Keeping water and energy secure

Engineering researcher studies smart city cybersecurity
A stock image of digital data and the words cyber attack and data breach.
Credit: iStock/@MATEJMO

UNIVERSITY PARK, Pa. — Water and energy systems do not typically come to mind as cyber hacker targets, but those systems are often most vulnerable to such attacks, according to Javad Khazaei, assistant professor of electrical engineering at Penn State Harrisburg.

Khazaei, an affiliate professor of architectural engineering in the College of Engineering at Penn State University Park, is leading a 15-month seed-grant-funded project investigating the vulnerability of water and energy infrastructure systems and developing detection methodologies to counteract such criminal acts.

Technologically advanced, or “smart,” cities often integrate water and energy systems, which are controlled automatically by sensors and remote monitoring systems, according to Khazaei. If hackers gain access to these advanced metering infrastructures and inject false data readings, they can cause failures without detection.

A head and shoulders shot of a man smiling.

Javad Khazaei, affiliate professor of architectural engineering, is leading a 15-month seed grant-funded project that will investigate the vulnerability of water and energy infrastructure systems and develop detection methodologies to counteract cyberattacks.

Credit: Penn State College of Engineering

“Cyberattacks like this do happen and to immense consequences,” Khazaei said. “In December 2015, Russian hackers shut down 30 substations in Ukraine, causing a large-scale blackout for 230,000 people for several hours. Hackers also can permanently put infrastructure at risk by stealing information and then using it to plan future attacks.” 

Khazaei, along with co-principal investigators Prasenjit Mitra, associate dean for research in Penn State’s College of Information Sciences and Technology, and Faegheh Moazeni, adjunct lecturer in Penn State Harrisburg’s School of Science, Engineering and Technology, received $95,000 in seed grants for the project from Penn State's Center for Security Research and Education with cost share from Penn State’s College of Information Sciences and Technology and Department of Architectural Engineering.  

To examine the feasibility of such attacks and understand cyber attackers’ strategies, the researchers will use multi-objective mathematical formulations to create an attack model like one a hacker would use to carry out an attack. The models will be critical in identifying the vulnerability of interlinked water and energy systems and understand what would cause blackouts or water cutoffs. 

“In the simulations, we will inject false data into the load and energy generation units, which will then be sent to the centralized controller for decision making. The injections will be designed so that they will bypass the existing detection algorithms,” Khazaei said. “For example, a few measurements in an energy network can be tampered with false data to cause an overflow in multiple transmission lines, which could result in a blackout. Or, if a water tank is empty, we can change the reading to appear like a full tank, which changes the waterflow and pumps — causing damage downstream in the water distribution network.”

From prior research, Khazaei knows that a hacker can adjust numbers just a few points to cause a transmission line overflow. This time, Khazaei will use an even more sophisticated hacking system to develop a mathematical attack model that could incorporate bad data detection frameworks in control centers to protect water and energy infrastructures.

In tandem with the attack models, the researchers will develop two big data analytics-based detection methodologies — a recursive least-square estimation method and a machine learning-based bad data detection strategy that can detect stealthy attacks.  

The algorithms in the detection technology, otherwise known as neural networks, will be able to use historical data and a set of attack data as a training set to detect tampered measurement data and to notify human operators in real time — before a large-scale blackout or water cutoff occurs.

Sez Atamturktur, Harry and Arlene Schell Professor and head of the Department of Architectural Engineering, emphasized how research on utility infrastructure is greatly needed. 

“Cybersecurity for water treatment and supply networks is only loosely monitored at the federal and state levels, where the primary focus is often on water quality,” she said. “There is an urgent nationwide need for cybersecurity expertise. Javad’s research will provide needed background information for officials at both the federal and state level to make reforms and protect the nation’s critical infrastructure.”