Assistant Professor of Electrical and Computer Engineering Junho Hong has been working on grid-related cybersecurity issues long enough to remember when most folks considered those threats theoretical. How times have changed. From the war in Ukraine to the recent targeting of substations in North Carolina and Washington, attacks on the electric grid, both physical and cyber, are now regular headline news. Such attacks have caused major disruptions to people’s lives and lots of economic damage. If timed properly, say, during extreme cold or hot weather, when electricity is vital to people’s health, such attacks can even be deadly.
Hong says keeping the grid safe is an increasingly complex endeavor mainly because the grid itself continues to get more complicated. In particular, in the past few decades, utility operators have added a thick layer of communications technology to the electric grid’s old-school analog infrastructure. Today, for example, Hong says it’s not uncommon for substations — a vital part of the grid’s network — to be controlled remotely, with operators using sensors and communications networks to alert them to problems. In many ways, this has made the grid a lot more functional and resilient, because utilities can diagnose issues more quickly and automate critical functions. But it’s also made it less secure. As with just about anything, Hong says once you add a communications network, particularly one with poorly configured cybersecurity devices, you’re basically opening a door to hackers.
Hong and his colleague Professor Wencong Su are leading a new project that’s aiming to ensure that door has high quality locks — and can quickly be shut again if malicious actors manage to squeeze through. Funded by a new grant from the U.S. Department of Energy, and partnering with collaborators that include Virginia Tech, GE and Atlanta-based utility Southern Company, Hong’s team is aiming to create a novel cybersecurity system that can help utilities detect and mitigate cyberattacks at substations, with minimal disruption to service. That “minimal disruption” part is vital — and one of the things that makes the project such a tricky cybersecurity challenge. With many other types of systems, when operators detect a threat, they can usually just shut down a system to mitigate further damage while they deploy a solution. “This is why when your bank account is compromised, your bank may lock your account for a few days while they issue you a new debit card. That’s inconvenient, but it’s not the end of the world,” Hong says. Shutting a power system down for a few days every time there's an attack, however, is obviously not a desirable solution. This is why Hong’s system will attempt to detect threats as they’re happening and automatically deploy mitigation strategies. That could keep the grid running with disruptions that are measured in minutes rather than days.
For security reasons, Hong can’t go into detail about how their system will do that. But as with many next-generation cybersecurity solutions, he plans to use a machine learning threat detection system that’s based on the principle of anomaly detection. In a nutshell, the machine learning system will constantly monitor the substation’s computer network, which over time, will allow the system to develop a sense of what usual network activity looks like. Once it’s built up a background picture of what “normal” is, it can then identify anomalous activity that could be a threat. If the system detects an attack, it can deploy automated mitigation strategies in real time, which will keep power flowing steadily across the grid.
Hong says building up that profile of normal substation network activity will be one of the most challenging parts of the project, and his team’s industry partners will play a crucial role. To develop their intelligence, machine learning algorithms need to be exposed to vast quantities of high-quality data. In this case, the preferable data set is real-world information coming from actual utility substation networks, which for obvious reasons, isn’t a data set that’s publicly available. So to initially develop their algorithms, Hong will use a test bed at UM-Dearborn that simulates the utility network’s hardware and software systems. Then, once they’ve developed their prototype algorithms, they’ll further refine them by testing them on the real-word substation networks of their industry partners. Researchers don’t always get the benefit of this kind of testing, but with this realistic training environment, Hong expects the algorithms to be more effective at detecting anomalies and potential threats.
The ultimate goal is to create a cybersecurity software package that could be broadly deployed across the utility industry, and researchers like Hong could indeed play a key role in helping us reach that goal. After years of grid-based cybersecurity being viewed as a future threat, both the private and public sector are finally giving the issue more attention — aided by some big new investments from the U.S Department of Energy. With something as important as the grid at stake, Hong says the more people working on this problem the better.
Want to learn more about how UM-Dearborn faculty and student researchers are pushing the edges of cybersecurity technology? Check out our recent articles “Bolstering 5G security for ultra-sensitive applications” and “EV charging stations could be a target for hackers.” Story by Lou Blouin