RFDIDS: Radio Frequency-based Distributed Intrusion Detection System for the Power Grid

Abstract

Recently, the number of cyber threats to power systems has increased at an unprecedented rate. For instance, the widespread blackout in Ukrainian power grid on December 2015 was a wakeup call that modern power systems have numerous vulnerabilities, especially in power substations which form the backbone of electricity networks. There have been significant efforts among researchers to develop effective intrusion detection systems (IDSs) in order to prevent such attacks or at least reduce their damaging consequences. However, all of the existing techniques require some level of trust from components on the supervisory control and data acquisition (SCADA) network; hence, they are still vulnerable to sophisticated attacks that can compromise the SCADA system completely. In this talk, we will introduce RFDIDS, a radio frequency-based distributed intrusion detection system for the power grid which remains reliable even when the entire SCADA system is considered untrusted. RFDIDS utilizes a radio receiver as a diagnostic tool to provide air-gapped, independent, and verifiable information about the radio emissions from substation components, particularly at low frequencies. The unique feature of RFDIDS is its robustness against replay/spoofing attacks as its measured signal is encoded with the quasi-random distribution of the global lightning strokes.