FLARE

Inspiration

The rise of electric vehicle charging stations (EVCS) is reshaping distribution networks—but it also creates new attack surfaces and operational complexity. I wanted to build a project that not only addresses EVCS but also reflects the broader class of cyber-physical systems (CPS), which are rapidly expanding and becoming increasingly critical for modern infrastructure. This concern led to FLARE, a framework designed to expose realistic threats and help develop physics-informed defenses for CPS, starting with EVCS but extending to other critical domains.

What it does

FLARE creates a high-fidelity digital twin of EVCS-integrated networks and embeds it in a multi-agent reinforcement learning environment. Adversarial agents—guided by Google Gemini Pro 2.5—learn false-data-injection strategies capable of bypassing typical detectors. The framework evaluates cascading impacts on load balancing, voltage stability, and transmission–distribution (T&D) interactions. Beyond EVCS, FLARE highlights how growing CPS infrastructures can be systematically analyzed for vulnerabilities, with attack analytics mapped to STRIDE and MITRE frameworks.

How we built it

We built FLARE in Python, deployed on Google Cloud, and orchestrated workflows with LangGraph. The reinforcement learning environment was built with rl-gym, using DQN/SAC-style pipelines. The Gemini Pro 2.5 model—accessed via google-generativeai—guided RL agents toward impactful adversarial strategies. To keep the modeling realistic while respecting privacy, we layered in federated learning and physics-informed neural networks within the digital twin.

Challenges we ran into

Capturing realistic T&D coupling and CPS dynamics required synchronizing timescales and ensuring accurate data flows. Early in training, adversarial RL agents were unstable, requiring careful tuning of reward functions. Integrating federated updates with physics-aware constraints on distributed cloud infrastructure also introduced complexity and debugging challenges.

Accomplishments that we're proud of

We created an end-to-end framework that: (1) generates plausible adversarial FDI policies, (2) demonstrates how EVCS disruptions propagate to the bulk grid, and (3) maps attack tactics to STRIDE and MITRE for actionable insights. Importantly, we extended the scope beyond EVCS to show that FLARE can be applied to other critical CPS domains, making it a versatile testbed for future infrastructure protection.

What we learned

Physics-aware digital twins make adversarial modeling far more realistic than purely data-driven simulators. Leveraging Gemini Pro 2.5 as a guide accelerates RL convergence and yields more impactful strategies. Finally, aligning findings with standard threat models (STRIDE, MITRE) ensures that technical results translate into practical security knowledge for operators.

What’s next for FLARE

We plan to expand FLARE by incorporating automated defensive RL policies, enabling proactive mitigation. Future work includes integrating real-world CPS telemetry via secure federated pipelines and publishing attack/defense playbooks aligned with MITRE techniques. Ultimately, FLARE will serve as a benchmark framework for CPS cybersecurity, supporting power systems, transportation, healthcare, and other infrastructures that face growing cyber-physical risks.