Resilient Cybersecurity Architecture for Modern Power Systems: Addressing Threats to Critical Infrastructure

The high rate of progress in digital technologies in power systems has led to specific cybersecurity risks, primarily in control areas of SCADA and ICS. Current modern threats to security, including data injection, masquerading, and replay attacks, have gotten ahead of the capability of the old perimeter defences. The proposed cybersecurity architecture in this research is resilient, including layered defence, machine learning for intrusion detection, and a rule-based alert system based on SIEM methodologies. The architecture is deployed with distinct layers for the physical, communication, monitoring, and control to support defence-in-depth and to allow flexible responses to faults. A Random Forest model was built and evaluated on the Power System Intrusion Dataset retrieved from Kaggle, with a full-scale recordation of all sensors and temporal operation. Accuracy was 97%, and F1-scores were high throughout all classes, demonstrating the model's robustness amid imbalance. The probabilistic outcomes produced by the classifier were passed along to a rule-based alert system emulating SIEM functionality, and firing alerts as the estimated fault probability exceeded 0.5. Systems effectiveness was confirmed by critical evaluation indicators such as ROC-AUC 0.93, confusion matrices, and thorough alert tables. The designed architecture favours interpretability, responsiveness, and adaptability for SCADA systems, avoiding the tricky and obscure aspect of deep learning approaches. It bridges the gap between the academic theories of machine learning and the functionality needs of operational cybersecurity and provides an architectural framework to support smart grid resilience. Possible future improvements may include the addition of temporal modelling, adaptive alert thresholding, and real-time edge deployment.