Stopping an “Internet of Things” Attack from Bringing Down the Power Grid
In 2016, the Mirai “botnet” (named Mirai after a Japanese anime series) of more than half a million internet of things devices around the world was used to jam traffic to some major computer networks, making websites such as Twitter and Netflix temporarily inaccessible. The attack took advantage of the fact that most internet of things devices use default usernames and passwords, and led the Princeton team to consider what might happen if an adversary could manipulate power usage by gaining access to a botnet of high-wattage internet of things devices within a geographic area.
Controlling 600,000 high-wattage devices would “give the adversary the ability to manipulate around 3,000 megawatts of power in an instant,” said Mittal — equivalent to the output of a large nuclear power plant. If not managed at the local level, this type of overload could cause cascading power failures — potentially as disruptive as the Northeast blackout of 2003 and a blackout earlier this year in Argentina and Uruguay.
“As opposed to computer networks that have routing algorithms, in power grids there is no notion of routing, so everything is based on physics,” said Soltan. “This is why you can’t really prevent a certain line overload if you don’t change the supply and demand.”
The team’s algorithms take into account the capacity thresholds of transmission lines and the power generation capabilities of a grid, and use this information to compute solutions that redirect power flows and adjust generator activities to prevent line failures. The researchers tested the performance and computed the operating costs of using these algorithms on the New England 39-bus system, a power grid test case that reflects the structures of real power grids.
The researchers said the algorithms do add some cost to grid operations in exchange for increasing the safety margin. For example, they found, using the algorithm IMMUNE (for “Iteratively MiniMize and boUNd Economic dispatch”) could, for a cost increase of about 6%, make a power grid robust against an attack that increases demand by 9%.
“What kind of safety margin you need is really an operations question, but our approach has been to have a theoretical framework to answer all these questions,” said Soltan. For grid operators, “it’s a tradeoff between how much you increase the cost and how much robustness you have against these attacks.”
The federal government has recognized the security risks posed by the increasing digitization of the power grid, as the U.S. Senate recently passed the Securing Energy Infrastructure Act to move toward adding redundant analog control systems.
However, “even if you disconnect your grid, even if you make it 100 percent analog, since the internet of things devices are digital you can still have these types of attacks,” said Soltan. “In a few years we will need to think about these types of vulnerabilities.”
“This is a typical example of security research: As the environment changes, previous assumptions no longer hold and new attack vectors are discovered,” said Edgar Weippl, an information security specialist and research director of SBA Research in Vienna. “As everything becomes ‘a computer,’ much higher electrical loads can now be centrally controlled. In addition, a higher share of renewable energy might reduce backup kinetic energy in the grid.” Weippl, who was not involved in the study, added that smart grids and smart meters could help mitigate risks by automatically shutting off compromised devices.
In the future, the Princeton team hopes to collaborate with utility companies “as a testbed for some of these algorithms,” said Mittal. “There’s always a gap between theory and practice that real-world testbeds will help expose.”
