Cybersecurity is improving and advancing at a rapid pace, but so are cyber-attackers. When a cyber attack happens, there are often many steps taken to combat its actions and regain control of the attacked center. This only works, however, if people are aware of the attack has happened. In some power system control centers, volatile attacks can remain hidden for years. In an effort to detect this type of malware, ADSC research scientist Xin Lou is working on a new kind of anomaly detection software.

The project, “Anomaly detection in power system control centers (PSCC) and state estimation” hopes to create software that will detect this type of attack at a high level of precision, without increasing the number of false positives reported. Lou plans to use a machine-learning based approach to improve on current detection software.

“Currently, most of the anomaly detection techniques are a model-based approach, where we have to build accurate mathematical model of the system, which is impossible in highly complexed cyber-physical systems,” said Lou. “In our project, we will propose novel machine learning based techniques to deal with the time sequence signals and an approach can detect anomalies in the real-time manner. This will allow the system operator to find out about the anomaly as early as possible and thus the mitigation strategies can be applied.”

Even if not malicious, an anomaly within the software of a power system can cause the system to degrade more rapidly and eventually lead to damages in the system. This is why timely detection of any type of difference is important in preventing the system from breaking down, whether from attacks or component failures.

This research is part of an academic-industry partnership between Illinois ADSC in Singapore and Microsec and is funded by NCR Programme.

Evaluation of cybersecurity solutions in critical infrastructure, such as smart power grid systems, is an ongoing problem for many researchers. Potential solutions can obviously not be deployed on the real power system without extensive testing and evaluation. Finding a solution to this issue was the genesis of the project “Automated Framework for Generating Cyber-physical Range for Smart Grid.”

“Because modifying or upgrading the critical infrastructure requires intensive caution, it is highly desired to scrutinize the compatibility and potential impact before they are deployed in the real system,” said Daisuke Mashima, senior research scientist for the Advance Digital Sciences Center (ADSC) and principal investigator on the project. “However, it is often impractical or even impossible to conduct such evaluation in the real, and ideally live, system infrastructure for fear that it may harm the operation or availability of the infrastructure.”

In order to address this problem, Mashima and his team, collaborating with National University of Singapore, are developing a cyber range, also known as a “digital twin.” This is a virtual environment that emulates the real cyber-physical infrastructure with high fidelity. The range will also generate data to further train machine learning algorithms and improve their capabilities. It would also provide a platform to train infrastructure operators, security operators, and even students.

The developed ‘twin’ could also be a building block for future security tools for cyber-physical systems.

“One application would be the implementation of honeypot system based on the cyber range to collect real-world attack vectors,” said David Nicol, ADSC director. “Other types of deception technologies to counter persistent, passive attackers could also be developed.”

According to Mashima and Partha Biswas, senior research engineer at ADSC and co-investigator of the project, a challenge in the development of the digital twin is that the process is complex and time-consuming because it requires detailed understanding of the cyber-physical system it’s replicating. This makes it unlikely that a research community could realistically create one that meets the complexity and scale needed by real-world infrastructure operators, device vendors, security solution providers, and the cybersecurity/AI research community as a whole.

“While a number of efforts have been devoted to develop such a cyber range, to our knowledge, there is no attempt made to automate and/or facilitate generation of the cyber range according to the user-desired configuration,” said Mashima. “We aim to design a modelling language of smart power grid system and toolchain to automatically process the model representing the smart grid system for instantiation of the twin. This way, template models developed by domain experts can be shared, recycled, and/or reproduced and the effort by each researcher can be minimized.”

The next step for the researchers is to utilize the developed cyber range for security training and research. Plans include using the range as a hacking competition venue, a training sandbox for emulated cyberattacks, and a way to predict the consequences of an attack.

Evaluation of cybersecurity solutions in critical infrastructure, such as smart power grid systems, is an ongoing problem for many researchers. Potential solutions can obviously not be deployed on the real power system without extensive testing and evaluation. Finding a solution to this issue was the genesis of the project “Automated Framework for Generating Cyber-physical Range for Smart Grid.”

“Because modifying or upgrading the critical infrastructure requires intensive caution, it is highly desired to scrutinize the compatibility and potential impact before they are deployed in the real system,” said Daisuke Mashima, senior research scientist for the Advance Digital Sciences Center (ADSC) and principal investigator on the project. “However, it is often impractical or even impossible to conduct such evaluation in the real, and ideally live, system infrastructure for fear that it may harm the operation or availability of the infrastructure.”

In order to address this problem, Mashima and his team, collaborating with National University of Singapore, are developing a cyber range, also known as a “digital twin.” This is a virtual environment that emulates the real cyber-physical infrastructure with high fidelity. The range will also generate data to further train machine learning algorithms and improve their capabilities. It would also provide a platform to train infrastructure operators, security operators, and even students.

