Scalable Cyber-physical Optimal Response Engine

Introduction

It is increasingly necessary to defend critical energy infrastructure against multi-stage cyber-physical threats through cohesive prevention, detection, and response. The outlook of such threats is gaining attention based on their recent high-profile societal impacts. The recent attack on Colonial Pipeline leveraged ransomware-as-a-service. It took many days for the product delivery supply chain to return to normal operation. The multi-stage intrusion began in Nov. 2020 by affiliates who collaborated to plant the ransomware, create multi-environment builds, and finally encrypt systems. Such attacks often leverage known (and unknown) software vulnerabilities that have been steadily increasing, from 894 reports in Common Vulnerabilities and Exposures (CVE) in 1999 to 18,324 in 2020. Further, even with known vulnerabilities, patches are often missing, or patch status is unknown. These conditions warrant developing better capabilities for energy delivery system stakeholders to respond to threats to power system resilience. To address this challenge, Texas A&M University, Georgia Tech University, Oregon State University, Network Perception, PSC Consulting, TDi, and Electric Power Engineers are leading the scalable cyber-physical optimal response engine (SCORE) project titled “Physics-Aware and AI-Enabled Cyber-Physical Intrusion Response for the Power Grid“. It is funded by the U.S. Department of Energy Cybersecurity, Energy Security, and Emergency Response (DOE CESER) program.

The aim of SCORE is to be an integral part of next generation cyber-physical energy management systems for electric power systems. Responding to anomalous cyber and physical events in a timely manner requires fusing data from both cyber and physical sensors into actionable information. In SCORE, cyber-physical intrusion response research will be conducted to design an optimal response engine that leverages cyber and physical side data and models with artificial intelligence (AI) in a scalable approach to maintain or regain power system resilience under anomalous incidents. SCORE will receive data from devices in the system (both operations technology (OT) and information technology (IT)), including their settings and configurations, and will use that information with a cyber-physical state-based mathematical model in calculating the cyber-physical operational risk and proposed response.

Goals of SCORE

The main goal of this work is to enhance reliability and resilience of our nation’s critical energy infrastructure, to provide cyber-physical response and decision support in a trusted computing platform for a next generation energy management system. Together, the vision is a secure end-to-end system for managing the energy system, communications, security, modeling and analytics, and response that is fully cyber-physical.

The multidisciplinary multi-investigator SCORE project on cyber-physical response aims to defend electric power systems against a wide range of threats to operational impact through design and orchestration of layers of proactive and reactive defenses. We propose a scalable cyber-physical optimal response engine that will determine how to respond in a timely and semi-automated manner in a real- world electric power system by fusing data from cyber and physical sensors into actionable information for devices and humans, where humans are also a key part of the control loop. The goal is a coordinated cyber-physical response that is scalable, secure, and reliable.

Objectives:

1. Establish a trusted computing base for a next-generation cyber-physical energy management system;
2. Develop intrusion response capabilities;
3. Establish a grid-focused scalable inferencing and machine learning technique that dynamically links the fused cyber-physical sensor data to updating an underlying cyber-physical model.
   

For more information, please contact Kate Davis katedavis@tamu.edu