Power grid universal detection and countermeasure overlay intelligence ultra-low latency hypervisor
First Claim
1. A power grid information system infrastructure, comprising:
- a memory for storing instructions and a processor coupled to the memory and configured to execute the instructions, by the processor, when the executed instructions call;
a network interface operable to receive data, the received data comprising profile data packets received from and regarding operation of an electricity meter;
a processing unit operable to derive a usage profile from the received data;
an analysis engine operable to detect an anomaly in the usage profile, wherein the analysis is performed by the analysis engine during system interrupts enabling the analysis engine to execute additional computations even though the processing unit is not executing any code; and
a response engine operable to respond or suggest a response to the anomaly; and
wherein the response engine performs the selection of a security update and causes the network interface to transmit the security update to the electricity meter for execution by the electricity meter, in response to the analysis engine detecting the anomaly and wherein the anomaly is determined by the analysis engine to be mitigated by the operation of the electricity meter executing a set of instructions comprising the security update;
wherein the response engine is further configured to, in response to the anomaly being associated with an existing operational session of at least one component of the power grid information system infrastructure, launch a new operational session and transition the existing operational session to a virtual environment; and
wherein the response engine maintains the operation of the anomaly in the virtual environment and performs forensic analysis on the anomaly.
1 Assignment
0 Petitions
Accused Products
Abstract
Any system with an interface may be attacked by a bad actor. If that interface is exposed to a network, the bad actor may launch a remote attack or cause other systems to attack the system. Many attacks exploit vulnerabilities that are unknown to the system operators (e.g., zero-day attacks). Power grid components, such as electricity meters, are increasingly networked and, therefore, increasingly attacked. By determining a pattern of behavior for a meter and then looking for a variation of the pattern, an attack may be identified. Once an attack is discovered, countermeasures may be launched to restore the system to normal operations, harden the system against future attack, and/or retaliate against the attacker.
42 Citations
14 Claims
-
1. A power grid information system infrastructure, comprising:
-
a memory for storing instructions and a processor coupled to the memory and configured to execute the instructions, by the processor, when the executed instructions call; a network interface operable to receive data, the received data comprising profile data packets received from and regarding operation of an electricity meter; a processing unit operable to derive a usage profile from the received data; an analysis engine operable to detect an anomaly in the usage profile, wherein the analysis is performed by the analysis engine during system interrupts enabling the analysis engine to execute additional computations even though the processing unit is not executing any code; and a response engine operable to respond or suggest a response to the anomaly; and wherein the response engine performs the selection of a security update and causes the network interface to transmit the security update to the electricity meter for execution by the electricity meter, in response to the analysis engine detecting the anomaly and wherein the anomaly is determined by the analysis engine to be mitigated by the operation of the electricity meter executing a set of instructions comprising the security update; wherein the response engine is further configured to, in response to the anomaly being associated with an existing operational session of at least one component of the power grid information system infrastructure, launch a new operational session and transition the existing operational session to a virtual environment; and wherein the response engine maintains the operation of the anomaly in the virtual environment and performs forensic analysis on the anomaly. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer, comprising:
-
a memory for storing instructions and a processor coupled to the memory and configured to execute the instructions, by the processor, when the executed instructions call; a network interface operable to receive data, the received data comprising profile data packets received from and regarding operation of an electricity meter; a processing unit operable to derive a usage profile from the received data; an analysis engine operable to detect an anomaly in the usage profile, wherein the analysis is performed by the analysis engine during system interrupts enabling the analysis engine to execute additional computations even though the processing unit is not executing any code; and a response engine operable to respond or suggest a response to the anomaly; and wherein the response engine performs the selection of a security update and causes the network interface to transmit the security update to the electricity meter for execution by the electricity meter, in response to the analysis engine detecting the anomaly and wherein the anomaly is determined by the analysis engine to be mitigated by the operation of the electricity meter executing a set of instructions comprising the security update; wherein the response engine is further configured to, in response to the anomaly being associated with an existing operational session of at least one component of the power grid information system infrastructure, launch a new operational session and transition the existing operational session to a virtual environment; and wherein the response engine maintains the operation of the anomaly in the virtual environment and performs forensic analysis on the anomaly. - View Dependent Claims (10, 11, 12)
-
-
13. A non-transitory computer readable medium with instructions thereon that when read by a computer cause the computer to perform:
-
accessing data comprising profile data packets received from and regarding an electricity meter; derive a usage profile from the accessed data; detect an anomaly in the usage profile, wherein the detection is performed by an analysis engine during system interrupts enabling the analysis engine to execute additional computations even though a processing unit executing the analysis engine is not executing any code; and respond to the anomaly; select a security update and transmit a security update to the electricity meter for execution by the electricity meter; determine whether the anomaly is associated with an existing operational session of at least one component of the power grid information system infrastructure; upon determining that the anomaly is associated with the existing operational session of the at least one component of the power grid information system infrastructure, launch a new operational session and transition the existing operational session to a virtual environment; and maintain the operation of the anomaly in the virtual environment and perform forensic analysis of the anomaly operating therein. - View Dependent Claims (14)
-
Specification