Connecting more renewable energy such as wind and solar power demands more smart devices — and ever-evolving technology to protect the grid against cyberattacks. (Image: hrui |

Smart devices can be hacked. That makes the electric grid vulnerable to bad actors who might try to turn off the power, damage the system, or worse. Recently, a team of experts at the Department of Energy’s Pacific Northwest National Laboratory put forth a new approach to protect the grid.

The team, led by Data Scientist Sumit Purohit, is trying to create a tool that sorts and prioritizes cyber threats on the fly. The idea is to give grid operators a clear blueprint to identify and address the biggest threats first and to protect against them without a mad scramble for resources down the road.

“A great deal of effort is put forth every day into addressing specific vulnerabilities, but that can be overwhelming,” said Purohit. “We’re putting forth a longer-term solution. What do you need to be looking at, not just today or tomorrow, but years down the road, as the grid is changing?

“It’s important to deal with today’s problems, but let’s also think about tomorrow’s challenges. We need to plan for things down the line as more smart devices like batteries, inverters, generators, and hybrid cars are connected to the grid.”

It’s a bit like the difference between addressing ailments one at a time compared to embarking on decades of preventive health. An alternate path is to map out the most critical wellness behaviors early on and to give those high priority throughout life.

The team’s formula is based on a model known as hybrid attack graphs, a mathematical approach that gives users flexibility to map out and follow multiple attack routes as they evolve and as defenders and attackers give and take ground. The team uses optimization and data from actual grid cyberattacks to train the model.

The research draws on research previously done by MITRE Corp. that links high-level objectives of adversaries with the techniques they have used as well as ways to prevent attacks. But the framework does not include information about the “cost” to an organization, in terms of effort or money, to implement those protections. The PNNL team is trying to change that by addressing the cost of implementing solutions.

“This approach would allow a utility to quickly assess its cyber risk as they are planning their future grid expansion,” said Purohit. “If you plan to connect more smart devices in the future, you need to be prepared to address the risks. There are thousands of ways to attack utility operations. By looking at historical events and using reinforcement learning, we have reduced that to fewer than 100 that need the most attention.”

A key part of the team’s work is making sure the work is “explainable” — that grid operators and cyber analysts understand the reasons why the model prioritizes and makes the recommendations it does.

The team is working to improve the model and plans to work with power grid and cybersecurity experts to better measure the impacts of adversarial actions on cyber-physical systems.

For more information, contact Tom Rickey at This email address is being protected from spambots. You need JavaScript enabled to view it.; 509-375-3732.