Award Abstract # 1739969
CPS: Medium: Cyber Attack-Defense Modeling, Risk and Contingency Analysis for the Power Grid using Game Theory

NSF Org: ECCS
Division of Electrical, Communications and Cyber Systems
Recipient: IOWA STATE UNIVERSITY OF SCIENCE AND TECHNOLOGY
Initial Amendment Date: September 5, 2017
Latest Amendment Date: September 5, 2017
Award Number: 1739969
Award Instrument: Standard Grant
Program Manager: Lawrence Goldberg
ECCS
 Division of Electrical, Communications and Cyber Systems
ENG
 Directorate for Engineering
Start Date: September 15, 2017
End Date: August 31, 2022 (Estimated)
Total Intended Award Amount: $777,271.00
Total Awarded Amount to Date: $777,271.00
Funds Obligated to Date: FY 2017 = $777,271.00
History of Investigator:
  • Manimaran Govindarasu (Principal Investigator)
    gmani@iastate.edu
  • Sourabh Bhattacharya (Co-Principal Investigator)
Recipient Sponsored Research Office: Iowa State University
1350 BEARDSHEAR HALL
AMES
IA  US  50011-2103
(515)294-5225
Sponsor Congressional District: 04
Primary Place of Performance: Iowa State University
2218 Coover Hall, Iowa State Uni
Ames
IA  US  50011-1046
Primary Place of Performance
Congressional District:
04
Unique Entity Identifier (UEI): DQDBM7FGJPC5
Parent UEI: DQDBM7FGJPC5
NSF Program(s): CPS-Cyber-Physical Systems
Primary Program Source: 01001718DB NSF RESEARCH & RELATED ACTIVIT
Program Reference Code(s): 7918
Program Element Code(s): 791800
Award Agency Code: 4900
Fund Agency Code: 4900
Assistance Listing Number(s): 47.041

ABSTRACT

Modern electric power grid is a complex, interconnected cyber physical system (CPS) that forms the lifeline of our society. Reliable, secure, and efficient operation of the grid are of paramount importance to national security and economic well-being. Recent trends in security indicate the increasing threat of cyber-based attacks, both in numbers and sophistication, on energy and other critical infrastructure systems of our nation and the world in general. To address this growing threat, there is a compelling research need to develop a holistic cyber security framework that encompasses attack deterrence, attack prevention, attack detection, attack mitigation and resilience, and attack attribution and forensics. Risk assessment is one of the fundamental building blocks that cut across attack prevention, mitigation, and resilience. The existing tools for risk assessment and mitigation are mostly qualitative and often subjective, and hence they are grossly inadequate to capture the dynamic and uncertain nature of the adversaries and the complex cyber-physical couplings that exist in the grid.

This project will develop a scientific methodology, algorithms, and tools for cyber risk assessment, attack-defense modeling, and cyber contingency analysis by leveraging game theoretic tools and solution strategies. The developed security algorithms and tools will be evaluated in a realistic CPS security testbed environment at Iowa State University and the results will be broadly shared with research community and also with industry for potential adoption. The innovative applications of game theoretic formulations and tools will help to develop secure and resilient algorithms that will prevent and mitigate attacks and will make the future grid resilient to both faults and cyber-attacks. The research also will have broader impacts in improving the security and resiliency of other CPS-based critical infrastructure systems, such as oil and natural gas networks and transportation networks. Through the associated educational and outreach activities, via graduate courses, undergraduate capstone projects, and K-12 outreach program, the project will contribute to a highly skilled workforce in this area of national need. The project will help diversity in cybersecurity workforce by engaging women and underrepresented minorities in research and educational activities. In addition, the project will significantly contribute to imparting hands-on cybersecurity training to industry professionals using the testbed platform. Both educational and training modules will be made available to a broader academic and industry communities.

The overarching vision of this project is to transform the fault-resilient grid of today into an attack-resilient grid of the future. Towards achieving this vision, the goal of the project is to develop and evaluate algorithms and tools that will significantly advance the state-of-the-art cyber risk assessment, attack-defense modeling, and cyber contingency analysis. This goal will be accomplished by undertaking the following research tasks: (1) Develop fundamental game-theoretic formulations (single stage, multi-stage, Bayesian) for attack-defense modeling for the power grid using behavioral and learning models; (2) Develop a quantitative cyber risk assessment and mitigation methodology that capture all three components of risk -- namely, threats, vulnerabilities, and consequences -- using pragmatic game-theoretic formulations, and optimize the security investments to defend the grid against high-risk attacks; (3) Develop scalable techniques and tools for real-time operational planning using game-theoretic formulations to account for multiple contingencies arising due to coordinated cyber-attacks, and integrate them into a dynamic contingency analysis methodology as part of the Energy Management System (EMS); (4) Evaluate the effectiveness and scalability of the developed solutions and tools on Iowa State CPS security testbed environment using realistic attack-defense scenarios leveraging well documented power and cyber system topologies and synthetic attack traces and also leveraging Iowa State industry partnerships in Electric Power Research Center (EPRC) and Power System Research Center (PSERC).

PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH

Note:  When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external site maintained by the publisher. Some full text articles may not yet be available without a charge during the embargo (administrative interval).

Some links on this page may take you to non-federal websites. Their policies may differ from this site.

Clanin, Joe and Bhattacharya, Sourabh "Security Resource Investment Optimization for Critical Infrastructure Systems: A Game-Theoretic Approach" American Control Conference (ACC) , 2022 https://doi.org/10.23919/ACC53348.2022.9867416 Citation Details
Emadi, Hamid and Bhattacharya, Sourabh "On Security Games with Additive Utility" IFAC-PapersOnLine , v.52 , 2019 10.1016/j.ifacol.2019.12.180 Citation Details
Emadi, Hamid and Bhattacharya, Sourabh "On the Characterization of Saddle Point Equilibrium for Security Games with Additive Utility" GameSec Conference , 2020 https://doi.org/10.1007/978-3-030-64793-3_19 Citation Details
Emadi, Hamid and Clanin, Joe and Hyder, Burhan and Khanna, Kush and Govindarasu, Manimaran and Bhattacharya, Sourabh "An Efficient Computational Strategy for Cyber-Physical Contingency Analysis in Smart Grids" IEEE PES General Meeting , 2021 https://doi.org/10.1109/PESGM46819.2021.9637857 Citation Details
Hyder, Burhan and Govindarasu, Manimaran "A Novel Methodology for Cybersecurity Investment Optimization in Smart Grids using Attack-Defense Trees and Game Theory" IEEE Innovative Smart Grid Technologies (ISGT) , 2022 Citation Details
Hyder, Burhan and Govindarasu, Manimaran "Optimization of Cybersecurity Investment Strategies in the Smart Grid Using Game-Theory" IEEE Power & Energy Society Innovative Smart Grid Technologies Conference (ISGT) , 2020 10.1109/ISGT45199.2020.9087634 Citation Details
Hyder, Burhan and Majerus, Harrison and Sellars, Hayden and Greazel, Jonathan and Strobel, Joseph and Battani, Nicholas and Peng, Stefan and Govindarasu, Manimaran "CySec Game: A Framework and Tool for Cyber Risk Assessment and Security Investment Optimization in Critical Infrastructures" Resilience Week Symposium (RWS) , 2022 https://doi.org/10.1109/RWS55399.2022.9984040 Citation Details

PROJECT OUTCOMES REPORT

Disclaimer

This Project Outcomes Report for the General Public is displayed verbatim as submitted by the Principal Investigator (PI) for this award. Any opinions, findings, and conclusions or recommendations expressed in this Report are those of the PI and do not necessarily reflect the views of the National Science Foundation; NSF has not approved or endorsed its content.

RESEARCH OBJECTIVES and ACCOMPLISHMENTS: The objectives of the project was two-fold: (1) develop pragmatic models and algorithms, leveraging game theory, for cyber risk assessment, risk-informed cybersecurity investment optimization to mitigate the risks, and online cyber contingency analysis to address the emerging cybersecurity threats and attacks targeting smart grid infrastructures; (2) Test, validate, and evaluate the efficacy of the models and algorithms with realistic system models and attack-defense use-cases. The project?s accomplishments include: (i) Developed and validated a quantitative methodology, using game theory, to systematically assess cyber risks to smart grid infrastructures; (ii) Developed and validated a quantitative methodology, using game theory, to optimize cybersecurity investments to mitigate the risks; (iii) Developed computationally efficient techniques to design cyber-defense strategies using game-theoretic models with theoretical performance guarantees; (iv) Developed  and validated an online algorithm, based on system resiliency, that incorporates cyber contingencies into contingency analysis and operational decision making for the smart grid. (v) Developed a software tool, called CySecGame, for cyber risk assessment incorporating attack trees, attack-defense trees, and game theory models.

BROADER IMPACTS: (1) The developed cyber risk assessment methodology, models, algorithms, and the software tool are applicable to a broader class of CPS-based critical infrastructures beyond the smart grid; (2) produced ~10 peer-reviewed research publications and two Ph.D dissertations, and one M.S Thesis; (3) Upgraded the CPS security testbed (PowerCyber) at Iowa State University with advanced models, attack and defense modules, and use-cases; (4) Hosted remote access to the testbed - with sample models, attack-defense modules, and use-cases - for research, education, and training in cybersecurity for the smart grid; (5) Mentored a total of dozen graduate and undergraduate students in their thesis research and capstone design projects; (6) Enhanced and taught a graduate-level course on CPS security for the smart grid benefitting a total ~50 students over the project period; (7) Disseminated the research outcomes via research publications, posters, or presentations in major professional conferences and symposiums and NSF CPS PI Meetings.


Last Modified: 02/18/2023
Modified by: Manimaran Govindarasu

Please report errors in award information by writing to: awardsearch@nsf.gov.

Print this page

Back to Top of page