Using AI to protect the energy grid in real time
A team in the US is developing a graph-based AI model that prioritizes cyber threats on the fly.
The team at the US Department of Energy’s Pacific Northwest National Laboratory have proposed the new approach with AI to protect the energy grid in real time.
The team, led by data scientist Sumit Purohit, is trying to leapfrog current practices and create a better level of protection. Instead of protecting the electric grid and its tens of thousands of components piece by piece, the tool gives grid operators a clear blueprint to identify and address the biggest threats first and to protect against them without a mad scramble for resources down the road.
- BrainChip teams for grid AI cyber threat detection
- Europe makes smart grid security recommendations
- Combining IEC 61850 and TSN for smart grid security
“A great deal of effort is put forth every day into addressing specific vulnerabilities, but that can be overwhelming,” said Purohit. “We’re putting forth a longer-term solution. What do you need to be looking at, not just today or tomorrow, but years down the road, as the grid is changing?”
“It’s important to deal with today’s problems, but let’s also think about tomorrow’s challenges. We need to plan for things down the line as more smart devices like batteries, inverters, generators and hybrid cars are connected to the grid,” he added.
“This approach would allow a utility to quickly assess its cyber risk as they are planning their future grid expansion,” he said. “If you plan to connect more smart devices in the future, you need to be prepared to address the risks. There are thousands of ways to attack utility operations. By looking at historical events and using reinforcement learning, we have reduced that to fewer than 100 that need the most attention.”
The team’s formula is based on a model known as hybrid attack graphs, a mathematical approach that is becoming more popular as the cyber and physical worlds become interconnected. The approach gives users flexibility to map out and follow multiple attack routes as they evolve and as defenders and attackers give and take ground. The team uses optimization and data from actual energy grid cyberattacks to train the model.
The research draws on research previously done by MITRE that links high-level objectives of adversaries with the techniques they have used as well as ways to prevent attacks. But the framework does not include information about the cost to an organization, in terms of effort or money, to implement those protections. The PNNL team is addressing the cost of implementing potential solutions.
Data scientist Rounak Meyur, who worked on the project, added that “Our work aims not only to maximize available resources but also to consider what might need to be done to augment or improve existing capabilities.”
A key part of the team’s work is making sure the work is explainable so that grid operators and cyber analysts understand the reasons why the model prioritizes and makes the recommendations it does.
The team is working to improve the model and plans to work with energy grid and cybersecurity experts to better measure the impacts of adversarial actions on cyber-physical systems.
“Right now, in some ways, keeping power flowing and keeping the grid safe is more art than science,” said Edgar. “Our approach is grounded in science and would help the utility know in a more definitive way where to invest to get the most bang for its buck in terms of protecting itself from attack.”
If you enjoyed this article, you will like the following ones: don't miss them by subscribing to :
