For critical infrastructure such as the nation’s power grid, the delay between identifying a cyberattack and mounting a defense could be catastrophic. ORNL scientists are working to solve this dilemma with a platform known as a “digital twin” that provides a real-time simulation of the grid so that system aberrations can be identified almost immediately.
The grid is often called the world’s largest machine. It is a complex, interdependent network made up of power generation, transmission lines that carry electricity across vast distances, substations where voltages are stepped down for utility systems, distribution lines that connect communities, and devices that convert electricity for customer usage.
But the grid has become increasingly vulnerable to cyber disruption as more of its controls have moved into the digital realm and are connected to the internet.
The digital twin—an active model fed by real-time sensor data and running sideby-side with the actual grid in a control room—could give utility operators the ability to detect a zero-day attack, or one that has just been discovered, for which there is no patch.
“No one knows what the next attack will look like, because it will be brand new,” said Ryan Kerekes, project lead for ORNL’s digital twin framework and leader of ORNL’s RF, Communications and Intelligent Systems Group. “But we do know that a cyberattack will cause the system to behave in a way that we didn’t expect. Having this live comparison of how the system should be performing can give you a crucial edge in detecting attacks.”
A digital twin would initially recommend courses of action for operators to take, added Mark Buckner, leader of the Power and Energy Systems Group. “But eventually as the system is trusted and validated, we could use artificial intelligence to create a self-aware, self-healing network that would automatically quarantine abnormalities so they can be examined, while preventing issues such as cascading outages.”
In a demonstration of the digital twin, the researchers launched a cyberattack on the model, spoofing values that a grid operator would see. The values were valid, but they didn’t make sense in the context of the larger system. The digital twin was able to identify those values as aberrations that didn’t make sense, based on its model of how the system’s components should be interacting, Kerekes said.
“It’s like in the movies, when someone has installed a loop of footage showing an empty hallway on the camera—when in reality there are people walking through,” Buckner said. “But let’s say you also had a simple infrared sensor monitoring temperature in the area. The system knows if there are no warm bodies in the hallway, then the temperature should be consistent. So the system is looking at a combination of things that the camera might not see.”
The digital twin framework uses the same dynamics as the larger grid at a lower, safe voltage for researchers. It is now being leveraged to design and test cyber resilience solutions for critical infrastructure.
“The digital twin framework is already proving useful for our work with the power grid. We are also leveraging it more generically for industrial controls systems to have a larger impact on the nation’s diverse critical infrastructure.”
The system could be used to build a grid more resilient to disruption, including physical damage from storms, the scientists noted. Using the projected path of a storm, for instance, operators could use the digital twin to turn off power to portions of the system so that cascading faults do not occur