water treatment plant (People Image Studio/Shutterstock.com)

Securing utilities by detecting bad data

Even as the Trump administration tightens control on foreign-made parts in the nation’s power grid to shore up its security, critical utility infrastructure can be crippled by bad actors injecting undetectable amounts of false data into water and electricity IT systems.

Penn State researchers investigating the vulnerabilities in water and energy systems are developing detection methodologies that would work with the insufficiently sensitive data detection frameworks many control centers currently use to protect critical utility infrastructures.

“In the simulations, we will inject false data into the load and energy generation units, which will then be sent to the centralized controller for decision making. The injections will be designed so that they will bypass the existing detection algorithms,” Javad Khazaei, assistant professor of electrical engineering at Penn State Harrisburg, told Penn State News. “A few measurements in an energy network can be tampered with false data to cause an overflow in multiple transmission lines, which could result in a blackout. Or, if a water tank is empty, we can change the reading to appear like a full tank, which changes the waterflow and pumps -- causing damage downstream in the water distribution network.”

The researchers will also use historical data and a set of attack data to train an algorithm to detect measurement data that has been tampered with and to notify human operators in real time.

“Cybersecurity for water treatment and supply networks is only loosely monitored at the federal and state levels, where the primary focus is often on water quality,” said Sez Atamturktur, head of Penn State’s department of architectural engineering. “Javad’s research will provide needed background information for officials at both the federal and state level to make reforms and protect the nation’s critical infrastructure.”

About the Author

Connect with the GCN staff on Twitter @GCNtech.


  • automated processes (Nikolay Klimenko/Shutterstock.com)

    How the Army’s DORA bot cuts manual work for contracting professionals

    Thanks to robotic process automation, the time it takes Army contracting professionals to determine whether prospective vendors should receive a contract has been cut from an hour to just five minutes.

  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

Stay Connected