11/4/2015 Sarah Bates, National Science Foundation
Written by Sarah Bates, National Science Foundation
(Reprinted from the National Science Foundation)
The physical infrastructure of the U.S. electric grid is aging, overburdened and vulnerable to natural hazards.
That's not the bad news.
The bad news is that efforts to solve these issues have opened the door to new vulnerabilities.
New approaches that transform how energy is produced, delivered and consumed have created increased reliance on complex data flows, interconnected systems and sophisticated technologies--i.e., the new smart grid.
But with smarter systems come equally smart hackers.
Cyberattacks can come in many forms, all with the real risk of physical harm to the system. This was demonstrated in the 2007 Aurora project, where a staged cyberattack revealed critical vulnerabilities in the power grid.
To stay one step ahead of cyberattacks, engineers and scientists funded by the National Science Foundation (NSF) are exploring innovative new ways to operate and secure the grid, using the tools of game and control theory.
A beautiful defense
The most insidious type of cyberattack that researchers are looking to thwart is one in which grid operators may themselves be unwitting participants.
Within a power grid are natural fluctuations in energy: perturbations that seem normal.
Notably abnormal perturbations--those caused by lightning strikes or an equipment malfunction--are picked up by sensors. Controllers then adjust the energy flow accordingly, and all is well.
But what grid monitors worry about are perturbations that seem natural but aren't.
It's possible for malicious hackers to purposefully feed bad data to controllers, who may mistakenly believe the energy flow needs to be adjusted, essentially fooling the control system into disrupting its own state.
Aerospace Engineering at Illinois Associate Prof. Cedric Langbort, who uses game theory to develop secure control algorithms, says the challenge is that "you don't know what you don't know."
"Remember the movie about John Nash?" Langbort says, referring to the film A Beautiful Mind. "There's a scene where Nash and his friends discuss how if they all go for the same girl, no one will get the girl. But if they cooperate and know each other's strategies, they have a good chance of succeeding.
"My decision influences your outcomes and vice versa," he says. "It's basic Nash equilibrium."
'For Langbort, cybersecurity is more than preventing hackers from getting into the system. He assumes a hacker will find a way in--especially in a system with more and more distributed entry points.
The challenge is how to detect those seemingly innocuous perturbations and develop countermeasures for an attack in progress.
Theoretically, a hacker can meddle with information and influence decision-making without anyone ever realizing it. That's where game theory may come in handy.
"What I do affects what you get to know about the game," says Langbort. "That makes it more difficult because now there are things that you don't know that I know."
Those things can include whether the attacker has altered the sensor signals to provide incorrect measurements--maybe not enough to trigger an alarm about an "unnatural" perturbation, but enough so the controller unnecessarily adjusts the energy flow. Once that happens, the system is compromised.
Langbort is developing an algorithm that would help people make decisions when information is incomplete or even purposefully misleading.
"There is a lot of interest in cybersecurity right now," he says. "Because these are difficult, fundamental problems. These types of games that involve partial information are not well understood."
He is even playing both sides of the game in his research, setting up smart control systems and then trying to hack them. He's doing so to identify the weaknesses, as well as potential methods to exploit weaknesses, and use them to build a new control theory system.
Langbort and other NSF-funded researchers are exploring vital issues that have immediate impacts tied to long-term implications for the power grid. With millions of new points of control, there is tremendous potential to improve efficiency and resiliency, and enormous need to explore innovative methods to secure them.
Cybersecurity of control systems is one of the major research challenges in the smart grid, according to Radhakishan Baheti, program director for the Energy, Power, Control and Networks Program at NSF. "Future control systems will include cybersecurity as the design requirement to guarantee the resilience of power grids against cyber attacks," he said.