1. Introduction
A microgrid is a group of interconnected loads and distributed energy resources (DERs) that supply power to local customers and can operate in either islanded or grid-connected mode. Microgrids are being leveraged to achieve economic operation, sustainable energy, and resilient power provision objectives [
1,
2,
3,
4]. The microgrid’s controller orchestrates multiple DERs and controllable loads to provide clean and reliable energy at economical prices. As shown in
Figure 1, a typical hierarchical control architecture consists of three layers that operate at varying time scales to achieve the control objectives [
5]. The secondary control layer is vital to maintain voltage and frequency at nominal values in islanded operating mode and, in contrast to centralized control, the distributed secondary control offers flexible, reliable, and seamless integration of DERs [
6,
7,
8].
Modern microgrids have transformed into cyber-physical systems where physical assets such as DERs, loads, and power electronics devices make the physical layer and the cyber layer constitutes a communication network and software-based controllers [
9]. As a result of their reliance on the Internet of Things (IoT) and newly developed wide-area sensor networks, microgrids are particularly vulnerable to cyber-attacks and network outages. Examples of real-world network failures include North America (2003), which experienced a problem with the status estimator and alarm system, Austria (2013), which experienced network congestion as a result of a software defect, and Switzerland (2005), which experienced information overload. Due to a cyber-attack brought on by malware known as BlackEnergy in control center computers, Ukraine’s power infrastructure failed in December 2015, knocking out thousands of homes and facilities. A significant percentage of consumers would lose power due to such malfunctions and cyber-attacks, and very sensitive and mission-critical equipment may suffer serious harm [
10,
11,
12,
13,
14,
15].
Table 1 summarizes the actual reported cyber-attacks on the energy industry [
16,
17,
18]. After examining reported cyber-attacks on the energy sector, a typical cyber-attack chain is found to be initiated by gaining initial access through spear phishing. After gaining an initial foothold, adversaries perform a reconnaissance of the network data to spread out and exfiltrate critical information. Once suspicious logins are established, the attackers manipulate the control and safety systems by dispatching malicious commands and locking out the operators from their machines [
19]. The extensive communication network-based cyber layer has resulted in an increased attack surface in microgrids, making them vulnerable to cyber-attacks [
20]. As shown in
Figure 2, such cyber-attacks may target information sharing among the microgrid’s controller and various intelligent electronic devices (IEDs) by either manipulating the measurements or causing communication delays [
21,
22]. Attackers with malicious intent can disrupt the transfer of information, resulting in power outages, financial loss, and system instability. With the development of smart grids and the growing interconnection of communication networks, significant cyber-security risks are affecting power grids [
23,
24]. With the inclusion of cutting-edge communication and computing tools, the current electricity networks are evolving into smarter systems with increased efficiency. However, because there are so many intelligent devices connected via communication networks, it has led to significant concerns about cyber security. A modern power system’s ability to operate reliably and securely is directly impacted by cyber-attacks on such devices. Man-in-the-middle, distributed denial of service, jamming, and false data injection are some of the main types of cyber-attacks that target smart grids [
25,
26,
27].
IoT networks and devices are rapidly evolving, producing massive volumes of data that require rigorous authentication and security. One of the most promising approaches for addressing cybersecurity risks and providing security is artificial intelligence (AI). AI technology appears to be a potential way to improve control, security, and performance in smart grid networks [
28,
29]. AI-based algorithms are being used in microgrids for a range of applications including intelligent control designs, forecasting, and cyber-attack identification and mitigation [
30,
31,
32,
33]. Data-driven methods are being used to predict the availability of renewable resources. The seasonal dependency of solar and wind along with load demand is forecast using various ensemble learning methods. This information helps in power system planning and unit commitment decisions [
34,
35]. Power system operations can experience interruptions due to power system faults and cyber-attacks. Under such scenarios, the restoration time depends upon the nature and location of a cyber-attack. Modern distributed power systems are equipped with communication layers that accelerate the propagation of such attacks. The AI-based learning algorithms can localize and identify the type of such attack. This helps to reduce the restoration time of compromised systems [
36,
37,
38,
39,
40,
41]. The power grid resilience can be estimated by the frequency and duration of power outage events. The availability of active and reactive power from each generating unit can be adversely affected if control and communication infrastructure are compromised. AI-based resilient control architectures can improve the reliability of the power network. The learning capabilities of artificial neural networks can mitigate the effects of cyber-attacks [
42,
43,
44,
45,
46].
