Proactive Response Strategy for Energy Delivery Systems

s
Activity Leads: 
Industry Collaborators: 
  • OSIsoft LLC
  • Currently seeking collaborators from industry, power utilities, or national labs to pursue the possibility of deploying some of our algorithms or information on the kinds of monitors typically deployed in an EDS setting. Contact Mohammad Noureddine and Atul Bohara to discuss how you can engage or collaborate with our research team.
Summary Statement: 

Intrusion resilience in energy delivery systems preserves service during intrusions. In EDS, the fast-spreading intrusions lead to degradation in availability and integrity, causing wide-spread reduction in service. In this activity, we design theoretically proven proactive response strategies that use alerts from system-level sensors. The alerts are generated by monitoring algorithms that detect anomalies in behavior, degradation in EDS services, and commonly known attacks. The monitoring algorithms fuse heterogeneous sensory data from multiple levels of abstraction. The proactive response algorithms are required to be distributed, with proven safety invariants. A system protected with proactive response algorithms would detect attacks, contain an intrusion and run the system, possibly in a degraded state, until recovery is possible. This system reduces the manual load of monitoring alerts by human operators and provides semi-automatic response suggestions. This work is part of a larger effort at Illinois in the field of intrusion resilience through response and recovery, supported by multiple sponsors. In this research effort, we focus on problems specific to the energy delivery systems and develop algorithms suitable for EDS constraints.

Energy Delivery System (EDS) Gap Analysis: 

The severity and number of intrusions on computer networks are rapidly increasing. Preserving the availability and integrity of networked power delivery systems in the face of those fast-spreading intrusions requires advances not only in detection algorithms, but also in intrusion resilience and automated response techniques. Briefly, in this activity, the ultimate goal of the intrusion-resilient system design is to adaptively react against malicious attacks in real-time, given offline knowledge about the network’s topology, and online alerts and measurements from system-level sensors, and physical sensors.

Reference the research activity fact sheet (PDF) for an extended gap analysis and bibliography.

How does this research activity address the Roadmap to Achieve Energy Delivery Systems Cybersecurity?
This activity directly maps to the Manage Incidents goal in the Roadmap. In this activity, we develop methods that detect malicious cyber events and responds to adapt the system to contain attacks, while keeping an acceptable level of service, and finally recovering.

More Information: 
Status of Activity: 
Inactive