Cyberattacks on the energy sector are on the rise and can cripple a city or country. In Ukraine in 2015, a cyberattack on the electrical grid created a power outage for 225,000 customers. Earlier this year, a U.S. security alert accused the Russian government of hacking multiple U.S. energy, nuclear, water, aviation, industrial and other facilities. Part of the problem is that more and more electrical and other utilities are connected to the Internet, leaving them vulnerable to new types of attacks not possible in the analog age.
A team led by Illinois Tech computer science professor Dong (Kevin) Jin is developing a unique self-healing phaser measurement unit (PMU) network design with centralized control to fight back against growing cyberattacks on the energy monitoring system and other critical infrastructure systems. They created an innovative self-healing scheme exclusive to PMU networks with the goal of efficiently recovering the power system observability (a measure of how well the system is working internally based on its outputs) while minimizing the self-healing time.
Jin is doing this work under an Airforce Office of Scientific Research (AFOSR) Young Investigator Research Program Award grant. His co-researchers include Yuan Hong, assistant professor of computer science; computer science Ph.D. students Yanfeng Qu and Xin Liu; and Chen Chen, computational engineer—energy systems, Argonne National Laboratory.
Traditional power grids have been converted to intelligent smart grids with control and monitoring of the system in real time. PMUs are important because they measure what’s going on in the grid in real time and ensure a supply of high quality electrical energy. These measurements are time-stamped and collected for analysis and control of the system.
Many of the emerging wide-area monitoring protection and control (WAMPAC) applications in modern electrical grids rely heavily on the availability and integrity of widespread PMU data. Attacks on PMUs can significantly reduce system observability and thus affect critical power system applications and operations. This problem is growing as the numbers of PMUs grow; there were about 2,500 networked PMU systems in North America in 2017.
Jin and his fellow researchers want to make the PMU network more resilient to growing cyberattacks and system faults as the system gets more complex and interconnected. An efficient self-healing scheme, they believe, should be a cross-layer solution that considers critical constraints in the power system application layer as well as the underlying communication network layer. They propose using a centralized network control, such as the emerging software-defined networking (SDN) technology, to design resilient network self-healing algorithms against cyberattacks. Upon detection of a cyberattack, the PMU network can reconfigure itself to isolate compromised devices, reconnect uncompromised devices, and re-route measurement data with the goal of preserving the power system observability. The result is a system that keeps capturing important data even during a cyberattack and uses it to build intelligence to defend against the attack.
Fig. 1 A self-healing PMU architecture
As guiding principles, Jin and his co-researchers wanted to(1) focus on recovering power system observability rather than PMU device connectivity; (2) update the communication paths while preserving the important requirements such as real-time operations rather than always taking the shortest paths; (2) consider the performance of overhead of network configuration since PMU networks have more demanding requirements on availability. The scheme that Jin and his fellow researchers propose has three features:
- A global view of the PMU network for computing a global-optimal solution.
- Essential constraints from the electrical grid applications and the communication network.
- A way to enable the direct network control to achieve flexible and fast network reconfiguration.
By considering the specific constraints across the power system applications as well as the underlying communication network, they formulated the self-healing process using an integer linear programming model over graph-based networked system models for formulating the self-healing process.
Finally, they developed a prototype system using a container-based network testbed, and conducted performance evaluation concerning self-healing plan generation and network reconfiguration in both SDN networks and conventional networks.
Their future goals include extending the attack scenarios and studying efficient self-healing mechanisms on a hybrid network architecture consisting of both SDN and traditional networking devices and protocols.