University of Louisville Magazine

WIN-SPR 2014

The University of Louisville Alumni Magazine: for alumni, faculty, staff, students and anyone that is a UofL Cardinal fan.

Issue link: http://louisville.epubxp.com/i/255274

Contents of this Issue

Navigation

Page 31 of 75

3 0 | L O U I S V I L L E . E D U I n February of 2000, the Maroochy Water Treatment Plant near Brisbane, Australia, began experiencing numerous system control faults. What was initially thought to be problems with a newly installed system turned out to be a deliberate attack perpetrated by a disgruntled former contract employee seeking revenge. Using stolen equipment and an insider's knowledge of the system and its weaknesses, the attacker hacked into the system, issued commands and wreaked havoc. The result was hundreds of thousands of gallons of sewage dumped into area parks and waterways. "That was a big wake-up call," says James Graham, Vogt Endowed Chair Professor of Computer Science and Engineering at the Speed School. "When it comes to infrastructure such as the electrical power network, chemical plants, water systems or oil and gas pipelines, the consequences of a security breach can be significant." Preventing such security breaches has been the focus of Graham and his colleagues, working in the wake of 9/11 and other events to help ensure our country's most critical facilities remain secure. Funded over the last eight years by the Department of Homeland Security, Dr. Graham has been steadfastly working on the front lines of a mostly silent war that is played out millions of times a day across computer networks around the world. Twice a year, Graham travels to Washington, D.C., to provide updates on his research and serves as an advisor to Department of Homeland Security sector committees, focusing on cybersecurity for industrial control systems. His research and development of devices to thwart cyber attacks have focused on infrastructure and other large industrial facilities. "They're a natural target," says Graham. "If they are compromised, it can be very disruptive." A generation ago, when many of these facilities were built, security largely entailed keeping people out physically. To cause a problem back then, someone would have to be on-site. But as more systems became connected through digital devices and, ultimately, the Internet, the vulnerabilities of accessing industrial controls from the outside became more apparent. Yet updating systems to enhance security, especially in the chemical and water sectors that contain legacy systems installed many years ago, would be difficult and costly. So Dr. Graham looked at less expensive, but highly effective, ways to keep an attack from being successful with a device that could easily work with existing systems. The result of his efforts is the first-of-its-kind security pre-processor, a high-tech authentication device that is installed at field sites and validates command signals coming into these satellite locations. In the case of a public water system, field sites would include pumping stations, storage tanks and other facilities remotely located throughout the system. With Graham's pre-processor in place, even if someone hacked into the system, their ability to cause problems out in field locations is minimized, which is critical. "If a false command gets to a field facility and nothing's there to stop it, that's it," says Graham. "A valve could be opened, or water quality could be impacted, and the damage is done. I focused on these areas because they're the last line of defense." After seeing positive results from tests conducted in the lab, Dr. Graham was ready to take the next step. He enlisted the help of a graduate from the Speed School's electrical engineering department, Larry Bryant, who serves as production operations manager at Louisville Water Company. Bryant had been on the Advisory Board as a prototype for Graham's security device was being developed. The true test would be on actual hardware in a real application. Bryant welcomed the opportunity. "It's essential that we stay proactive and vigilant to ensure the safety and security of our operation," said Bryant. "This was a chance to help advance a critical technology that has applications throughout the state and, really, the world." Tests recently conducted at some of Louisville Water Company's remote locations were successful, and Dr. Graham is now in the process of setting up additional tests at municipal water systems around the state. If all goes well, he anticipates being able to commercialize the device through a start-up company and begin selling the hardware in 2015. ENGINEERING SOLUTIONS TO THWART CYBER ATTACKS ÒIf a false command gets to a field facility and nothingÕs there to stop it, thatÕs itÉ these areas are the last line of defense.Ó eb n nu I h I U L _ 3 0 3 0 UL_30 30 1 / 2 4 / 1 4 1 0 : 1 4 A M 1/24/14 10:14 AM

Articles in this issue

Archives of this issue

view archives of University of Louisville Magazine - WIN-SPR 2014