Sophisticated cyber threats and events targeting critical infrastructures, such as the attacks on the Ukrainian power system, underscore the immediate need for new and robust security measures.

These security challenges faced by critical power systems extend beyond external threats with a particular concern emerging: the threat from within. Inside attackers, whether motivated by malice or coercion, pose a formidable risk to infrastructures like the electrical grid.

“Inside attackers have both knowledge and access to systems, making them particularly challenging to defend against,” said Professor Santiago Grijalva. “Only through comprehensive measures can we effectively defend against and mitigate the risks posed by both external attackers and insider threats."

In response to these wide-ranging risks, initiatives such as Georgia Tech’s GridLogic, which aims to enhance security across all levels of the grid, are essential. The system looks to establish a new benchmark for safeguarding critical infrastructure by detecting dangerous actions and system conditions and trajectories that can compromise system operation. 

Grijalva, a Southern Company Distinguished Professor in the School of Electrical and Computer Engineering (ECE), is leading the project in collaboration with ECE Professor Vincent Mooney, senior research scientist Trevor Lewis from the Georgia Tech Research Institute, and researchers from the National Renewable Energy Laboratory and AVEVA, a global leader in industrial software. AVEVA will be providing licenses of both the PI System and AVEVA Process Simulation software to the project.

A Comprehensive Security Framework

GridLogic will utilize advanced collaborative hardware and software security design, deep network visibility, and artificial intelligence (AI)-driven system analytics to ensure security across the entire cyber-physical system. This includes coverage of field control devices like power sensors and relays, distributed energy resources (DERS) such as rooftop solar panels, energy storage, microgrids, and network infrastructure.

“Modern cyber-physical systems require both hardware and software for proper functionality,” said Mooney. “Tight coupling of these domains is crucial for security, yet challenging to achieve due to conflicting demands of user-friendliness and high levels of security."

To address such demands, features such as multi-factor authentication and encryption on field control devices will be incorporated to guarantee exclusive access for authorized personnel. Root-of-Trust (RoT) hardware-based authentication, a security feature in microchips that safeguards the power-on process and critical operations through cryptographic checks, will add an extra layer, making it challenging for insiders to compromise.

Special emphasis will also be placed on researching the unique characteristics of power system network architectures that both internal and external attackers take advantage of in their campaigns.

Leveraging AI and Network Monitoring

Novel network traffic monitoring strategies will be developed that increase depth of visibility in the network topology, remote stations, and power system protocols to determine attacker intent and trajectory towards malicious operation. 

Moreover, GridLogic will leverage AI-based predictive models to proactively identify potentially harmful actions, enabling automatic security escalation to prevent potential attacks before they occur.

“AI will allow GridLogic to learn and quickly discern questionable actions and dangerous states of the power and control system as well as trajectories that can jeopardize system operations,” said Grijalva. 

Real-World Testing and Deployment

As the research progresses, the team aims to develop a scalable framework for deploying GridLogic in real-world scenarios, partnering with the City of Marietta and Marietta Power for a comprehensive demonstration in energy delivery systems and with the Southern Company to test it on microgrid setups. 

"It is critical to thoroughly test and evaluate any new security technology within the context of the real-world system,” said Lewis. “The system will be designed alongside real-world power system architectures and components so that the installation and integration process will be easy for any utility that wants to use GridLogic in their systems.”

GridLogic received $3 million from the U.S. Department of Energy (DOE) as part of a group of 16 cybersecurity projects announced in late February. The projects, with a total investment of $45 million, are geared towards discovering new cybersecurity tools and technologies to minimize cyber risks in energy infrastructure, followed by tech-transfer initiatives.