Safeguarding Tomorrow: Winning the Cybersecurity Arms Race

The following article was part of a Star-Ledger and op-ed series on engineering fields that will change the world by Rutgers School of Engineering faculty.

By Saman Zanouz

Chances are, when you think of warfare, you think of soldiers in physical battles intended to kill people and destroy property. But today, we are threatened by a new kind of war. Cyber–or computer–warfare, which involves remote attacks and reconnaissance through nation-funded channels, is emerging–and being increasingly deployed–in place of more costly, conventional attacks.

At the same time, industry, government and university researchers have recognized the need for innovative approaches to thwart potentially devastating cyberattacks on everything from hospitals and voting machines to power grids and military systems. Headway has been made, for instance, by the U.S. Naval Academy’s renewed insistence on teaching celestial navigation to limit undue reliance on GPS. While steps are being taken to overcome inherent cloud data and vulnerabilities in the Internet of Things (which encompasses everything connected to the Internet), there is increased pressure to establish cyberwarfare rules to mitigate future state-on-state cyber conflicts.

Attackers know that few things are more harmful to a society’s economy, public health and safety than the disruption of essential services provided by cyber-physical infrastructures such as power grids. And few things are more attractive targets for nation/state hackers and attackers than these infrastructures. The cost of a major power outage is astronomical: the massive 2003 Northeast electrical blackout affected 50 million people and cost an estimated $6 billion. Beginning in 2015, we have seen the impact of repeated Russian cyberattacks on Ukraine’s power grid, which disrupted the flow of electricity to consumers.

As the cybersecurity arms race between defenders and attackers escalates, researchers are asking: How can we protect vulnerable infrastructures from the disruption of cyberattacks?

While a number of purely cybersecurity protections have been developed in the past few decades for computing systems, these solutions are not directly applicable to cyber-physical systems such as power grids that seamlessly integrate computation and physical components to provide essential services.

Recognizing the vulnerability of our infrastructures to hackers and attackers, the U.S. government created programs such as the National Science Foundation’s to cyber-physical systems program to fuel research in this field. The program has funded my ongoing research at the Rutgers School of Engineering in this area, which focuses on systems that have both cyber and physical components that interact to ensure that everything operates smoothly.

Many current cyber defense solutions are reactive; when an attack occurs, they react and adapt. We are, instead, developing proactive cyber defense solutions able to anticipate and respond effectively to cyberattacks. We also are designing secure mechanisms for cyber-physical critical infrastructures.

The first step in determining how best to protect electricity grids from cyberattacks is to pinpoint the weaknesses likely to be attacked. Manual tolerance procedures and cyber-security solutions alone offer inadequate protection. By identifying such weaknesses, effective safeguards can be designed, so that if an attack happens, built-in defenses will exist.

While our solutions are inherently complicated due to the complex dynamics and interactions of cyber-physical systems, they are truly resilient. These systems’ resilience does not guarantee absolute protection against any attack, yet it enables them to analyze, predict, tolerate, respond to – and recover from – highly debilitating cybersecurity attacks in near real time.

To date, we have successfully developed automated intrusion detection systems and automated response systems that we are transitioning to some industry partners to help them safeguard their own products.

This means that cyber-physical systems administrators and power grid operators will be able to both monitor incident response capabilities as well as to provide proactive response measures that will enable them to avoid future incidents–and ultimately protect some of our most vulnerable, yet essential, cyber-physical infrastructures.

Lasting solutions to pressing societal problems often result from productive research collaborations, which is why Rutgers researchers are also working together with Texas A&M University, the University of Illinois at Urbana-Champaign, Pacific Northwest National Labs and Sandia National Labs on a recently funded U.S. Department of Energy project to enhance the reliability and resilience of our energy infrastructure.

The project will revolutionize the way energy management systems are designed, deployed and operated by building a secure, next-generation, end-to-end energy management system that is both cyber-physical and secure. By being able to detect malicious and abnormal events by fusing cyber and physical data–and facilitating online and automated control actions – these energy management systems will further safeguard cyber-physical critical infrastructures.

Saman Zonouz is an associate professor in the Department of Electrical and Computer Engineering at Rutgers University School of Engineering.