A Partnership of UConn and Eversource

Eversource Energy Center



Cyber & Physical Security


  • Build dynamic models for typical Eversource Energy power networks on the cyber-physical Eversource Energy Testbed for cyber-physical security analysis purposes.
  • Develop tools for detecting, localizing, and mapping potential power-botnet attacks and design defense mechanism for preventing remote control of power-bots.
  • Ensure cyber-physical security in Eversource Energy transmission and distribution substations through Detect-Delay-Defend Security against cyber-physical attacks, air gap based substation attack detection, and formal verification to detect anomalies across IP-based substations against coordinated cyber-physical attacks.
  • Develop predictive models for future flood-inundation risk estimation of substations under climate change and sea-level rise.


Electric power networks in New England are critical infrastructures which have been targets for malicious, well-equipped, and well-motivated adversaries who aim to jeopardize their operations, trigger sustained outages, and delay network restoration after major disruptions caused by extreme events. Attackers may exploit vulnerabilities in substations, Internet of Things (IoT) devices, building and industrial management systems, distributed energy systems, microgrids, and distributed storage devices that are connected to the electric power networks. Once a significant number of such devices are compromised, attackers can collusively cause load fluctuations, stress power grids and deplete reserves, and lead to rolling or even uncontrolled blackouts, perhaps eventually resulting in cascading outages across regions. Moreover, CT substations are prone to flood vulnerabilities due to climate change and sea-level rise. Motivated by the above challenges, this project aims to develop cyber physical security technologies to improve the attack-resilient power networks for Eversource Energy and New England utilities. This project will achieve four major objectives:

  1. Build an integrated models in the Eversource Energy Testbed for cyber physical security analysis;
  2. Detect, localize and mapping power botnet attacks and mitigate remote control of power-bots;
  3. Improve cyber physical security in transmission/distribution substations through Detect-Delay-Defend security, air gapped attack detection and formal verification;
  4. Develop a predictive model for future flood-inundation risk mapping for Eversource Energy substations.


Cybersecurity testbed integration:

  • Interface RTDS real-time simulators with cyber security tools, network simulators, KMAX network emulator, and SDN switches
  • Co-model Eversource power transmission-distribution grid on the Eversource Testbed; Digital twin for analysis of EEC power distribution network dynamics under different types of attacks, by leveraging the RTDS testbed capability.

Power-bot communication and its mitigation:

  • Design of defense mechanism to prevent direct communication from powerbot to attacker
  • Investigate a ‘covert channel’ allowing attacker to communicate with power-bots, but exploiting the power network itself
  • Investigate the capacity and limitations of the covert channel, and defense mechanisms designed to eliminate or reduce its effectiveness
  • Automatic reactive mitigation action mapping for power-botnet attacks after attack detection and localization
  • Differential privacy preserving machine learning method based on distribution feeder dynamic data for attack detection

Substation Cyber Physical Security

  • Modeling, analysis and mitigation of Detect-Delay-Defend Security against theft and sabotage:
    • Detect, Delay and Defend (DDD) for physical intrusion attacks with a focus on theft, sabotage and cyber attack, by algorithms to optimize use of existing cameras and deployment, analysis and algorithms to incorporate other surveillance devices, incl. mobile
    • Detection of droid intrusions via machine-learning based detection of radar, radio and audio signals
  • Air gap based substation security:
    • Monitor the physical behavior and component damages of transmission/distribution substations through air-gapped side channel measurements (cyber-secured low-frequency electromagnetic waves)
    • Enable remote monitoring of grid/substation status and remote detection of topological changes due to attacks
  • Formal verifications to automatically detect and isolate errors and vulnerabilities in substation automation, protection and control to enable provably correct operations of new facilities
    • Formal verification of substation automation operations and protection functions
    • Formal overseer between substations and control center to detect inconsistencies and anomalies across IP-based substations against coordinated cyber-physical attacks

Future projection (50 years) of substation flood vulnerability in the scenario of climate change and sea-level rise

  • Apply hyper resolution flood modeling to evaluate Eversource inland and coastal substation flood vulnerability to river and coastal flooding associated with future climate (2050) storms and sea-level rise.
  • Integrate surge, river flows, tides and sea level rise to compute worse case scenarios of flood inundation at substations
  • Use the modeling framework to derive 100-500 year return period flood levels and evaluate the vulnerability of current Eversource infrastructure.

Expected Deliverables

This work will extend ongoing research for modeling, analysis, and anomaly detection for enhancing the cyber secure Eversource Energy power distribution networks, and will leverage the newly established Eversource Energy Testbed for cybersecurity. Deliverables from the new integrated project will include:

  • A functional cybersecurity Eversource Energy Testbed with a documentation for the cybersecurity testbed federation; an integrated Eversource transmission-distribution grid model on RTDS/PSAT.
  • A design of firewall-based defense mechanism for preventing remote control of powerbots.A design of firewall-based defense mechanism for preventing remote control of powerbots.
  • A hybrid system model to analyze the spatial-temporal characteristics and the interaction of the manipulated components with the normal components of the distribution network.
  • A tool to automatically map actions after detecting and localizing power-botnet attacks, to assist human experts to mitigate the effects of power botnet attacks on the distribution network.
  • A predictive model for future flood-inundation risk mapping at very high resolution (VHR, 1 m).
  • A report on substation flood-inundation risk under climate change and sea-level rise.
  • A documentation of modeling, analysis and optimization of DDD systems, as well as the use of automated unmanned vehicles for DDD.
  • A cyber-physical hardware device that perform air-gapped, remote, and verified detection for cyber-physical attacks in substations.
  • A formal verification tool that automatically verify substation protection and switching functions, locate errors and cyber vulnerabilities in substation operating and protection devices to enable provably correct operations of substations.

Points of Contact

Eversource Energy Center | Innovation Partnership Building: 159 Discovery Drive, Unit 5276, Storrs, CT 06269-5276 | E-Mail: eversourceenergycenter@uconn.edu