Visible to the public SaTC: CORE: Medium: ADIDS: An Air-gapped Distributed Intrusion Detection System for the Power GridConflict Detection Enabled

Project Details

Lead PI

Performance Period

Oct 01, 2019 - Sep 30, 2022


Georgia Tech Research Corporation


National Science Foundation

Award Number

The power grid is a highly complex control system and one of the most impressive engineering feats of the modern era. Nearly every facet of modern society critically relies on the proper operation of the power grid such that long or even short interruptions can impose significant economic and social hardship on society. The current power grid is undergoing a transformation to a Smart Grid, that seeks to monitor and track diagnostic and operational information so as to enable a more efficient and resilient system. This significant transformation, however, has made the grid more susceptible to attacks by cybercriminals, as highlighted by several recent attacks on power grids that have exposed the vulnerabilities in modern power systems, especially power substations that form the backbone of electricity networks. Motivated by this, this project aims to develop practical solutions for securing the power system against sophisticated cyberattacks.

Significant effort has been invested to develop effective intrusion detection systems for power system substations to detect cyberattacks and/or reduce their damaging consequences. Existing techniques, however, require some level of trust from components on the supervisory control and data acquisition (SCADA) network, rendering them vulnerable to sophisticated attacks that could compromise the SCADA system. This research presents an air-gapped radio frequency based distributed intrusion detection system (ADIDS) that remains reliable even when the entire SCADA system is considered untrusted. The system has two inputs: SCADA network traffic, and the radio frequency signals emitted by substation components. The control actions in substations can be reliably inferred from the radio signals they generate. The integrity of the radio signals is provided by the verification of quasi-random lightning strikes embedded in the signals. When properly configured, ADIDS is able to verify the correctness of the SCADA network traffic without relying on the SCADA network itself.