Assistant Professor of Electrical and Computer Engineering Junho Hong has been working on grid-related cybersecurity issues long enough to remember when most folks considered those threats theoretical. How times have changed. From the to the recent and , attacks on the electric grid, both physical and cyber, are now regular headline news. Such attacks have caused major disruptions to peoples lives and lots of economic damage. If timed properly, say, during extreme cold or hot weather, when electricity is vital to peoples health, such attacks can even be deadly.
Hong says keeping the grid safe is an increasingly complex endeavor mainly because the grid itself continues to get more complicated. In particular, in the past few decades, utility operators have added a thick layer of communications technology to the electric grids old-school analog infrastructure. Today, for example, Hong says its not uncommon for substations a vital part of the grids network to be controlled remotely, with operators using sensors and communications networks to alert them to problems. In many ways, this has made the grid a lot more functional and resilient, because utilities can diagnose issues more quickly and automate critical functions. But its also made it less secure. As with just about anything, Hong says once you add a communications network, particularly one with poorly configured cybersecurity devices, youre basically opening a door to hackers.
Hong and his colleague Professor Wencong Su are leading a new project thats aiming to ensure that door has high quality locks and can quickly be shut again if malicious actors manage to squeeze through. Funded by a new grant from the U.S. Department of Energy, and partnering with collaborators that include Virginia Tech, GE and Atlanta-based utility Southern Company, Hongs team is aiming to create a novel cybersecurity system that can help utilities detect and mitigate cyberattacks at substations, with minimal disruption to service. That minimal disruption part is vital and one of the things that makes the project such a tricky cybersecurity challenge. With many other types of systems, when operators detect a threat, they can usually just shut down a system to mitigate further damage while they deploy a solution. This is why when your bank account is compromised, your bank may lock your account for a few days while they issue you a new debit card. Thats inconvenient, but its not the end of the world, Hong says. Shutting a power system down for a few days every time there's an attack, however, is obviously not a desirable solution. This is why Hongs system will attempt to detect threats as theyre happening and automatically deploy mitigation strategies. That could keep the grid running with disruptions that are measured in minutes rather than days.
For security reasons, Hong cant go into detail about how their system will do that. But as with many next-generation cybersecurity solutions, he plans to use a machine learning threat detection system thats based on the principle of anomaly detection. In a nutshell, the machine learning system will constantly monitor the substations computer network, which over time, will allow the system to develop a sense of what usual network activity looks like. Once its built up a background picture of what normal is, it can then identify anomalous activity that could be a threat. If the system detects an attack, it can deploy automated mitigation strategies in real time, which will keep power flowing steadily across the grid.
Hong says building up that profile of normal substation network activity will be one of the most challenging parts of the project, and his teams industry partners will play a crucial role. To develop their intelligence, machine learning algorithms need to be exposed to vast quantities of high-quality data. In this case, the preferable data set is real-world information coming from actual utility substation networks, which for obvious reasons, isnt a data set thats publicly available. So to initially develop their algorithms, Hong will use a that simulates the utility networks hardware and software systems. Then, once theyve developed their prototype algorithms, theyll further refine them by testing them on the real-word substation networks of their industry partners. Researchers dont always get the benefit of this kind of testing, but with this realistic training environment, Hong expects the algorithms to be more effective at detecting anomalies and potential threats.
The ultimate goal is to create a cybersecurity software package that could be broadly deployed across the utility industry, and researchers like Hong could indeed play a key role in helping us reach that goal. After years of grid-based cybersecurity being viewed as a future threat, both the private and public sector are finally giving the issue more attention . With something as important as the grid at stake, Hong says the more people working on this problem the better.
###
Want to learn more about how 蹤獲扦-Dearborn faculty and student researchers are pushing the edges of cybersecurity technology? Check out our recent articles Bolstering 5G security for ultra-sensitive applications and EV charging stations could be a target for hackers. Story by Lou Blouin
