430 10th Street, Atlanta, Georgia, United States, 30332

The modern electrical grid faces rapid, cyber-enabled threats that outpace traditional defenses. Operators need immediate command filtering and predictive assessment. However, current cybersecurity and power-security solutions cannot stop malicious commands in time or evaluate contingency analysis quickly enough. This work details a unified ``interventional security'' framework that defines a proactive cyber-physical security paradigm that combines the ability to intercept communications (deep network intervention) with centralized decision-making that determines when, where, and to what extent to intervene, thereby mitigating unsafe states and trajectories before they can cause harm (interventional security). This is accomplished by employment of (i) semantics-aware in-line devices that intercept and conditionally block hazardous DNP3/TCP commands, (ii) a deep-neural-network power-security estimator to predict the impact of control actions, and (iii) conditional human-in-the-loop decisions for final authorization or rejection of commands. Evaluation on real utility traffic and with large-scale electrical transmission simulation shows sub-millisecond latency for packet interception and analysis, 10-times lower error and 30-times faster evaluation than existing power-security analysis methods, and validation of this pipeline's ability for improving operator situational awareness and control. Results demonstrate this solution's ability to mitigate effects of real-world attacks like those against the Ukrainian electrical grid, preventing widespread disruption before damage occurs. Speaker(s): Adam King, Trevor Lewis Agenda: 11:00am - 11:15am - Sign in and Networking 11:15am - 12:45pm - Lunch and Presentation 12:45pm - 1:00pm - Questions and Adjourn 430 10th Street, Atlanta, Georgia, United States, 30332