Abstract:
Modern smart grid infrastructures require highly context-specific and standards-compliant
cybersecurity policies to safeguard complex, dynamic energy networks. However, manual policy
development and generic templates struggle to keep pace with evolving smart grid threats and
regulatory requirements, often resulting in incomplete or non-compliant guidelines. This gap
highlights the need for an automated approach to generate precise, context-aware security policies
in line with industry standards.
To address this challenge, the project introduces CyberGrid AI, a multi-tiered system architecture
that combines a domain-specific augmented ontology with a GPT-powered AI engine. The smart
grid ontology encodes key assets, threat scenarios, and countermeasures, forming a knowledge
base for policy generation. User input about a given smart grid context is semantically matched
against this ontology to identify relevant threats and appropriate ISO/IEC 27001 controls. Prior to
generation, the model integrates the latest threat intelligence to account for emerging
vulnerabilities, ensuring that the resulting policies are both standards-compliant and up-to-date
with current cybersecurity risks.
A prototype of CyberGrid AI shows that the system can quickly produce high-quality security
policies. Each policy is generated in approximately 13 seconds and demonstrates over 95%
alignment with expert-defined policies in test scenarios, effectively mirroring the intended ISO
27001 controls. The ontology-based approach ensures full domain coverage and traceable policy
decisions, validating the effectiveness of combining ontological reasoning with AI-driven policy
generation.
