5 Things to Know About Smart Grid Cyber Health
PhilipMonson 11000074CG Visits (5244)
Written by Dr. Lisa Sokol, a Data Scientist within the Office of the Chief Technology Officer, IBM Software Group, and US Federal Government Services.
Despite diligent creation of new electric grid standards, these standards are insufficient to address the urgent cyber threats and challenges facing critical infrastructures. The lack of electric grid standard granularity can result in a failure that can stop business, public services, and our daily lives in their tracks. Innovative analytic approaches are required for the detection of threats, and misi
1. What is an electric grid?
An electric grid has 3 key components/sets:
Within each of these sets, there are many more sub-entities. All of these items must be operational and interacting properly in order for the electric grid to operate and provide us with the electricity we need for our daily lives.
2, What makes electric grids smart?
Smart grids are networks that have computerized power transmission and distribution infrastructures. Smart sensors and meters along energy production and transmission and distribution pathways generate large amounts of granular real-time streaming data. The grids support the generation and two-way transfer of petabytes of heterogeneous data pertaining to the production and consumption of electricity. Grid management systems, including computer-based remote control and automation, use the data to enable smarter operational decisions. The successful use of these systems results in gains for grid reliability, efficiency, flexibility, and resiliency.
Different smart grid networks can band together to create what is commonly called a system of systems. Each network group has a set of resources that it applies to electric generation, transmission, and distribution tasks. Each of these systems can pool their resources and capabilities to create more complex systems. This approach has the effect of creating a high-level entity that has more flexibility, functionality, performance capability, and resiliency.
3. So, what can cause “the grid” to fail?
One of the obvious reasons for failure is weather or accidents. Recently the grid has become the target of our adversaries. Exacerbating the situation, when a part of the grid fails, we don't know if it is from natural causes or the actions of bad actors. In addition, the failure of a single node can impact all of the other grid nodes, irrespective of distance.
4. What can we do to protect the grid?
These systems of systems create huge amounts of data that can provide key clues to what happened. These clues can help us figure out how to fix and protect the grid. This information can indicate two types of behaviors or actions - good actor behavior or normal actions and bad actor behavior or threatening actions. Predictive analytics software, such as IBM SPSS Modeler, can exploit historical data about each entity, each network, and each sub-network in order to discover relationships, trends, patterns, models, and predictors that are associated with both the normal activities and known threat activities. Predictive algorithms can address grid specific aspects, such as fault location algorithms, making use of both geography (such as, spatial analysis) and time (such as, temporal analysis). These generated predictive models could be deployed by the analytics assessment portion of the grid.
In addition, behaviors of interest are different (anomalous) from the defined good and bad behaviors. Anomalous actions are not good or bad, they are behaviors that must be illuminated and evaluated. Over time, vetted anomalous behavior assessments can be added to either the set of good actor behavior or normal actions and bad actor behavior or threatening actions.
5. What needs to be done to protect the grid?
To get an accurate picture of a smart grid's health a contextually correct picture of each grid entity is required. A contextual picture includes information, such as current component state, component state history, edge distance, graphical knowledge of grid connectedness, and a decay function for impact of other components.
The grid analytics environment must be edge-based, so it can quickly assess and respond. The edge-based analytics determines whether the data observation (new data and time-stamped history) for that entity or system, matches previously defined good actor actions, bad actor actions, and the associated patterns. The analytics environment determines if the addition of this new data point changes the likelihood for models, trends, behaviors, scenarios, and situations. The assessment can determine whether the entity no longer matches known actions and behaviors, identifying that entity as anomalous.
Real-time analytics reveal discoveries, including anomalies that matter, allowing automatic decisions to be executed or alerts to be sent to users. Alerts can trigger real-time responses or a replanning event. The analytics can determine if an interesting event has occurred. This continuous smart grid health assessment enables the optimization of the grid and the avoidance of failures (through early detection) by sending actionable insights to substation controllers for local action, to automated systems for global optimizations, or to human operators for situational awareness and further action.
To learn more about smart grid health assessments and how analytics can play a key role in protecting these vital assets, see the IBM Redguide “Smart Grid Cyber Health Assessment in a Big Bad Data World”