Cyber-Physical Informatics and Security

Introduction and Description

Today, almost everything (including home appliances, industrial machines, data centers, and electrified transportation) is connected with both cyber and electrical networks and draws energy from them. To date, much attention has been paid to data and information in cyber networks, but little attention has been paid to the information embedded in raw electrical waveforms and signals in electrical networks. There is much more to be explored from raw electrical waveforms and signals of electrical networks, together with the signals in cyber networks. For example, all devices in power networks must leave traces of their operational status and health (including faults or attacks) information in the raw electrical waveforms and signals: a cyber-device at fault or under attack will cause unusual energy consumption pattern in power networks; a power electronics or electric machine in fault or under attack may cause unusual harmonics or energy profile in electrical networks. Also, the weather or geomagnetic events may also leave a trace in those raw waveform data. Furthermore, the cyber-threat can enter the system through the power networks, not only through the cyber networks. For example, manipulating the power quality waveforms in the power networks can affect the precision and lifetime of electrical machines and robots, even damage them. Therefore, it is important to utilize both cyber and electrical signals to enable anomaly (e.g., fault/attack) detection, localization, diagnosis, and prognosis of electrical machines and networks at different scales and fidelity. The possibility may be well beyond what we can imagine now. It broadly applies to many cyber-physical systems and applications, such as smart grids, manufacturing systems, building systems, electrical vehicles.

Figure 1. Left: Cyber-Physical Threat Detection and Diagnosis via Data Fusion of Cyber and Physical Signals; Top right: A big picture of the general learning-based IoT security system; Bottom right: Electrical waveform signatures of faults and attacks in electrical networks
Figure 2. Left: Real-time attack detection interface; Right: Testbed of the attack detection system

Smart Plug

PFI-RP: Advanced Anomaly Detection and Diagnostics for Electrical Devices and Networks

Funded by NSF-2414706 ($1.0M, 09/01/24 → 08/31/27)

The broader impact of this Partnerships for Innovation – Research Partnerships (PFI-RP) project is to enhance the reliability and security of electrical devices and networks within modern infrastructure including, but not limited to, buildings, manufacturing systems, and hospitals. This PFI-RP project introduces a smart sensor capable of detecting anomalies, pinpointing their locations, and diagnosing issues in electrical devices and networks. The algorithms and designs developed may also contribute to the broader field of anomaly detection and diagnosis beyond electrical signals. The project team will provide training to undergraduate and graduate students, in addition to middle school teachers. Collaborations with the Peach State Louis Stokes Alliances for Minority Participation (LSAMP) and the NSF Research Experiences for Undergraduates (REU) programs will be nurtured to support these efforts. Strategic partnerships with industry leaders offer vital insights and provide educational and leadership opportunities for graduate students and postdoctoral researchers.

The project brings together a strong partnership involving academia, represented by the University of Georgia (UGA), and prominent industry leaders, including General Electric (GE), United States Robins Air Force Base (RAFB), Siemens America (Siemens), and NEC Laboratories America (NEC) to explore the commercialization of an electrical sensing technology for scalable anomaly detection and diagnosis in electrical devices and networks. The UGA team has collaborated with industrial partners RAFB and GE successfully in anomaly detection and diagnosis in joint projects. The impact spans from small-scale applications (e.g., homes, buildings, factories) to large-scale scenarios (e.g., distribution networks to transmission networks of main grids). This adaptability facilitates dynamic data processing, allowing the installation of varying numbers of smart sensors. Additionally, the technology offers customized programming and low-cost, flexible deployments, which can be easily installed by plugging into an electrical outlet in residential and commercial settings.

SaTC: CORE: Medium: Cyber-threat Detection and Diagnosis in Multistage Manufacturing Systems through Cyber and Physical Data Analytics.

Funded by NSF-2019311 ($1.2M, 9/2020 – 9/2024)

In modern multistage manufacturing systems, with increased software-defined automation and control as well as monitoring of manufacturing assets across networks, exposure to cyber-attacks also grows. The cyber-threats may compromise the integrity of manufacturing assets (manufacturing systems and processes, machine tools, fabricated parts), reduce manufacturing productivity, and increase costs. Some cyber-threats including integrity attacks are only partially observable in cyberspace alone, and therefore need to be detected and diagnosed through inter-dependency analysis of both cyber and physical signals. Thus, there is a significant opportunity in exploring physical signals, together with cyber signals, to advance trustworthy manufacturing system research and design.

This project brings together leading researchers from manufacturing systems, computer security, and electrical drives to develop and demonstrate a new methodology and tool for cyber-threat detection and diagnosis in multistage manufacturing systems. The cyber-security tool will monitor a variety of cyber and physical signals and perform cyber-threat detection and root cause diagnosis through advanced cyber-physical data fusion and taint analysis. The goal is to enable the prevention and mitigation of potential harms at the early stage, proactive and predictive maintenance, and countermeasures. This project attempts to integrate and analyze the process and quality signals, and the signals from the power networks and cyber networks of multistage manufacturing systems to detect and diagnose cyber-threats.

