Challenges and Peculiarities of Attack Detection in Virtual Power Plants : Towards an Advanced Persistent Threat Detection System

Currently, there are no mission-capable systems that can successfully detect advanced persistent threats (APTs). These types of threats are hazardous in critical infrastructures (CIs). Due to the integration of operational technology (OT) and information communication technology (ICT), CI systems are particularly vulnerable to cyberattacks. In addition, power systems, in particular, are an attractive target for attackers, as they are responsible for the operation of modern infrastructures and are thus of great importance for modern warfare or even for strategic purposes of other criminal activities. Virtual power plants (VPPs) are a new implementation of power plants for energy management. The protection of virtual power plants against APTs is not yet sufficiently researched. This circumstance raises the research question - What might an APT detection system architecture for VPPs look like? Our methodology is based on intensive literature research to bundle knowledge from different sub-areas to solve a superordinate problem. After the literature review and domain analysis, a synthesis of new knowledge is provided in the presentation of a possible architecture. The in-depth proposal for a potential system architecture relies on the study of VPPs, APTs, and previous prevention mechanisms. The architecture is then evaluated for its effectiveness based on the challenges identified. The proposed architecture combines concepts such as defense-in-depth and breath with situation awareness, and the observe, orient, decide, and act loop. Furthermore, a combination of traditional detection methods with graph analysis in the architecture is targeted to meet the challenges and peculiarities of VPPs and APTs.