CyNetPhy: Towards Pervasive Defense-in-Depth for Smart Grid Security Mohamed Azab 1 , Bassem Mokhtar 2 , and Mohammed M. Farag 2 1 The City of Scientific Research and Technological Applications, Alexandria, Egypt Mohamed.m.azab@gmail.com 2 Electrical Engineering Department, Alexandria University, Alexandria, Egypt bmokhtar, mmorsy@alexu.edu.eg Abstract. Security is a major concern in the smart grid technology exten- sively relying on Information and Communication Technologies (ICT) New emerging attacks show the inadequacy of the conventional defense tools that provision isolated uncooperative services to individual grid components ig- noring their real-time dependency and interaction. In this article, we present a smart grid layering model and a matching multi-layer security framework, CyNetPhy, towards enabling cross-layer smart grid security. CyNetPhy tightly integrates and coordinates between a set of interrelated, and highly coopera- tive real-time defense solutions designed to address the grid security concerns. This paper focuses on the Cyber Security Layer (CSL), that provides real-time monitoring, evaluation, analysis, and enforced cooperation for the grids cyber domain. The CSL manages vast number of mobile agents as sensors and effec- tors to remotely provision defense services in total isolation from the grid. Such isolation guarantees defense resilience under attacks and facilitates situation- driven defense service deployment suiting the needs of resource-constrained hosts rather than using pre-deployed defense tools. Furthermore, the CSL in- telligently mixes and matches heterogeneous tools and control logic from var- ious sources towards continually evolving defense services. An attack scenario against the smart grid network is presented to demonstrate the CSL feasi- bility and effectiveness. Simulation results illustrate that the CSL efficiently enhances the attack detection quality, accuracy, and promptness, and high- lights the effect of CyNetPhys CSL trustworthy cooperative and pervasive response in minimizing the desperation of multi-threaded widespread attacks. Keywords: Smart Grid, Smart Grid Security, Pervasive Monitoring and Anal- ysis, Autonomic Management, Elastic Computing, Privacy-preserving. 1 Introduction The smart grid is a cyber-physical system that tightly integrates control, computa- tion, and communication technologies into the electrical power infrastructure. Smart grid has emerged as the next generation power grid aiming at enhancing the effi- ciency, reliability, and resilience of legacy power systems by employing information and communication technologies (ICT) [7]. To establish the smart grid global vision, widespread sensing and communication between all grid components are established via communication networks and managed by cyber systems. Extensive deployment of and reliance on ICT inevitably exposes the smart grid to cyber security threats increasing the risk of compromising reliability and security of the electrical power infrastructure [6]. Scale and complexity of the smart grid network create several vul- nerabilities providing numerous attack entry points. Inadvertent infiltration through