Researchers at Sandia National Laboratories have developed artificial intelligence algorithms designed to protect the electric grid from both cyber and physical threats. The new neural-network AI can run on low-cost single-board computers or existing smart grid devices, allowing for broad deployment across different types of equipment.
“As more disturbances occur, whether from extreme weather or from cyberattacks, the most important thing is that operators maintain the function and reliability of the grid,” said Shamina Hossain-McKenzie, a cybersecurity expert and leader of the project. “Our technology will allow the operators to detect any issues faster so that they can mitigate them faster with AI.”
The increasing integration of smart controls and devices into the grid has made it more flexible but also more susceptible to cyber-physical attacks. These attacks exploit communication networks to disrupt or control physical systems like the electric grid. According to Adrian Chavez, a cybersecurity expert involved in the project, potentially vulnerable equipment includes smart inverters and network switches used by grid operators. Hossain-McKenzie noted that because their neural network runs on single-board computers or existing devices, it can help protect both older and newer equipment lacking cyber-physical coordination.
“To make the technology more accessible and feasible to deploy, we wanted to make sure our solution was scalable, portable and cost-efficient,” Chavez said.
The AI code functions at three levels: local (monitoring specific devices), enclave (sharing data among devices within a network), and global (exchanging alerts between different system operators). This approach provides early warnings while protecting proprietary information.
Collaboration with Texas A&M University played a key role in developing secure communication methods between grids owned by different companies. Logan Blakely, who led development of the AI components, explained that one challenge was merging continuous streams of physical data with sporadic cyber data—a process achieved through data fusion techniques supported by Texas A&M collaborators.
The team employed an autoencoder neural network that classifies combined data as normal or abnormal without needing labeled examples for every possible issue. Instead, it requires extensive training on normal operational data. “The use of an autoencoder neural network makes the package pretty much plug and play,” Hossain-McKenzie added.
Testing took place in several stages: first in an emulation environment using computer models; then on single-board computer prototypes tested via hardware-in-the-loop simulations; and finally through real-world trials at Public Service Company of New Mexico’s Prosperity solar farm under a Cooperative Research and Development Agreement. These field tests began last summer.
“There’s nothing like going to an actual field site,” Chavez said. “Having the ability to see realistic traffic is a really great way to get a ground-truth of how this technology performs in the real world.”
Additionally, Sandia is working with Sierra Nevada Corporation to test its AI on Binary Armor, an existing cybersecurity device for critical infrastructure protection.
Early engagement with PNM staff helped shape design decisions focused on rapid connection between cyber-defenders and system operators.
This project builds upon Sandia’s earlier R&D 100 Award-winning Proactive Intrusion Detection and Mitigation System for smart inverter security. The team has filed a patent application for its autoencoder AI technology and seeks corporate partners for further deployment.
With additional development, this approach could extend beyond electricity grids to other critical infrastructure sectors such as water distribution, natural gas systems, factories, or data centers.
“Whether or not our technology succeeds in the market, every utility around the world is going to need a solution to this problem,” Blakely said. “This is a fascinating area to do research in because one way or another, everyone is going to have to solve the problem of cyber-physical data fusion.”
