Natural State researchers are working to develop artificial intelligence tools that can help protect the electric grid and other vital infrastructure from outside attacks.
Qinghua Li, a University of Arkansas computer science professor in Fayetteville, is leading the effort.
Two University of Arkansas at Little Rock computer science professors, Philip Huff and Jan Springer, are working on the project as well.
Graduate students from both campuses are also playing key roles, and officials with Arkansas Electric Cooperative Corp. and other industry and cybersecurity experts are also on board..
The sophisticated computer programs can spot cyber vulnerabilities and prioritize them so that the biggest problems can be fixed the fastest.
The project, which is expected to last until 2023, has benefited from a $2.7 million U.S. Department of Energy grant.
Few things, Li said, are more critical than the nation’s power supply.
“The electric grid is important,” he said. “Without electricity, everything else would stop.”
That’s what happened in parts of Ukraine, when its grid was successfully hacked.
The Dec. 23, 2015, attack left nearly a quarter-million Ukrainians temporarily without power; fortunately, the weather that day was unseasonably warm.
“That actually brought a lot of attention to the power grid cybersecurity,” Li said. “That showed us that such an attack is real. … It’s not something hypothetical.”
Energy officials weren’t the only ones alarmed. The attacks were closely followed by the U.S. Department of Homeland Security. NATO officials were also concerned.
Two graduate students — Matt Kennett of the UALR, and Kylie McClanahan of UA-Fayetteville — are working with software tools named Spartan to help utilities to spot potential vulnerabilities so they can fix them.
“Patching software in the utility industry is surprisingly hard,” Kennett said. “What we want to do is empower these companies to be able to focus on the most important patches.”
The amount of data that must be reviewed is enormous, said Huff, who also serves as director of cybersecurity research at the Donaghey Emerging Analytics Center.
“Organizations may have anywhere from several thousand to tens of thousands of vulnerabilities that they have to patch on a monthly basis,” he said.
“Bug bounty” programs, which reward people for spotting and reporting cyber vulnerabilities, contributed to the number of red flags, he said.
Ninety-five percent pose no significant risk “so a hacker wouldn’t be able to do any damage,” he said.
The other 5% are potentially consequential.
A human, sorting and prioritizing all of those vulnerabilities on his own, would face an impossible task. A computer program, on the other hand, can operate around the clock, poring over massive amounts of data, spotting potential problems.
“Things that you wouldn’t be able to do on a manual basis … the software will perform within a few seconds,” Huff said.
The goal is to help companies spot “the vulnerabilities that truly matter within their organization,” he added.
McClanahan, who studied computer science and physics at UA before entering its graduate program, has welcomed the opportunity to work on the project.
“The security of the electric grid is paramount,” she said.
“Smaller utilities often don’t have the budget to hire as many security staff as they might want to,” she said.
By developing the right kind of computer programs, researchers can “help automate some of the things they do day to day,” she said.
Natural State power providers are working closely with the UALR cyber research security team “to develop solutions to security challenges within the electric utility industry,” said Phil Clark, director of corporate security for Arkansas Electric.
The research takes into account the cooperative’s “unique combination of regulatory and operational environments,” he said.
The cooperative’s support for the project “directly benefits Arkansas by developing the technical skill sets of cybersecurity professionals that are needed to secure, defend and protect Arkansas businesses,” he added.
While the partnership is focused on the energy sector, Huff said the tools could be used to strengthen other “critical infrastructure,” as well.
“The problem is not specific just to the electric grid,” he said.
CORRECTION: Philip Huff serves as director of cybersecurity research at the Donaghey Emerging Analytics Center at the University of Arkansas at Little Rock. An earlier version of this story misstated the name of the center.