Microgrids need to be robust and dependable to deliver a continuous and uninterrupted power supply. Communication networks are necessary for microgrids to coordinate and manage DERs. Microgrids can be efficiently managed by distributed cooperative control strategies, which rely upon real-time monitoring, communication protocols, and interoperability to enable the smooth integration of various microgrid components. Cyberattacks have the potential to compromise security and interrupt regular operations of microgrid control systems. Adversaries might use communication network vulnerabilities to their advantage to intercept or modify the transfer of data. Comprehensive safety precautions need to be taken to stop hostile interference, unauthorized access, and manipulation of control signals. In an ever-evolving environment of cybersecurity threats, regular upgrades, monitoring, and adherence to cybersecurity, best practices are crucial to the optimal operation of microgrids [
47,
48,
49,
50].
The learning capability of AI-based techniques enables them to estimate the parameters of complex systems, making them suitable for microgrid applications. Various types of artificial neural networks (ANNs), such as the adaptive linear neuron, multi-layer perceptron, feed-forward neural network, Elman neural network, radial basis function network, general regression neural network, and deep neural networks, are in use to design resilient control for microgrids to withstand cyber-attacks [
51]. This work specifically focuses on AI-based techniques for cyber-attack detection and mitigation in microgrids. Some of the main contributions of this work are as follows:
We conducted a systematic search across several scholarly databases, including Google Scholar, IEEE, MDPI, Elsevier, and Springer, using a combination of keywords and focused search terms associated with our area of study. We focused on peer-reviewed books, journals, conference proceedings, and industry white papers to cover a broad spectrum of perspectives and findings, as shown in
Figure 3.
The existing techniques are divided into two main categories, i.e., cyber attack detection and mitigation. The system under study, attack type, data acquisition, and training method of AI-based techniques are summarized in tables for each category.
A case study is presented on the use case of AI-based technique in the microgrid.
The rest of the paper is organized into 8 sections. The attack surface in modern power systems is expanding with the inclusion of communication networks and intelligent control design. Adversaries can take advantage of various vulnerabilities in microgrids to initiate malicious cyber-attacks. Therefore,
Section 2 covers various types of cyber-attacks targeting microgrids. There are several advantages of using intelligent cyber-attack defense strategies, such as early detection of cyber-attacks before they can cause significant damage or disruption to the system, less manual intervention, and enhanced understanding of the system to identify areas for improvement. Hence, cyber-attack detection using AI-based techniques in microgrids is described in
Section 3, and
Section 4 contains cyber-attack mitigation using AI-based techniques. Learning-based AI techniques are discussed in
Section 5. In
Section 6, a case study of a test microgrid is presented. The proposed control technique utilizes an advanced AI-based tool tailored to mitigate the data-driven cyber anomalies targeting the communication network of the microgrid. Also, it is scalable and depicts improved performance under complex real-time test scenarios. In
Section 7, some challenges and future directions are discussed and, finally,
Section 8, concludes this work.
3. AI-Based Cyber-Attack Detection
The presence of communication networks and smart metering devices in microgrids is generating a large data set. These data sets are enabling increased situational awareness of the microgrids and making them vulnerable to cyber-attacks. Therefore, AI-based techniques are being utilized to detect such data-driven attacks due to their exceptional learning and generalization capabilities [
64]. A linear regression-based cyber-attack detection for a distributed control-based islanded DC microgrid is used to detect FDI against voltage and current measurements to maintain a stable control operation [
36]. Through their sensors and communication interactions, DC microgrids are vulnerable to cyber-attacks. False data injection into the cyber layer can interfere with control goals, resulting in voltage instability and unbalanced load-sharing patterns. Detection of such attacks is integral to the stable operation of DC microgrids. Therefore, in [
37,
38,
39], a deep learning-based detection technique is proposed that takes into account the input features, such as the DC bus voltage and the reference voltage, to forecast the duty cycle of the converter. Apart from FDI, Man-in-the-Middle (MiTM), and denial of service (DoS) type cyber-attacks may also target the communication networks due to the interconnected architecture of smart grids. Therefore, deep learning, Naive Bayes, and Random Forest-based detection techniques are proposed in [
40,
41]. These techniques are trained using supervised learning with real-world operational and network traffic data sets, and showed a higher accuracy rate of above 95% to prevent loss of communication and secure the network and metering data obtained from intelligent electronic devices.
