About the project
Objective
The collaborative project DataLEASH in Action aims to develop novel methods that enable the sharing and learning from data. Legal privacy concerns often prevent implementations of technical solutions so that case studies (sandbox pilots) involving legal and technical competences as proposed in this impact project are seen as the most promising strategy forward. These case studies are pivotal in understanding the nuances of legal requirements and developing technically feasible solutions. The objective is to strike a balance where legal requests are not overly demanding yet necessitate state-of-the-art technical solutions.
Background
Digitalization has resulted in more and more data being generated and collected from various sources (such as health care, customer service, surveillance cameras, etc.). The data is valuable for processing and additional analysis to improve predictions and planning. Advances in machine learning have improved this kind of data analysis, while data-protection regulation such as the GDPR has introduced constraints, limiting what data can be used and for what purpose. There is, thus a tension between the utility of data and the privacy of the individuals the data is about.
Cross-disciplinary collaboration
DataLEASH in Action brings together researchers from the School of Electrical Engineering and Computer Science (EECS, KTH), the Department of Computer and Systems Sciences (DSV) and the Department of Law both at Stockholm University
Objective
With the integration of information and communications technology and intelligent electric devices, substation automation systems (SAS) greatly boost the efficiency of power system monitoring and control. However, substations also bring new vulnerabilities at the frontier of a bulk power system’s wide-area monitoring and control infrastructure. They are known to be attractive targets for attackers. In this project, we will research, develop, and validate algorithms that defend against cyberattacks that aim to disrupt substation operations by maliciously changing measurements and/or spoofing spurious control commands.
We propose multiple use-inspired AI innovations that crucially leverage concurrent capabilities of SAS to transform the cyber security of power systems, including (i) a framework that synergizes optimization-based attack modelling with inverse reinforcement learning for multi-stage attack detection, (ii) a decision-focused distributed CPS modelling approach, and (iii) a mathematical program with equilibrium constraints framework of adversarial unlearning for spoofing detection.
Background
In the IEC 61850-based Substation Automation System (SAS), integrating computing and communication technologies with Intelligent Electric Devices (IEDs) greatly enhances the efficiency of power system monitoring and control. The fast-growing connectivity via wide area networks (WAN) enables powerful automation functions but also brings cyber vulnerabilities concerning new attack vectors. The substations are known to be attractive targets for attackers since they form the frontier of the wide-area monitoring and control infrastructure of a bulk power system, which consists of a Supervisory Control And Data Acquisition (SCADA) system, an Energy Management System (EMS), and a control centre.
Cyberattacks at SASs may be performed by maliciously changing measurements from IEDs and merging units (MUs) and/or spoofing spurious control commands for one or more switching devices from IEDs. An attack can alter a device’s configuration even if commands and data comply with syntax, protocol, and the targeted device. The vulnerabilities of the modern grid are many, as described in a National Academies Report.
Crossdisciplinary collaboration
Anomaly detection can reduce cyber threats to substations and improve root cause analysis. Traditional anomaly data detection heavily relies on human experts to design rule-based detection mechanisms, which can be time-consuming, inefficient, less adaptive, and labour-intensive. More recently, sophisticated anomaly detection methods have been reported in the literature. Still, they largely ignore the special characteristics of attacks on SAS and practical system-level constraints on communication and computation.
Transformative and disruptive applications of use-inspired AI for SAS anomaly detection are in their infancy. The proposed project is among the first known efforts to develop and demonstrate AI-enabled SAS anomaly data detection that crucially leverages the cross-disciplinary collaboration between substation Information engineering and Communications Technology (especially distributed machine learning) for cyber defence.
The project is a collaboration between the University of California Berkeley, Virginia Tech and KTH Royal Institute of Technology.
Objective
We propose a solution using machine learning and test generation, leveraging machine learning expertise from UIUC and testing and verification from KTH. Unlike previous approaches, we focus on explainable AI in our safety cage so that the cage itself and its effects on network traffic can be inspected and validated. Lightweight approaches guarantee that our safety cage can be embedded in programmable networks or operating system kernels. Machine learning will learn behavioural models that have their roots in formal modelling (access policies, protocol states, Petri Nets) and thus are inherently readable by humans. The test-case generation will validate diverse traces against the model and showcase potential malicious behaviour, validating both positive and negative outcomes.
