
NSF Org: |
ECCS Division of Electrical, Communications and Cyber Systems |
Recipient: |
|
Initial Amendment Date: | September 5, 2017 |
Latest Amendment Date: | September 5, 2017 |
Award Number: | 1739969 |
Award Instrument: | Standard Grant |
Program Manager: |
Lawrence Goldberg
ECCS Division of Electrical, Communications and Cyber Systems ENG Directorate for Engineering |
Start Date: | September 15, 2017 |
End Date: | August 31, 2022 (Estimated) |
Total Intended Award Amount: | $777,271.00 |
Total Awarded Amount to Date: | $777,271.00 |
Funds Obligated to Date: |
|
History of Investigator: |
|
Recipient Sponsored Research Office: |
1350 BEARDSHEAR HALL AMES IA US 50011-2103 (515)294-5225 |
Sponsor Congressional District: |
|
Primary Place of Performance: |
2218 Coover Hall, Iowa State Uni Ames IA US 50011-1046 |
Primary Place of
Performance Congressional District: |
|
Unique Entity Identifier (UEI): |
|
Parent UEI: |
|
NSF Program(s): | CPS-Cyber-Physical Systems |
Primary Program Source: |
|
Program Reference Code(s): |
|
Program Element Code(s): |
|
Award Agency Code: | 4900 |
Fund Agency Code: | 4900 |
Assistance Listing Number(s): | 47.041 |
ABSTRACT
Modern electric power grid is a complex, interconnected cyber physical system (CPS) that forms the lifeline of our society. Reliable, secure, and efficient operation of the grid are of paramount importance to national security and economic well-being. Recent trends in security indicate the increasing threat of cyber-based attacks, both in numbers and sophistication, on energy and other critical infrastructure systems of our nation and the world in general. To address this growing threat, there is a compelling research need to develop a holistic cyber security framework that encompasses attack deterrence, attack prevention, attack detection, attack mitigation and resilience, and attack attribution and forensics. Risk assessment is one of the fundamental building blocks that cut across attack prevention, mitigation, and resilience. The existing tools for risk assessment and mitigation are mostly qualitative and often subjective, and hence they are grossly inadequate to capture the dynamic and uncertain nature of the adversaries and the complex cyber-physical couplings that exist in the grid.
This project will develop a scientific methodology, algorithms, and tools for cyber risk assessment, attack-defense modeling, and cyber contingency analysis by leveraging game theoretic tools and solution strategies. The developed security algorithms and tools will be evaluated in a realistic CPS security testbed environment at Iowa State University and the results will be broadly shared with research community and also with industry for potential adoption. The innovative applications of game theoretic formulations and tools will help to develop secure and resilient algorithms that will prevent and mitigate attacks and will make the future grid resilient to both faults and cyber-attacks. The research also will have broader impacts in improving the security and resiliency of other CPS-based critical infrastructure systems, such as oil and natural gas networks and transportation networks. Through the associated educational and outreach activities, via graduate courses, undergraduate capstone projects, and K-12 outreach program, the project will contribute to a highly skilled workforce in this area of national need. The project will help diversity in cybersecurity workforce by engaging women and underrepresented minorities in research and educational activities. In addition, the project will significantly contribute to imparting hands-on cybersecurity training to industry professionals using the testbed platform. Both educational and training modules will be made available to a broader academic and industry communities.
The overarching vision of this project is to transform the fault-resilient grid of today into an attack-resilient grid of the future. Towards achieving this vision, the goal of the project is to develop and evaluate algorithms and tools that will significantly advance the state-of-the-art cyber risk assessment, attack-defense modeling, and cyber contingency analysis. This goal will be accomplished by undertaking the following research tasks: (1) Develop fundamental game-theoretic formulations (single stage, multi-stage, Bayesian) for attack-defense modeling for the power grid using behavioral and learning models; (2) Develop a quantitative cyber risk assessment and mitigation methodology that capture all three components of risk -- namely, threats, vulnerabilities, and consequences -- using pragmatic game-theoretic formulations, and optimize the security investments to defend the grid against high-risk attacks; (3) Develop scalable techniques and tools for real-time operational planning using game-theoretic formulations to account for multiple contingencies arising due to coordinated cyber-attacks, and integrate them into a dynamic contingency analysis methodology as part of the Energy Management System (EMS); (4) Evaluate the effectiveness and scalability of the developed solutions and tools on Iowa State CPS security testbed environment using realistic attack-defense scenarios leveraging well documented power and cyber system topologies and synthetic attack traces and also leveraging Iowa State industry partnerships in Electric Power Research Center (EPRC) and Power System Research Center (PSERC).
PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH
Note:
When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external
site maintained by the publisher. Some full text articles may not yet be available without a
charge during the embargo (administrative interval).
Some links on this page may take you to non-federal websites. Their policies may differ from
this site.
PROJECT OUTCOMES REPORT
Disclaimer
This Project Outcomes Report for the General Public is displayed verbatim as submitted by the Principal Investigator (PI) for this award. Any opinions, findings, and conclusions or recommendations expressed in this Report are those of the PI and do not necessarily reflect the views of the National Science Foundation; NSF has not approved or endorsed its content.
RESEARCH OBJECTIVES and ACCOMPLISHMENTS: The objectives of the project was two-fold: (1) develop pragmatic models and algorithms, leveraging game theory, for cyber risk assessment, risk-informed cybersecurity investment optimization to mitigate the risks, and online cyber contingency analysis to address the emerging cybersecurity threats and attacks targeting smart grid infrastructures; (2) Test, validate, and evaluate the efficacy of the models and algorithms with realistic system models and attack-defense use-cases. The project?s accomplishments include: (i) Developed and validated a quantitative methodology, using game theory, to systematically assess cyber risks to smart grid infrastructures; (ii) Developed and validated a quantitative methodology, using game theory, to optimize cybersecurity investments to mitigate the risks; (iii) Developed computationally efficient techniques to design cyber-defense strategies using game-theoretic models with theoretical performance guarantees; (iv) Developed and validated an online algorithm, based on system resiliency, that incorporates cyber contingencies into contingency analysis and operational decision making for the smart grid. (v) Developed a software tool, called CySecGame, for cyber risk assessment incorporating attack trees, attack-defense trees, and game theory models.
BROADER IMPACTS: (1) The developed cyber risk assessment methodology, models, algorithms, and the software tool are applicable to a broader class of CPS-based critical infrastructures beyond the smart grid; (2) produced ~10 peer-reviewed research publications and two Ph.D dissertations, and one M.S Thesis; (3) Upgraded the CPS security testbed (PowerCyber) at Iowa State University with advanced models, attack and defense modules, and use-cases; (4) Hosted remote access to the testbed - with sample models, attack-defense modules, and use-cases - for research, education, and training in cybersecurity for the smart grid; (5) Mentored a total of dozen graduate and undergraduate students in their thesis research and capstone design projects; (6) Enhanced and taught a graduate-level course on CPS security for the smart grid benefitting a total ~50 students over the project period; (7) Disseminated the research outcomes via research publications, posters, or presentations in major professional conferences and symposiums and NSF CPS PI Meetings.
Last Modified: 02/18/2023
Modified by: Manimaran Govindarasu
Please report errors in award information by writing to: awardsearch@nsf.gov.