FVirtual power plants play an important role in the use of renewable energies. They bundle, control, and monitor the energy flows from a large number of different decentralized energy sources such as wind energy plants, photovoltaic plants, hydropower plants, etc. and thus act like a large power plant in order to achieve the required pool size for successful participation in the electricity markets (spot and control reserve). The operation of such a plant park is technically demanding and can only be managed using modern IT systems. This greatly increases the attack surface of virtual power plants for cyber-attacks, in contrast to traditional large power plants. "Cyber-attacks on energy systems cannot be completely avoided. And we have to assume that attacks in this area will continue to increase in the future. That's why, in the SecDER project, we have taught the systems to react to cyber-attacks and disruptions in such a way that total failures are avoided," says project manager Tobias Schellien from the Fraunhofer Institute for Energy Economics and Energy System Technology IEE. 

AI recognizes attacks

The researchers in the SecDER project therefore first investigated the security of virtual power plants and simulated cyber-attacks on a model of a virtual power plant. They discovered that even successful attacks on individual plants were not always noticed by power plant or plant operators. This is because conventional monitoring systems do not necessarily react to failures of individual plants, such as a single wind turbine. However, various smaller failures can, in total, also jeopardize the security of the overall system and result in virtual power plants no longer supplying electricity.

The project consortium has developed a system that addresses this problem: the intrusion detection system uses machine learning to automatically detect both cyberattacks and technical faults and fends them off by placing the entire system in a suitable cybersafe position. In this state, unsafe control actions (UCA) can no longer be carried out. There is not just one cybersafe position, but as many as there are hazard scenarios. The system reacts dynamically and precisely to different scenarios, such as fires, DoS attacks and much more. Despite ongoing attacks and disruptions, virtual power plants can continue to generate electricity reliably. 

Manufacturer-independent system

The SecDER intrusion detection system uses general data and communication channels that every plant shares with its virtual power plant, instead of data from a specific network and systems of a specific plant. This makes the SecDER solution independent of any particular proprietary technology, specific network architecture or protocols and abstracted from vendor-specific technology. Nevertheless, the solution still demonstrably manages to find faults.

The researchers have implemented the system as a prototype in the project. Now the solutions are to be further developed together with the energy industry. "In view of the complex and advanced threats affecting the energy sector and virtual power plants, advanced solutions are required. The solutions created in the SecDER project have been developed precisely for these challenges and ensure that the systems remain functional even during an attack," says George Gkoktsis, scientist in SecDER at the Fraunhofer Institute for Secure Information Technologies SIT. 

The SecDER project - AI-based detection and resilient prevention of cyber-attacks and technical faults in virtual power plants and decentralized energy systems - was funded by the German Federal Ministry for Economic Affairs and Climate Protection (BMWK) for a total of 2.7 million euros and supported by Project Management Jülich. The project began in April 2021 and lasted 36 months. It involved the Fraunhofer Institutes IEE and SIT as well as Hanover University of Applied Sciences and Arts, DECOIT GmbH, ENERTRAG AG and ANE GmbH & Co. KG.