Computer hackers finding their way into a computer mainframe and blowing out the power of a major city may sound like the plot of the next big blockbuster, but it is also a real threat.

Hackers are just one of the reasons David Nicol, professor of electrical and computer engineering, and Bill Sanders, director of the Information Trust Institute (ITI) on campus, are now part of a national research program that addresses the security issues of control and data systems involved in homeland security.

ITI, a research team in the College of Engineering, is a member of the Institute for Information Infrastructure Protection (I3P), which, earlier this month, launched the $8.5 million, two-year research program that Nicol and Sanders, both ITI members, will be working on.

I3P, a consortium of universities, private labs and non-profit organizations, receives its funding from the Department of Homeland Security and the National Institute of Standards and Technology, according to the I3P Web site.

The project addresses the protection of supervisory control and data acquisition systems, also known as SCADA. These, along with other control systems, are responsible for managing the nation’s electric power generation plants, water systems and oil and gas pipelines, according to the I3P Web site.

“Our systems are vulnerable,” Nicol said. “People in government know that. And just imagine if it were possible to bring down a power grid for an extended period of time, what impact that would have here. Answer – huge.”

Eric Goetz, assistant director for research and analysis for I3P, which is based at Dartmouth College in Hanover, N.H., said the University will be cooperating with researchers from nine other organizations around the country to tackle the problem of SCADA security.

“Specifically, Illinois’ researchers are helping identify and evaluate vulnerabilities in existing SCADA designs, modeling and testing SCADA systems in order to develop more secure technologies in the future,” Goetz said.

Ron Trellue, the project’s team leader and deputy director of the Information Systems Engineering Center at Sandia National Laboratory in New Mexico, said he is looking forward to having the collective effort of “10 very successful schools.”

“One of the positive aspects of this proposal is the collaboration of the different universities,” Trellue said. “We’re looking forward to successful team collaboration.”

Nicol and Sanders will be working closely with those other teams, whose members also include security specialists from MIT Lincoln Laboratory, New York University, the University of Tulsa, the University of Virginia, the MITRE Corporation, Pacific Northwest National Laboratory and SRI International, according to the I3P Web site. Each institute will be working on different components of the problem.

In the weeks to come, Nicol and Sanders will be putting in “people time,” as Nicol put it, to assess the information they will receive from team members. That information will help them try to re-engineer SCADA systems in order to make them resilient – not only to cyber attacks, but to other possible damages, such as windstorms, Nicol said.

“We, of course, want what we do to have the highest impact,” Nicol said. “We want to find the critical part to analyze.”

Nicol and Sanders are the principal University researchers for this project, and both are familiar with assessing control systems. Nicol said he and Sanders have been in the business of doing assessments of various kinds of systems for a long time and have recently been assessing security systems. They have developed the experience, the tools and the way of thinking about analyzing systems in order to provide a formal mathematical basis explaining how reliable a security system is under a set of threats, he said.

This project will be one of the first major research initiatives for I3P, which was founded in 2001. I3P chose the proposal set forth by the 10 institutions to strengthen and protect SCADA systems because it was a “high-visibility, highly important, high-impact problem, Nicol said. ITI chose to become a part of the project because of the importance of the issue and the resources the University’s College of Engineering could provide.

“In this particular case, of the projects that were in discussion, this one for us was the clear one to go into,” Nicol said. “Because A, it had such high relevance and B, (it) so much needed the kind of thing that we can bring.”