Introduction to Professor Jun Yan and His Lab at Concordia University

1. Could you briefly introduce yourself (and your University/Lab)?

I am an assistant professor at the Concordia Institute for Information Systems Engineering of Concordia University, a young but vibrant university in the heart of Montréal in Québec, Canada. Prior to joining Concordia in 2017, I received my Ph.D. and M.Sc. degrees in electrical engineering from the University of Rhode Island (URI), USA, in 2017 and 2013, respectively. I was also the recipient of URI’s Excellence in Doctoral Research Award in the Ph.D. Class of 2017/2018, an honor that I will not achieve without the incredible supervision and support from my advisor Dr. Haibo He and co-advisor Dr. Yan (Lindsay) Sun. Before embarking on my journey of research in 2011, I was also a graduate of Zhejiang University, China, with a B.E. degree in information and communication engineering. 

My research looks at artificial intelligence in the security and resilience of smart critical infrastructures through the lens of cyber-physical systems. I have published over 60 peer-reviewed research articles on top-tier venues and was the recipient of the IEEE International Conference on Communications (ICC) Best Paper Award (2014) and the IEEE International Joint Conference on Neural Networks (IJCNN) Best Student Paper Award (2016). Now, funded by over $ CAD 1 million federal, provincial, and industrial grants, I am leading my group of 10+ student researchers to advance our understanding of AI and other emerging technologies as potential tools, targets, and threats in critical infrastructures of energy, transportation, and many others. At Concordia, I am also privileged to collaborate with a talented team of 10+ professors and 40+ students at the Concordia Security Research Centre (SRC) on various frontiers of cybersecurity. 

2. What have been your most significant research contributions up to now?

By my own ranking, the most significant share of my research contributions probably goes to the introduction of several machine learning approaches for the cyber-physical security of our smart grid, a topic I have been investigating since 2011. The smart grid is the next-generation critical infrastructure to provide us with the indispensable electricity in a reliable, flexible, and sustainable fashion. Unlike the Internet or other business networks, the smart grid operates on specialized networks of industrial control systems, which predominantly prioritize availability and integrity over confidentiality. One of the most crucial challenges I have been trying to tackle is the threat of cyber-attacks that can trigger a domino effect called cascading failures. Under well-planned actions, outages started by just a few tripped lines or substations can propagate across our connected power grids in seconds, resulting in a widespread yet prolonged blackout. 

Through a series of publications between 2013-2017, my research introduced several machine learning paradigms to identify critical failures that can initiate the cascade. They combine strengths of contingency analysis from power system security and penetration testing from cybersecurity while overcoming some key limitations therein. The more notable contributions include an unsupervised learning strategy to reveal self-organized criticality in blackout-initiating substation failures, and a reinforcement learning framework to explore and discover critical attack paths toward complete system collapses. Collectively, they extended the scope of power system security by adding cyber attacks as legitimate contingencies and enriched our toolsets to pinpoint the most vulnerable components in the grid for proactive protection. The approaches are designed to be automatic for fast vulnerability identification while adaptive against system and threat variations. The results can be helpful to improve the awareness and preparedness of grid operators against some of the most prominent threats.

Having worked on this topic since 2011, I can see that challenges remain ahead: even in 2021, recent power outages in Texas and California, though not due to adversarial actions, still echoed how vulnerable our grid could be while our dependence on electricity keeps increasing. As the hyperconnectivity in both cyber and physical worlds inevitably increases the exposure of critical systems and the risks of cascading failures, we still need more scientific insights and innovative solutions to secure our century-old electrical power infrastructure against blackouts that could paralyze our society, triggered by just a few malignant clicks.

3. What problems in your research field deserve more attention (or what problems will you like to solve) in the next few years, and why?

I will delve into the security of emerging information and communication technologies (ICT) in our smart but nonetheless critical infrastructures. New ICT like artificial intelligence, internet-of-things, 5G and beyond, cloud computing, edge computing, and many others are transforming every industry, not just for the end-users but also way upstream. Take AI as an example, we want to harness more of its power for efficiency as well as security, but at the same time, we also need to cautiously protect deployed AI systems from cyber attacks and proactively probe risks from adversarial AI threats. It is intuitive – but dangerous – to rush after AI without considering the consequences for better and for worse. It is a double-edged sword, like many technologies, and from the security point of view, it deserves a much closer look into its strengths, vulnerabilities, and misuses as a game-changer. There are still many checkpoints for AI before they can be reliably involved in automated decision-making where security or safety is critical.

On the same note, I will work with my group to continue investigating security as a cyber-physical challenge, as neither the problems nor the solutions are restricted to cyber or physical only. There will be very likely fewer critical physical systems running in fully air-gapped networks, but there are also fewer cyber systems that can remain secure with and without a power supply. From auto-piloting cars to smart door locks, cyber-physical systems have become the new norm in many safety-critical sectors, and the trend will most likely continue for years. It is placing more urgent needs for a unified perspective and coordinated defences from both worlds, and that is where my research will further look into.

4. What advice would you like to give to the young generation of researchers/engineers?

I guess I am perhaps still too young to give advice, but I can share my two cents. As both a researcher and an engineer, I feel it is a great era to ride on the waves of technological innovation toward something big for the future, as long as we keep our curiosity with an open mind. We can shoot for the moon if there is an opportunity – and there are many nowadays. In the meantime, we shall also take our steps firmly. Though we may not land on the Moon ourselves, our small steps still count; they have the potential to be a giant leap, but also the risk to be a major setback. As researchers and engineers, the problems we find and solve will matter because there will be people relying on it in many years to come. And because most problems would not be solved in a single day, we need to do our job carefully every day to make sure what we deliver remains reliable way into the future.