Digital Ghost. Courtesy of GE Digital.
2010 Tdw Article Digital Ghost

Smarter Cybersecurity

Sept. 29, 2020
Cyber threats continue to grow, but intelligent technologies are expanding the grid’s cyber defenses.

With all the digital technology being used for the modernization of the grid, there is a mounting concern that this growth increases cyber exposure and the vulnerabilities of the power supply. We are connecting old and new assets with technologies that allow these assets to be remotely monitored and operated. It’s opening the door to the possibility of significant cyberattacks.

The digitalization of the electrical power system has brought about an exponential growth in the power system’s interconnectivity that was never foreseen as the grid modernized. Who would have predicted a self-aware grid, virtual power plants, or artificial intelligence (AI) infused into applications, but each advancement seems to bring new challenges, especially in cybersecurity.

Specialists agree that the best cybersecurity strategy is to stay up to date with technologies and threats. That is where the enhanced digital technologies are giving smart grid security a boost. The typical cybersecurity system in use today is based on detection and response technology, but today’s sophisticated digital technologies need more powerful tools.  

Technologies like machine learning, deep learning, and cognitive computing are bringing some powerful applications. These terms are used interchangeably with each other and with AI, so to avoid confusion, this discussion will use AI.


When the COVID-19 pandemic hit, the numbers of remote employees and reliance on the e-workplace skyrocketed. Suddenly the digital infrastructure became more critical than ever before to the operation of the smart grid and keeping the meter spinning. Unfortunately, with all of this added emphasis on connectivity, there has been a clear rise in cyberattacks on various portions of the power delivery system, but it hasn’t gone unnoticed.

According to an April Forbes magazine article, “Cybersecurity now dominates the priorities of every organization as each adapts to a post-COVID 19 world. Remote workers identities’ and devices are the new security perimeter.” Also, the FBI (Federal Bureau of Investigation) has issued cyber-alerts specifically for the grid.

One FBI warning said that recent intelligence indicated the electrical grid was under attack from cybercriminals who were becoming more strategic in how they targeted the grid’s infrastructure to stay ahead of cyber defenses. In addition, the Department of Homeland Security sent out its own warning that said, “The industry should prepare for cyberattacks that are "pandemic-themed" and continue to patch and maintain cyber assets if there are workforce disruptions.” Due to the pandemic, NERC (North American Electric Corporation) issued a Level 2 alert saying their registered participants were “well prepared for the COVID-19 crisis,” but that wasn’t all.

NERC also announced their CIPs (Critical Infrastructure Protection) standards would be getting several updates during 2020 because of new cyber threats. If there is one take-away from all these notices it would be 2020 is turning out to be a big year for cybersecurity  personnel, consultants, and systems.


To emphasize the importance of cybersecurity, a recent press release from Gartner Inc., a research and advisory company, estimated that worldwide information security spending will grow about 2.4% reaching about $123.8 billion in 2020. The 2.4% rise is a projection, which means worldwide companies actually spent about $120.9 billion, A little online research reveals there are a lot of digital applications being applied to cybersecurity like digital twin technology, AI infused cyber systems. bioprinting, encrypted keys for smart meters, digital authentication, and data encryption.

The grid’s suppliers and manufacturers have been working to improve their cybersecurity applications. Companies such as Accenture Consulting, Cisco Systems, Eaton, GE Digital, Hitachi ABB, IBM, Microsoft, Oracle, Schweitzer Engineering Laboratories, Siemens, and others are suppling a variety of cybersecurity services. But like all technologies, it helps to have a clear understanding of what the technology is designed to do. Here are a few examples of some cybersecurity applications moving into the realm of these cutting-edge digital technologies.

Last year, the Department of Energy’s Oak Ridge National Laboratory (ORNL) began studying the use of digital twin technology for cybersecurity. ORNL has set up an active model of the grid fed by real-time sensor data. It was running “side-by-side with the actual grid in a control room.” ORNL researchers launched a cyberattack on the model. The digital twin identified the attack and recommended a course of action that prevented outages. In addition to cybersecurity, ORNL sees this system being used for grid management with storms.

