GE creating industrial immune system with Digital Ghost

'We actually simulated hundreds of different attacks'

NISKAYUNA — General Electric researchers are testing a new system designed to enable electric power plants to self-react to computer hacks that get past traditional cybersecurity barriers.

The idea was inspired by the way the human immune system identifies and fights harmful micro-organisms.

“We’re trying to create the world’s first industrial immune system,” said Justin John, the controls engineer leading a team of GE Global Research and GE Power researchers on the project.

It’s not an academic exercise for a hypothetical future situation: Federal officials last month warned that hackers had penetrated the computer systems of companies that operate nuclear power plants and other energy facilities in the United States, The New York Times reported.

In cyberwarfare, the power grid would be a tempting target.

Digital Ghost, as the new GE security system is called, uses the massive library of performance data GE has accumulated for its turbines, generators and controls to instantly detect changes that might be the result of hacking. 

John, who works at Global Research but has experience setting up new power plants, said the idea for Digital Ghost grew from a conversation he had with two GE Power engineers after the head of the National Security Agency told an industrial controls system conference last year that the nation’s critical infrastructure is under attack.

But the real watershed moment came several years earlier, when a computer program — now called Stuxnet — was unleashed as a cyberattack on the Iranian nuclear program, causing its key centrifuge equipment to start breaking down. 

Here was a facility, John said, that was utterly off the grid, and hackers were able to infect it with programming changes so subtle that its own engineers wouldn’t notice them. 

“These attackers knew how to fake feedback from the system,” he said. “It was a whole other level of complexity nobody thought was possible.”

Stuxnet, widely believed to be the brainchild of the U.S. and Israeli governments, provided hackers worldwide with a blueprint for similar attacks.

A cyberattack on the power grid resulting in an immediate shutdown would be bad enough, but it would be recognizable for what it was. A subtle hack over the course of months or years — pushing components back and forth over their operational limits until they started failing, as was the case with the Iranian centrifuges — might be much harder to identify and much more expensive and time-consuming to fix.

The U.S. Department of Energy is providing about $3 million of the roughly $4.1 million budget for the Digital Ghost project, according to GE Global Research spokesman Todd Alhart.

At GE’s Niskayuna campus, Digital Ghost is undergoing internal testing using customer data now, and discussions are underway with customers to begin field testing later this year.

Development of Digital Ghost is focused on power generation and control systems because that’s where John’s 12-person team has its expertise. But when complete, it will be adaptable for other GE products, such as locomotives or jet engines or “any big industrial asset with a control system,” he said. Eventually, it will be adaptable to other manufacturers’ products.

A modern electric power plant has multiple and redundant sensors for every component and every aspect of its performance — as many as 1,000 in total — and none of them are used for cybersecurity.

So John’s team is taking GE’s rapidly growing army of Digital Twins — computer models of its products and their performance characteristics — to create algorithms that measure the output of those power plant sensors and tell Digital Ghost if something is wrong — and how to correct it.

Digital Ghost has three stages: Detect the problem, locate it and neutralize it. And it will be autonomous, making the corrections without human activation, because it must be: The newest gas turbines adjust every 40 milliseconds, or 1,500 times a minute, which is far beyond the speed at which humans can react.

The issue is pressing enough that John expects GE to roll out Digital Ghost in two phases: Able to detect and locate problems in 2018, and able to neutralize problems in 2019.

It will be a new layer in a multilayered cybersecurity system, rather than a replacement for other layers, John said. GE has and will continue a vigorous defense against hacking of its industrial control systems; Digital Ghost aims at the viruses that get through.

It’s sort of like the human immune system.

John himself has no cybersecurity expertise, and the other members of the team are experts in control systems, machine learning and optimization, not computer security.

“We are not currently working on finding a virus; we are trying to find the effect of it,” he explained. “We actually simulated hundreds of different attacks. We mapped out what ‘normal’ looks like.”

There has not been a Stuxnet-type attack on a GE power system, John said, but GE products provide power all over the world, including 50 percent of total U.S. electric consumption. So a cyberattack on a power grid might well involve GE components.

Categories: Business, News, Schenectady County

Leave a Reply