The developed ‘twin’ could also be a building block for future security tools for cyber-physical systems.

“One application would be the implementation of honeypot system based on the cyber range to collect real-world attack vectors,” said David Nicol, ADSC director. “Other types of deception technologies to counter persistent, passive attackers could also be developed.”

According to Mashima and Partha Biswas, senior research engineer at ADSC and co-investigator of the project, a challenge in the development of the digital twin is that the process is complex and time-consuming because it requires detailed understanding of the cyber-physical system it’s replicating. This makes it unlikely that a research community could realistically create one that meets the complexity and scale needed by real-world infrastructure operators, device vendors, security solution providers, and the cybersecurity/AI research community as a whole.

“While a number of efforts have been devoted to develop such a cyber range, to our knowledge, there is no attempt made to automate and/or facilitate generation of the cyber range according to the user-desired configuration,” said Mashima. “We aim to design a modelling language of smart power grid system and toolchain to automatically process the model representing the smart grid system for instantiation of the twin. This way, template models developed by domain experts can be shared, recycled, and/or reproduced and the effort by each researcher can be minimized.”

The next step for the researchers is to utilize the developed cyber range for security training and research. Plans include using the range as a hacking competition venue, a training sandbox for emulated cyberattacks, and a way to predict the consequences of an attack.

In 2019, Facebook confirmed that its own unsecured databases resulted in a data leak of 419 million users. The passwords and phone numbers of these users were completely unencrypted. As the global trend to create “smarter” social infrastructures grows, the need for effective privacy-enhancing technology is greater than ever. Not only is this necessary for social networks like Facebook, but for critical infrastructures as a whole.

The ADSC team, collaborating with TUMCREATE, National University of Singapore, Nanyang Technological University, and De Montfort University, is developing a tool, called Privacy Modelling Language or PrivML for short, that models the smart city system, but works with a particular emphasis on the lifecycle of data and associated privacy risk.

A smart city is a system of modernized critical infrastructures. This could include energy, transportation, agriculture, manufacturing, construction, smart homes, and many other common systems. In order to protect our privacy on these systems, it is necessary to understand and assess potential privacy risks in the early design phase. Steps must also be taken to mitigate risk if a system is compromised. ADSC researcher Daisuke Mashima said the data collected in smart cities may pose a threat beyond general security.

“Healthcare information could do harm to someone’s reputation if it exposes them for having a disease like HIV for example,” said Mashima. “Exposing this data could also cause monetary loss if insurance information is misused.”

According to Mashima, PrivML and associated tools are designed to help system developers and operators implement “privacy by design”.. A major inhibition to comprehensive assessment of privacy risk is the lack of a standardized way to describe the architecture of a system from a privacy perspective. With this blueprint, all engineers in the process would be able to properly assess the risks of a given system, including potential privacy risk at the points where data is collected, stored, and/or processed in the system.

“Often, privacy and security design are bolted on after the fact, but this makes updates difficult or costly,” said Mashima. “Privacy by design is crucial.”

Mashima says the intended users of this project will be designers and developers of systems consisting of smart city infrastructure. This technology can be used to evaluate privacy risk and mitigations in a quantitative manner. It can also be used for auditing or assessment of a critical infrastructure system. Above all else, this technology contributes to the privacy and assurance of all users who benefit from smart city systems.

Unmanned Aerial Systems (UAS) have many uses and are growing in popularity. But because they do not utilize human pilots onboard the craft, they can pose a hazard to humans as well as the environment. Furthermore, cyber attackers may exploit vulnerabilities in UAS to wreak havoc.

ADSC and Nova Systems recently completed work on a project that aims to provide a framework to help address the safety and security issues in UAS traffic management systems (UTM). Researchers demonstrated the safety and security analysis framework along with some initial findings about related issues with several key components in UTM. The team’s results were showcased at the 2019 Singapore Cybersecurity Consortium Industry Day, followed by a presentation to a senior Singapore government official.

During the project, the teams from ADSC and Nova Systems worked together to apply an integrated safety-security analysis approach to examine an UTM conceptual model and several of its components. One goal of the project was to contribute to the establishment of best-practice recommendations for the design of UTM system. Another goal was to evaluate the effectiveness of various co-engineering methods, which could be useful for other safety-critical systems.

The project team was subsequently invited to a closed-door event by the Singapore Cybersecurity Consortium to give a presentation to Singapore Senior Minister Teo Chee Hean in May 2019.

This material was based on research/work supported by the Singapore National Research Foundation and the Cybersecurity R&D Consortium Grant Office under Seed Grant Award No. CRDCG2017-S01. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the Singapore National Research Foundation and/or the Cybersecurity R&D Consortium Grant Office.