By combining predictions from different models, the machine learning technique known as ensemble learning increases prediction accuracy and robustness. The use of the collective intelligence of the ensemble aims to remove any biases or errors that may occur in individual models [
65,
66,
67]. Therefore, an ensemble learning-based approach using Decision Trees to detect cyber-attacks on bulk electric power transmission networks targeting bid price and quantity signals is proposed in [
68]. This method showed an improved accuracy of 99% to secure the system from attackers to manipulate the system’s reliability and make illegitimate profits by compromising electricity pricing contracts. The manipulation of measurements obtained from substations may lead to incorrect power system state estimations in large connected power networks. An ensemble learning-based technique is developed to detect such attacks that give higher accuracy compared to multiple state-of-the-art machine learning-based algorithms in [
69]. The data obtained from phasor measurement units in wide area power networks is also a target for data spoofing attacks that may lead to incorrect power system state estimation by compromising the measurement source authentication. Therefore, an ensemble empirical mode decomposition using a back propagation neural network is proposed in [
70]. This proposed method is trained using supervised learning with real data from universal grid analyzers from multiple locations and showed improved performance compared to the long short-term memory (LSTM)-based model. Various types of artificial neural networks are being extensively employed for intelligent cyber-attack detection in microgrids. An auto-encoder neural network and a deep learning auto-encoder neural network are used for FDI against load frequency control and voltage sensor measurements in an islanded AC and DC microgrid, respectively [
71,
72]. Since the auto-encoder neural network can manage undesired input, such as communication channel disruptions, it is often advantageous for microgrid applications. Also, unsupervised learning is utilized in these auto-encoder-based cyber-attack detection techniques to secure communication networks [
73]. Recurrent neural networks (RNN) such as LSTM, convolutional neural networks (CNN), and nonlinear auto-regressive exogenous model (NARX) neural networks have shown promising results for cyber-attack detection in microgrids [
74,
75,
76,
77,
78,
79]. RNNs are a subclass of neural networks that are particularly adept at forecasting time-related data sequences. RNNs permit cyclical connections that can map to each output from prior inputs, in contrast to feed-forward neural networks. The case studies demonstrate that deep RNNs outperform traditional and shallow RNNs and gain from the depth of hidden layers in islanded and grid-connected AC microgrids for FDI and DoS type cyber-attack detection on the communication network and phasor measurements [
74,
75]. A gated recurrent unit-based neural network and a NARX neural network-based detection techniques against cyber-attacks on current and voltage measurements in an islanded SC microgrid are proposed in [
76,
80], respectively.
Apart from Deep and recurrent ANNs, classical machine learning methods are widely being used for classification and cyber-attack detection in microgrids such as Logistic regression (LR), k-nearest neighbors (kNN), Gradient boosting (GBT), Random Forest(RF), multi-layer perceptron (MLP), Naive Bayes (NB), and Support vector machines (SVM) [
57,
81,
82,
83,
84,
85,
86].
Table 2 and
Table 3 summarize the various AI-based cyber-attack detection techniques including the information about data acquisition, training, and performance benchmarking of the proposed methods.
4. AI-Based Cyber-Attack Mitigation
With the inclusion of DERs and communication networks, distributed control is becoming popular for integrating renewable resources into the microgrids. The collaborative nature of such distributed cooperative control-based microgrids can easily spread out a simple cyber-attack on a single DER or a communication link to the entire system, resulting in control failure or even making the overall power system unstable [
95,
96,
97,
98]. One solution to mitigate such cyber-attacks and maintain the stable operation of microgrids is to develop a resilient controller [
8,
27,
95,
99,
100,
101,
102,
103,
104]. AI-based techniques are being utilized to design resilient control schemes in microgrids to mitigate the malicious effects of such attacks [
42,
43,
44,
45,
46,
105]. Because of its low computing overhead, effectiveness, and simplicity in design and implementation in a distributed control system, adaptive neuro-fuzzy inference systems (ANFISs) are used for cyber-attack mitigation in an islanded DC microgrid in [
42,
43]. The proposed framework is based on a residual analysis of the error signal that results from comparing estimated and real detected signals to detect and mitigate the cyber-attack.
