New framework promises unprecedented levels of cybersecurity for SCADA systems – SPE

March 16, 2026
Emiliano Bellini

An international research team has developed a new software-based framework to increase cybersecurity in Supervisory Control and Data Acquisition (SCADA) systems used in power plants, electrical grids and other infrastructure facilities.

In large-scale solar power plants, SCADA systems are a crucial element as they monitor energy production, monitor solar panel performance, optimize power output, detect possible faults and ensure efficient operation throughout the installation. In a few words, it is the key component that turns raw solar energy data into actionable control, keeping the installation safe, efficient and profitable.

SCADA systems are often targeted by cybercriminals because they control critical processes, run outdated software with weak security, connect to networks, and a single compromise can disrupt entire operations. The recent integration of Internet of Things (IoT) technologies has further enhanced SCADA capabilities by enabling smarter control, better monitoring and improved data collection. However, this connectivity also poses additional cybersecurity risks, making SCADA networks attractive targets for malicious actors.

To counter these threats, intrusion detection systems (IDS) have been developed that use machine learning (ML) and deep learning (DL) techniques to identify anomalies and potential attacks within SCADA networks. Challenges such as imbalanced data sets, complex feature extraction, and limited access to real-world SCADA data make this a particularly difficult task.

“Traditional IDS tends to suffer from difficulties in efficiently detecting zero-day attacks and fitting into the operational dynamics of a SCADA environment. The conventional supervised learning methods lack the flexibility to deal with new attack patterns; furthermore, they may require a large amount of labeled data, which is normally scarce in an industrial environment,” the researchers explained. “Current deep learning techniques applied to SCADA applications have many disadvantages: large computational requirements, vulnerability to adversarial attacks and low model interpretability.”

The proposed CyberSentry framework is claimed to address these challenges by combining several tools: Recursive Multi-Correlation-based Information Gain (RMIG), which identifies the most informative attributes in a dataset while removing redundant or noisy data through an iterative process; Tri-Fusion Net, a novel image description generation model that integrates transformer modules for hybrid anomaly and signature-based detection; and Parrot-Levy Blend Optimization (PLBO) method for dynamic parameter tuning.

The RMIG model optimizes the feature set used by the SCADA intrusion detection system. By combining multi-correlation analysis with information acquisition, RMIG ensures that the detection system operates on high-quality data, improving accuracy and reducing computational complexity and noise. Recursive elimination of features and transformation to a lower-dimensional space further refine the features, preventing overfitting.

The Tri-Fusion Net forms the detection and classification backbone of the CyberSentry framework. It integrates three complementary deep learning architectures: Convolutional Neural Networks (CNNs) for capturing local spatial patterns, Inception Nets for multi-scale feature extraction, and Residual Networks (ResNets) for modeling long-distance temporal dependencies. These networks work in parallel and produce a holistic view of the SCADA system’s data, allowing the framework to detect both known and previously unseen attacks with high accuracy while minimizing false positives.

The PLBO complements the framework by dynamically tuning model parameters, including learning rates, to the Tri-Fusion Net. It reportedly optimizes parameter selection in an adaptive manner, while simultaneously ensuring efficient convergence and improving model responsiveness to real-time data.

This integrated approach improves detection accuracy, minimizes false alarms and enables SCADA systems to adapt to evolving cyber threats with an “unprecedented” level of resilience and adaptability.

The performance of the CyberSentry model was tested on several datasets and was found to effectively identify multiple attack types, including distributed denial-of-service (DDoS), man-in-the-middle (MITM), injection, and insider threats, while maintaining high accuracy and low system overhead.

“The effectiveness of the presented CyberSentry model has been validated using different datasets and the average accuracy is 99.5% with a loss value of 0.32,” the academics pointed out. “The performance results obtained demonstrate that the proposed framework contributes to achieving a high level of security and science in SCADA systems against multiple forms of attacks. As such, CyberSentry sets new standards for the protection of ICS against the new generation of cyber threats through the application of advanced approaches in selecting functions, identifying attacks and tuning parameters.”

They also explained that PLBO was crucial to ensure CyberSentry’s reliability, as it optimizes key parameters across the framework, ensuring top performance. Fine-tuning the RMIG and Tri-Fusion Net components improves detection accuracy and minimizes false positives and negatives. The search strategy also accelerates convergence and avoids local minima, thus improving learning efficiency. Optimized parameters also promote generalization, allowing the model to handle unseen SCADA data and evolving threats.

The new framework was presented in the paper “CyberSentry: Enhancing SCADA security through advanced deep learning and optimization strategies”, published in the International Journal of Critical Infrastructure Protection. The research team included scientists from King Saud University in Saudi Arabia, Leeds Beckett University in the United Kingdom and Chitkara University in India.