PhD Oral Exam - Mark Karanfil, Information Systems Engineering

When studying for a doctoral degree (PhD), candidates submit a thesis that provides a critical review of the current state of knowledge of the thesis subject as well as the student’s own contributions to the subject. The distinguishing criterion of doctoral graduate research is a significant and original contribution to knowledge.

Once accepted, the candidate presents the thesis orally. This oral exam is open to the public.

Abstract

The microgrid is a valuable part of the growing smart grid critical infrastructure, generating its own electric power for local consumers while engaging in energy exchange with the main grid. As with other smart grid systems, the microgrid is reliant on the security of its Information Technology (IT) and Operational Technology (OT) networks for safe operation. Threat actors possessing large amounts of smart grid domain knowledge are a major threat to microgrid cybersecurity. Failure to protect the microgrid against these threat actors can lead to major loss of generation, data destruction, and equipment damage. Achieving extensive security coverage against microgrid cyberattacks requires consideration of numerous potential attack entry points, ranging from microgrid line equipment to hosts in the microgrid control centre. With this in mind, this thesis proposes a framework for automated microgrid security monitoring and threat hunting. The proposed automated framework incorporates several novel contributions related to microgrid cybersecurity. Among these contributions is a study on the effectiveness of various machine learning models for anomaly detection on IEC 62351-7:2017 Network and System Management (NSM) active monitoring data and for passive monitoring of power measurements to detect false data injection of line fault readings. Another contribution is a threat hunting approach for generating attack hypotheses based on available Cyber Threat Intelligence (CTI) and attributing the hypotheses to particular Advanced Persistent Threats (APTs). The final contribution is a risk-based methodology for predicting the subsequent actions of an attack campaign. A microgrid co-simulation platform is used to evaluate the impact of compromises to various microgrid components and to collect data in near-real time.