As hackers and terrorists target critical infrastructure, from traffic signals to power grids, Virginia Tech researchers are working to create digital defenses against real-world disruptions.
Monty Abbas wants to talk about the movie “The Italian Job.”
It’s not that the professor of civil and environmental engineering is a big fan of Mark Wahlberg, its star, or that he's particularly fond of early ’00s action flicks. But this film (and the original 1969 version it’s based on) depicts a scenario he’s trying to prevent: a hack into traffic light signaling that snarls traffic so badly no one can move — except, of course, the heist crew.
“It’s fun to see chaos that can happen from traffic when it’s simulated in movies, but it can be devastating in real life,” Abbas said.
Abbas is part of his own crew, but not one stealing gold. Instead, he’s among the College of Engineering faculty whose research is strengthening the cybersecurity of the country’s critical infrastructure. Supported by funding from the Commonwealth Cyber Initiative, they’re looking at how to protect what makes our society run, including transportation, power, water, supply chains, manufacturing, Internet of Things (IoT), healthcare, and communications networks.
This work is imperative. Critical infrastructure systems are potential attack vectors for adversaries looking to implement strikes on American soil without ever crossing a border. According to the Office of the Director of National Intelligence’s Annual Threat Assessment 2026, cyber actors from China, Russia, Iran, North Korea, ransomware groups, and others have “the ability to pre-position or execute disruptive and destructive attacks against U.S. critical infrastructure and other targets. They continue to pour resources into operations to compromise U.S. systems and core global IT resources.”
The scenarios are terrifying — but here’s what Virginia Tech researchers are doing to fight back and protect these essential systems.
Protecting the power grid
Cyberattacks on power grids are primarily aimed at disrupting power and causing outages or inducing physical damage by issuing malicious control commands. Instead of stealing energy, “ransom is a more plausible motivation,” said Ali Mehrizi-Sani, professor of electrical and computer engineering and director of Virginia Tech’s Power and Energy Center, who explained that a hacker can hold a system hostage and demand payment to unlock it.
The country’s power grid is also changing in ways that make it more complex — and more of a target for potential cyberattacks. One of those changes: data centers, which not only process a lot of data but also have rapidly changing power demands.
“They increase the attack surface of the power system. Attacking them on their own is attractive, in a bad way, because of the large impact they have on the power grid,” he said.
A data center outage would have “widespread impact and visibility even if it doesn’t impact the grid,” he said. But also “since they are large, fast electronic loads, coordinated attacks on multiple data centers can, at least in theory, cause large-scale power outages.”
Mehrizi-Sani’s work focuses on leveraging AI to monitor and characterize normal load behavior in the grid so they can spot abnormal patterns quickly. Ultimately, he and his team hope to develop AI-driven solutions that would dynamically adjust, shift, or curtail load in response to imminent threats, whether because of a cyberattack or a natural disaster. “Our approach is based on a combination of machine learning techniques to identify what normal patterns would look like, combined with what we know about the physics of the system,” he said.
Using algorithms to detect patterns is necessary because of how complex the power grid has become. Distributed energy resources, including behind-the-meter generation from solar panels or generators, are changing power flow patterns across the grid. “Those entirely change the way the system protection has been designed based on assumptions of how much load a particular feeder is going to have,” said Mehrizi-Sani.
By knowing what’s normal, researchers can better equip the grid to detect and respond to anomalous conditions.
Protecting water and wastewater systems
More than 80 percent of Americans rely on water processed by the nation’s 152,000 public drinking water systems, but a cyberattack could leave that water untreated or chemically contaminated. Even worse, detecting potential pollutants is neither easy nor efficient. By the time human workers gather and test samples, a contaminant might already have reached the public water supply and made humans and animals ill.
Cindy Yang Yi, professor of electrical and computer engineering and faculty member in the Institute for Advanced Computing at Virginia Tech, is working on a project that would replace current detection systems with a secured IoT framework that uses tiny, autonomous sensors. Put directly into pipes, the sensors would use very little power to detect contaminant locations accurately and in real time, allowing facilities management to jump on a problem before polluted water comes out of local faucets and hoses.
“Real time sensing is critical because water is so important for our daily lives,” said Yi. “If a severe pollution event happens, we want a water monitoring team to know the condition of the water immediately and avoid health issues for animals and plants.”
The team is also looking at how to secure the data coming from the devices from cyberattacks, “to make sure the signal transmission in the wireless network is accurate and efficient,” Yi said.
Protecting traffic infrastructure
When drivers of ambulances, police vehicles, and fire trucks need to move through traffic quickly, they don’t just rely on lights and sirens that prompt other drivers to move aside. First responders often use an emergency vehicle preemption system that interrupts normal traffic signal timing and clears a path.
But the helpful mechanism could be hacked, allowing a bad actor to change the lights themselves, paralyze the system through denial-of-service attacks, or block requests from emergency responders. The result? Gridlock and chaos.
Abbas’s team is applying zero trust architecture to the signaling system, which means “not trusting anything until you verify that it’s actually true,” Abbas said. Mechanisms and algorithms detect anomalies in the pattern of signal preemption requests and “make sure it’s harmonious with existing traffic.”
For example, if an ambulance’s emergency vehicle preemption system was making requests at traffic signals faster than current traffic levels would allow, the system would raise a red flag. “We would know something is wrong and the request cannot be legit,” Abbas said. “We know then that it’s spoofed and we don’t let it through.” The alert would also act as an early warning signal that hackers might be attempting to shut down the city, prompting further investigation.
“Traffic functions as the lifeblood of a transportation system: Introduce a critical blockage at a strategic point, and the resulting congestion can destabilize flow across the entire network,” he said. “It will not only have economic impacts, but most importantly, it can affect saving lives. If a bad actor can prevent people from getting to the hospital in real time, it can have devastating impacts.”
By protecting traffic systems from cyberattacks, Abbas and his team are helping ensure that gridlock-by-hack remains a Hollywood plot device, not a real-world threat.
If you want to have an impact on our students and faculty like those featured in this magazine, go here to support the College of Engineering. For more information, call (800) 533-1144.
-
Article Item
