The GridLogic system will include specially designed sensors to provide visibility deep within the network. The sensors are needed because power system network architectures can be complex, and utility companies have difficulties monitoring and identifying malicious activity in remote areas.
“We came up with the concept of deep network visibility, where the depth is both topological—think of a network topology. It’s deep in the topology, but it’s also deep within each power station and within each power protocol,” Lewis offered. “For one of the core issues of being able to identify whether or not you know the system is being misoperated or operated in an illogical way, we need telemetry from every point of the system, and that includes the network.”
The prototypical sensors will use a small form factor and will be heat resistant so that they can be deployed in power substations or line pole cabinets and will be rugged to withstand demanding conditions in electric power applications, including heat, cold, vibration and electromagnetic interference. “Utilities have a variety of network topologies, whether it’s a ring or a line or a tree topology,” Lewis elaborated. “We’ll take all of that into consideration and deploy these small sensors out into strategic locations that give us the visibility of network traffic going to and from, either different stations or from the control center to these stations, and feed all that telemetry back to the central system.”
The central system will include an AI module known as a hypervisor, which will detect odd events or behaviors and discern whether it is malicious activity or the result of other circumstances, such as weather events. The module will “encapsulate some of the intelligence of the power operator and the network operator,” and as it learns, may complement or even replace some human-in-the-loop functions, Grijalva reported.
Lewis added that GridLogic offers total visibility of the entire system to identify potential attack vectors. “We have to consider all angles to this equation because we’re dealing with both malicious insiders and outsiders. Insiders have a tremendous amount of access already, so we need to know exactly what’s happening when and at what time to be able to get to the point of identifying anomalies and then identifying malicious operations.”
GridLogic builds on work from a previous project, GridTrust, which has been successfully tested in a real substation of a U.S. municipal power system. It combines the digital fingerprint with cryptographic technology to provide enhanced security for the utilities and other critical industrial systems that must update control device software or firmware.