The project was started in 2021 as a result of increasing security risks for electricity grids and has a special role this year due to current events. These risks, which affect the whole of society, but in particular the grid operators and organisations such as Swissgrid, the National Economic Supply, the Federal Office for Civil Protection FOCP and the Armed Forces, will be described in the sections below.

Electricity grids in transition

Traditionally, an electricity supply network consists of a few major electricity producers and a large number of consumers. The energy transition is changing this topology through the emergence of a large number of small producers. In addition, the phasing-out of nuclear energy as well as the increasing electrification of transport vehicles is leading to the electricity grids needing to operate in new modes. Based on these developments, it is to be expected that the production and consumption patterns will change over the next few years.

Switzerland is not autonomous in power production. It is involved neither in the production and consumption cycles (for example, electricity import in winter), nor in integration into the European grid or in the corresponding cyberspace. If, for example, France and Germany decide to trade large amounts of electricity with each other, the probability is high that a part of it will flow through the Swiss electricity grid and could thus cause bottlenecks.

Increasing cyber security risks

The transition described above also has an impact on the cyber security of the networks. This cyber security is generally measured based on three criteria: confidentiality, integrity and availability. In an electricity grid, the availability is by far the most important criterion. A cyber-attack (just like a natural phenomenon, a technical problem or overloaded lines) can bring an electricity grid to a standstill through a cascade of unfavourable events.

Operational technology (OT) elements in electricity grids differ from conventional computers with regard to their product life cycles, which are longer. While the average lifetime of a component in an IT system is between three and five years, the lifetime of the OT components in an electricity grid is decades. In addition, these components can only be updated very rarely, which makes the networks susceptible to cyber-attacks.

The traditional defence strategy against cyber-attacks is to isolate the control systems from the office networks. Unfortunately, this strategy has its limits, as no network is ever completely isolated. An attacker can obtain control over an office system and reach the OT network via what is known as a lateral movement. Lateral movements are part of a multi-level process of attack, in which the attackers use various different techniques to penetrate deeper into the network via the original access point and thus obtain control over the targeted objects or systems. Although the networks possess systems to detect and prevent attacks, these instruments are often not sufficiently effective. The energy transition is also leading to an increasing number of networked components in the networks (keyword: Internet of Things) and thus increasing the field of attack.

CYD Campus research project to tackle the risks

In particular, these changed conditions require more flexibility and shorter reaction times from the grid operators as well as innovative instruments to improve the security of the electricity grids. As part of the research project which was initiated in 2021 by the Cyber-Defence (CYD) Campus and the University of Applied Sciences Western Switzerland (HES-SO) Valais-Wallis, the researchers are analysing the data collected in various test networks using machine learning. The goal of the project is to evaluate the status of a network more frequently and more quickly using new methods, in order to identify anomalies in a short space of time. Yet although traditional methods of electricity flow analysis which are used to anticipate bottlenecks are reliable, they cannot be used in real time due to their complexity.

The first results of the research indicate that machine learning enables a reliable, efficient and prompt analysis and effectively complements traditional analyses by recognising critical situations (such as network overloads or electricity bottlenecks) in the power supply quickly and does not let them slip through the net. These critical situations, which only occur rarely, can then be evaluated using traditional methods in order to obtain deeper insights.

One of the main goals of a cyber-attack on an electricity grid is to impair the availability of the network. Grid operators must therefore be capable of recognising attacks such as feeding of false information, switching off of resources as well as Denial of Service (DOS) as early on as possible, in order to avoid major breakdowns. Feeding false data is a particularly challenging problem, as the attack is difficult to recognise as such. Using this method, an attacker can force the operator to actions which can lead to the collapse of the grid. The scientists at the HES-SO and the CYD Campus have proved that machine learning can be used to analyse electricity generation cycles and recognise the cyber-attacks mentioned above.

In the ongoing research cooperation, it has been shown that the security of electricity grids can be improved by the use of machine learning.

Both the elementary significance of the electricity grids for our society as well as the high level of vulnerability of the electricity grids described above make research into innovative security instruments in the area of power supply particularly relevant for the Federal Department of Defence.