To quantify threats of power grid cyberattacks
Threat levels for cyberattacks on the power grid are usually labeled high, medium or low. That’s too qualitative and too subjective for Cyclone Engineers.
Current assessments are inadequate to account for dynamic and uncertain adversaries and the complexity of the computer controls and networks that support the grid.
Could engineers incorporate scientifi c methods? Computer algorithms? And given that there are attackers and defenders – just like in a soccer match – could game theory be applied to help with risk assessment, attack-defense modeling and “what-if” contingency analysis that could help mitigate any attacks?
Manimaran Govindarasu, Ross Martin Mehl and Marylyne Munas Mehl Computer Engineering Professor, is leading the National Science Foundation-funded project, collaborating with Sourabh Bhattacharya, assistant professor of mechanical engineering.
“We want to prove this concept is doable,” Govindarasu said. “And we want to develop a software tool industry can use – one that provides a systematic way of security planning and investment.”
The key will be developing models that analyze and predict threats, vulnerabilities and consequences, Govindarasu said. Of those, threat modeling is the least understood. He thinks game theory could change that.
Bhattacharya says game theory is all about quantifying how people or teams try to maximize their outcomes – whether that’s scoring soccer goals or defending the power grid from cyberattacks.
“We can use game theory tools to figure out what we can expect from such interactions,” he said.
The primary tools are mathematical models that measure “optimality,” or “what’s the best I can do?” in any given scenario, Bhattacharya said.
In the case of the power grid, operators want to keep their computers and controls safe behind firewalls with strong authentication and access control mechanisms. Attackers want to evade those protections and bring down the grid.
The fight against each other can be modeled to show how and where the grid is vulnerable to cyber attacks, Bhattacharya said.
“That’s a powerful tool to develop strategies to protect the system,” he said. “Given a fixed budget for security, it can show whether your need better locks on the ‘windows’ or the ‘doors.’”