The Energy Security group at Colorado State University focuses on the safety and cyber vulnerabilities of critical energy infrastructure. These systems mostly include natural gas pipelines, electrical grids, and nuclear power plants. Critical infrastructure systems typically run using supervisory control and data acquisition (SCADA) systems. Much of the research our group does focus on the security of the SCADA systems as they open a cyber window into these physical systems.
Our team works closely with the Database Security group to study cyber-physical control and energy systems using the best tools and people available. We believe that this research is extremely significant in the daily lives of people around the world.
Support for Reactor Operators in Case of Cyber Security Threats
Increasing use of digital technology in nuclear power plants (NPPs) poses cyber-security as a crucial threat to public safety and to continuous energy production. Cyber-security risks are comprised of complex known and unknown interactions between various entities, system vulnerabilities, network protocols, human users and malicious attacks. There is little understanding or research geared towards plant operators’ response under cyber-security threats and operation procedures to cope with such threats. This is particularly critical when a cyber-security event masquerades as a safety incident or an evolving accident. Instead of leading operators to the remediation of the accident, the masked cyber event may lead them to circumvent the safety mechanisms of the plant. This project develops a framework and a toolset to characterize abnormal NPP events as “cyber” or “safety” incidents, and to further develop this tool as a real-time operator aid to assist in response to the incident.
Flexible Simulation Environment for the Evaluation of Cyber Risk in Nuclear Power Plants
Cyber security is doomed to become an increasingly important area of investigation as components become smarter (i.e. more software-based), more interconnected and attackers become more knowledgeable. Attacks such as the 2010 Stuxnet attack on Iran’s nuclear facilities, the 2017 Saudi Arabia Triconex attack all testify to that effect. In this work, we aim to develop a simulation environment that will allow us to compare various cyber architectures and the various levels of protection they offer on the basis of risk. The focus is on Nuclear Power Plants. The simulation environment uses and expands upon the lessons learnt and components we developed.
Simulated & Virtual SCADA Systems
The simulation of SCADA systems for security study can be a complex but rewarding practice. This project focuses on developing accurate ways to simulate the physical nature of energy system dynamics as well as virtualizing the control used to manage these systems. Virtualization of these SCADA systems also allows us to study their security in a low cost and safe manner.
Anomaly Detection of SCADA Packet Captures
Packet captures of SCADA traffic typically are comprised of MODBUS traffic. MODBUS is a standard protocol for these systems that have been in place for over 30 years. These packet captures can be used as a way to characterize a SCADA system and observe abnormal changes that could signal or forewarn a cyber attack.
Automated Generation of Attack Graphs for Industrial Control
Often times the compromise of a SCADA system works through several steps. Most attacks usually require more than one point of security breach. For example, an attacker may get into a system with a fishing email. Once the fishing email is opened the attacker downloads malware into the system. This malware is used to sniff passwords and eventually access critical parts of the SCADA infrastructure. Our team is working on a method for automatically developing attack graphs based the network topology of a SCADA architecture. These graphs will also use traditional system safety information in the future. This way we can meld the engineering and cyber-safety of these systems.
Publications & Software
Patents
- Sutanay Choudhury, Kushbu Agarwal, Pin-Yu Chen and Indrajit Ray, “System and Method for Automated Detection, Reasoning and Recommendations for Resilient Cyber Systems,” US Patent 10855706
Papers
- Shwetha Gowdanakatte, Mahmoud Abdelgawad and Indrakshi Ray, “Security Hardening of Industrial Control Systems using Attribute Based Access Control”, In Proceedings of the 9th Annual Industrial Control System Security Workshop (ICSS@ACSAC), Austin, Texas, December 2023. Paper | Presentation
- Indrajit Ray, Sarath Sreedharan, Rakesh Podder, Shadaab Kawnain Bashir, and Indrakshi Ray, “Explainable AI for Prioritizing and Deploying Defenses for Cyber-Physical System Resiliency,” Proceedings of the 5th IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, Atlanta, GA, November 2023. Paper
- Md. Rakibul Hasan Talukder, Md. Al Amin, and Indrajit Ray, “Protecting Cyber-Physical System Testbeds from Red-Teaming/Blue-Teaming Experiments Gone Awry,” In Chunhua Su, Dimitris Gritzalis, Vincenzo Piuri, eds., Proceedings of the 17th International Conference on Information Security Practice and Experience -, ISPEC 2022, Taipei, Taiwan, November 23-25, 2022, Lecture Notes in Computer Science 13620, Springer 2022. Paper
- Shwetha Gowdanakatte, Indrakshi Ray, and Siv Hilde Houmb, “Attribute-Based Access Control Model for Protecting Programmable Logic Controls”, in Proceedings of ACM Workshop on Secure and Trustworthy Cyber-Physical Systems, April 2022. Paper | Presentation
- Brandt Reutimann and Indrakshi Ray, “Simulating and Detecting Measurement Attacks in SCADA Testbeds”, in IFIP WG 11.3 International Conference on Critical Infrastructure Protection, Virtual Conference, March 2021. Paper | Presentation | Software
- Vaddi, Pavan Kumar, Michael C. Pietrykowski, Diptendu Kar, Xiaoxu Diao, Yunfei Zhao, Timothy Mabry, Indrajit Ray, and Carol Smidts. “Dynamic bayesian networks based abnormal event classifier for nuclear power plants in case of cyber security threats.” Progress in Nuclear Energy 128 (2020): 103479.
- Bezawada, Bruhadeshwar, Indrajit Ray, and Kushagra Tiwary. “AGBuilder: An AI Tool for Automated Attack Graph Building, Analysis, and Refinement.” In IFIP Annual Conference on Data and Applications Security and Privacy, pp. 23-42. Springer, Cham, 2019.
- Chen, Pin-Yu, Sutanay Choudhury, Luke Rodriguez, Alfred O. Hero, and Indrajit Ray. “Toward Cyber-Resiliency Metrics for Action Recommendations Against Lateral Movement Attacks.” In Industrial Control Systems Security and Resiliency, pp. 71-92. Springer, Cham, 2019.
- Smidts, Carol, Yunfei Zhao, Xiaoxu Diao, Indrajit Ray, Jason Hollern, and Quanyan Zhu. “Support for reactor operators in case of cyber-security threats.” Transactions 117, no. 1 (2017): 929-932.
- Choudhury, Sutanay, Luke Rodriguez, Darren Curtis, Kiri Oler, Peter Nordquist, Pin-Yu Chen, and Indrajit Ray. “Action recommendation for cyber resilience.” In Proceedings of the 2015 Workshop on Automated Decision Making for Active Cyber Defense, pp. 3-8. 2015.
Our Team
Students
Alumni
Our Sponsors
If you are interested in sponsoring our work, please reach out to us.