From Bio-Immunity to Credibility Scoring: Orchestrating Cyber-Resilient Foundation Models for Grid Operations

Anurag Srivastava – West Virginia University

Power grids face high-impact emergencies where operators are increasingly overwhelmed by cognitive overload from massive streams of heterogeneous, real-time data. Customized Foundation Models offer a paradigm shift, functioning as intelligent orchestration layers that coordinates legacy tools to manage multimodal SCADA, PMU, GIS, and cyber data into human-aligned situational awareness and decision support. However, these models introduce a critical paradox: they are simultaneously defenders and new attack surfaces. This presentation details a comprehensive framework addressing both Foundation Model-enabled cybersecurity and the cybersecurity of the models themselves. We first introduce Safe-Grid, a bio-inspired defense architecture inspired by infectious disease ecology, which models cyber-attack surfaces as pathogen entry points to create a self-adaptive, decentralized innate immunity for the grid. To operationalize and validate this, we developed MAPgrid and SAAP-GRID, multimodal digital assistants to coordinates decision support, and to translate complex protocol activity (GOOSE/DNP3) into interpretable diagnostics. Developed tools leverage Retrieval-Augmented Generation (RAG), while reducing hallucinations through simulation-based data.
To address security risks, we map end-to-end attack chains for power grid operation with digital assistant to the MITRE ATLAS framework, demonstrating that inference-time data-plane manipulation poses a significantly higher risk to safety-critical loops than simple prompt injection. To mitigate these threats, we propose a layered defense incorporating cryptographic data fingerprinting and a novel Credibility Scoring mechanism. Finally, we validate these tools through human-in-the-loop cognitive analysis and simulation during high-stakes emergencies.