From one of the Energy Department Labs, a new approach to electric grid cybersecurity

Among the grand challenges for cybersecurity is how to make the nation’s electrical grid safer. It’s a big problem in a lot of ways. The grid contains nearly countless numbers of components, each of which has to be protected. And pieces of the grid are owned by thousands of companies, public utilities, and local governments. Now a team from the Energy Department’s Pacific Northwest National Laboratory has come up with a whole new idea for grid protection. Joining the the Federal Drive with Tom Temin with the outlines of it, PNNL data scientist Sumit Purohit.

Interview Transcript: 

Tom Temin And I guess I’ll get to the punchline before you do, but it sounds like artificial intelligence is the element that you are bringing into this. So tell us, what’s your what’s your devising here?

Sumit Purohit As you said, the power grid is already pretty complex and interconnected. There are so many different devices, so many different ownership. And people and utilities are adding more of these smart devices. And when things are smart, the downside are, the situation is they can be hacked. So if there are so many smart devices, then the attacker or the vulnerability can be exploited from different points. From your home security system to a power grid utilities center. Things can start happening from anywhere, and that’s what we call a hybrid scenario of exploitable. What we are trying to understand is as smart devices are being added and in future, what would be the possible what if scenarios that we can account for and strengthen our cybersecurity organization and capabilities, and kind of get a sense of what the possible attack surface is and attack surface gives us a notion of different ways things can start happening.

        Join us May 2 at 2 p.m. ET for a discussion with agency and industry leaders on network modernization strategy, 5G, AI and plans for the future at the Naval Network Warfare Command and NASA, sponsored by T-Mobile. | Register now!

Tom Temin Is this a classic case of where operational technology, then, is now connected to the internet via a control mechanism that is separate from the grid itself. That is to say, control of the grid is under computer control. And so people are getting through the computers, potentially to the operational components of the grid to shut it off or cause a cascade.

Sumit Purohit Right. We’re focusing on the future planning and investment point of view rather than the operational side. Because operational, if something wrong happens in your movie subscriber and you don’t get right movie subscription, that’s fine. But from the operational side, power grid people needs to make sure that the utility and the power is on. What we are looking at is, as we are adding more and more smart devices, what would happen two years down the line? What would happen five years down the line? And can we account and can we be prepared for that or not?

Tom Temin Well, there are so many devices. Everyone’s electrical meter nowadays. They don’t have readers. They use the internet to report back what your bill should be all the way to the substations with all those transformers and the generation stations themselves. It sounds like you need a almost a risk management approach to figure out what is it we need to protect first and foremost.

Sumit Purohit Absolutely. And, in our forecasting and in our planning point of view, we are looking at that risk assessment. One, first step is, what are the risks? The second step is, how do we mitigate those risks? In ideal world, you will have all power or money or resources to mitigate those risk. But that’s not the case. So you need to prioritize what risks, are the things you are going to address first. What we have come up with is, prioritization of that work. So you look at your own priorities from your organization point of view. And from the optimization approaches and AI approaches, we come up with some recommendations that here are the things you should address first. And there are still few vulnerabilities and few weak points in our organization, will tackle that later. But here are the first critical priorities two years down the line you should be ready for.

Tom Temin And how exactly does AI aid in this process of, I guess it’s a discovery process in some ways.

Sumit Purohit So in our real world too, you have problems. And for every problems you have some solutions. And for every solution you have some budget in your life. So these three things are really the key aspect of this AI. Problems, solutions and budget bring in the priority on top of it, and the AI tries to make a ranking list of all these solutions, given what your budget is. That’s the crux of the AI, which is trying to learn, based on your priorities and based on your budget and giving you some recommendations.

Tom Temin We’re speaking with Dr. Sumit Purohit. He is a data scientist at the Energy Department’s Pacific Northwest National Laboratory. And for an average, say, operator of a piece of the grid, say a local utility or a distributor, what types of data would they need to gather and plug in to the algorithm you’ve developed, such that they can come up with a reasonable plan? Because it’s all about the data that you feed in.

