Could fridges and other smart appliances be leveraged against the power grid using manipulation of demand via IoT (MadIoT) attacks? Yes, according to recent research by Princeton University researchers, Saleh Soltan, Prateek Mittal, and H. Vincent Poor.
Speaking at the Usenix Security Symposium, the team explained how devices such as smart fridges and air conditions could be used to attack the grid.
BlackIoT: IoT Botnet of High Wattage Devices Can Disrupt the Power Grid, reveals a new class of potential attacks on power grids, called MadIoT attacks, "that can leverage such a botnet in order to manipulate the power demand in the grid."
Working on the assumption that "an adversary has already gained access to an IoT botnet of many high wattage smart appliances within a city, a country, or a continent, the researchers anticipate a number of scenarios through which this may be undertaken, including:
- Attacks that result in frequency instability:
- An abrupt increase or decrease in power demand results in a corresponding imbalance between the supply and demand, impacting system frequency. According to the research, simulations on the smallscale power grid model of the Western System Coordinating Council (WSCC), show that a 30% increase in the demand results in tripping of all the generators.
- Attacks that cause line failures and result in cascading failures:
- Small increases in demand may impact load capacity on the line, resulting in cascading line failure. By way of example, the example, a demand increase of only 1% on the Polish grid during 2008 summer peak, resulted in a cascading failure ultimately causing 263 line failures and outage in 86% of the loads.
- Cascading failures could also potentially be caused by artificially increasing demand in one area while decreasing it in another.
- Attacks that increase operating costs:
- Forcing the use of reserve generation "can significantly increase the power generation cost for the grid operator, but at the same time be profitable for the utility that operates the reserve generators."
Other disruption scenarios are discussed in the paper, including disrupting a black start and implications for failures in the tie-lines between ISOs. The research further provides a 'sketch' of potential countermeasures, although insight into the research methodology and simulations may help draw conclusions into mitigation opportunities.
The researchers believe that considering the option of bot attacks on the grid in this fashion is an important first step in mitigating the potential risk. Specifically, however, they highlight the need for more research into this risk, along with clarifying into the number of high wattage IoT devices within a utility network and the designing of virtual inertia into network systems.
You can read the full research paper here