What’s at Risk as We Get Smarter?
- Written by Shawkat Ali
The power industry is moving to develop the smart grid so as to keep up with the global economic growth. This movement will be more beneficial and sustainable to the extent we can secure the power systems of the future. Computational Intelligence, representing a comparatively new era of IT, can make grids really smart.
We are living in the advanced stage of technology. Due to the availability of expertise and technologies, the evolution of the smart grid should not be a very difficult project in principle. But to keep the trust and confidence of consumers and customers, it is essential to secure the smart grid by minimising the risks attendant to its construction.
Risk is the product of three components: threat, vulnerability and consequence. Basically, the risk assessment process identifies assets and their value, lays bare vulnerabilities and threats, and evaluates the potential impacts of the vulnerabilities and threats.
So far, two types of threats have been identified to the smart grid: terrorist and cyber. Terrorists threats are normally addressed by government, the cyber threats by industry. Depending on the impacts caused, cyber threats can be classified into three major categories: system-level threats, service-level threats and breaches privacy and confidentiality. System-level threats attempt to take down the grid. For instance, anyone from inside or outside the grid could issue unauthorized commands to meters or other control devices in the grid. Service-level threats attempt to steal electrical service; that is, power is diverted without the utility provider being paid. For example, an attacker can subvert a meter to report low usage or zero usage. In the third type of threat, personally identifiable information is exposed to the attacker.
The best-known system-level threats—the most serious kind—are radio subversion or takeover, network barge-in by strangers, malicious code, glitching and denial of service (DoS). A DoS attack is one of most commonly encountered dangers in communication networks. In a DoS attack, a malefactor always tries to prevent the existing users from accessing the network by making the network unresponsive to service requests.
Familiar service-level threats include communication module interface intrusion, migration and cloning. In communication module interface intrusion, meter communications are commandeered. This means an intruder can disconnect the communication module from the meter to report zero usage of power.
To maintain uninterrupted and reliable operations, and to avoid financial losses, it is essential to establish a comprehensive threat mitigation program for the smart grid. A wide range of network security mechanisms have been developed by the research community and industry. Among the solutions, many are now in their third or fourth generation. IP-based security technologies, for example, are well established and field hardened, and IEEE and other organisations have standardized many of them. Off-the-shelf network security solutions can be used to control who and what has access to the smart grid and what actions can be performed.
These solutions can also determine whether information sent across the network originates from authentic sources and arrives unaltered. The question remains of how we can avert unknown threats that were not encountered before within the smart grid.
Computational Intelligence (CI) is a powerful and smart method that has the potential to identify and mitigate unknown threats in the smart grid.
CI is a set of computational methodologies, which help to solve any complex issues in a smart manner using real-world data. Initially, the IT security community was not quick to adopt CI security techniques due to the unavailability of security related data and a lack of awareness about the techniques. However, data availability is no longer an issue in the contemporary IT world. Nowadays a huge number of free and open source software packages, commercial tools, and easy-to-use scripting languages are available to process network data for the purposes of a better security. Neural networks, support vector machines and decision trees are the most popular CI algorithms.
In the CI domain, there are still some debates about which algorithm is the best for a specific security problem. The consensus seems to be that there is no straightforward answer to this question. Different algorithms perform better in different situations and their relative performance can be unpredictable across a set of problems.
Neural networks and support vector machines belong to the same group of CI algorithms, which is called the function estimation CI group. A solid mathematical theory underpins both types of algorithms. Support vector machines are more popular than neural networks in the many domains they apply, including cyber security. Two significant attributes account for their greater popularity. The first is computational complexity: Support vector machines are markedly faster. The other one is scalability: The machines can consider infinite data points to generate a model, and performance does not depend on the dimensionality in the data-training phase.
As a result, support vector machines can potentially learn a larger dataset to make an effective security decision than solutions based on neural networks can manage. Basically, support vector machines first plot the data in a high-dimensional feature space and then start learning data points to construct a model; in particular, they learn some vectors corresponding their class values.
The model generation in the learning phase is an optimisation process. At the same time that is done, the support vector machines construct an optimal hyper plane to classify the types of hacker. After finalizing the model with the optimal hyper plane, the machine uses some testing instances to evaluate model performance. Support vector machines have a wonderful ingredient to fit the optimal hyper plane in the learning phase, which is called kernel function. Linear, polynomial and radial basis function kernels are the classical kernels.
Many other kernels that also are effective in the learning phase have recently been discovered. Some additional parameter tuning has been required to achieve the optimal model for a low expected probability of generalization errors. An excellent open-source support vector machine tool is available.
Also, decision trees, members of the rule-based CI group, are a fine tool. Compared to many other CI algorithms, decision trees are consistent in their ability to generate a set of rules during the model construction that are transparent, easy to translate and also easily incorporated to solve the real life problems, such as instance intrusion detection of the smart grid.
Like natural trees, decision trees have three nodes: root, internal and leaf node. The tree always starts from the root node, which has no incoming branch. On the other hand, internal nodes have exactly one incoming branch and two or more outgoing branches. Leaf nodes have just one incoming branch to hold a decision, say "cyber attacker" or alternatively "no cyber attacker." The advantage of such trees is that smart grid security team members with less experience handling and analysing grid security can still implement the decision tree technique and gain insight easily during the grid protection. An open source decision tree tool is also available.
People from the network security community are already using these algorithms to protect the network from malicious activities. Together with the off-the-shelf solutions, Computational Intelligence can be leveraged to develop a robust, dynamic and real-time security system for smart grids.