Sumit Purohit We’re trying to enable our utility partners for have more insight about what they can do. So they have all the data, they know what devices they have, and they also have a sense of what kind of devices they are going to add. They also have a really good understanding of how these devices will be connected. So they have that baseline set up of things that any AI system would need. What we are giving them is one additional tool or one additional capability in their entire toolset that can give. They can tweak some knobs and say, if I have X number of these devices, what would be the security issues? If I have Y types of other devices, what would be my security problems? So they have the device information. They have the something we call topology information. They have something called telemetry. The measurements energy, power consumption, load, frequency. They have that data. We are trying to align all that information in an AI ready way and give them some more insight.

        Read more: Cybersecurity

Tom Temin And what is the status of your research at this point? Do you have something that you can put on a disk? I’m dating myself, mail to all the utilities they can load it up and get going.

Sumit Purohit So we are on a stage where we have a mathematical formulation of their problem. And there are recommendations that we make based on what devices they have. There is still a challenge before it goes to utility because what is the impact and what is the cost of those mitigation? It’s really hard to put dollar values and our efforts of employees on that. So our next focus is looking at these realism of impact and cost into our mathematical formulation.

Tom Temin And who are your partners in this for PNNL, I think I saw a reference to the MITRE Corporation in there, but do you have some of the big utility players also working with you on this?

Sumit Purohit So MITRE is a great collaborator and they have done great research on the formulation part of it. We worked with, local utilities here that we present our work to them and get more feedback. It’s it’s early in the stage, but the whole idea is if we can bring in impact and cost assessment and those kind of numbers that utilities care about. Because the question is how much will discuss if I am going to recommend, if I’m going to apply these mitigations, that’s really our next target before we can go back to utilities and ask them to, hey, use it in your daily decision making. Because that stuff we are making sure that our research is explainable so that we have a solid basis of why we are recommending so that it’s reliable and it’s safe and they know why some of the decisions they are making.

Tom Temin And in the practical world, that’s really important because so many utilities are under the control of politically motivated public utility commissions. And so they’re not all that free to act the way they would in a perfect world, let’s say, or a world where they have more control over their investment patterns.

Sumit Purohit Absolutely. And that has been a challenge of AI, great adoption of it, because sometimes it feels like a black box and you don’t know why it’s making those decisions. So from ground up, we are trying to have that clarity and that fairness in our algorithms and in our method so that they have more confidence if they use the recommendations that we are providing.

Tom Temin Do you have a plan yet for promulgating what it is you come up with and distributing it and saying, hey, look what we’ve got?

        Want to stay up to date with the latest federal news and information from all your devices? Download the revamped Federal News Network app

Sumit Purohit Outreach is going to be really a focus of our next 1 or 2 years as we, also refine our approach, which for our outreach, we go back to, academic community to get their feedback. We go back to utility, make presentations and provide them early results and get their feedback into our AI and system and incorporate those parameters as part in the overall software tools. At the end of it, that’s what we create.

Tom Temin And in doing this work, by the way, is there any particular piece of the grid that is particularly troublesome or worrisome with respect to its cyber vulnerability? Any particular aspect or element of it?

Sumit Purohit We have been focusing on distribution, part of the power grid. Because power grid varies quite a lot from transmission to generation and distribution. Our focus has been on the distribution side, where we have small utilities and households and communities, because that brings more heterogeneity into what we are calling smart devices, you are probably adding more smart devices at your home, even if when you don’t know it all the smart battery solar panel, these things are getting added to the distribution side, and that brings more challenging aspect of our research. So that’s why we have been focusing more on the distribution.

Tom Temin So it sounds like you are personally someone who is versed and comfortable in complexity.

Sumit Purohit I am a data scientist by training, but the one great things about being data scientist is you look at different problems, and at one point of time you may be looking at material science, and then you are also applying your approaches to power grid. So that’s an exciting time. The grid is changing very fast. Smart devices are getting added very fast. So, I’m excited about the research and the opportunity that this kind of research can provides us to solve these complex and really challenging problems that our nation has.

Tom Temin And a final question. It sounds like the output of this research could be applicable in a number of domains process industries.

Sumit Purohit If you look at from a very science point of view, I use key words like you have a problem, you have a solution, you have a budget, and you have priority. You can apply this to anything in your lif. So the science and the mathematics behind our research is applicable to different domains. For example you can look at supply chain. You can look at some of your prioritization of any organization. So as I said, the science is really generalizable. But our current focus is power grid and how do we make our power grid distribution more secure than ever?

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.