Intelligent Zero Trust for Defense Against Generative AI Attacks in Power Grid Supply Chain

Researchers plan to develop a framework to understand the potential of generative artificial intelligence (GenAI)-based attacks on the power grid to set up defenses. They’ll study potential attack vectors that GenAI brings into the power grid supply chain (PGSC) and develop an intelligent zero trust (I-ZT) defense mechanism.

Funded by the CCI Hub

Project Investigators

• Principal Investigator (PI): Md Shirajum Munir Old Dominion University (ODU)’s Virginia Modeling, Analysis, and Simulation Center (VMASC)
• Co-PI: Sachin Shetty, ODU Department of Electrical and Computer Engineering
• C0-PI: Walid Saad, Wireless @ Virginia Tech and Virginia Tech Research Center

Rationale and Background

PGSC cybersecurity protects infrastructure that’s expected to deploy up to 40 billion distributed energy resource (DER) devices by 2025. 

With that massive expansion, GenAI models offer significant benefits in data augmentation and reconstruction. However, they can also expand cyber attack vectors that introduce new vulnerabilities and risks to the power grid.

To safeguard these vulnerabilities, it is essential to address such challenges as: 

• Potential attacks created by GenAI frameworks in the context of DER-enabled grid infrastructure to understand potential vulnerabilities. 
• Design of tail and risk-based reliability measure and trust metrics to analyze the worst-case vulnerabilities of energy DERs control and communication messages for low latency recovery, adaptation of energy grid behavior changes, and ability to scale.
• Moving from classical trust-and-verify approaches into a zero-trust regime built on the paradigm of never trust and always verify, to reduce the impact of grid vulnerabilities and increase control of the grid’s health.

Deploying zero-trust for surveillance of DER activities by integrity monitoring, trust evaluation, dynamic security policy updates, and least privilege access to meet National Institute of Standards and Technology (NIST) and the Department of Defense (DoD) guidelines.

Methodology

Researchers will explore potential vulnerability creation in the ZT framework, such as the capability of generating new attack vectors by modeling generative adversarial networks (GAN) and variational auto-encoder (VAE) for generating synthetic identities with the convincing user and DER device profiles. 

The next step will be the development of tail-based reliability metrics to realize the risk of the potential attack and investigate a trust quantification approach for continuous validation. The novelty arises from understanding the undercover risk of DER’s control/communication messages vulnerabilities in PGSC. 

Researchers will then investigate a stochastic process that accounts for unpredictable events to understand the behavior of GenAI-generated vulnerability for dynamic security policy updates in PGSC.

Projected Outcomes

Researchers will create a framework to comprehend the potential of GenAI-based attacks on the power grid, and to protect the grid by realizing and validating trust in new attack vectors. 

Specifically, they’ll study the potential attack vectors of replay and protocol types attacks that GenAI brings into the power grid supply chain and develop an intelligent zero trust (I-ZT) defense mechanism to defend against such circumstances. There are two key aspects:

• Researchers will design the first approach to investigating GenAI-driven cyber attacks in the PGSC.
• They’ll create a novel I-ZT framework to defend against GenAI attacks for the PGSC.

The proposed I-ZT meets the principle of ZT architecture by designing integrity monitoring and trust evaluation by tail and risk, and continuous reinforcement learning (RL) to assure dynamic policy updates and management of DERs in the power grid supply chain.