Research Stories | Fall 2022

Hacking the Hackers—Q & A with Dr. Amir Ameli

Power transmission lines superimposed over a screen of computer code


Dr. Amir Ameli is an electrical engineering professor with the Lakehead-Georgian Partnership researching how to stop cyberattacks against power systems. He describes his work as part of the last line of defence against cyberattacks that have already infiltrated power systems.

Dr. Amir Ameli

How did you become interested in researching cybersecurity for power systems?

I was actively looking for a good research topic for my PhD at the University of Waterloo when, on December 23, 2015, the first real-world cyberattack against a power system happened in Ukraine. Fifty substations were targeted by hackers and the supply of energy was disrupted to approximately 225,000 customers for about six hours.

I realized that cybersecurity would become a serious issue for these critical pieces of infrastructure in the near future. My main goal is to devise strategies, tools, and general principles to securely evolve and modernize power networks and to develop more reliable protection schemes.

Why is cybersecurity important for power grids?

It is hard to overstate the importance of electricity to Canada. Any significant disruption of electricity directly impacts our national security, public safety, and economy.

For instance, a power outage in August 2003 in northeastern North America caused a loss of an estimated $2.3 billion CAD to Ontario's economy and very likely led to the loss of life. Our reliance on electricity has grown significantly since then and is projected to continue to grow—most notably with the electrification of the transportation sector.

How much could electrical companies save by preventing hackers from getting in?

It depends on the type of attack and its objectives, but to give you a worst-case scenario, a cyberattack that shuts down parts of the United States' power grid could cost the U.S. economy as much as $1 trillion, according to a report published by Reuters.

What are the goals of hackers attacking power systems?

Some attackers are looking for financial gain, such as cheating power markets or securing ransom payments. The average ransom demand in Canada was $148,700 CAD in the first quarter of 2020 (Canadian Centre for Cyber Security), up 33% from 2019. Some cyberattacks happen for political or terroristic reasons. For instance, in 2015, the Department of Homeland Security confirmed reports of ISIS attempting to penetrate the U.S. energy system. Attacking a country's power and energy system can paralyze all other infrastructure as well. In these cases, cyberattacks aim to create country-wide blackouts or cascading failures.

How much do cyberattacks cost businesses and governments annually in North America?

The statistics below provide a sense of the importance, frequency, and detection difficulties of cyberattacks:

• The average cost of a data breach in 2020 was $3.86 million USD (IBM)
• Global losses from cybercrime are predicted to be nearly $10.5 trillion USD by 2025 (Cybersecurity Ventures)
• Personal data was involved in 58% of data breaches in 2020 (Verizon)
• 91% of attacks start through phishing (Cybersecurity Ventures)

In basic language, how do you prevent these systems from being hacked?

To prevent cyberattacks, we must identify potential entry points and open ports through which attackers can access the system. Then, through a vulnerability analysis, we can figure out potential cyberattack targets and analyze the impact of attacks against them. Once this has been done, we develop techniques to monitor the behaviour of critical components and schemes in real-time. If an attack bypasses the preventive measures and performs a malicious activity or succeeds in deviating the normal behaviour of a component or scheme, we can detect it. And, in some cases, we can mitigate cyberattacks.

How does the software you designed respond when a hacker attempts to access a power system?

We have different strategies for discovering and mitigating cyberattacks, for example, learning and detecting the signature of cyberattacks. The important point is that we don't have a one-size-fits-all solution— we must tailor solutions to the specifications, features, and needs of each individual application.




Back to Fall 2022