TCIP Focus Areas
Secure and Reliable Computing Base
Sean Smith, lead
At its foundation, the trustworthiness of the power grid cyber-infrastructure relies on the actions of the computational devices that make up that infrastructure. Consequently, changes to those devices can fundamentally change the computational paradigm, and make it easier to grant the infrastructure the security and reliability properties necessary for trustworthiness.
In this project area, we are exploring ways to combine hardware, firmware, and software techniques to provide low-overhead, robust protection against both accidental (non-malicious) and malicious faults, and hence to enhance the trustworthiness of the power grid. The major research themes include (1) the use of various types of hardware trust enforcement to help solve the unsolved trust problems in this large, nation-critical system, as well as (2) the demonstration of some the developed/adapted techniques on large-scale applications in a realistic testbed setting.
Progress in this area includes design and prototype development of hardware-secured devices typically encountered in the power grid. Attested meters have been developed that provide the advanced features needed for energy control, while ensuring appropriate access control and also preserving customer privacy. Hardware support has been developed to support application-aware detection and recovery mechanisms in power system devices. Likewise, secure co-processors have been designed to perform efficient cryptographic computations to facilitate communications between substations and control centers on the grid. Efforts are underway to integrate these solutions with power grid systems while exploring additional problems, including insider attacks and ways to secure substation devices with novel security solutions.
Communications and Control Protocols
Klara Nahrstedt, lead
The next level in a trustworthy power grid IT infrastructure is support for secure and reliable data collection and control. In the last several years, numerous studies and events have exposed cyber vulnerabilities in the power grid's existing SCADA and EMS systems. Issues range from devices configured with the manufacturer's default password to undetected access paths via dial-in modems and corporate IT networks of power companies. Awareness of these issues is leading to new NERC (North American Electric Reliability Council) security policies to lessen the risks posed by these vulnerabilities, but fundamental problems remain and new problems are foreseeable as the power system's cyber-infrastructure evolves.
In this area, we are exploring ways to ensure that both data protocols and communication systems that carry these data protocols are secure and trustworthy. Data protocols and communication systems include those that gather information from sensors, process it at substations, and take it all the way to control centers and reliability coordinators to ensure reliable power grid operations. Security and trust aspects include cryptographic techniques to protect data along with their associated key management infrastructures, adherence to real-time and quality-of-service requirements, and policy negotiation and management for data sharing and control.
Progress in this area includes development of protocols that (1) provide efficient, timely, and secure publishing of and subscription to process control system data, (2) support secure and timely data and resource aggregation in process control systems, and (3) provide federated identity management, access management, and trust negotiation for the grid. These protocols are being designed and developed with next-generation communication and control requirements in mind, providing the building blocks for a more robust, secure, timely, and adaptive grid infrastructure. Ongoing efforts include integration of techniques that secure parts of the power grid as well as discovery of novel techniques to cover identified gaps. Furthermore, several of these techniques have already been implemented in a testbed setup, and efforts are underway to integrate these techniques via appropriate data flow mechanisms.
Quantitative and Qualitative Validation
David Nicol, lead
The power grid is a complex system of systems that includes power systems, cyber infrastructures, communication systems, and markets. Understanding this complex system is crucial to supporting research in the two areas outlined above, and, furthermore, the ability to experiment with a complete system is crucial for validating the results of the research efforts.
In this area, we are exploring means to model, simulate, emulate, and experiment with the various subsystems in the power grid to allow for adequate quantitative and qualitative validation of our research efforts. Tools to enable this validation include PowerWorld, RINSE, formal logics, PowerWeb, and APT. PowerWorld computes the state of a widely distributed power system as a function of (simulated) measurements and controls (automated and human-entered). RINSE (Real-time Immersive Network Simulation Environment) is designed for simulation of large-scale communication networks and protocols that run on them. Formal logics allow for provable assessment of security properties and vulnerabilities. PowerWeb is an Internet-based simulation environment for experimental testing of various power exchange auction markets using human decision-makers. APT (Access Policy Tool) is a highly usable, scalable, and effective tool for analyzing security policy implementation for conformance with global security policy specification for networks.
Progress in this area includes extensions to PowerWorld that allow it to provide power system modeling as a service to networked clients, extensions to RINSE to make it more scalable with enhanced features, integration of PowerWorld and RINSE, market simulations with PowerWeb, integration of PowerWeb and RINSE, formal modeling of NERC CIP standards using first-order logics, and evaluation of large networks and security policies using APT. Ongoing efforts include the integration of these tools and use of them to:
- investigate security component failure tolerance,
- investigate the performance implications of cryptography on network latency/bandwidth,
- embed actual secure devices and their software in RINSE,
- design and implement attack models that stress their capabilities and look for vulnerabilities,
- model trustworthy data aggregation techniques and attacks upon the data,
- evaluate resulting data quality and impact on application traffic performance (e.g., bandwidth and latency), particularly with respect to scalability,
- evaluate policy controllers that manage security/performance trade-offs,
- model GridStat and integrate it into the RINSE module library,
- evaluate wide-area-network communication availability, the performance of a distributed control system under cyber-attack scenarios, and the impact on power grid behavior,
- evaluate performance impact and scalability of large-scale authentication strategies developed by our projects, and
- explore emergency response solutions and their impact on communication network and power generation capability.
Education
Molly Tracy, lead
The Education Group of the TCIP project has developed two interactive Java-based activities geared towards teaching middle-school and high-school students about power and energy, and the national power grid. In collaboration with the Information Trust Institute and the College of Education's Office for Mathematics, Science and Technology Education (MSTE), related curriculum materials for teachers have also been developed and pilot-tested in schools. The materials are classroom-ready and illustrate important concepts in mathematics and the science of electricity and the power grid. Additional applets will be available in the future.
The applet for Lesson One, "Power and Energy in the Home," shows power flowing through the transformer drum, through the meter, and into the home circuit breaker panel. From there, it powers various appliances, including video game consoles, Energy Star appliances, standard light bulbs, and hair dryers. On-screen switches open and close with a click of a mouse, allowing students to turn appliances on and off and track power usage. By interacting with the applet, students learn important concepts such as power conservation, network flows, and the relationship between power and energy.
Lesson Two, "The Power Grid," explores how power is distributed from generators to several different communities. The applet utilizes five different types of generators: wind, coal, natural gas, hydroelectric, and nuclear. Students can change the amount of power produced by the generators and the power consumed by the communities. In addition, all of the transmission lines can be opened or closed using a simple point-and-click interface. As changes are made to the system, the applet instantly updates the line flows on the system. With the accompanying printed materials, students interact with the applet to learn about network flow, the capabilities of various generation types, and how all the pieces of the power system fit together.
Educational Lesson #1: Power and Energy in the Home
Educational Lesson #2: Power Grid