Recently,
the number of cyber threats to power systems has increased at an unprecedented
rate. For instance, the widespread blackout in Ukrainian power grid on December
2015 was a wakeup call that modern power systems have numerous vulnerabilities,
especially in power substations which form the backbone of electricity
networks. There have been significant efforts among researchers to develop
effective intrusion detection systems (IDSs) in order to prevent such attacks
or at least reduce their damaging consequences. However, all of the existing
techniques require some level of trust from components on the supervisory
control and data acquisition (SCADA) network; hence, they are still vulnerable to
sophisticated attacks that can compromise the SCADA system completely. In this
talk, we will introduce RFDIDS, a radio frequency-based distributed intrusion
detection system for the power grid which remains reliable even when the entire
SCADA system is considered untrusted. RFDIDS utilizes a radio receiver as a
diagnostic tool to provide air-gapped, independent, and verifiable information
about the radio emissions from substation components, particularly at low
frequencies. The unique feature of RFDIDS is its robustness against
replay/spoofing attacks as its measured signal is encoded with the quasi-random
distribution of the global lightning strokes.