According to ADSC’s Binbin Chen and Daisuke Mashima, Singapore’s power grid is undergoing fundamental changes, as the number of intelligent devices (e.g., smart meters, remote terminal units, intelligent electronic devices, and distribution automation devices) is growing rapidly to provide the power grid with real-time sensing and control functionalities.

“At the same time, distributed energy resources (DER), such as rooftop solar panels, battery energy storages, electric vehicles, and demand response, are making their ways to our grid,” Chen said. “They are going to change the power flow dynamics and complexity of our grid, especially in the distribution part of the grid.”

These changes to the grid have increased concerns about cybersecurity risks and these risks are now an urgent and high-priority action item on the agenda for all power grid operators, particularly after the 2015/2016 Ukraine blackout.

Chen and Mashima are working together on a project that specifically looks at developing a device to improve the power grid’s situational awareness and minimize the impact of cyber-attacks.

The three-year project, which was jointly proposed with A*STAR’s Institute for Infocomm Research (I²R), Mirai Electronics, and Accenture, was funded by the Energy Market Authority of Singapore (EMA) in July 2018. They are one of seven projects funded by a $15 million grant working to strengthen the resilience of power systems and energy markets. This is ADSC’s largest grant outside of core funding where they are the host institution.

Binbin Chen “ADSC is recognized as a leader in power grid cyber security in Singapore because of the strong expertise from University of Illinois at Urbana-Champaign (UIUC) in this area and several projects that we have been a part of,” Chen said. “For this grant, we’ve put together a strong group of partners to work with, including I²R, Mirai Electronics, and Accenture. We will also work closely with our academic partners including National University of Singapore (NUS) and Michigan Technological University.”

Their project will focus on cyber security and resiliency on the low-voltage distribution level substations at the edge of the power grid.

“The edge of the grid needs to be able to have more control, requires more protection and is becoming more complicated,” Chen said. “The edge used to be very dumb and would do whatever the main center asks it to do. We want to make the edge more intelligent so it can adapt by itself if it detects an attack.”

The project aims to develop novel distributed intelligence and adaptive infrastructure solutions to address this need.

Daisuke Mashima “By distributed intelligence, we mean that our solution can be deployed with field devices to gather local power system or cyber information and conduct data-driven analysis to detect anomalies and pinpoint root causes,” Mashima said. “By adaptive infrastructure, we aim at giving these edge devices the capability to make autonomous local adjustment when needed, by blocking potentially harmful control commands, or by adjusting the communication paths to bypass portions of networks that misbehave or malfunction.”

ADSC specifically will be developing an intrusion detection system while combining the cyber side with the physical side of information from the smart grid. That will be used to support a SCADA command authentication mechanism that is responsible for evaluating legitimacy of control commands under up-to-date power grid context. The prototype they’re hoping to develop, called ResiGate, will be deployed as a gateway in substations so that it can mediate incoming remote control commands as well as network traffic at all levels in substation local area network. A light-weight version of ResiGate, called ResiLite, will target for deployment in smart metering infrastructure or DER systems to monitor and ensure quality of communication.

“By looking at both the cyber side and the physical side, we’re hoping to be able to answer questions such as ‘Is this a cyber-attack or just some faults in the system?’ with higher confidence,” Chen said. “We will also explore machine learning techniques to deal with this problem.”

I²R will be working to develop network resiliency solutions, as the communication part of the smart grid system is subject to many different disturbances. The researchers are hoping to explore a secondary network to help in responding to disturbances and guaranteeing the high reliability and high fidelity in the smart grid communications.

“One challenge is to understand the need of power grid applications,” the I²R Co-PI, Dr. Sun Sumei said. “We need to figure out what the most important messages are and how to send them out quickly. A secondary communication channel could help with that if the main network is totally or partially down and become not sufficient to support all traffic. We could redirect some of the most critical traffic to a secondary network.”

Another component of the proposal is developing virtual tripwire devices, which work as a sensor to raise an alarm if there is suspicious action within the smart grid infrastructure.

“We’re working on designing and implementing virtual power grid devices and using them to improve cyber side awareness,” Mashima said. “By monitoring access to these devices, we can know what is happening in a system and the system can immediately initiate response actions.”

In the end, the researchers are hoping their solutions will provide the smart grid with better situational awareness, an additional layer of checks for all incoming commands and improved smart grid survivability when communication failures do occur.

“Singapore is proud to have one of the most stable grids in the world,” Chen said. “The grid has been very reliable but because of its evolution to become future-ready, there is a strong need to integrate more renewable energy and manage various risks and costs at the same time. We hope our project will provide some system level solutions to help with this goal.”

For an update on this project, please visit https://www.illinois.adsc.com.sg/resigate/

This research is supported by the National Research Foundation, Prime Minister’s Office, Singapore under the Energy Programme and administrated by the Energy Market Authority (EP Award No. NRF2017EWT-EP003-047).