Background
Industrial robots usually operate within a “safety cage” to ensure that a robot does not harm workers. We need the same type of security, simple and explainable, for IT systems. Novel mechanisms that can be embedded in the network, such as through hardware-accelerated programmable networks or kernel extensions, enable this type of security at the network level.
Crossdisciplinary collaboration
The project is a collaboration between the University of Illinois at Urbana-Champaign and the KTH Royal Institute of Technology. KTH will combine its experience in testing and verification with UIUC’s expertise in machine learning.
About the project
Objective
The team will address five objectives regarding cyberattacks on power systems based on state-of-the-art AI methods: (1) designing graph neural networks that can process power data to learn the state of the system and detect cyberattacks; (2) developing AI algorithms that utilize image recognition techniques using convolutional neural networks to detect denial of view and image replays resulting from cyberattacks; and (3) developing optimization techniques to robustify previously designed neural networks against adversarial data. Selecting power system operating points and policies through attack-aware methods creates a resilient system. If an attack is not immediately sensed, operating from such a position of strength buys time for detection algorithms. Objectives 4 and 5 aim to develop attack-aware AI methods via distributionally robust optimization and cascading failure analysis.
Background
The operation of power systems is becoming data-centric to improve the efficiency, resiliency, and sustainability of power systems and address climate change. Major operational problems, such as security-constrained optimal power flow, contingency analysis, and transient stability analysis, rely on the knowledge extracted from sensory data. Data manipulation by a malicious actor tampers with grid operation, with catastrophic consequences, including physical equipment damage and cascading failures. Developing frameworks and methodologies that help power operators protect the power grid against such malicious attacks is paramount to national security.
Crossdisciplinary collaboration
The project is a collaboration between the University of California Berkeley, California Institute of Technology, KTH Royal Institute of Technology and Electric Power Research Institute. Assistant Professor Jan Kronqvist leads the research in the Department of Mathematics at KTH. At KTH, the research is focused on developing optimization techniques to robustify previously designed neural networks against adversarial data and the fundamental mathematical theory needed to develop such optimization techniques.
Contacts at other participating institutes:
Javad Lavaei, Associate Professor, Industrial Engineering and Operations Research, University of California, Berkeley
Somayeh Sojoudi, Assistant Professor of Electrical Engineering & Computer Science, University of California, Berkeley
Steven Low, Professor of Computing and Mathematical Sciences and Electrical Engineering, California Institute of Technology
Jeremy Lawrence, Principal Technical Leader at Electric Power Research Institute, Electric Power Research Institute
About the project
Objective
We propose to develop computationally efficient machine learning algorithms and tools for attack detection and identification based on a novel, scalable representation of the physical system state, the communication protocol state and the IT infrastructure’s security state maintained based on noisy observations and measurements from the physical and the IT infrastructure. The key contribution is to learn a succinct representation of the security state of the IT infrastructure that allows computationally efficient belief updates in real-time and enables jointly accounting for the evolution of the state of the physical system, communication protocols, and infrastructure for accurate detection of attacks and identification through causal reasoning based on learnt dependency models.
The research will help address questions such as achieving real-time situational awareness in complex IT infrastructures, developing anomaly detectors with low false positive and false negative rates, and using information about IT infrastructure to improve attack identification. The project leverages the expertise of three research teams from KTH, UIUC, and MIT, with extensive expertise in cyber-physical systems security, smart grids, and anomaly detection.
Background
Modern SCADA systems rely on IP-based communication protocols that are primarily event-driven and follow a publish-subscribe model. The timing and content of protocol messages emerge from interactions between the physical system state and the protocol’s internal state – as an effect, traditional approaches to anomaly detection result in excessive false positives and, ultimately, alarm fatigue.
Crossdisciplinary collaboration
The project is a collaboration between the KTH Royal Institute of Technology, the University of Illinois at Urbana-Champaign and MIT.