NARX ANN is a special class of recurrent neural networks best suited for time series data prediction, input–output modeling of nonlinear dynamical systems, and cyber attack detection in microgrids. Therefore, NARX ANN-based resilient controller is designed to mitigate the cyber-attacks in distributed cooperative control-based AC and DC microgrids in [
44,
106], respectively.
The proposed controller is trained using the data obtained by simulating the test microgrid system under varying operating conditions. After optimal selection of NARX ANN parameters during offline training, it is deployed as an estimator to generate the reference for the proportional-integral-based controller in [
106] whereas, it acts as a secondary level controller to replace the conventional PI-based controller in [
44]. Feed-forward ANNs are used to make the existing control resilient in both AC and DC microgrids and showed the improved performance to mitigate the cyber-attacks [
46,
57,
105,
107,
108,
109]. The proposed technique is based on the reference tracking application for the output DC current of each converter to mitigate the false data. This approach works as a PI-based controller reference tracking application in which the reference is prepared by a Feed-forward ANN that acts as a local estimator for each DER to estimate the output current of the converter. The estimated output from the ANN sets the reference for a PI-based controller whose output is added to the output current of the converter [
46,
107,
108]. This way, the feed-forward ANN maintains the desired reference value in the secondary control layer when false data are injected into the measurements and communication network of the microgrid to mitigate the impact of cyber-attacks. A similar approach utilizing the feed-forward ANN is proposed for a distributed cooperative control-based AC microgrid and a model predictive control-based DC microgrid in [
57,
109], respectively.
Microgrids are becoming more complex with the increased adoption of electric vehicles, and load frequency control has been effectively utilized to maintain frequency under fluctuating load and generation conditions. For such complex microgrids, a Hyper-basis function neural network is employed to mitigate FDI-type attacks on communication networks and measurements. These attacks may lead the microgrid operation to an unstable state due to incorrect state estimation caused by compromised measurements [
45]. In the proposed controller, an intelligent hyper-basis function neural network observer is designed to accurately estimate the state of the microgrids and reconstruct the possible attack signal. Subsequently, a novel hyper-basis ANN-based
controller is designed to mitigate the negative impact of FDI attacks to maintain the normal operation of the microgrid. In [
110], a multi-agent deep reinforcement learning (RL)-based algorithm is proposed for exposing weaknesses in the current cyber-attack detection techniques and laying the groundwork for more dependable cyber-secure solutions, with a focus on DC microgrids. This technique identifies the weak points in the traditional index-based cyber-attack detection schemes and generates coordinated stealthy destabilizing FDI attacks on cyber-secured islanded DC microgrids. A deep deterministic policy gradient is integrated to give trained RL agents a continuous action space and improve the algorithm’s accuracy and convergence rate. This method identifies a state-of-the-art detection scheme’s sensitivity to a number of coordinated FDI attacks considering the distributed communication delays and load changes.
Table 4 provides state-of-the-art AI-based cyber-attack mitigation techniques, their applications in multiple resilient control designs, and a measure of performance metric along with the specific target of cyber-attacks in the microgrids.
5. Learning-Based Cyber Attack Detection and Mitigation
The vulnerability of microgrids to cyber attacks can be addressed using various data-driven and learning-based techniques for cyber attack detection. The conventional methods are over-reliant on the accurate model of the system while learning-based techniques leverage the computation power and amount of data from the system. Several techniques have been used in the literature to detect and mitigate cyber attacks on microgrids such as transfer learning, explainable learning, ensemble learning, and physics-informed AI.
Transfer learning uses the pre-trained models for the detection of malicious attacks which decreases the need for a huge amount of training data. Transfer learning can be further divided into inductive transfer learning, unsupervised transfer learning, and transducive transfer learning [
114]. Representation subspace distance (RSD) based transfer learning is applied to the DNN-based estimator in [
115] to improve the cyber security of the microgrid. In smartgrids, cyber-attacks may impede access to local data which can cause issues in power planning and dispatch decisions. Deep transfer learning for load forecasting can provide high-quality load prediction with less data so that in case of missing local data the prediction data are readily available [
116]. In general, forecasting methods can be improved by utilizing the generalizing capability of transfer learning without the need for excessive data. A Lower Upper Bound Estimation (LUBE) method is used for FDI attack detection in [
117] to provide Prediction intervals (PIs) over smart meter data at the consumer end. In [
118], Hilbert–Huang Transform and Deep Learning are employed on distinctive data sets generated via bootstrap for FDI attack detection.
