October 29, 2018
PhasorSec tool protects power grids from cyberattack
Researchers at Dartmouth College have developed a technique to protect power grids from attacks against utility control systems. The tool, PhasorSec, eliminates vulnerabilities that can shut down facility operations, trigger longer-term blackouts and even cause permanent physical damage.
The security innovation comes as power generation and transmission stations are increasingly relying on phasor measurement units. The units measure electrical waves and send the information back to data monitoring systems. If exploited, a hacker could gain access to the critical infrastructure.
PhasorSec was built at Dartmouth's Trust Lab and presented at IEEE SmartGridComm 2018 in Aalborg, Denmark.
"Cyberattacks against utilities show no sign of letting up," said Prashant Anantharaman, a Ph.D. student at Dartmouth that wrote the research paper on the project. "PhasorSec will allow managers to make their power systems more resilient as they seek to build more advanced networks."
Utility operators are installing phasor measurement units in their power networks to improve grid monitoring and reliability. Measurements collected by thousands of the units in advanced systems across the United States are transmitted to control centers over a wide area network. Security for phasor measurement units is a high priority since they handle real-time information that can be exploited to gain operational control of utility systems.
"We are working to provide utilities with the most cost-effective deployment of PhasorSec filters for their critical infrastructure," said Kartik Palani, a graduate student at the University of Illinois at Urbana-Champaign and co-lead on the research. "PhasorSec and all of its supporting tools are open-sourced and we have been in discussions with utilities that want to customize it for their operational settings."
According to the research paper, one of the primary tricks used by attackers to compromise utility devices is to find vulnerabilities in code that handles input. The lack of proper input recognition has led to vulnerabilities like "Heartbleed" and "Shellshock."
PhasorSec serves as a validation filter that inspects data packets in the network for incorrectly formed inputs. The tool uses Language-theoretic Security (LangSec) principles to filter out inputs that might compromise the power system. LangSec, which Dartmouth also helped develop, is an emerging field of security that focuses on validating and handling input safely by using the principles of formal language theory.
"It's exciting to see the fundamental theory of formal languages translate all the way to stopping zero-day exploits in critical infrastructure," said Sean Smith, a professor of computer science at Dartmouth and the overall project lead. "It's also exciting to see both graduate and undergraduate students co-authoring such important research."
The security tool comes amidst concerns of possible vulnerabilities with the most popular protocol for power grid communication, IEEE C37.118. The protocol provides frequency and phase information extracted from electric waveforms, and can carry commands to electric substations. The potential vulnerabilities could allow attackers to send bad packets of information to the phasor measurement units that could crash the devices.
Sergey Bratus, a research associate professor at Dartmouth, and undergraduates Rafael Brantley and Galen Brown also contributed to this research.
Dartmouth College has a long history of innovation in computer science. The term "artificial intelligence" was coined at Dartmouth during a 1956 conference that created the AI research discipline. Other advancements include the design of BASIC—the first general-purpose and accessible programing language—and the Dartmouth Time-Sharing System that contributed to the modern day operating system.