In 2015, hackers attacked the power grid in Ukraine, leaving at least 230,000 people without power for six hours. This incident inspired Kaikai Pan to devise an algorithm that can make smart power grids more secure. ‘We try to look into the hacker’s brain to understand what steps they take. We then aim to use that knowledge to make the grid more secure.’
I first developed an interest in electrical engineering at the age of ten. My father was an electrical engineer and kept the power consumption records for all households in our area. This was quite a complicated business, because the area I grew up in was regularly hit by power outages. Because of my father’s work and the fact that I’d experienced the inconvenience of power failures on a regular basis, I’ve always been preoccupied by electricity. It fascinated me. I wanted to explore the subject in more detail and make a difference for all the people who often have to do without electricity. So, I’m using my personal experiences to make something theoretical into something applied.
I arrived in Delft in 2015, so I’ve been here for four-and-a-half years now. I came to do my PhD on the subject of smart grid cybersecurity. At the time, it was uncharted territory for me. But now, after a lot of research, I’ve written a dissertation that I’m really proud of.
My research is about protecting electronic systems and networks, otherwise known as cybersecurity. Cybersecurity is a very wide area. It covers all kinds of activities related to security and technology. The research group that I’m now part of is working on a number of solutions to safeguard the security of critical infrastructures, such as smart power grids. I’ve been working on an algorithm that can perform a vulnerability analysis and detect abnormalities. In this kind of vulnerability analysis, we aim to find out what likelihood there is of a threat or incident. We use this analysis to determine which parts of the system are the most vulnerable and protect them first. Detecting abnormalities is about the best way of quickly and accurately detecting an intruder. Imagine a criminal who wants to rob a bank. A criminal like that watches the bank for a while and comes up with a plan. It’s the same in the digital world: an attacker is often extremely smart and can go unnoticed in this preparatory stage. Until he smells an opportunity and suddenly strikes – from nowhere! So, the hacker behaves like a bank robber and, in turn, we try to take on the role of police officer. We can prevent that opportunity to strike from ever happening. If the bank robber has no crowbar, he’s not going to be able to get in.
My supervisor Professor Peter Palensky can probably answer that question better than I can. But it comes down to the fact that some systems make more use of an ICT structure than others. A smart system can be divided into two: there’s not only a physical system, but also one that’s connected to a communication network. In this research, when we talk about a physical system, we mean the power plant itself. This also needs a system that is digitised and supports the plant, such as the software that monitors the equipment. These two components work together and support each other. Whenever we analyse a smart power grid, the challenge is to understand this symbiosis and chart it in a way that’s understandable.
I have to do an enormous amount of work for my research, so I have little time to spare. But as I have a strong entrepreneurial spirit, like many members of my family, I also briefly toyed with the idea of opening my own restaurant. It seemed like great fun to set up a restaurant specialising in hotpot (a kind of fondue). Two things ultimately held me back, though. Firstly, I wanted to focus completely on my academic career and this meant I had less time than expected. The second thing was this: my skills as a chef left something to be desired. Fortunately, I’m on an upward learning curve, so who knows what the future may bring?