Published April 5, 2021 | Version v1
Journal article Open

SPEAR SIEM: A Security Information and Event Management system for the Smart Grid

  • 1. Department of Electrical and Computer Engineering, University of Western Macedonia, Kozani, Greece
  • 2. TECNALIA, Basque Research and Technology Alliance (BRTA), Derio, Spain
  • 3. Sidroco Holdings Ltd, Limassol, 3113, Cyprus
  • 4. 0INF, Imperial Offices, London, E6 2JG, UK
  • 5. Center for Research and Technology Hellas/Information Technologies Institute, 6th km Charilaou-Thermi Road, Thessaloniki, Greece
  • 6. Eight Bells Ltd, Agias paraskevis 23, P.C. 2002, Strovolos, Nicosia, Cyprus
  • 7. European Dynamics, 12, Jean Engling str., L-1466, Luxembourg
  • 8. Testing Research & Standards Center/Public Power Corporation SA, Leontariou 9, Kantza, Athens, Attica, 15351, Greece
  • 9. Schneider Electric, Charles Darwin s/n, Edificio Bogaris, Sevilla, 41092, Spain


The technological leap of smart technologies has brought the conventional electrical grid in a new digital era called Smart Grid (SG), providing multiple benefits, such as two-way communication, pervasive control and self-healing. However, this new reality generates significant cybersecurity risks due to the heterogeneous and insecure nature of SG. In particular, SG relies on legacy communication protocols that have not been implemented having cybersecurity in mind. Moreover, the advent of the Internet of Things (IoT) creates severe cybersecurity challenges. The Security Information and Event Management (SIEM) systems constitute an emerging technology in the cybersecurity area, having the capability to detect, normalise and correlate a vast amount of security events. They can orchestrate the entire security of a smart ecosystem, such as SG. Nevertheless, the current SIEM systems do not take into account the unique SG peculiarities and characteristics like the legacy communication protocols. In this paper, we present the Secure and PrivatE smArt gRid (SPEAR) SIEM, which focuses on SG. The main contribution of our work is the design and implementation of a SIEM system capable of detecting, normalising and correlating cyberattacks and anomalies against a plethora of SG application-layer protocols. It is noteworthy that the detection performance of the SPEAR SIEM is demonstrated with real data originating from four real SG use case (a) hydropower plant, (b) substation, (c) power plant and (d) smart home.


[27] SPEAR SIEM A Security Information and Event Management System for the Smart Grid.pdf

Additional details


SPEAR – SPEAR: Secure and PrivatE smArt gRid 787011
European Commission