POWER-GRID PROTECTIONProtecting the Grid with Artificial Intelligence

The electric grid powers everything from traffic lights to pharmacy fridges. However, it regularly faces threats from severe storms and advanced attackers.

Researchers at Sandia National Laboratories have developed brain-inspired AI algorithms that detect physical problems, cyberattacks and both at the same time within the grid. And this neural-network AI can run on inexpensive single-board computers or existing smart grid devices.

“As more disturbances occur, whether from extreme weather or from cyberattacks, the most important thing is that operators maintain the function and reliability of the grid,” said Shamina Hossain-McKenzie, a cybersecurity expert and leader of the project. “Our technology will allow the operators to detect any issues faster so that they can mitigate them faster with AI.”

The Importance of Cyber-Physical Protection
As the nation adds more smart controls and devices to the grid, it becomes more flexible and autonomous but also more vulnerable to cyberattacks and cyber-physical attacks. Cyber-physical attacks use communications networks or other cyber systems to disrupt or control a physical system such as the electric grid. Potentially vulnerable equipment includes smart inverters that turn the direct current produced by solar panels and wind turbines into the alternating current used by the grid, and network switches that provide secure communication for grid operators, said Adrian Chavez, a cybersecurity expert involved in the project. Because the neural network can run on single-board computers, or existing smart grid devices, it can protect older equipment as well as the latest equipment that lack only cyber-physical coordination, Hossain-McKenzie said.

“To make the technology more accessible and feasible to deploy, we wanted to make sure our solution was scalable, portable and cost-efficient,” Chavez said.

The package of code works at the local, enclave and global levels. At the local level, the code monitors for abnormalities at the specific device where it is installed. At the enclave level, devices in the same network share data and alerts to provide the operator with better information on whether the issue is localized or happening in multiple places, Hossain-McKenzie said. At the global level, only results and alerts are shared between systems owned by different operators. That way operators can get early alerts of cyberattacks or physical issues their neighbors are seeing but protect proprietary information.

The Sandia team collaborated with experts at Texas A&M University to create secure communication methods, particularly between grids owned by different companies, Hossain-McKenzie said.