Botnets causing blackouts: How Coordinated load attacks can destabilize the power grid

Abstract

Power grids are a prime example of critical infrastructure, and their reliable operation is of utter importance for life and economy in most parts of the world. To stabilize the nominal frequency, power production and consumption have to be continuously kept in balance. As consumers are predominantly uncontrolled, operators have to adapt power plants' output to the demanded power using elaborated models including parameters like weather, season, and time of the day. These models are based on the premise of a large number of small consumers averaging out their energy consumption spikes. The remaining gap is closed by power plants in stand-by.

In this technical report, based on Dabrowski et al. (Grid shock: coordinated load-changing attacks on power grids. Proceedings of the annual computer security applications conference (ACSAC 2017), 2017), we show how an adversary can violate this assumption by coordinated load attacks. Gaining control over a large number of Internet-connected computers and Internet-of-Things (IoT) devices with a botnet, he can modify their power consumption in a synchronized fashion. Such sudden load changes can then outperform the power grid's countervailing mechanisms, i.e., primary and secondary reserve, and push the power grid into an unstable state eventually triggering automatic load shedding or tie-line tripping. We further emphasize that this adversary does not have to rely on any current or future smart grid features for a successful attack as the communication infrastructure for synchronized large-scale power modulation is already available - the Internet.