Secure Machine Learning & Machine Learning for Security

Machine learning (ML) and artificial intelligence (AI) processes are vulnerable to attack the same as other software systems but with the added complexity that data, as well as software, can be targeted. The results can range from models that return wrong answers to energy grid outages and self-driving car crashes.

Attacks on ML/AI can take place during training or testing. During training, attackers can attempt to “poison” the model with tainted data. For example, self-driving cars have failed to recognize stoplights when training data is poisoned to reduce classification confidence. Attacks during testing can exploit hidden flaws, for example, by solving a constrained optimization in which a small input perturbation causes large changes in output.

ML/AI can also be valuable approaches for improving cybersecurity as well, for example, by automatically learning the optimal set of strategies to maintain stability of the electric power grid in the face of cyberattacks.

Berkeley Lab scientists are working to increase the security and reliability of ML/AI processes and controls in DOE-relevant systems, ranging from intelligent transportation to large scientific instruments to the electrical grid itself, which will increasingly rely on ML/AI as it grows more distributed, diverse, automated, and intelligent.

Projects

Securing Automated, Adaptive Learning-Driven Cyber-Physical System Processes

Numerous DOE-relevant processes are becoming automated and adaptive using machine learning techniques. Such processes include vehicle and traffic navigation guidance, intelligent transportation systems, adaptive control of grid-attached equipment, and large scientific instruments. This creates a vulnerability for a cyber attacker to sabotage processes through tainted training data or specially crafted inputs. Consequences might be tainted manufactured output, traffic collisions, power outages, or damage to scientific instruments or experiments. This project is developing secure machine learning methods that will enable the safer operation of automated, adaptive, learning-driven “cyber-physical system” processes. Contact: Sean Peisert (Peisert on the Web)

Supervisory Parameter Adjustment for Distribution Energy Storage (SPADES)

The Supervisory Parameter Adjustment for Distribution Energy Storage (SPADES) project will develop methodology and tools allowing energy storage systems (ESS) to automatically reconfigure themselves to counteract cyberattacks against both the ESS control system directly and indirectly through the electric distribution grid. The reinforcement learning defensive algorithms will be integrated into the National Rural Electric Cooperative Association (NRECA) Open Modeling Framework (OMF), thereby allowing defensive strategies to be tailored on a utility-specific basis. The major outcomes of this project will be the tools to isolate the component of the ESS control system that has been compromised during a cyberattack, as well as policies for changing the control parameters of ESS to mitigate a wide variety of cyberattacks on both the ESS device itself and the electric distribution grid. Contact: Daniel Arnold (Arnold on the web)

Securing Solar for the Grid (S2G)

Berkeley Lab is leading two working groups relating to cybersecurity issues in inverter-based resources (IBR) and distributed energy resources (DER). The first working group is examining cybersecurity issues in AI-based automation for IBR/DER. Automation has brought significant advantages to the power grid for ensuring stability, increasing efficiency, and even providing cybersecurity benefits. At the same time, automation significantly increases cybersecurity risks because automated systems can be remotely attackable, and have similar vulnerabilities to other types of computing systems. The second working group is also working on data confidentiality issues for IBR/DER. Many data privacy and confidentiality issues arise when data is shared, but at the same time, data-sharing is essential to planning, research, and efficient operation. Understanding the intersection of confidentiality concerns and the role of privacy-preserving methods might enable both properties. Contact: Sean Peisert (Peisert on the web)

Cybersecurity via Inverter-Grid Automatic Reconfiguration (CIGAR)

“Cybersecurity via Inverter-Grid Automatic Reconfiguration (CIGAR)” project developed supervisory control algorithms to counteract cyber-physical attacks that have compromised multiple independent systems in the electric grid. The project utilized reinforcement learning techniques to simultaneously develop defense strategies in higher dimensions tailored to specific sections of the electric grid. Analysis of derived attack and defensive strategies highlight specific system vulnerabilities as well as determine recommended upgrades to enhance system cybersecurity. Contact: Sean Peisert (Peisert on the web)

Cyber Security of Power Distribution Systems by Detecting Differences Between Real-time Micro-Synchrophasor Measurements and Cyber-Reported SCADA

The power distribution grid, like many cyber-physical systems, was developed with careful consideration for safe operation, but a number of features of the power system make it particularly vulnerable to cyber attacks via IP networks. The goal of this project was to design and implement a measurement network that can detect and report the resultant impact of cyber security attacks on the distribution system network. The result is a system that provides an independent, integrated picture of the distribution grid’s physical state, which is difficult for a cyber-attacker to subvert using data-spoofing techniques. Contact: Sean Peisert (Peisert on the web)

News