The growing digitization of the electro-energy sector exposes energy systems to cyber attacks. These infrastructures fall within the sensitive and critical perimeter for national security; therefore, they are potentially subject to attacks by individuals or organized groups of cyber criminals.

In the current geo-political scenario, it becomes essential to study and apply new cybersecurity measures capable of minimizing the risk due to multiple types of threats. Preventive measures can reduce the likelihood of a successful attack process, however they are not enough. In fact, there are categories of cyber attacks, such as attacks not yet known or attacks that are difficult to contain with preventive measures, so it is essential to develop further defensive measures.

This document analyzes Artificial Intelligence tools and techniques (Machine Learning and Deep Learning) for the identification of malicious actions in progress, with particular attention to communications using protocols typical of the operational context in the energy sector. The analyzes are aimed at developing tools that act promptly to prevent an attack initiated on the control infrastructure from becoming a real risk for the energy service.
Artificial Intelligence algorithms are evaluated based on learning techniques, also borrowed from other contexts, which can represent promising solutions for the analysis of events and measurements obtained from the observation of communication flows.

Techniques for the collection of data coming from communication networks in the energy field are studied. In fact, the number of datasets available in the literature and relevant to the context to be analyzed is limited. An example of extraction of information collected from an experimental setup consisting of a control and monitoring device that collects information from some electrical measurement sensors is provided.

The innovative technology based on Generative Adversarial Networks was used for the generation of synthetic data starting from attack scenarios to generic and industrial communications. An attack classification module based on Artificial Intelligence models has been developed. This report presents some tools useful for representing and studying ICT architectures and attack processes using specific simulation-based languages and models.

Finally, a malicious action detection platform is introduced that will integrate different modules to detect specific attack scenarios for energy infrastructures.

The Report is available on the Italian site