliency

Addressing vulnerabilities in the Operational Technology (OT) environment is crucial to ensure the security of Distributed Energy Resources (DERs) and the power grid, mitigating potential damage to the electrical infrastructure and minimizing outages. The interconnectedness of OT and IT creates a pathway for cyberattacks to begin in business systems and then spread to DER energy control systems within OT environments, demanding uninterrupted availability. Existing cybersecurity tools and technologies in the energy-distributed OT environment are centralized and resource-guzzling, and most of them utilize pre-engineered mitigation for reconfiguring the malicious setting.

OT-Healer fills this gap by providing a decentralized ML-powered solution in threat monitoring, detection, and self-healing mitigation at the OT level. OT-Healer implements cybersecurity enhancements for DER OT using an AI-powered hybrid behavior-based IDS (Intrusion Detection System) with optimal self-healing OT control generation for automatically mitigating the malicious disturbance in an effective, distributive, and decentralized way.

Key Features

OT-Healer provides real-time lightweight hybrid IDS at OT Units by using the behavior-based ML approach for effectively classifying both IT/OT communication traffic, while allowing the custom-engineered nature of most OT systems by retaining the original OT protocol properties. OT-Healer also provides decentralized optimal self-healing OT control policy generation at OT units by restoring malicious-disturbed VV/VW curve back to the normal state in real-time, while codifying minimal control requirements in IEEE 1547 std., due to false data injection effect, voltage unbalance, voltage oscillations, etc. Finally, OT-Healer allows for resiliency of time-coordinated static/dynamic reactive power support at OT units by providing the reactive power control voltage to the grid for self-healing from a malicious disturbance in voltage stability and voltage security.

  • Ensures continuous system operation despite abnormalities, intrusions, or malicious attacks.
  • No modification of existing OT protocols enhancing the reliability and availability of power delivery systems, enabling 24/7 operation.
  • Intelligent hybrid IDS for monitoring both IT and OT traffics
  • ML-powered optimal OT control policy generation for self-healing OT devices
  • Control resiliency of static/dynamic reactive power support


  • Smart grid, power grid, and electrical grid
  • Smart power grid operations and management
  • Power/electrical grid communication infrastructure and operation engineering
  • Power generation at the edge
  • Oil, Gas, and renewable energy and utility network
  • Manufacturing systems to monitor and/or control industrial machinery, assets, processes, and events

Electric Vehicle Charging Cybersecurity Use Case Example

OT in commercial Electric Vehicle Charging Infrastructure (EVCI) allows cyber-attacks to migrate into business systems like Charging Station Management Systems (CSMS), which authorize charging sessions, collect billing information, etc. The adversarial EV first sends malicious charging requests to the Electrical Vehicle Supply Equipment (EVSE) through ISO 15118 which governs all EV IDs, payment info, etc. Based on a given request, the EVSE coordinates power flow and information between the EV and the grid and CSMS by Open Charge Point Protocol (OCPP). These lossy communication protocols like ISO 15118 and OCPP make it easy for cybercriminals to intercept and obstruct. For example, Log4Shell vulnerability, which gained widespread attention in late 2021, was also discovered in commonly used OCPP servers/clients within EV charging systems and CSMS. Successful exploitation of this vulnerability could result in data theft, Denial-of-Service (DoS) attacks, or even physical damage to the chargers.

OT-Healer fills this gap by providing a decentralized ML-powered solution in the real-time threat monitoring, detection, and self-healing mitigation at the OT level for “last mile” cyber-physical resiliency at the commercial level-2/3 EVSE (charging station). The design of OT-Healer enables deploying into a off-the-shelf small and single-board computer (Raspberry Pi) connected in a Bumpin-the-Wire (BitW) configuration by tapping common CP/PP pin (signal line communication function) of various charging plugs (SAE J1772, Tesla, or CSS2). In addition to handle cyber-physical security for Level 2 AC charging EVSE, OT-Healer also provides IPv6-based data protection/management for Directcurrent fast charger (DCFC) aka Level 3 DC charging EVSE, i.e., OT-Healer monitors IPv6 data flow between the vehicle, DCFC charger, and the substation (incl. internet), while OT-Healer inserts commands to execute the cyber-physical resiliency through another IPv6-based management port.

Specifically, it analyzes both packet-level traffic of CSMS charging requests and raw voltage/current data, while enabling compromised EVSE nodes to automatically execute self-healing techniques in a way to ensure the operation continuity from system abnormality, intrusion, or malicious attacks.

Contact Us

Are you interested in learning about OT-Healer?