Commonwealth Cyber Initiative Researchers Working on Keeping the Power Grid Secure from Cyber Attacks
Securing the nation’s power grid is more important than ever. Recent cyber attacks caused a gas shortage on the east coast and threatened the nation’s meat supply, reinforcing the importance of Commonwealth Cyber Initiative (CCI) researchers who are working to secure power grids and other critical infrastructure from future attacks.
In quick succession ransomware attacks hit energy and food producers last month. These attacks locked and encrypted data, demanding a ransom to return the data. The Colonial Pipeline cyberattack caused a gas shortage across several states in May. Soon after, the world’s largest meat processing company Brazil-based JBS SA was attacked, returning online earlier this month.
The power grid, healthcare systems, and other essential infrastructure are vulnerable to attack.
The Power and Energy Center, a Virginia Tech research center in the Bradley Department of Electrical and Computer Engineering dedicated to power engineering research, has been working on the challenge of securing the power grid for about five years. “Cybersecurity is more than passwords and firewalls,” said Chen-Ching Liu, American Electric Power Professor at Virginia Tech.
Power grids are transitioning from enclosed operations with limited accessibility to a connected approach using 5G wireless networks. This approach is more efficient but also opens up the grid to cyber threats, Liu said.
If bad actors use remote control to access the power grid, they can divert power, overload circuits, and generally cause mayhem. “It causes a large disruption to our society and our lives,” Liu said.
“Hackers can falsify information to make it seem that the power system is working fine while they’re disrupting the system,” said Ali Mehrizi-Sani, a Virginia Tech associate electrical and computer engineering professor. Making sure the system’s information is trustworthy is part of the challenge, he said.
Liu, Mehrizi-Sani, and their team are developing approaches to thwart intruders or defend the power grid. “I want to capture that attack with the cyber system before the threat hits the power system,” Liu said. “We don’t want the power grid to feel anything.”
In the past, power grid substations didn’t talk to one another but now they can through fast 5G networks. Word spreads fast, similar to when a neighbor spots a suspicious vehicle on the street, and the grid can be protected before harm strikes. “Neighbors alert neighbors that there’s a problem,” Liu said.
While some CCI researchers are working to keep the lights on, others are making sure crucial healthcare systems are there when we need them. Hurricanes, pandemics, and other natural disasters put extra stress on hospitals and offer bad actors the opportunity to launch a cyberattack on an already vulnerable system.
Kathryn Laskey, a professor of systems engineering and operations research at George Mason University’s Volgenau School of Engineering, is working on how to make these systems more resilient when they’re struck by more than one huge event. Laskey is building off research conducted by Elise Miller-Hooks, Bill and Eleanor Hazel Chair in Infrastructure Engineering at George Mason.
While a hospital is contending with a natural disaster, Laskey said, a cyber invasion can start with a simple click.
“You need to have good cyber hygiene,” she said. “Most of the attacks start with people clicking on a link they shouldn’t and that’s how someone gets into your system.”
Paying a ransom may not be the best course of action and invite more attacks in the future, Laskey noted. “Good system backups mean you can recover from an attack. If you have these plans in place, you’re not necessarily forced to pay the ransom.”
CCI is funding several projects related to securing critical infrastructure:
"SWIFT: Southwest Wireless Information Freshness for power grid Technologies” Mehrizi-Sani and Vijay K. Shah, research assistant electrical and computer engineering professor at Virginia Tech
"C3-5GPG: Cybersecure Communications and Control for 5G-enabled Power Grid” Mehrizi-Sani, Shah, Duminda Wijesekera, computer science professor at George Mason University and CCI Fellow
"Virginia Integrative Experiential Workforce for Power System Communication and Cybersecurity" Mehrizi-Sani and Liu
“Cyber-Disaster Resilience: Assessment Framework for Cyber Impacts During Natural Disasters” Laskey
- “Protecting Critical Infrastructure” Daniel Barbará, computer science professor at George Mason