Cybersecurity Anomaly Detection in SCADA-Assisted OT Networks Using Ensemble-Based State Prediction Model

Venkateswara Reddy Motakatla, Jiazi Zhang, Chen-Ching Liu, Clifton Black, Hongming Zhang, Seong Choi

Research output: NRELTechnical Report


The cybersecurity threats of power system gradually grow due to the increased sophisticated interactions between Information Technology (IT) and Operational Technology (OT) networks. False data injection attack (FDIA) that aims to compromise the Supervisory Control and Data Acquisition (SCADA) measurement and disturb the system operation is one of such cyber threats. Such attacks can potentially lead to significant operational issues at the control centers and substations, and hence, result in severe physical consequences. To avoid catastrophic failure across the power grid resulting from these attacks, it is essential to arm the OT network with real-time vulnerability assessment tools. To this end, this paper outlines various drawbacks of the Purdue architecture model to defend against cyberattacks in the OT network. Furthermore, a novel ensemble-based state prediction model is proposed to detect cybersecurity anomalies in SCADA assisted OT networks. The proposed model uses control center level generation and load forecasts, scheduled, and forced outages, power flow solutions, and the substation level historical data. The hypothesis of the proposed scheme relies on the fact that additional control center and substation data can hardly be accessed and compromised by attackers. One of the vital features of the proposed scheme is an hour-ahead prediction of the operational feasibility of the SCADA measurement range at the control center and substation in real time helps in detecting anomalies in measurements across both substation and the control center.
Original languageAmerican English
Number of pages18
StatePublished - 2023

NREL Publication Number

  • NREL/TP-5D00-84582


  • anomaly detection
  • cybersecurity
  • EMS
  • operational technology
  • Purdue model


Dive into the research topics of 'Cybersecurity Anomaly Detection in SCADA-Assisted OT Networks Using Ensemble-Based State Prediction Model'. Together they form a unique fingerprint.

Cite this