The recent advances in machine learning have improved performance metrics, but the ML models are largely black boxes. Explainable learning or Explainable AI (XAI) is a discipline of AI that tries to explain the predictions and outcomes of machine learning models [
119]. From a cyber-security perspective of the microgrid, operators need to trust models and their predictions. XAI is important for the interpretation of decisions in critical scenarios such as flagging a measurement and initiating an inquiry for a particular attack. The cost of misclassification in certain circumstances can be too large [
120]. In [
121], an XAI framework for fault detection and classification is developed and tested on a 50kW microgrid testbed. An Intrusion Detection System (IDS) is designed in [
122] that provides an explanation of each classification through statistics-based measures using Shapley additive explanations (SHAP).
Ensemble learning involves diverse data sets, training various member classifiers, and combining classifier results through various techniques [
123]. Extreme-Learning Machines (E
3LM) are used to detect the anomaly cases caused by FDIAs and validated on IEEE 14-, 57-, and 118-bus systems [
124]. Physics Informed AI leverages the fusion between the physics-based models and the AI advances. Physics-Informed Neural Networks (PINN) and Physics-Informed Reinforcement Learning find a range of applications in power systems [
125,
126,
127,
128]. In [
129], a Distributed Deep Reinforcement Learning (DRL) strategy is used to design an optimal defensive strategy against FDI attacks in microgrids under a few assumptions. Though promising, the physics-informed AI depends on the accuracy of the model and the dataset. The cyber security of microgrids against attacks can be improved by investing efforts in enhancing the model fidelity. On the other hand, XAI is a relatively new field and it can be leveraged further to make sense of the decisions about the detection of cyber attacks for the grid operators. Various AI-based techniques for cyber-attack detection and mitigation in microgrids are summarized in
Figure 5.
Table 5 provides a summary of various learning-based techniques for cyber-attack detection and mitigation in microgrids, data acquisition, attack types, and a measure of performance metric.
6. Case Study
To show the effectiveness of AI-based cyber-attack mitigation, an islanded AC microgrid is considered with cyber-attacks targeting the communication network as shown in
Figure 6. The physical layer contains DERs and loads, whereas the cyber layer has communication protocols for information exchange among DERs. The primary controller is implemented locally at DERs using a conventional droop control technique that provides a relationship between the frequency
, the reactive power
, the active power
, and the voltages
.
The voltage and frequency droop characteristics are given by:
where
,
are the primary voltage and frequency reference values, and
,
are the active and reactive power droop coefficients, respectively. At the secondary level, distributed cooperative control is utilized to reduce the voltage and frequency error when compared to the nominal values generated by the primary control. The secondary control sets a reference for the primary control such that the voltage and frequency of each DG are synchronized with their respective reference values (
and
):
The distributed cooperative secondary voltage and frequency control for a single DER requires its own information and that of the neighboring DERs to achieve the control objectives. The reference for the inverters is produced by the voltage and current controllers utilizing droop-control methods [
6].
Two types of FDI cyber-attacks are considered for this case study. Firstly, the desired reference set value for the controller is replaced with false data to compel the system to follow an incorrect set of reference values. The attacker replaces the intended signal
entirely with its multiple using a constant
, resulting in:
FDI cyber-attack is initiated at
s with
, targeting the DER2 voltage communication link. Secondly, a periodic time-varying cyber-attack is initiated by injecting a periodic sinusoidal signal with time period
and amplitude
into the normal signal
, as follows:
In this case, false data are injected into DER3 voltage communication link at s with and rad/s. The microgrid continues to operate normally for s.
To mitigate the negative impacts of FDI cyber-attacks a NARX ANN-based resilient controller is designed. to replace the state-of-the-art PI-based controller in the secondary layer of distributed cooperative control. The architecture of NARX ANN has a hidden layer with 10 nodes, an input layer with 13 nodes for voltage and frequency information, and an output layer with four nodes for corresponding reference output for each DER. This structure is optimized after multiple trainings and found best suited for this work. The preceding batch of output and input,
and
, respectively, establish the NARX ANN’s output
that constructs an autoregressive model to predict the current value of the dynamical system [
44]. These delayed output values act as pseudo-states to extract system dynamics from time series data. This characteristic makes NARX ANN a promising choice for nonlinear dynamical system modeling in applications like intelligent control having a mathematical model given as follows:
where
is the model output,
is the model input at discrete time interval
k,
is input memory order, and
is output memory order. AI-based model development involves three main steps including data acquisition, training of the model, and performance evaluation using standard metrics as shown in
Figure 7. This model development process is established from the state of the art, and has been effectively implemented in the power systems domain [
130].