A few months ago, Schneider Electric and Fortinet announced that the two companies formed a partnership. The partnership will provide cybersecurity and threat prevention applications for their customers. Schneider Electric’s spokesperson said, “Schneider Electric will integrate Fortinet’s firewalls, secure access, and other protection solutions into its own cybersecurity solutions to help customers secure and protect their increasingly digital operations.”

Hitachi ABB Power Grids offers a wide cybersecurity care portfolio design to reduce system vulnerabilities by using leading-edge secured communication systems with their intelligent electronic devices (IED). The IEDs have the astuteness to block unauthorized access. This way the system maintains system data integrity for substations, transmission, and renewables.

Another interesting state-of-the-art application for cybersecurity comes from Siemens called DeepArmor Industrial. This system can be used for endpoint energy assets like distributed energy resources. Siemens says, “It’s an AI-driven cyber defense that uses SparkCognition’s AI based technology.” It recognizes and reports on new devices and/or behavioral changes that could characterize cyber threats.

According to Siemens, “DeepArmor prevents malicious code from executing, even if that code is not yet part of threat intelligence packages. This solution also recognizes and reports changes to system conditions that characterize a digital-physical attack, either mitigating the threat or making it easier to diagnose.”


Last year, a cybersecurity system with a different twist was being developed by GE. They have developed an unusual approach to cybersecurity for a real-time cyber-physical system. It uses digital twin technology that works from a real-world knowledge base and applies AI technology to make it an offensive/defensive shield for critical infrastructure. This distinctive digital cyber-protection scheme is called the “Digital Ghost.”

In simple terms, the digital ghost technology detects problems by watching for inconsistencies between the real-world vs the digital twin. The AI used by the digital ghost technology has access to huge amounts of normal operational data, in which it constantly compares the physical world with virtual twin technology. When the system detects an unexplained discrepancy between the two, the AI knows if the sensors or codes are being tricked (“spoofed” in cyber terms) or if there is a real problem. If it is a cyberattack, Digital Ghost neutralizes the attack.

Talking with Dr. Colin Parris, senior vice president and chief technology officer at GE Digital, he explains it this way, “The Digital Ghost is a virtual representation (a model) of the assets being protected that acts much like the immune system does in the human body. It uses deep domain knowledge, artificial intelligence and the latest in control system theory to protect the asset. The Digital Ghost offers a different layer of defense  and offence in cybersecurity. A good concept to think of is, it acts above and in addition to common information technology (IT) and operational technology (OT) cybersecurity methods.”

Parris went on to say, “It is all a matter of physics. A power plant, wind farm, or the transmission grid has many different sensors dispersed throughout the system measuring all aspects of the entity in question. We know the physics of how these assets behave. So, the Digital Ghost takes advantage of this knowledge to determine if the asset, or network of assets is behaving abnormally due to a cyberattack even when the operator’s user interface says everything is okay.”

Threats & solutions

Cybersecurity and the smart grid is big news among utilities, operators, regulators, and other stakeholders. It’s big news because of the growing vulnerabilities by a wide variety of cyber threats and the sophistication of the cyber-weapons being used against it, but there are real-time active cyber defenses available.

Like so many other advanced digital technologies, however, it takes knowledge and understanding to apply the correct levels of security for the attack at hand. Experts are worried that the cybersecurity schemes being applied are inconsistent because of this. Part of the issue stems from the fact that cybersecurity systems can run from extremely simple systems to highly complex platforms.

The question becomes what is to little or too much; a different approach is needed. Professionals say a holistic methodology is needed. Stakeholders have to focus on cybersecurity like they never had before, or they will be hacked. An all-inclusive cybersecurity technology using early detection with multiple levels of security and the latest digital technologies for a real time active cyber defense removes the guess work.  

These systems utilize multilevel cloud computing, AI, and digital twin technology to name a few. They have the ability to analyze, process, predict, counterattack, and neutralize the most sophisticated cyber-attack. We have just scratched the cyber surface and it’s going to be an interesting adventure.

Voice your opinion!

To join the conversation, and become an exclusive member of T&D World, create an account today!