Preventing electric grid cyberattacks with the flip of a switch

Electrical substations could be considered the “middle-man” of the power grid. But unlike the middleman targeted for elimination in most business transactions, the electrical substation plays a key role in the journey of electricity from grid to consumer.

This journey has always been a complex and multistep process, and now, because of the risks of cyberattacks in the electrical grid, things just got a little more complicated.

Chen-Ching Liu, American Electric Power Professor in the Bradley Department of Electrical and Computer Engineering at Virginia Tech and director of the Power and Energy Center, will work alongside academics, industry professionals, and the Department of Energy for the next three years to improve grid cybersecurity.

The $3 million grant funded by the Department of Energy comes at a time when cyberattacks on the electrical grid are not only possible but demonstrably devastating. In 2015, six substations in Ukraine’s electrical grid were attacked through remote control of the circuit breakers, resulting in a large-scale blackout that lasted nearly six hours. This attack revealed the vulnerabilities of the smart grid and was the first known cyberattack causing a major power outage.

Substations are usually unstaffed and often in remote locations. In addition, substations far outnumber power plants and control centers, making them a prime target for cyberattackers looking to cause as much damage as possible.

To combat these risks and prevent a similar attack to the U.S. electrical grid, Liu and his team are developing Cyber-REsilience for SubsTations (CREST) technology. CREST operates in three main phases: detection, mitigation, and recovery. This new methodology emphasizes the detection of cyberthreats and mitigation of these threats by enhancing cyber resilience.

“Recovery from a catastrophic power outage caused by cyberattacks is a new challenge to the industry,” said Liu. “In the past, power system restoration has been primarily concerned with recovery of the physical grid from weather-related events. The recovery of compromised cyber systems together with the physical grid is a new issue to be addressed.”

A key component of this research is the protection and enhancement of intelligent electronic devices. These devices, which already exist in the current power grid technology, allow portions of the substations and power grid to communicate with each other. Using machine-learning algorithms and artificial intelligence, Liu’s team will mimic cyberattacks that can be detected and stopped in their tracks to prevent the spread of malevolence to other points in the grid.

While detection and mitigation are preferred, Liu and his team also understand that recovery methods will still be necessary – especially as attackers become more persistent and successful at their craft. To aid in this recovery, Ming Jin, assistant professor in electrical and computer engineering and machine-learning expert, will develop Smart Cyber Switching technology. This smart switch will allow for compromised intelligent electronic devices to switch over to their healthy counterparts, restoring electricity and preventing further damage and infiltration of the substation.

To test this new methodology, the Commonwealth Cyber Initiative has provided the use of its computational testbed, which is “critically needed to provide a realistic environment to create a wide range of attack scenarios, evaluate the impact and validate the effectiveness of these new defense measures.” Other team members involved in the project include the University of Michigan-Dearborn as well as industry representatives from Southern Company research and development (R&D) and General Electric.

Liu and the team expect to validate the proposed CREST solution at a substation in the Southern Company system in 2024. By testing hardware-in-the-loop with real-time digital simulators and network communications software, cyberattack scenarios will be introduced and evaluated. By collaborating with Southern Company’s R&D organization and General Electric, the team aims to develop a commercially viable cybersecurity solution.

“With the increasing risk of cyberattacks on the power grid, Southern Company R&D is looking forward to working with Virginia Tech and this project team to demonstrate cyber-resilient technologies that can detect cyberattacks, mitigate the issue, and recover the functions they serve on the grid,” said Clifton Black, principal research engineer at Southern Company R&D. “This proposed work is both extremely valuable and timely.”

Liu and his team are optimistic about the future of this technology as well as the positive impacts it could have in terms of cyberattack prevention for consumers.

“As we adopt the technologies to increase the efficiency and reliability of the power grid, we must also develop the ‘shock absorption’ resilience to detect cyberattacks and mitigate their impact,” said Liu. “Our goal with CREST is to do just that.”


Substack subscription form sign up