Not Everything is Dark and Gloomy: Power Grid Protections Against IoT Demand Attacks

© 2019 by The USENIX Association. All rights reserved. Devices with high energy consumption such as air conditioners, water heaters, and electric vehicles are increasingly becoming Internet-connected. This new connectivity exposes the control of new electric loads to attackers in what is known as Manipulation of demand via IoT (MadIoT) attacks. In this paper we investigate the impact of MadIoT attacks on power transmission grids. Our analysis leverages a novel cascading outage analysis tool that focuses on how the protection equipment in the power grid as well as how protection algorithms react to cascading events that can lead to a power blackout. In particular, we apply our tool to a large North American regional transmission interconnection system consisting of more than 5,000 buses, and study how MadIoT attacks can affect this power system. To help assess the effects of such cyber attacks, we develop numerical experiments and define new and stronger types of IoT demand attacks to study cascading failures on transmission lines and their effects on the system frequency. Our results show that MadIoT attacks can cause a partition of the bulk power system, and can also result in controlled load shedding, but the protections embedded in the operation of the transmission grid can allow the system to withstand a large variety of MadIoT attacks and can avoid a system blackout.

[1]  V. E. Lynch,et al.  Critical points and transitions in an electric power transmission model for cascading failure blackouts. , 2002, Chaos.

[2]  Piet Van Mieghem,et al.  Analyzing Cascading Failures in Power Grids under the AC and DC Power Flow Models , 2018, SIGMETRICS Perform. Evaluation Rev..

[3]  Ross Baldick,et al.  Research on Resilience of Power Systems Under Natural Disasters—A Review , 2016, IEEE Transactions on Power Systems.

[4]  Omar Alrawi,et al.  SoK: Security Evaluation of Home-Based IoT Deployments , 2019, 2019 IEEE Symposium on Security and Privacy (SP).

[5]  Liangzhong Yao,et al.  Vulnerability assessment for cascading failures in electric power systems , 2009, 2009 IEEE/PES Power Systems Conference and Exposition.

[6]  Ross Baldick,et al.  Case Study of Power System Cyber Attack Using Cascading Outage Analysis Model , 2018, 2018 IEEE Power & Energy Society General Meeting (PESGM).

[7]  I. Dobson,et al.  Initial review of methods for cascading failure analysis in electric power transmission systems IEEE PES CAMS task force on understanding, prediction, mitigation and restoration of cascading failures , 2008, 2008 IEEE Power and Energy Society General Meeting - Conversion and Delivery of Electrical Energy in the 21st Century.

[8]  Deepa Kundur,et al.  Implementing attacks for modbus/TCP protocol in a real-time cyber physical system test bed , 2015, 2015 IEEE International Workshop Technical Committee on Communications Quality and Reliability (CQR).

[9]  Ian Dobson Estimating the extent of cascading transmission line outages using standard utility data and a branching process , 2011, 2011 IEEE Power and Energy Society General Meeting.

[10]  Gang Wang,et al.  A Study of Self-Organized Criticality of Power System Under Cascading Failures Based on AC-OPF With Voltage Stability Margin , 2008, IEEE Transactions on Power Systems.

[11]  Nicanor Quijano,et al.  Control Systems for the Power Grid and Their Resiliency to Attacks , 2014, IEEE Security & Privacy.

[12]  I. Dobson,et al.  Risk Assessment of Cascading Outages: Methodologies and Challenges , 2012, IEEE Transactions on Power Systems.

[13]  G. Manimaran,et al.  Vulnerability Assessment of Cybersecurity for SCADA Systems , 2008, IEEE Transactions on Power Systems.

[14]  Earlence Fernandes,et al.  Security Analysis of Emerging Smart Home Applications , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[15]  Thomas J. Overbye,et al.  Power system analysis & design , 2019 .

[16]  Siddharth Sridhar,et al.  Cyber–Physical System Security for the Electric Power Grid , 2012, Proceedings of the IEEE.

[17]  Nicanor Quijano,et al.  CPS: market analysis of attacks against demand response in the smart grid , 2014, ACSAC.

