Assistant Professor of Electrical and Computer Engineering Junho Hong has been working on grid-related cybersecurity issues long enough to remember when most folks considered those threats theoretical. How times have changed. From the to the recent and , attacks on the electric grid, both physical and cyber, are now regular headline news. Such attacks have caused major disruptions to people鈥檚 lives and lots of economic damage. If timed properly, say, during extreme cold or hot weather, when electricity is vital to people鈥檚 health, such attacks can even be deadly.
Hong says keeping the grid safe is an increasingly complex endeavor mainly because the grid itself continues to get more complicated. In particular, in the past few decades, utility operators have added a thick layer of communications technology to the electric grid鈥檚 old-school analog infrastructure. Today, for example, Hong says it鈥檚 not uncommon for substations 鈥 a vital part of the grid鈥檚 network 鈥 to be controlled remotely, with operators using sensors and communications networks to alert them to problems. In many ways, this has made the grid a lot more functional and resilient, because utilities can diagnose issues more quickly and automate critical functions. But it鈥檚 also made it less secure. As with just about anything, Hong says once you add a communications network, particularly one with poorly configured cybersecurity devices, you鈥檙e basically opening a door to hackers.
Hong and his colleague Professor Wencong Su are leading a new project that鈥檚 aiming to ensure that door has high quality locks 鈥 and can quickly be shut again if malicious actors manage to squeeze through. Funded by a new grant from the U.S. Department of Energy, and partnering with collaborators that include Virginia Tech, GE and Atlanta-based utility Southern Company, Hong鈥檚 team is aiming to create a novel cybersecurity system that can help utilities detect and mitigate cyberattacks at substations, with minimal disruption to service. That 鈥渕inimal disruption鈥 part is vital 鈥 and one of the things that makes the project such a tricky cybersecurity challenge. With many other types of systems, when operators detect a threat, they can usually just shut down a system to mitigate further damage while they deploy a solution. 鈥淭his is why when your bank account is compromised, your bank may lock your account for a few days while they issue you a new debit card. That鈥檚 inconvenient, but it鈥檚 not the end of the world,鈥 Hong says. Shutting a power system down for a few days every time there's an attack, however, is obviously not a desirable solution. This is why Hong鈥檚 system will attempt to detect threats as they鈥檙e happening and automatically deploy mitigation strategies. That could keep the grid running with disruptions that are measured in minutes rather than days.
For security reasons, Hong can鈥檛 go into detail about how their system will do that. But as with many next-generation cybersecurity solutions, he plans to use a machine learning threat detection system that鈥檚 based on the principle of anomaly detection. In a nutshell, the machine learning system will constantly monitor the substation鈥檚 computer network, which over time, will allow the system to develop a sense of what usual network activity looks like. Once it鈥檚 built up a background picture of what 鈥渘ormal鈥 is, it can then identify anomalous activity that could be a threat. If the system detects an attack, it can deploy automated mitigation strategies in real time, which will keep power flowing steadily across the grid.
Hong says building up that profile of normal substation network activity will be one of the most challenging parts of the project, and his team鈥檚 industry partners will play a crucial role. To develop their intelligence, machine learning algorithms need to be exposed to vast quantities of high-quality data. In this case, the preferable data set is real-world information coming from actual utility substation networks, which for obvious reasons, isn鈥檛 a data set that鈥檚 publicly available. So to initially develop their algorithms, Hong will use a that simulates the utility network鈥檚 hardware and software systems. Then, once they鈥檝e developed their prototype algorithms, they鈥檒l further refine them by testing them on the real-word substation networks of their industry partners. Researchers don鈥檛 always get the benefit of this kind of testing, but with this realistic training environment, Hong expects the algorithms to be more effective at detecting anomalies and potential threats.
The ultimate goal is to create a cybersecurity software package that could be broadly deployed across the utility industry, and researchers like Hong could indeed play a key role in helping us reach that goal. After years of grid-based cybersecurity being viewed as a future threat, both the private and public sector are finally giving the issue more attention 鈥 . With something as important as the grid at stake, Hong says the more people working on this problem the better.
###
Want to learn more about how UM-Dearborn faculty and student researchers are pushing the edges of cybersecurity technology? Check out our recent articles 鈥Bolstering 5G security for ultra-sensitive applications鈥 and 鈥EV charging stations could be a target for hackers.鈥 Story by Lou Blouin
