Grid Shock: Coordinated Load-Changing Attacks on Power Grids: The Non-Smart Power Grid is Vulnerable to Cyber Attacks as Well

Electric power grids are among the largest human-made control structures and are considered as critical infrastructure due to their importance for daily life. When operating a power grid, providers have to continuously maintain a balance between supply (i.e., production in power plants) and demand (i.e., power consumption) to keep the power grid's nominal frequency of 50 Hz or alternatively 60 Hz. Power consumption is forecast by elaborated models including multiple parameters like weather, season, and time of the day; they are based on the premise of many small consumers averaging out their energy consumption spikes. In this paper, we develop attacks violating this assumption, investigate their impact on power grid operation, and assess their feasibility for today's adversaries. In our scenario, an adversary builds (or rents) a botnet of zombie computers and modulates their power consumption, e.g., by utilizing CPU, GPU, hard disks, screen brightness, and laser printers in a coordinated way over the Internet. Outperforming the grid's countervailing mechanisms in time, the grid is pushed into unstable states triggering automated load shedding or tie-line tripping. We show that an adversary does not have to rely on smart grid features to modulate power consumption given that an adequate communication infrastructure for striking the (legacy) power grid is currently nearly omnipresent: the Internet to whom more and more power-consuming devices are connected. Our simulations estimate that between 2.5 and 9.8 million infections are sufficient to attack the European synchronous grid -- depending on the mix of infected devices, the current mix of active power plant types, and the current overall produced power. However, the herein described attack mechanisms are not limited to the European grid.

[1]  Andreas Terzis,et al.  My Botnet Is Bigger Than Yours (Maybe, Better Than Yours): Why Size Estimates Remain Challenging , 2007, HotBots.

[2]  David L. Mills Clock Discipline Algorithm , 2006 .

[3]  Goran Andersson,et al.  Impact of Low Rotational Inertia on Power System Stability and Operation , 2013, 1312.6435.

[4]  Gabriel Maciá-Fernández,et al.  Survey and taxonomy of botnet research through life-cycle , 2013, CSUR.

[5]  Hamed Mohsenian-Rad,et al.  Dynamic Load Altering Attacks Against Power System Stability: Attack Models and Protection Schemes , 2017, IEEE Transactions on Smart Grid.

[6]  Fei Hu,et al.  Detection of Faults and Attacks Including False Data Injection Attack in Smart Grid Using Kalman Filter , 2014, IEEE Transactions on Control of Network Systems.

[7]  Wei Yu,et al.  On False Data-Injection Attacks against Power System State Estimation: Modeling and Countermeasures , 2014, IEEE Transactions on Parallel and Distributed Systems.

[8]  Zuyi Li,et al.  Local Load Redistribution Attacks in Power Systems With Incomplete Network Information , 2014, IEEE Transactions on Smart Grid.

[9]  Walter Sattinger,et al.  Practical Experience with Modal Estimation Tools at Swissgrid , .

[10]  Hamed Mohsenian Rad,et al.  Dynamic load altering attacks in smart grid , 2015, 2015 IEEE Power & Energy Society Innovative Smart Grid Technologies Conference (ISGT).

[11]  Xiaorui Wang,et al.  Power Attack: An Increasing Threat to Data Centers , 2014, NDSS.

[12]  Alan J. Cooper The Electric Network Frequency (ENF) as an Aid to Authenticating Forensic Digital Audio Recordings – an Automated Approach , 2008 .

[13]  Zuyi Li,et al.  Optimal Protection Strategy Against False Data Injection Attacks in Power Systems , 2017, IEEE Transactions on Smart Grid.

[14]  Mateusz Kajstura,et al.  Application of the Electrical Network Frequency (ENF) Criterion. A case of a digital recording. , 2005, Forensic science international.

[15]  Xiaohui Liang,et al.  Securing smart grid: cyber attacks, countermeasures, and challenges , 2012, IEEE Communications Magazine.

[16]  Hamed Mohsenian Rad,et al.  Distributed Internet-Based Load Altering Attacks Against Smart Power Grids , 2011, IEEE Transactions on Smart Grid.

[17]  Ross Anderson,et al.  Who Controls the off Switch? , 2010, 2010 First IEEE International Conference on Smart Grid Communications.

[18]  Xiang Li,et al.  Rate alteration attacks in smart grid , 2015, 2015 IEEE Conference on Computer Communications (INFOCOM).

[19]  Hamid Sharif,et al.  A Survey on Cyber Security for Smart Grid Communications , 2012, IEEE Communications Surveys & Tutorials.

[20]  Bo Tang,et al.  Power grid resilience against false data injection attacks , 2016, 2016 IEEE Power and Energy Society General Meeting (PESGM).

[21]  Glen Zorn RADIUS Attributes for IEEE 802.16 Privacy Key Management Version 1 (PKMv1) Protocol Support , 2010, RFC.

[22]  David L. Mills,et al.  Network Time Protocol (Version 3) Specification, Implementation and Analysis , 1992, RFC.

[23]  Yi Zhou,et al.  Understanding the Mirai Botnet , 2017, USENIX Security Symposium.

[24]  David L. Mills,et al.  Network Time Protocol (Version 3) Specification, Implementation , 1992 .

[25]  Valentin Tudor,et al.  Remote Control of Smart Meters: Friend or Foe? , 2011, 2011 Seventh European Conference on Computer Network Defense.