[18]  Peng Ning,et al.  False data injection attacks against state estimation in electric power grids , 2011, TSEC.

[19]  Ian Dobson,et al.  Cascading dynamics and mitigation assessment in power system disturbances via a hidden failure model , 2005 .

[20]  Nasir Ghani,et al.  Stochastic Analysis of Cascading-Failure Dynamics in Power Grids , 2014, IEEE Transactions on Power Systems.

[21]  David K. Y. Yau,et al.  Impact of integrity attacks on real-time pricing in smart grids , 2013, CCS.

[22]  Edgar R. Weippl,et al.  Grid Shock: Coordinated Load-Changing Attacks on Power Grids: The Non-Smart Power Grid is Vulnerable to Cyber Attacks as Well , 2017, ACSAC.

[23]  Nicanor Quijano,et al.  Integrity Attacks on Real-Time Pricing in Smart Grids: Impact and Countermeasures , 2017, IEEE Transactions on Smart Grid.

[24]  Alexander M. Millkey The Black Swan: The Impact of the Highly Improbable , 2009 .

[25]  Yi Zhou,et al.  Understanding the Mirai Botnet , 2017, USENIX Security Symposium.

[26]  Jun Yan,et al.  Cascading Failure Analysis With DC Power Flow Model and Transient Stability Analysis , 2015, IEEE Transactions on Power Systems.

[27]  Ross Baldick,et al.  Case study of an improved Cascading Outage Analysis model using outage checkers , 2013, 2013 IEEE Power & Energy Society General Meeting.

[28]  Hamed Mohsenian-Rad,et al.  Dynamic Load Altering Attacks Against Power System Stability: Attack Models and Protection Schemes , 2017, IEEE Transactions on Smart Grid.

[29]  Adi Shamir,et al.  IoT Goes Nuclear: Creating a ZigBee Chain Reaction , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[30]  Daniel Kirschen,et al.  Survey of tools for risk assessment of cascading outages , 2011, 2011 IEEE Power and Energy Society General Meeting.

[31]  Ross Baldick,et al.  Interdiction Analysis of Electric Grids Combining Cascading Outage and Medium-Term Impacts , 2014, IEEE Transactions on Power Systems.

[32]  Yuri V. Makarov,et al.  Multiscenario cascading failure analysis using TRELSS , 2003, CIGRE/IEEE PES International Symposium Quality and Security of Electric Power Delivery Systems, 2003. CIGRE/PES 2003..

[33]  D.S. Kirschen,et al.  A probabilistic indicator of system stress , 2004, IEEE Transactions on Power Systems.

[34]  H. Vincent Poor,et al.  BlackIoT: IoT Botnet of High Wattage Devices Can Disrupt the Power Grid , 2018, USENIX Security Symposium.

[35]  Carson W. Taylor,et al.  Definition and Classification of Power System Stability , 2004 .

[36]  T. Van Cutsem,et al.  Simplified time-domain simulation of detailed long-term dynamic models , 2009, 2009 IEEE Power & Energy Society General Meeting.

[37]  Carl A. Gunter,et al.  Inside Job: Understanding and Mitigating the Threat of External Device Mis-Binding on Android , 2014, NDSS.

[38]  Siddhartha Kumar Khaitan,et al.  Fast parallelized algorithms for on-line extended-term dynamic cascading analysis , 2009, 2009 IEEE/PES Power Systems Conference and Exposition.

[39]  Tadayoshi Kohno,et al.  Computer security and the modern home , 2013, CACM.

[40]  Ross Baldick,et al.  Cascading Outage Analysis Using Sequential Outage Checkers , 2012 .

[41]  Paul Hines,et al.  A “Random Chemistry” Algorithm for Identifying Collections of Multiple Contingencies That Initiate Cascading Failure , 2012, IEEE Transactions on Power Systems.

[42]  Hamed Mohsenian Rad,et al.  Distributed Internet-Based Load Altering Attacks Against Smart Power Grids , 2011, IEEE Transactions on Smart Grid.