Figure 3. Proposal overview
Figure 4. Left: Semi-virtual Testbed for Manufacturing; Right: Hardware-in-the-Loop (HIL) Testbed for Manufacturing
Demo video

University of Georgia (UGA)

  • Jin Ye
  • Wenzhan Song

Georgia Institute of Technology

  • Jianjun Shi

Pennsylvania State University

  • Peng Liu

Multilevel Cybersecurity for Photovoltaic Systems

Funded by DOE SETO program ($3.5M, 4/2020-4/2023)

This project aims to address photovoltaic (PV) system cybersecurity at both the inverter and system levels, and field test the solutions at a solar farm under the advising and review of a US-based solar inverter manufacturer and a PV systems operator. A two-level cyberattack defense approach is formulated whereby the first level, the solar inverter level, hardens individual devices and achieves a deeply cyber-secure inverter; the second level, the system level, addresses intrusion detection and restoration involving an ensemble of inverters and relevant systems.

This image has an empty alt attribute; its file name is VOeucC0r072FuMrdAMtdR44bNSWfm6Q4j8ub0h1dxoOs8ZZkntO1HP8ErMJzIPRk22BhuHOtBEbwjEmCjZRrHvw2ftghVhFf3cWZB-kSXdwh60UaZ9LXmMFa1LWAgz1_rQVACnHW
Figure 5. Device to system-level strategy for PV systems cybersecurity

The project goal is to devise a multilevel cybersecurity solution to address PV security gaps at the inverter and system levels, and field test the solution under the supervision and review of a US-based solar inverter manufacturer (GE) and PV installer/operator (TPI). The primary objectives are to:

  1. Create an inverter framework within which multiple new security capabilities can be deployed. These include supply chain security, hot patching, firmware protection, safety protocols, side-channel monitoring, controller security and control resilience.
  2. Deliver a self-consistent set of complementary system security methods that will work with data routinely available in PV solar farms.

Fig. 5 illustrates the multilevel concept. Two levels (inverter level in black; system level in red) will be integrated together to provide cross-layer security protection. This multilevel approach provides both global and local detection and mitigation possibilities that will be coordinated to advance PV system cybersecurity. The proposed multilevel cybersecurity tool will be evaluated in the National Center for Reliable Electric Power Transmission (NCREPT – (https://ncrept.uark.edu)) testbed and TPI solar farms.

Cyber-Attack Simulation, Detection, & Visualization Framework for PV Farms
  • University of Arkanasa (UA)
    • H. Alan Mantooth (PI)
    • Qinghua Li
    • Jia Di
  • University of Georgia (UGA)
    • Jin Ye
    • Wenzhan Song
  • University of Illinois, Chicago (UIC)
    • Sudip K. Mazumder
  • Argonne National Laboratory (ANL)
    • Bo Chen
  • National Renewable Energy Laboratory (NREL)
    • Gabsu Seo
  • Texas A&M University-Kingsville (TAMUK)
    • Taesic Kim
  • Today’s Power Incorporated (TPI)
    • Matt Irving
  • General Electric Global Research Center (GE GRC)
    • Ahmed Elasser
    • Annarita Giani

Data Driven Monitoring and Diagnosis of Industrial Machines via Electrical Waveform Auditing

Funded by DOD FA8571-21-C-0020, ($0.9M, 2020 – 2023)

Figure 6. Architecture

The goal of this STTR project is to design an Electrical Waveform Fault and Attack Detection System (EWFADS). The goal of the system is to monitor the condition of manufacturing machines to detect faults and cyberattacks by analyzing the electrical waveforms of the electrical power connection to the machine at the point of common coupling. In Phase II the team will perform additional research and development to:

  • Refine and Expand Comprehensive Mathematics Models; Case Studies for Physical Fault and Cyber-Attack Scenarios.
  • Refine Features and Machine Learning (ML) Algorithms for Detection and Diagnosis.
  • Design and Construct Hardware-In-The-Loop (HIL) Real-Time Testbed and Hardware Testbed.
  • Testing, Evaluation, and Improvement of the Developed Detection and Diagnosis Algorithms.
Demo video

Faculty:

  • Jin Ye, WenZhan Song

Students:

  • Bowen Yang, Stephen Coshatt, Yucheng Shi

Partners

  • James Hill, Aging Aircraft LLC

Transformative Characteristics

Informatics and security in electrical networks are fundamental and transformative, as any cyber and physical (including weather) attacks or faults must leave a trace in cyber and electrical networks. This may require first build high-fidelity modeling of cyber and electrical networks. Traditional electrical network modeling often at a macro scale, but little work has been done to build a high fidelity electrical network model to include power electronics physical models at micro-scale; Traditional diagnosis of power electronics and electric machines, which does not consider potential attacks, are based on physical models or sensors, but little has been done to detect anomaly (faults or attacks) by investigating the signals and electric waveforms in electrical networks.

