ADSC research to enhance cybersecurity in energy systems
Through two new projects funded by the Energy Market Authority of Singapore, researchers at the Advanced Digital Sciences Center are tackling real-world issues to improve the cyber security and resiliency of power plants and the smart grid.
The first project, PoPSeCo: Power Plant Security by Advance Sensing and Computing, seeks to create more secure information and communication technologies (ICTs) by designing innovative sensing and computing methods. ICTs, which are widely used in power plants, have the potential to improve system efficiencies, but they also increase cybersecurity risk.
In this project, an ADSC research team, including Adjunct Senior Research Scientist Rui Tan (co-principal investigator, assistant professor at Nanyang Technology University, Singapore), Postdoctoral Researchers Yang Li and Xin Lou, and Senior Software Engineer Sreejaya Viswanathan, will develop accurate and secure clock synchronization approaches and an enhanced intrusion detection system (IDS) for centralized supervisory and regulatory controls. The research team has identified vulnerabilities of the clock synchronization protocols (e.g., network time protocol and precision time protocol) that are widely adopted in current power plant systems and a broader range of industrial systems. The team will leverage power grid frequency, an extrinsic yet secure physical signal, to synchronize grid-connected devices to overcome these vulnerabilities.
Researchers will collaborate with Senoko Energy, the largest power generation company in Singapore, to develop an enhanced IDS for power plant industrial control systems. The IDS will detect malicious and inaccurate centralized control commands by predicting the consequences of their execution and checking them against command history to see if they deviate from the norm.
Collaborators include David Yau (principal investigator, professor at Singapore University of Technology and Design), Zbigniew Kalbarczyk (research professor at Illinois), as well as researchers and industry experts from Purdue University, Argonne National Laboratory, and Singapore's Ministry for Home Affairs. Yau is also ADSC's Cybersecurity Program Director and Distinguished Scientist.
In the second project, Securing Last-Mile Communication Systems for Smart Grid, researchers will tackle the vulnerabilities of last-mile communication systems – such as remote terminal units and smart meters – for the smart grid. The project, a collaboration of the Institute for Infocomm Research, ADSC, and Mirai Electronics, will develop novel multi-layer protection against security threats associated with these systems, which are susceptible to malware, malicious commands, and denial-of-service attacks.
Research effort in this project focuses on the development of a software-only remote attestation scheme for a network of interconnected field devices. The attestation scheme ensures that no malware will be able to hide inside a networked system. Its software-only design makes it easy for the scheme to be applied to protect power grid devices being deployed today, which often do not have built-in secure hardware support.
Compared to prior software-only attestation solutions, the new scheme is much more efficient, reducing the attestation time on a single device by up to 100 times and on a networked system by an additional 10 times. This improvement is critical for preserving the high availability of smart grid systems. The solution is also resilient to potential collusions inside the network by leveraging a novel network-level assurance.
Another research effort in this project aims to develop an active command mediation module that can make the smart grid more resilient to malicious commands, even if insider attackers or malware compromised the control center (as what happened in the recent Ukraine incident). To facilitate future adoption, the module has been designed from the beginning to be compliant with existing smart grid standards and architectures, as well as common power grid operation practices.
If successful, the research will enhance the security level of power grids that use intelligent field devices for smarter monitoring and control, both in Singapore and beyond, said co-PI Binbin Chen, an ADSC senior research scientist. Other ADSC staff involved in the project include co-PI Xinshu Dong, Research Scientist Daisuke Mashima, and Software Engineers Prageeth Gunathilaka and Sumeet Jauhar. Illinois Professor Ravi Iyer joins researchers from the University of Malaga and Hong Kong's ASTRI as collaborators.
Both projects were funded under the Energy Innovation Research Programme, administered by EMA. The EIRP is a competitive grant call initiative driven by the Energy Innovation Programme Office, and funded by the National Research Foundation (NRF).
The projects build on ADSC's track record and expertise in power infrastructure cyber security R&D in Singapore.
According to ADSC Project Manager William Temple: While our past integrative security assessment and resilient smart power grid projects took a more holistic view of power systems, these new projects and our industry partners give us an opportunity to zoom in on specific cybersecurity challenges for generation and field devices.