Texas A&M: Protecting The Power Grid Through Cyber-Physical Threat Response

Current methods of defending critical energy infrastructure from multi-stage, cyber-physical threats remain largely dependent upon human intervention and compartmentalized monitoring with an emphasis on prevention. But how can electric power utilities quickly and effectively respond to anomalous cyber and physical events as early as possible?

Katherine Davis, assistant professor in the Department of Electrical and Computer Engineering at Texas A&M University, and her research team are utilizing cyber and physical information alongside models with artificial intelligence to provide a solution that helps energy management systems protect themselves with semi-automated, real-time data analysis.

As part of a new project funded through the Office of Cybersecurity, Energy Security and Emergency Response in the U.S. Department of Energy (DOE), Davis will lead the team in developing a scalable, physics-informed and artificial intelligence-enabled cyber-physical intrusion response solution for electric power utilities. The project will focus on identifying techniques and scalable working prototypes with the goal of achieving coordinated cyber-physical response — of both cyber and physical controls together — through hybrid, model-based and data-based visibility of events in a secure and reliable testing environment.

The connections between cyber and physical assets are growing, bringing greater risk to both network and physical infrastructure security. With expertise in power systems, machine learning, software development and cybersecurity, the multidisciplinary team will develop, test and pilot a solution grounded in the real-world utility environment to provide a practical solution for utility companies in response to cyber-physical intrusions.

One of the key focus areas of this DOE-funded project is scalability, which emphasizes the importance of translating the algorithms into viable practice and supporting sustainability of the new technology through strategic workforce training and outreach efforts. Prior to joining Texas A&M, Davis worked for a private entity within the power system industry. She values the opportunity to develop a solution that positions energy delivery system providers with trusted capabilities in supporting resiliency through a multi-stage response strategy.

“Our research is driven by real industry needs and practice, based on the expressed needs of utility service providers in Texas and across the nation,” Davis said. “Using our research facilities to create models to serve these providers is the launching pad for developing a solution that offers preventive and reactive measures against cyber-physical intrusion.”

This research builds upon another federally funded project led by Davis already underway — Cyber Physical Resilient Energy Systems (CYPRES) — which focuses on the integrated principles of a secure end-to-end system to provide a modeling foundation at the core of next-generation energy management. The intrusion response project takes the data and findings from power systems analyzed through CYPRES to develop an algorithm that can be tested, verified and trusted by utility providers as a safeguard to provide and maintain reliable energy distribution to their customer base. In its simplest form, it is about keeping the lights on, powering homes and protecting the cyber-physical infrastructure that enables that process.

“Most areas of research place emphasis on protecting and maintaining a power grid system from the perspective of prevention,” Davis said. “Our hope is that these preventive measures are successful, but we recognize that sometimes they are not. This project leads the development of a multi-stage, cyber-physical response mechanism as a critical component of protecting the power system from adversaries at any stage of an incident.”

The importance of this research was recently demonstrated with the Colonial Pipeline ransomware incident that occurred in May 2021 from just one compromised password. The multi-stage intrusion successfully breached the pipeline’s IT system, encrypting data and ultimately disrupting the entire U.S. East Coast’s access to refined oil used primarily for gasoline, jet fuel and home heating oil. The ramifications of this successful breach were far-reaching and caused a forced proactive shutdown of the pipeline, delayed and canceled flights, financial investment in external cybersecurity experts and six days of uncertainty for consumers.

Using the Resilient Energy Systems Lab, a testbed that her group designed and developed within the Texas A&M Engineering Experiment Station’s Smart Grid Center, researchers can replicate past scenarios while deploying new technology at different stages of the intrusion. This offers an important tool for developing training courses simultaneously. Curriculum for short courses, workshops and continuing education with structured learning outcomes will be developed through the Texas A&M Engineering Extension Service’s Cyber Readiness Center.

Ana Goulart, associate professor in the Department of Engineering Technology and Industrial Distribution at Texas A&M, serves as the co-principal investigator for the three-year, $2.7 million project. Additional academic and industry collaborators include Saman Zonouz, associate professor in electrical and computer engineering at Rutgers University; Rakesh Bobba and Sibin Mohan, associate professors in electrical engineering and computer science at Oregon State University; Robin Berthier, Network Perception; John Camilleri, PSC Consulting; Tim Simmons, TDi; and Hala Ballouz, Electric Power Engineers. Utility stakeholders include Seattle City Light, Bryan Texas Utilities and the Public Utilities Commission of Texas.