National Need/Grand Challenge

According to statistics from the US Department of Energy, 80% of U.S. electricity is expected to flow through power electronics by 2030. Due to the lack of awareness, power electronics converters in electrical networks are vulnerable to attack once connected to the Internet. Once attacked, it will bring dramatic damages to many safety-critical areas including transportation, energy, and military services. Therefore, there is a national need for the US to address this grand challenge.

Informatics and security in electrical networks require interdisciplinary collaboration and leadership of multiple engineering disciplines, as it may require transformative research on power electronics, electrical engineering, computer science and engineering (including machine learning), cyber and physical security, and statistics and big data.

Faculty

WenZhan Song (UGA)
Jin Ye (UGA)

Postdoctoral Associates

Lulu Guo

Students

Qi Li
Stepehen Coshatt
Bowen Yang
Jinan Zhang

Publications

Bowen Yang; Lulu Guo; Fangyu Li; Jin Ye; Wenzhan Song Vulnerability Assessments of Electric Drive Systems due to Sensor Data Integrity Attacks Journal Article IEEE Transactions on Industrial Informatics , 2019.

Fangyu Li; Rui Xie; Bowen Yang; Lulu Guo; Ping Ma; Jianjun Shi; Jin Ye; WenZhan Song. Detection and Identification of Cyber and Physical Attacks on Distribution Power Grids with PVs: An Online High-Dimensional Data-driven Approach. Journal of Emerging and Selected Topics in Power Electronics, 2019.

Fangyu Li; Yang Shi; Aditya Shinde; Jin Ye; WenZhan Song Enhanced Cyber-physical Security in Internet of Things through Energy Auditing Journal Article IEEE Internet of Things Journal, 2019.

Fangyu Li; Aditya Shinde; Yang Shi; Jin Ye; Xiang-Yang Li; WenZhan Song, System Statistics Learning-Based IoT Security: Feasibility and Suitability Journal Article, IEEE Internet of Things Journal, 2019.

Bowen Yang; Lulu Guo; Fangyu Li; Jin Ye; Wenzhan Song Impact Analysis of Data Integrity Attacks on Power Electronics and Electric Drives Conference 2019 IEEE Transportation Electrification Conference & Expo, 2019.

Bowen Yang; Fangyu Li; Jin Ye; Wenzhan Song Condition Monitoring and Fault Diagnosis of Generators in Power Networks Conference IEEE Power & Energy Society General Meeting, 2019.

Liu Pengfei; Yang Panlong; Song WenZhan; Yan Yubo; Li Xiang-Yang Real-time Identification of Rogue WiFi Connections Using Environment-Independent Physical Features Conference IEEE International Conference on Computer Communications (INFOCOM), 2019.

Minhui Zou; Chengliang Wang; Fangyu Li; WenZhan Song Network Phenotyping for Network Traffic Classification and Anomaly Detection Conference 2018 IEEE International Symposium on Technologies for Homeland Security (HST), 2018.

Song Tan; Debraj De; WenZhan Song; Junjie Yang; Sajal Das Survey of Security Advances in Smart Grid: A Data Driven Approach Journal Article IEEE Communications Surveys and Tutorials, 18 (1), pp. 397-422, 2017.

Song Tan; Wen-Zhan Song; Michael Stewart; Junjie Yang; Lang Tong Online Data Integrity Attacks Against Real-Time Electrical Market in Smart Grid Journal Article IEEE Transaction on Smart Grid, 2016.

Song Tan; WenZhan Song; Michael Stewart; Lang Tong Construct Data Integrity Attacks Against Real-Time Electrical Market in Smart Grid Conference IEEE International Conference on Smart Grid Communications (SmartGridComm), 2015.

Paritosh Ramanan; Goutham Kamath; Wen-Zhan Song NetTomo: A Tomographic approach towards Network Diagnosis Conference IEEE International Symposium on a World of Wireless Mobile and Multimedia Networks (WoWMoM), 2015.

Song Tan; Wen-Zhan Song; Michael Stewart; Lang Tong LPAttack: Leverage Point Attacks against State Estimation in Smart Grid Conference IEEE Globe Communications Conference (GlobeCom), 2014.

Liang Zhao; Wen-Zhan Song Distributed Power-line Outage Detection Based on Wide Area Measurement System Journal Article Sensors, 2014.

Liang Zhao; Wen-Zhan Song A New Multi-objective Microgrid Restoration Via Semidefinite Programming Conference 33rd International Performance Computing and Communications Conference (IEEE IPCCC), 2014.

Liang Zhao; Wen-Zhan Song; Lang Tong; Yuan Wu Monitoring for Power-line Change and Outage Detection in Smart Grid via the Alternating Direction Method of Multipliers Conference The 28th IEEE International Conference on Advanced Information Networking and Applications Workshops, 2014.

Liang Zhao; Wen-Zhan Song; Lang Tong; Yuan Wu; Junjie Yang Topology Identification in Smart Grid with Limited Measurements Via Convex Optimization Conference 2014 IEEE Innovative Smart Grid Technologies Conference- Asia, 2014.