The Energy Security initiative at Colorado State University focuses on advancing the safety and cybersecurity of critical energy and cyber-physical systems. Our research spans natural gas pipelines, electrical grids, nuclear power plants, and modern Distributed Energy Resource (DER) systems—each of which forms the backbone of today’s critical infrastructure. These systems rely heavily on Supervisory Control and Data Acquisition (SCADA) and other industrial control technologies that bridge the physical and digital worlds. While this integration enables efficient monitoring and control, it also introduces significant cybersecurity challenges. As components from diverse vendors converge and IT networks become increasingly interconnected, vulnerabilities emerge that adversaries frequently exploit. Our team collaborates closely with the Database Security group to analyze cyber-physical operations, model system behavior, and design resilient security solutions informed by both practical expertise and rigorous scientific tools.
Support for Reactor Operators in Case of Cyber Security Threats
Increasing use of digital technology in nuclear power plants (NPPs) poses cyber-security as a crucial threat to public safety and to continuous energy production. Cyber-security risks are comprised of complex known and unknown interactions between various entities, system vulnerabilities, network protocols, human users and malicious attacks. There is little understanding or research geared towards plant operators’ response under cyber-security threats and operation procedures to cope with such threats. This is particularly critical when a cyber-security event masquerades as a safety incident or an evolving accident. Instead of leading operators to the remediation of the accident, the masked cyber event may lead them to circumvent the safety mechanisms of the plant. This project develops a framework and a toolset to characterize abnormal NPP events as “cyber” or “safety” incidents, and to further develop this tool as a real-time operator aid to assist in response to the incident.
Flexible Simulation Environment for the Evaluation of Cyber Risk in Nuclear Power Plants
Cyber security is doomed to become an increasingly important area of investigation as components become smarter (i.e. more software-based), more interconnected and attackers become more knowledgeable. Attacks such as the 2010 Stuxnet attack on Iran’s nuclear facilities, the 2017 Saudi Arabia Triconex attack all testify to that effect. In this work, we aim to develop a simulation environment that will allow us to compare various cyber architectures and the various levels of protection they offer on the basis of risk. The focus is on Nuclear Power Plants. The simulation environment uses and expands upon the lessons learnt and components we developed.
Simulated & Virtual SCADA Systems
The simulation of SCADA systems for security study can be a complex but rewarding practice. This project focuses on developing accurate ways to simulate the physical nature of energy system dynamics as well as virtualizing the control used to manage these systems. Virtualization of these SCADA systems also allows us to study their security in a low cost and safe manner.
Anomaly Detection of SCADA Packet Captures
Packet captures of SCADA traffic typically are comprised of MODBUS traffic. MODBUS is a standard protocol for these systems that have been in place for over 30 years. These packet captures can be used as a way to characterize a SCADA system and observe abnormal changes that could signal or forewarn a cyber attack.
Automated Generation of Attack Graphs for Industrial Control
Often times the compromise of a SCADA system works through several steps. Most attacks usually require more than one point of security breach. For example, an attacker may get into a system with a fishing email. Once the fishing email is opened the attacker downloads malware into the system. This malware is used to sniff passwords and eventually access critical parts of the SCADA infrastructure. Our team is working on a method for automatically developing attack graphs based the network topology of a SCADA architecture. These graphs will also use traditional system safety information in the future. This way we can meld the engineering and cyber-safety of these systems.
Publications & Software
Patents
- Sutanay Choudhury, Kushbu Agarwal, Pin-Yu Chen and Indrajit Ray, “System and Method for Automated Detection, Reasoning and Recommendations for Resilient Cyber Systems,” US Patent 10855706
Papers
- Gowdanakatte, Shwetha, Mahmoud Abdelgawad, and Indrakshi Ray. “Assets Criticality Assessment of Industrial Control Systems: A Wind Farm Case Study.” In Proceedings of the IEEE 24th International Conference on Software Quality, Reliability and Security (QRS). IEEE, 2024. Paper
- Indrajit Ray, Sarath Sreedharan, Rakesh Podder, Shadaab Kawnain Bashir, and Indrakshi Ray, “Explainable AI for Prioritizing and Deploying Defenses for Cyber-Physical System Resiliency,” Proceedings of the 5th IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, Atlanta, GA, November 2023. Paper
- Shwetha Gowdanakatte, Indrakshi Ray, and Mahmoud Abdelgawad, “Model Based Risk Assessment and Risk Mitigation Framework for Cyber-Physical Systems”, In Proceedings of the 5th International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, Atlanta, GA, November, 2023. Paper
- Md. Rakibul Hasan Talukder, Md. Al Amin, and Indrajit Ray, “Protecting Cyber-Physical System Testbeds from Red-Teaming/Blue-Teaming Experiments Gone Awry,” In Chunhua Su, Dimitris Gritzalis, Vincenzo Piuri, eds., Proceedings of the 17th International Conference on Information Security Practice and Experience -, ISPEC 2022, Taipei, Taiwan, November 23-25, 2022, Lecture Notes in Computer Science 13620, Springer 2022. Paper
- Shwetha Gowdanakatte, Indrakshi Ray, and Siv Hilde Houmb, “Attribute-Based Access Control Model for Protecting Programmable Logic Controls”, in Proceedings of ACM Workshop on Secure and Trustworthy Cyber-Physical Systems, April 2022. Paper | Presentation
- Brandt Reutimann and Indrakshi Ray, “Simulating and Detecting Measurement Attacks in SCADA Testbeds”, in IFIP WG 11.3 International Conference on Critical Infrastructure Protection, Virtual Conference, March 2021. Paper | Presentation | Software
- Vaddi, Pavan Kumar, Michael C. Pietrykowski, Diptendu Kar, Xiaoxu Diao, Yunfei Zhao, Timothy Mabry, Indrajit Ray, and Carol Smidts. “Dynamic bayesian networks based abnormal event classifier for nuclear power plants in case of cyber security threats.” Progress in Nuclear Energy 128 (2020): 103479.
- Bezawada, Bruhadeshwar, Indrajit Ray, and Kushagra Tiwary. “AGBuilder: An AI Tool for Automated Attack Graph Building, Analysis, and Refinement.” In Proceedings of the IFIP Annual Conference on Data and Applications Security and Privacy, pp. 23-42. Springer, Cham, 2019.
- Chen, Pin-Yu, Sutanay Choudhury, Luke Rodriguez, Alfred O. Hero, and Indrajit Ray. “Toward Cyber-Resiliency Metrics for Action Recommendations Against Lateral Movement Attacks.” In Proceedings of the Industrial Control Systems Security and Resiliency, pp. 71-92. Springer, Cham, 2019.
- Smidts, Carol, Yunfei Zhao, Xiaoxu Diao, Indrajit Ray, Jason Hollern, and Quanyan Zhu. “Support for reactor operators in case of cyber-security threats.” Transactions 117, no. 1 (2017): 929-932.
- Choudhury, Sutanay, Luke Rodriguez, Darren Curtis, Kiri Oler, Peter Nordquist, Pin-Yu Chen, and Indrajit Ray. “Action recommendation for cyber resilience.” In Proceedings of the 2015 Workshop on Automated Decision Making for Active Cyber Defense, pp. 3-8. 2015.
Our Team
Students
Alumni
Our Sponsors
If you are interested in sponsoring our work, please reach out to us.
