ALBUQUERQUE, N.M. — The electric grid powers everything from traffic lights to pharmacy fridges. However, it regularly faces threats from severe storms and advanced attackers.
Researchers at Sandia National Laboratories have developed brain-inspired AI algorithms that detect physical problems, cyberattacks and both at the same time within the grid. And this neural-network AI can run on inexpensive single-board computers or existing smart grid devices.
“As more disturbances occur, whether from extreme weather or from cyberattacks, the most important thing is that operators maintain the function and reliability of the grid,” said Shamina Hossain-McKenzie, a cybersecurity expert and leader of the project. “Our technology will allow the operators to detect any issues faster so that they can mitigate them faster with AI.”
The importance of cyber-physical protection
As the nation adds more smart controls and devices to the grid, it becomes more flexible and autonomous but also more vulnerable to cyberattacks and cyber-physical attacks. Cyber-physical attacks use communications networks or other cyber systems to disrupt or control a physical system such as the electric grid. Potentially vulnerable equipment includes smart inverters that turn the direct current produced by solar panels and wind turbines into the alternating current used by the grid, and network switches that provide secure communication for grid operators, said Adrian Chavez, a cybersecurity expert involved in the project. Because the neural network can run on single-board computers, or existing smart grid devices, it can protect older equipment as well as the latest equipment that lack only cyber-physical coordination, Hossain-McKenzie said.
“To make the technology more accessible and feasible to deploy, we wanted to make sure our solution was scalable, portable and cost-efficient,” Chavez said.
The package of code works at the local, enclave and global levels. At the local level, the code monitors for abnormalities at the specific device where it is installed. At the enclave level, devices in the same network share data and alerts to provide the operator with better information on whether the issue is localized or happening in multiple places, Hossain-McKenzie said. At the global level, only results and alerts are shared between systems owned by different operators. That way operators can get early alerts of cyberattacks or physical issues their neighbors are seeing but protect proprietary information.
The Sandia team collaborated with experts at Texas A&M University to create secure communication methods, particularly between grids owned by different companies, Hossain-McKenzie said.
Developing the neural network
The biggest challenge in detecting cyber-physical attacks is combining the constant stream of physical data with intermittent packets of cyber data, said Logan Blakely, a computer science expert who led development of the AI components.
Physical data such as the frequency, voltage and current of the grid is reported 60 times a second, while cyber data such as other traffic on the network is more sporadic, Blakely said. The team used data fusion to extract the important signals in the two different kinds of data. The collaborators from Texas A&M University were key to this effort, he added.
Then the team used an autoencoder neural network, which classifies the combined data to determine whether it fits with the pattern of normal behavior or if there are abnormalities with the cyber data, physical data or both, Hossain-McKenzie said. For example, an increase in network traffic could indicate a denial-of-service attack while a false-data-injection attack could include atypical physical and cyber data, Chavez said.
Unlike many other kinds of AI, autoencoder neural networks do not need to be trained on data labeled with every type of issue that may show up, Blakely said. Instead, the network only needs copious amounts of data from normal operations for training.
The use of an autoencoder neural network makes the package pretty much plug and play, Hossain-McKenzie added.
Putting the code to the test
Once the team constructed the autoencoder neural network, they put it to the test in three different ways.
First, they tested the autoencoder in an emulation environment, which includes computer models of the communication-and-control system used to monitor the grid and a physics-based model of the grid itself, Hossain-McKenzie said. The team used this environment to model a variety of cyberattacks or physical disruptions, and to provide normal operational data for the AI to train on. The collaborators from Texas A&M University assisted with the emulation testing.
Then the team incorporated the autoencoder onto single-board computer prototypes that were tested in a hardware-in-the-loop environment, Hossain-McKenzie said. In hardware-in-the-loop testing, researchers connect a real piece of hardware to software that simulates various attack scenarios or disruptions. When the autoencoder is on a single-board computer, it can read the data and implement the algorithms faster than a virtual implementation of the autoencoder can in an emulation environment, Chavez said. Generally, hardware implementations are a hundred or thousand times faster than software implementations, he added.
The team is working with Sierra Nevada Corporation to test how Sandia’s autoencoder AI works on the company’s existing cybersecurity device called Binary Armor, Hossain-McKenzie said.
“This will give a really great proof-of-concept on how the technology can be flexibly implemented on an existing grid security ecosystem,” she said.
The team is testing both formats — single-board prototypes interfaced with the grid and the AI package on existing devices — in the real world at the Public Service Company of New Mexico’s Prosperity solar farm as part of a Cooperative Research and Development Agreement, Hossain-McKenzie said. These tests began last summer, Chavez said.
“There’s nothing like going to an actual field site,” Chavez said. “Having the ability to see realistic traffic is a really great way to get a ground-truth of how this technology performs in the real world.”
The team also worked with PNM early in the project, to learn what AI design might be most useful for grid operators. It was during conversations with PNM staff that the Sandia team identified the need to connect cyber-defenders with system operators rapidly and automatically.
Future directions
This project built off and expanded upon a previous R&D 100 Award-winning project called the Proactive Intrusion Detection and Mitigation System which focused on detecting and responding to cyber intrusions in smart inverters on solar-panels, Hossain-McKenzie said. The team also is expanding upon the autoencoder AI in similar projects, she added.
The team filed a patent on the autoencoder AI and is looking for corporate partners to deploy and hone the technology in the real world, Hossain-McKenzie said.
With a bit more work, the autoencoder could be used to protect other critical infrastructure systems such as water and natural gas distribution systems, factories, even data centers, Chavez said.
“Whether or not our technology succeeds in the market, every utility around the world is going to need a solution to this problem,” Blakely said. “This is a fascinating area to do research in because one way or another, everyone is going to have to solve the problem of cyber-physical data fusion.”
The project is funded by Sandia’s Laboratory Directed Research and Development program.