Researcher identifies vulnerabilities in the smart grid’s intelligent electronic devices
With a flick of the switch, we have power to heat our homes and operate our businesses … until we don’t.
Witness Ukraine in December 2016, when grid-sabotaging malware plunged a large portion of Kiev into darkness.
All the more reason to proactively focus on cybersecurity and the smart grid — the digitized, intelligent energy network that integrates information and communications technologies with our existing power network to optimize the delivery of electricity from source to consumer.
The ever-expanding smart grid uses Internet of Things (IoT) sensing technologies, software and intelligent electronic devices (IEDs), such as circuit breakers and transformers, to enhance the network’s performance.
“As the smart grid gets bigger, however, so does the attack surface,” says Paria Shirani, a PhD candidate at Concordia’s Security Research Centre who is looking for ways to stay ahead of malicious attacks.
Shirani’s work focuses on assessing the security of the smart grid’s IEDs.
More specifically, she looks for fast and reliable ways to identify vulnerabilities in the firmware — software inside the box — that controls these devices.
Cyber resilient strategies
Shirani’s research led to the creation of BinARM, a new security technology.
“It’s the first large-scale vulnerability database especially for firmware on smart devices,” she says. “It’s also a multi-stage detection engine that identifies vulnerabilities in three orders of magnitude faster than all existing approaches.”
Shirani presented BinARM at the 15th International Conference on Detection of Intrusions and Malware & Vulnerability Assessment in Paris-Saclay, France, in June.
Her work was funded by Mourad Debbabi’s NSERC/Hydro-Québec/Thales Senior Industrial Research Chair in Smart Grid Security at the Gina Cody School of Engineering and Computer Science.
“I’m extremely proud of Paria, who was recently awarded a Natural Sciences and Engineering Research Council of Canada postdoctoral fellowship and is heading to Carnegie Mellon University this summer,” says Debbabi, associate dean of research and graduate studies and professor at the Concordia Institute for Information Systems Engineering.
The benefits of BinARM
BinARM, a name referring to binary code and ARM architecture, makes several contributions to the field.
It identifies and catalogues a set of the most prominent and recognized-by-industry manufacturers who make IEDs for smart grids. Plus, it also identifies and catalogues different open-source libraries of code used in the IEDs’ firmware at a large scale.
“The database never existed, but now, using function matching, we can quickly — and with 92 per cent accuracy — identify vulnerabilities in the IoT devices that make up the smart grid,” Shirani explains.
She shudders at the thought of malware attacks and their resulting costs, both economic and social.
“Cyberattacks are major threats to smart grid deployment, which can lead to infrastructure failure, blackouts, energy theft, customer privacy breaches and more,” she adds. “My research aims to prevent threats, or at least reduce their likelihood and effects, to protect people’s lives and save the critical infrastructure.”
Concordia’s Security Research Centre
Shirani’s research is one of many Concordia initiatives focusing on security and critical infrastructure.
The Security Research Centre now has over 65 cybersecurity researchers, including 10 professors and 55 graduate students and postdoctoral fellows making strides in detection, prevention, mitigation and recovery methods.
Learn more about the Gina Cody School of Engineering and Computer Science.