The test microgrid in this case study consists of four DERs coupled through RL lines to provide power to two RL loads. This microgrid is designed in MATLAB Simulink with a distributed cooperative control-based secondary controller. The design parameters of the microgrid are given in
Table 6. Further details regarding distributed cooperative control design and system parameters can be found in [
6,
44]. The DERs share voltage and frequency information over the communication network to meet the control objectives.
After the FDI attack, the proposed NARX ANN-based control is compared to the PI-based control, with the results depicted in
Figure 8. As illustrated in
Figure 8a, the proposed controller maintained the required output voltage at the output of DER2 after the initiation of the FDI cyber-attack. Similarly, after the FDI cyber-attack, the NARX ANN-based voltage controller maintained the specified output voltage at the output of DER3, as shown in
Figure 8b. The proposed NARX ANN-based distributed secondary control has demonstrated improved reference tracking capabilities compared to the PI-based control under cyber-attack, as shown in
Figure 8.
7. Discussion
Few AI-based models currently offered in the academic literature have been implemented in practice; the majority are still in the theoretical stage. Many AI and ML approaches, like fuzzy expert, which simulates logical thinking, SVM, which can locate a hyperplane in a high-dimensional space for classifications, and deep learning-based on ANN with numerous hidden layers in the network, have been incorporated into numerous articles. There are multiple reasons for this, such as irreproducible studies, the absence of any benchmarking models or statistics in the literature, and the lack of comparisons to other state-of-the-art models. As a result, the literature is abundant and of diverse quality. In AI-based research studies, models are typically compared with models that are far less capable than the state of the art in that family, rather than with statistical models or other models of AI. Instead of being technique-specific, useful insights and breakthroughs must be transferable between different approaches.
The majority of AI-based modeling uses three stages: initial training to choose parameters, validation to prevent over-fitting, and testing with unknown data that is distinct from the training and validation phases. There are some variations in these stages that are also employed, such as cross-validation, which involves multiple training and validation runs on historical data from various time periods. The selection of parameters is frequently made using metaheuristic algorithms or a mixture of them. Similar to this, several ANNs topologies with varied numbers of neurons, hidden layers, and activation functions are suggested to demonstrate superior performance. Such hyperparameter tuning might be effective in a given situation, but it might not be applicable in all circumstances. Therefore, research needs to shift its emphasis to creating new techniques, useful guidelines, and new ANN structures like recurrent ANN and deep learning with transfer and explainable frameworks. Continuous learning, environment adaptation, and extremely fast output computation are all capabilities of ML approaches. However, addressing the highly intricate nature of power system operations processes to prevent blackouts or to find an optimum operating point without violating any operational limitation is still too safety-critical to accept an ML-based solution. Because there are no performance guarantees, it is challenging for power system operators to trust an AI-based method. AI-based models can be utilized as a tool to help, for instance, by utilizing their computational power to rapidly assess thousands of scenarios. This will aid in the widespread use of AI models in the field of power systems. Applying explainable and interpretable methods is necessary to increase confidence in AI models. This would enable the AI-model output to be verified throughout the whole input space as opposed to just a small dataset. Additionally, physics-informed AI models can be applied by incorporating physics-based models into the training phase of AI models, allowing the model to learn from them rather than creating data as part of the training process.
In order to increase automation, flexibility, and efficiency in operations, energy and critical infrastructure companies are actively developing an industrial Internet of Things (IoT). This is achieved by seamlessly integrating information technology (IT) applications with operational technology (OT) to control physical assets. However, these goals will not be achieved without IoT cybersecurity monitoring and detection. Siemens Energy has developed an AI-based Managed Detection and Response (MDR) system. MDR’s monitoring methodology and technology platform leverage AI and machine learning to gather and model energy asset intelligence. Siemens Energy has created a new platform for Security Information and Event Management (SIEM) called
. This is a scalable and adaptable AI-based platform for monitoring and detection and is intended to be the cornerstone of a next-generation fusion security operation center for IoT. It is made to allow for the quick collection, processing, and prioritization of useful information in industrial operating situations.
applies machine learning to combine IT and OT monitoring and cyber-attack detection capabilities [
131,
132].