Threat Detection and Response with Data Analytics

This project involves developing advanced analytics on operational technology cyber data in order to detect complex cyber threats in the power grid. The outcomes will help power operators differentiate between cyber and non-cyber-caused incidents—for example, physical attacks or natural hazards, using available cyber data.

Being able to differentiate cyber threats from non-cyber threats will help operators make determinations about the type of incident and the root cause so that they can formulate more accurate response and mitigation plans.

As part of this multi-laboratory and industry effort, the project team is evaluating which sensor data is most valuable and could provide the biggest positive impact for grid resiliency and security in the event that a threat is successfully detected.  In addition, the team is developing analytics to identify emerging cyber incidents on the power grid using the sensor data obtained.