Case Study

Department of Energy Awards Georgia Tech, GTRI Contract to Detect Cyber Attacks on Utilities

Published: December 19, 2013

Click for article gallery (2 images).

Today’s cyber attacks aren’t just a threat to computer networks. Those with malicious intent can disrupt important infrastructure systems such as utilities and power grids.

The trick is to identify when such attacks are underway.

Through a cooperative, cross-campus effort, the Department of Energy awarded the Georgia Tech Research Institute (GTRI), Georgia Tech and its cost-sharing partners $5 million to help detect cyber attacks on our nation’s utility companies.

By partnering with the Georgia Tech School of Electrical and Computer Engineering’s National Electric Energy Testing, Research and Applications Center (NEETRAC) and the Strategic Energy Institute (SEI), GTRI’s Cyber Technology and Information Systems Laboratory (CTISL) will work together with renowned experts in SmartGrid technology to develop protocols and tools to detect such attacks.

“Utilities and energy delivery systems are unique in several ways,” said CTISL researcher Seth Walters, one of the principal investigators on the project. “They provide distribution over a large geographic area and are composed of disparate components which must work together as the system’s operating state evolves. Relevant security technologies need to work within the bandwidth limitations of these systems in order to see broad adoption and they need to account for the varying security profiles of the components within these power systems.”

To detect adversarial manipulation of the power grid, the cyber security tool suite will consist of advanced modeling and simulation technologies and a network of advanced security sensors capable of acting to protect the power system in real-time on the basis of this modeling and simulation.

“This project is particularly exciting as it integrates GTRI’s cyber security expertise, with the expertise in grid and electrical power of NEETRAC and ECE,” said SEI Executive Director Tim Lieuwen. “A key piece of our campus energy strategy is promoting certain signature energy areas where Georgia Tech combines unique breadth and depth into best of class capabilities – the area of electrical power is one of those, and this project further demonstrates Georgia Tech’s commitment to this space.”

The project will consist of three phases, which include research and development, test and validation at Georgia Tech, and technology demonstration at operational utility sites with the assistance of multiple utility company partners.

“GTRI’s expertise in systems engineering and cyber security will be a great advantage for execution on this award,” Walters said. “We also have the singular advantage in being able to collaborate with professors from Georgia Tech. The School of Electrical and Computer Engineering was instrumental in bringing emerging research ideas to the proposal narrative.”

A truly collaborative proposal process, GTRI worked with professors Sakis Meliopoulos, Santiago Grijalva and NEETRAC engineer Carson Day, who are experts in power grid and smart grid technology, and Raheem Beyah, an expert in cyber security.

“My group, the Communications Assurance and Performance [CAP] Group, will work with GTRI researchers to develop, test and deploy a context-aware network-based intrusion detection system [NIDS],” Beyah said. “Working with a power grid simulator, the NIDS will have the ability to prevent network packets containing application-layer commands that render the power grid unstable from entering the network.”

A Georgia Power Distinguished Professor and SEI Associate Director, Grijalva will integrate a cyber-power co-simulator where numerous cyber-attack mechanisms can be simulated, including their effects in the physical power infrastructure. He will also develop real-time decision-making algorithms that evaluate the impact of potential cyber-induced power infrastructure malfunction.

“The proposed cybersecurity system is complex, so a disciplined approach to delivering a system of systems which embodies this complexity will be required,” Walters said. “Furthermore, as part of research and development, we will be working to ensure that the tool suite, as conceptualized by the team, remains relevant to current and emerging industry needs.”

CTISL Emerging Threats and Countermeasures Division Chief Andrew Howard noted that this is a unique part of this proposal. “This proposal isn’t just about the research,” Howard said. “In addition to the extensive modeling and simulation, it’s also about developing a commercialization plan for other utilities to benefit.”