December 14, 2022
Yang Weng, an assistant professor of electrical engineering in the Ira A. Fulton Schools of Engineering at Arizona State University, is leading a cybersecurity collaboration that forms a bridge between American and Israeli organizations to better both countries’ capabilities to defend against cyberattacks on energy grid and water systems.
The Israel-U.S. Initiative on Cybersecurity Research and Development for Energy, or ICRDE, was born from a proposal Weng submitted two years ago to the Israel-United States Binational Industrial Research and Development Foundation, or the BIRD Foundation. The center was approved and formally began work in 2021.
Yang Weng, an assistant professor of electrical engineering in the Ira A. Fulton Schools of Engineering at Arizona State University, is leading a partnership between industry, government and educational institutions in the U.S. and Israel to better defend both countries’ power grids against cyberattacks. Graphic by Rhonda Hitchcock-Mast/ASU
Download Full Image
ASU leads the American side of the coalition, with Ben-Gurion University of the Negev taking the lead on the Israeli side. The ICRDE also includes both commercial and educational partners in both countries, which the involved partners say face an increasing amount of cyberattacks.
“Our ICRDE collective efforts enable the design and development of next-generation cybersecurity solutions that would detect, identify and reject cyber threats, enhancing the reliability and resiliency of energy infrastructures,” says Weng, a faculty member in the School of Electrical, Computer and Energy Engineering, part of the Fulton Schools.
Projects to protect energy grid power
The collaboration’s research consists of five projects that fall under three main themes:
• Modeling and understanding physical processes in the energy grid’s computer systems while establishing a related knowledge database of cyberattack types.
• Developing advanced monitoring tools to detect cyberattacks.
• Designing tools to increase system resilience and ensure reliability in the event of an energy grid cyberattack.
With such large overarching themes, the researchers strategized smaller projects to achieve the coalition’s goals of conquering cybersecurity threats. Two projects fall under the first theme of database creation and cyberphysical interaction modeling. They aim to create technology that can understand the physical processes in an energy system and model them in a way that allows operators to understand when a cyberattack is taking place, such as when parameters deviate from normal, and to build a knowledge database of known energy grid cyberattack types.
The researchers will combine and organize datasets for modeling grid operation processes shared by industry partners and other data available to the public. This provides a yardstick of normal parameters against which to measure operation parameters to create the technology that can interpret energy system processes for the first project.
“This project’s purpose is rooted in the fact that current industrial control system, or ICS, detection technologies look at available data gathered from informational technology and operational systems, without the ability to inspect the processes themselves or the system state of operation,” Weng says.
For the second project, the collaborative is in the process of creating a cyberattack database, AttackDB, using data collected from energy grid incident reports. The researchers are also creating algorithms to detect differences between equipment malfunctions and cyberattacks.
“This knowledge database helps formulate viable attack hypotheses, thus enabling a rapid and automated response to threats,” Weng says.
A group of those involved in the ICRDE partnership poses for a photo on ASU’s Tempe campus. Photo by Erika Gronek/ASU
Cracking the code on cyberattack detection
The third project, which falls under the theme of creating advanced tools for detecting cyberattacks, looks to develop artificial-intelligence-based detection methods that can detect new types of cyberattacks not yet cataloged.
One of the key aspects of the project is to ensure that the machine learning models can be understood by the humans taking actual cybersecurity action. This will make sure people using the machine learning tools can distinguish actionable results from faulty AI-powered recommendations that use tampered data.
Currently, the research team is analyzing what AI-modeled cyberattacks look like when monitored through the ICS management software known as supervisory control and data acquisition, or SCADA. This gives the researchers a view into what it looks like when a cyberattack hits the computer system controlling energy grid functions. The researchers are also considering using deep reinforcement learning to further enhance cyberdefense capabilities and reduce the number of false positives detected as much as possible.
Lalitha Sankar, an associate professor of electrical engineering in the School of Electrical, Computer and Energy Engineering, is one of the principal investigators for this project. She is using her decade-long experience in identifying cyberattacks that can affect grid operations and developing machine learning-based countermeasures to lead her team in creating robust AI tools to identify, localize and neutralize these attacks.
“One of the powerful properties of the electric grid is that data collected at sensors called phasor measurement units, or PMUs, are correlated with those at nearby PMUs,” Sankar says. “Therefore, to effectively fake a malfunction, a clever adversary has to change a sizeable number of those sensors’ measurements.”
The attack detection machine learning algorithm her team is developing uses the physics-based properties of sensor measurements to distinguish between true equipment malfunctions and those faked by cyberattacks. As part of the development process, Sankar’s team is working to teach the algorithm to recognize key patterns in the data, known as features, to determine when a cyberattack is occurring in real time while ensuring limited false positives.
Putting up cybersecurity shields and innovating new technology to control industrial processes
The fourth project falls under the theme of increasing resilience in the face of a cyberattack.
Building on the knowledge gained in the first project to understand cyberattack types, this project focuses on keeping an energy grid operating in the face of an ongoing attack. This would leave human operators and computer programs fighting a cyberbattle against attacks while still providing power to customers as best as possible.
The fifth and final project seeks to add better cybersecurity into the energy grid by designing an ICS from the ground up. This would reduce the need to heavily revise an existing ICS with new security measures.
The team has finished designing a prototype of the new ICS, which is being tested for its efficacy through simulations.
Learning opportunities for all
The project includes faculty and industry partners in both countries as well as students and postdoctoral researchers.
Due to the lasting effects of the coronavirus pandemic, most of the collaboration between the American and Israeli researchers has been conducted over Zoom. However, there are hopes this will change soon with student researchers planning to travel between countries to collaborate in person.
The researchers involved in the Israel-U.S. Initiative on Cybersecurity Research and Development for Energy hope to meet in person more often as pandemic travel restrictions wane. Photo courtesy Yang Weng
Joel Mathias, an electrical engineering postdoctoral research scholar involved in simulating attacks that masquerade as system malfunctions, says the coalition gives him valuable research experience.
“This project gives me an opportunity to work closely with industry partners in developing solutions to critical problems in the power grid,” Mathias says. “The research gives me an understanding of the pressing challenges facing the utility industry, which is essential to my growth as a researcher working in the area of energy systems.”
He hopes that the research conducted through the coalition will help ensure the security of a more sustainable future energy grid. The ever-increasing number of distributed energy resources — such as solar technology, battery energy storage and electric vehicles — results in new challenges related to reliability, privacy and security. To coordinate electricity production and demand in a distributed setting, grids will rely more heavily on data for metrics on power production, demand for power and other associated parameters than ever before, leaving the grid more vulnerable to cyberattacks.
“The hope is that the research will help ensure that the smart grid, which is a more widely distributed, low-carbon and data-centric power grid, is fortified against such attacks,” Mathias says.