An international research team has developed a new software-based framework to increase cybersecurity in Supervisory Control and Data Acquisition (SCADA) systems used in power plants, electricity grids and other infrastructure facilities.
In large-scale solar power plants, SCADA systems are a crucial elements as they monitor energy production, track solar panel performance, optimize power output, detect possible faults, and ensure efficient operation across the plant. In a few words, it is the key component turning raw solar energy data into actionable control, keeping the plant safe, efficient, and profitable.
SCADA systems are often targeted by cyber criminals because they control critical processes, run legacy software with weak security, connect to networks, and a single compromise can disrupt entire operations. The recent integration of Internet of Things (IoT) technologies has further enhanced SCADA capabilities by allowing smarter control, better monitoring, and improved data collection. However, this connectivity also introduces additional cybersecurity risks, making SCADA networks attractive targets for malicious actors.
To address these threats, intrusion detection systems (IDS) leveraging machine learning (ML) and deep learning (DL) techniques have been developed to identify anomalies and potential attacks within SCADA networks. Challenges such as imbalanced datasets, complex feature extraction, and limited access to real-world SCADA data make this a particularly difficult task.
Join us on Apr. 29 for pv magazine Webinar+ | Decoding the first massive cyberattack on Europe’s solar energy infrastructure – The Poland case and lessons learned Industry experts will explore real-world cyberattack scenarios, highlight potential vulnerabilities in solar and storage systems, and share practical, actionable strategies to protect your energy assets. Attendees will gain valuable knowledge on how to anticipate, prevent, and respond to cyber threats in the rapidly evolving solar energy sector. “Traditional IDS tends to suffer from issues in detecting zero-day attacks efficiently and fitting into the operational dynamics of a SCADA environment. The conventional supervised learning methods lack the flexibility to deal with new patterns of attacks; in addition, they may require a large volume of labeled data, which is normally scarce in an industrial setting,” the researchers explained. “Current deep learning techniques applied to SCADA applications have many disadvantages: large computational requirements, vulnerability to adversarial attacks, and low model interpretability. “ The proposed CyberSentry framework is claimed to tackle these challenges by combining different tools: Recursive Multi-Correlation-based Information Gain (RMIG), which identifies the most informative attributes in a dataset while removing redundant or noisy data through an iterative process; Tri-Fusion Net, which is a novel image description generation model that integrates transformer modules for hybrid anomaly and signature-based detection; and Parrot-Levy Blend Optimization (PLBO) method for dynamic parameter tuning. The RMIG model optimizes the feature set used by the SCADA intrusion detection system. By combining multi-correlation analysis with information gain, RMIG ensures that the detection system operates on high-quality data, improving accuracy while reducing computational complexity and noise. Recursive feature elimination and transformation into a lower-dimensional space further refine the features, preventing overfitting. The Tri-Fusion Net forms the detection and classification backbone of CyberSentry framework. It integrates three complementary deep learning architectures: Convolutional Neural Networks (CNNs) for capturing local spatial patterns, Inception Nets for multi-scale feature extraction, and Residual Networks (ResNets) for modeling long-range temporal dependencies. Operating in parallel, these networks produce a holistic representation of the SCADA system’s data, allowing the framework to detect both known and previously unseen attacks with high accuracy while minimizing false positives. The PLBO complements the framework by dynamically tuning model parameters, including learning rates, across the Tri-Fusion Net. It reportedly optimizes parameter selection in an adaptive manner, while ensuring efficient convergence and enhancing the model’s responsiveness to real-time data. This integrated approach, according to its creators, improves detection accuracy, minimizes false alarms, and allows SCADA systems to adapt to evolving cyber threats with an “unprecedented” level of resilience and adaptability. The performance of the CyberSentry model was tested on different datasets and was found to effectively identify multiple attack types, including distributed denial-of-service (DDoS), man-in-the-middle (MITM), injection, and insider threats, while maintaining high accuracy and low system overhead. “The effectiveness of the presented CyberSentry model is validated using different datasets and the average accuracy is 99.5 % with a loss value of 0.32,” the academics stressed. “The obtained performance results demonstrate that the proposed framework contributes to achieving high-level security and science in SCADA systems against multiple forms of attacks. As such, CyberSentry establishes new standards in protecting ICS against the new generation of cyber threats through the application of advanced approaches in feature selection, attack identification, and parameter tuning.” The also explained that PLBO was crucial to ensure the reliability of CyberSentry, as it optimizes key parameters across the framework, ensuring peak performance. By fine-tuning RMIG and Tri-Fusion Net components, it enhances detection accuracy while minimizing false positives and negatives. Its search strategy also accelerates convergence and avoids local minima, improving learning efficiency. Optimized parameters also boost generalization, allowing the model to handle unseen SCADA data and evolving threats. The new framework was presented in the paper “CyberSentry: Enhancing SCADA security through advanced deep learning and optimization strategies,” published in the International Journal of Critical Infrastructure Protection. The research team included scientists from King Saud University in Saudi Arabia, Leeds Beckett University in the United Kingdom, and Chitkara University in India. This content is protected by copyright and may not be reused. If you want to cooperate with us and would like to reuse some of our content, please contact: editors@pv-magazine.com.
By submitting this form you agree to pv magazine using your data for the purposes of publishing your comment.
Your personal data will only be disclosed or otherwise transmitted to third parties for the purposes of spam filtering or if this is necessary for technical maintenance of the website. Any other transfer to third parties will not take place unless this is justified on the basis of applicable data protection regulations or if pv magazine is legally obliged to do so.
You may revoke this consent at any time with effect for the future, in which case your personal data will be deleted immediately. Otherwise, your data will be deleted if pv magazine has processed your request or the purpose of data storage is fulfilled.
Further information on data privacy can be found in our Data Protection Policy.