How an IoT botnet could disrupt the grid
A spike in demand for power caused by a coordinated attack on high-wattage internet-of-things devices could trigger transmission line failures and blackouts, but researchers at Princeton have a solution.
Researchers at Princeton have developed algorithms that would help the electric grid quickly recover from overloads induced by attacks on high-wattage smart devices such as air conditioners.
The 2016 Mirai botnet attack on more than half a million internet-of-things devices around the world flooded Dyn's managed DNS infrastructure with traffic, making many websites temporarily inaccessible. The attack led the Princeton team to wonder what would happen if an adversary gained access to a botnet of high-wattage IoT devices within a specific area and turned them on and off to manipulate power demand.
Controlling 600,000 high-wattage devices would “give the adversary the ability to manipulate around 3,000 megawatts of power in an instant,” the equivalent to the output of a large nuclear power plant, said study author Prateek Mittal, an associate professor of electrical engineering. If power demands fluctuate substantially and abruptly, generators, which use automated systems to regulate power flow, will be automatically disconnected from the grid, triggering a large-scale blackout within seconds.
And unlike other threats to the power grid through cyberattacks on supervisory control and data acquisition (SCADA) systems, a manipulation-of-demand attack would not require the adversary to have specific knowledge of a grid’s structure, the researchers said.
So rather than try to protect the grid from such an attack, the team aimed to use algorithms to optimize responses to a power spike. By taking into account the capacity thresholds of transmission lines and the power generation capabilities of a grid, the algorithm computes solutions that redirect power flows and adjust generator activities to prevent line failures.
The researchers tested the performance and computed the operating costs of the algorithms on the New England 39-bus system, a power grid test case that reflects the structures of real power grids. They found that costs might increase of about 6%, but they also would boost a power grid's robustness to an attack that increases demand by 9%.
The likelihood of attacks on the grid by manipulating power demand of IoT devices is low but could increase in the future, according to a National Renewable Energy Laboratory official cited in an August 2019 Government Accountability Office report on cybersecurity risks to the grid. As more high-wattage systems and devices, such as building energy management systems and electric vehicles, are connected to the internet, this kind of attack could become more plausible, especially if vulnerabilities are discovered in the firmware of smart appliances, the official said.
NEXT STORY: Shaving time off Real ID applications