Security

Power grid cybersecurity tool uses machine learning and sensors to detect threats

New sensor technology and machine learning could help operators detect and analyze cyber-physical attacks on power-distribution networks. Get more details about this power grid security research.

In today's always connected world, losing power is more than just an annoyance. "The truth is, we rely on electricity much more than we realize," writes Sherry Hewins in her column What Could Happen in a Long-Term Power Outage? "Even if you live 'off the grid' as I did for years, you are still living in a world and a society that is deeply dependent upon electricity."

It is the "deep dependency" that has power companies moving toward what is called the Smart Grid, a more efficient and reliable power-distribution infrastructure. The Smart Grid—in a sense, a power-line internet— introduces unprecedented capabilities, which include:

  • Quicker restoration of electricity after power disturbances;
  • Reduced operations and management costs for utilities, and ultimately lower-power costs for consumers; and
  • Reduced-peak demand, which will lower electricity rates.

SEE: Toolkit: Calculating workstation energy usage (Tech Pro Research)

One reason these capabilities are possible is the use of two-way communications between power-distribution centers and smart equipment (smart meters and smart appliances) downstream. Enhanced communications help more than just the people who make sure electricity keeps flowing. As you may have guessed, it also helps those who wish to harm.

Current IT security practices may not protect power grids

"The power distribution grid was developed with careful consideration to ensure safe and reliable operation," writes Kathy Kincade in the Lawrence Berkeley National Laboratory press release Combination of Old and New Yields Novel Power Grid Cybersecurity Tool. "As the grid is modernized to improve reliability, new features must be designed for cyber-resilience to prevent cyberattacks via IP networks."

SEE: Hackers are attacking power companies, stealing critical data: Here's how they are doing it (ZDNet)

The problem, as Kincade sees it, is that current IT-security practices (including intrusion-detection, firewall, and encryption technologies) are insufficient. Kincade adds, "These techniques may leave a gap in safety and protection when applied to cyber-physical devices because they do not consider physical information known about the device they are protecting."

Machine learning and sensors may help ensure security for power grids

A team of researchers led by Sean Peisert (Berkeley Labs), including Ciaran Roberts (Berkeley Labs), Anna Scaglione (Arizona State University), Alex McEachern (Power Standards Lab), Chuck McParland (Berkeley Lab retiree), and Emma Stewart (Lawrence Livermore National Lab), have been hard at work on a project that melds cybersecurity methodology, machine-learning algorithms, and commercially-available power-system sensor technology into a security monitoring and analysis framework specifically for power grids.

The team is currently designing the framework's architecture to detect cyber-physical attacks on power-distribution networks. "To do this they are using micro-Phasor Measurement Units (µPMUs) to capture information about the physical state of the power distribution grid," writes Kincade. "They then combine this data with SCADA (Supervisory Control and Data Acquisition) information to provide real-time feedback about system performance."

The idea is to monitor the physical behavior of components within the electrical grid to determine when devices are being manipulated abnormally as when under cyberattack. Peisert further explains, "These devices provide a redundant set of measurements that give us a high-fidelity way to track what is going on in the power distribution grid."

Peisert reiterates the value of redundant measurements allowed by using both SCADA and µPMU devices. He says, "Individually it might be possible for an attacker to manipulate what is being represented by any single sensor or source of information, which could lead to damage of the power grid. This approach provides the redundancy and therefore resilience in the view that is available to grid operators."

System redundancy offers the additional benefit of differentiating real attacks from false positives by comparing the µPMU measurements to what the equipment is reporting.

What is a µPMU, and why does it matter?

A phasor measurement unit can determine the electrical state of a power grid using voltage-phasor and current-phasor calculations. However, PMUs are large and expensive, which limits their deployment to centralized distribution nodes—this is where the team's µPMUs come into play.

Kincade writes, "Because they are much smaller and potentially less expensive, multiple µPMUs can be deployed at points along a distribution grid, providing a much higher resolution (120 measurements/sec) of the grid and alerting operators of potential attacks on the grid in real time."

SEE: Cyberweapons are now in play: From US sabotage of a North Korean missile test to hacked emergency sirens in Dallas (free PDF) (TechRepublic cover story)

An algorithm enables real-time reporting

The researchers doctored an algorithm first introduced in 1954 (CUSUM or CUmulative SUM) to fit their machine-learning needs. Ciaran Roberts of Berkeley Labs told Kincade the algorithm enables software to identify whether measurements such as current magnitude, active power, and reactive power are normal or abnormal by detecting rapid changes in the physical environment.

A working prototype

The Berkeley campus has its own power-distribution substation, which allows the team to test their monitoring and analysis framework. The applications being studied include:

  • State estimation and enhanced visibility for system operators;
  • Characterization of loads and distributed generation;
  • Diagnosis of problematic conditions such as oscillations or FIDVR;
  • Microgrid synchronization; and
  • Cybersecurity of power-distribution grid equipment.

Why this new tech is critical now

Cyberattacks on power grids are becoming a common headline on tech and mainstream news outlets; conjecture as to what a long-term wide-scale power outage would look like is surfacing as well. Unfortunately, predictions by George Orwell in his book 1984 look tame by comparison. Therefore, it is good to learn that experts are hard at work on this issue.

SEE: Cyberattacks Put Russian Fingers on the Switch at Power Plants, U.S. Says (The New York Times)

Peisert says, "Using high-resolution sensors in the power-distribution grid and a set of machine-learning algorithms that we developed, in conjunction with a simple model of the distribution grid, our work can be deployed by utilities in their distribution grid to detect cyberattacks and other types of failures."

Also see

powergridistock-695555248kagenmi.jpg
Image: Kagenmi, Getty Images/iStockphoto

About Michael Kassner

Information is my field...Writing is my passion...Coupling the two is my mission.

Editor's Picks

Free Newsletters, In your Inbox