Protecting the power supply

UND research aims to defend U.S. electrical grid against cyberattacks

UND researchers are partnering with Minnkota Power Cooperative as part of a U.S. Department of Energy project to prevent cyberattacks on power plants. Minnkota operates the Milton Young Power Station near Center, N.D. Photo courtesy of Minnkota Power Cooperative.

A cyberattack aimed at taking down America’s electric power grid and bringing the country to standstill isn’t a hypothetical scenario in the mind of Jun Liu, associate professor in UND’s School of Electrical Engineering & Computer Science.

It’s already happened, although not in the U.S. In December 2015, hackers in Ukraine attacked the country’s electrical grid and succeeded in denying power to more than 200,000 customers.

Jun Liu

Liu and a team of UND researchers want to prevent this from happening in the United States. They’re just over a year into a three-year, $400,000 research project funded by the U.S. Department of Energy (DOE) to explore the idea of using blockchain technology to safeguard fossil fuel-powered generation systems.

“We’re developing a security protection mechanism with the ability to detect networked devices that have been hijacked,” Liu said. “The major difference in our research is that we do not assume any entity in the network can automatically be trusted.”

If the UND research team is successful, Liu said the technology could be applied to all forms of energy generation, which is one reason why DOE is interested in it. To test the concept, UND is partnering with Minnkota Power Cooperative – based in Grand Forks, N.D. – operator of the coal-fired Milton R. Young Power Station near Center, N.D.

Other applications

Dan Inman, Minnkota’s vice president and chief information security officer, is a UND engineering graduate and a member of the College of Engineering & Mines Executive Board. He sees potential for Liu’s cybersecurity system beyond the energy industry.

“If we could make it happen in a way that it’s economical for utilities, then it could be a great tool, not only for utilities, but also for others in the industrial control systems (ICS) field to help ensure the data they’re getting and controlling is accurate and correct.”

Dan Inman

According to Inman, most current utility ICS have one main computer system networked with many different pieces of equipment to monitor, control or perform functions in the field, such as the hundreds of substations in Minnkota’s transmission system.

“If you go after that one computer system, or provide false data to that system, you could have the ability to take out various ICS systems, and that’s exactly what happened with the Ukraine event,” he said. “It really got us thinking about what we can do to help mitigate some of our security concerns.”

Conventional security systems, Liu explained, often rely on a baseline of trust, an assumption that some devices in a network are so secure that any data or information they provide is automatically accepted as accurate. But if the device has been successfully hacked – as was the case in the Ukrainian situation – then relying on corrupted data can have disastrous consequences.

Any device can be hacked

“Nobody can be 100 percent certain that a device hasn’t been hacked,” Liu said. “In our research, we simply don’t allow a device to be trusted by default. Instead, we assume that any device can be hacked.”

That’s where blockchain technology comes in. Blockchain has become well known in the realm of cryptocurrency, such as Bitcoin, by eliminating the need for banks and financial middlemen. The blockchain solution “chains” together “blocks” of transactions in chronological order to thwart unilateral changes on past transactions.

“We rely on consensus, which means we assume the number of compromised or hijacked devices is small because it’s not easy for an attacker to gain control of many networked nodes at the same time,” Liu said. “To cause damage after gaining control, the attacker issues an incorrect control command to mislead or change the direction of the data exchange in the network or to modify the original data.”

But if the behavior of a networked device deviates from the consensus reached among other networked devices, the device is considered untrustworthy and isolated to prevent it from causing potential damage.

“The consensus describes the expected control actions specified by the operator, and all the nodes should abide by that specification,” Liu said. “A hijacked node’s behavior will be different from the expected behaviors in the specification. Blockchain technology is a method of trying to identify those differences.”

Liu emphasized that employing blockchain technology in a cybersecurity application is far more difficult than simply installing open-source software. One component of the security system he’s developing is an algorithm to identify deviations from consensus, but that alone isn’t enough.

Software-defined networking

“We employ a new technology called software-defined networking,” Liu explained. “There is no physical rewiring required with this technology, which means communications can be changed dynamically inside the network. After any abnormal devices are detected, the operator or an automatic controller can immediately issue the commands to isolate devices and take them out of the system.”

Inman admitted he was skeptical at first about the feasibility of incorporating blockchain technology into an economical cybersecurity system in an ICS environment, but he’s been impressed with some of the early demonstrations he’s seen.

Minnkota has hundreds of substations remotely monitored by its industrial control system. UND’s researchers are exploring the use of blockchain technology to prevent cyberattackers from hijacking the networked nodes of these facilities to cause damage to the power grid. Photo courtesy of Minnkota Power Cooperative.

“In a simulation, they’ve been able to reproduce how the information being shared amongst the sensors is validated,” he said. “They’re focusing on validating information from field devices to travel up to the computer level and how all those nodes will talk to each other.”

Liu said one goal of the DOE research project is to develop a testbed enabling users to test prototypes of their networks using the blockchain cybersecurity system.

“We’ve spent a year constructing a simulated environment to gain a feel for how things will look before doing a larger experiment,” he noted. “We have already constructed a cloud-based infrastructure, which has the benefit of being easy to access and the ability to easily scale up.”

UND advances cybersecurity field

Inman said the project is indicative of the major advancements UND has made in the cybersecurity realm, including helping industry meet the demand of filling positions for professionals in the field.

“In 10 years, we could be around 4 million people short of what’s needed to fill all the different cybersecurity positions,” he said. “The College of Engineering has created a well-rounded cybersecurity program for students interested in this evolving field and brought in professionals with real-world experience to help ensure the skills obtained while attending college translate into the skills industry so desperately needs.

“It’s fantastic, because an individual coming out of UND is going to be in a better position with a degree in the cybersecurity space, and have tremendous opportunities,” Inman added.

Others involved in the UND research project include Mike Mann, director of the Institute for Energy Studies, and Hossein Salehfar, professor in the College of Engineering & Mines.