News

A significant demonstration is scheduled during the TEEX Cyber Readiness Summit on April 1–3, 2025, in San Marcos, TX. A four-hour tabletop exercise will highlight practical intrusion response solutions, advanced threat modeling, and scenario-based resilience methods. Registration details for participants and industry representatives can be found at teex.org/teex-cyber-readiness-summit. Download the comprehensive TEEX Cyber Readiness Summit handout here.

Cooperative work with Vistra continues to refine machine learning models that classify and interpret firewall rules for power grid operations. Sample firewall data was analyzed with Random Forest and AdaBoost algorithms, reaching accuracy rates between 88% and 99%. Additional refinements aim to expand model generalization, improve policy recommendations, and enhance proactive risk-based mitigation in operational environments.

An integrated container-based approach was deployed using Docker within the Common Open Research Emulator (CORE) to emulate ICS networks. A DNP3 Master container interacts with lightweight Docker containers, each assigned unique IP addresses for realistic substation simulations. This setup allows more efficient laboratory demonstrations of intrusion response methods, firewall assessments, and multi-container orchestration in a single virtual machine.

The SCORE intrusion response engine was tested on extensive synthetic power grids, including a 10k-bus model. A discrete event simulation tool, designated as DESTine, classified impacts of denial-of-service (DoS) attacks in complex networks such as ACTIVSg500, ACTIVSg2000, and ACTIVSg10k. The upgraded scenario evaluation confirms near real-time performance, a key milestone in assessing resilience at national-scale grid sizes.

An LSTM autoencoder model was finalized to identify anomalous conditions within large-scale cyber-physical power grids. The technique reconstructs baseline operational data and flags deviations based on reconstruction error thresholds. Integrated testing with a graph-embedding risk assessment (GEACRA) highlights compromised components with greater precision, supporting more targeted response actions against malicious intrusions or unexpected failures.

A cooperative optimization method was introduced this quarter to handle disruptions across cyber and physical layers in power grids. The approach reroutes communication traffic and adjusts generator dispatch or energy storage when a cyber node or physical asset is compromised. Initial tests on the IEEE 14-bus system indicated a notable improvement in load recovery and voltage stability, advancing research on automated resilience strategies.

A NERC CIP user study, capturing perspectives from industry experts, was completed to evaluate the real-world impact of existing cybersecurity regulations. A related paper, “The Challenges and Opportunities with Cybersecurity Regulations: A Case Study of the US Electric Power Sector,” was submitted to the 2025 IEEE Symposium on Security and Privacy. The findings underscore both successful practices and areas where regulatory frameworks can adapt to emerging threats.

A journal article titled “A Review on Scalable and Privacy-Preserving Multi-Agent Frameworks for Distributed Energy Resource Control” was accepted. The work examines strategies for controlling numerous DER endpoints without compromising sensitive data. The paper surveys multi-agent frameworks, parallel computing methods, and decentralized coordination to ensure robust grid performance while safeguarding operational information.

A manuscript titled “ICSBoM: Automated ICS Firmware Supply Chain Vulnerability Analysis” was prepared for submission to the 32nd ACM Conference on Computer and Communications Security (CCS 2025). The ICSBoM approach analyzes embedded software in industrial control system (ICS) firmware, identifies hidden components, and detects known vulnerabilities. This effort highlights the importance of automated methods to enhance resilience against supply chain threats in critical power infrastructure.

A no-cost extension was approved in December to realign subtask schedules and address subcontract delays. This extension preserves the program’s overall scope and ensures that each research milestone can be completed effectively. Updated timelines now reflect the additional months granted for the initiative’s advanced cybersecurity work.