- 16 Nov
Imagine that you return home and find your water heater switched on. It would not trigger any suspicion, right? How about noticing random operating patterns – switching on or off – your smart thermostat-enabled HVAC or other remotely-controlled devices? It could be innocuous behavior, trying to minimize your electricity bills, or perhaps something more…
In the realm of cyber warfare, load-altering attacks (LAAs) are a powerful tool in the hackers' arsenal since they can operate covertly while destabilizing energy systems, causing uneconomic operations or, potentially, even blackouts. LAAs are cyber-physical attacks targeting demand response and demand-side management schemes. We can think of LAAs as a Mirai botnet attack on steroids. Instead of compromising a botnet of vulnerable IoT devices causing resource exhaustion and DDoS, LAAs can coordinate fleets of high-wattage controllable loads, i.e., smart heaters, HVAC systems, etc., switching them on or off at strategically chosen time slots.
This "orchestrated chaos" aims to damage the electric grid through current overflows, frequency instabilities, line overloadings, or equipment damages, causing load sheddings and substantial financial losses for utilities. Apart from the ""shocking impacts"" that LAAs could incur on power systems, identifying and defending against them is challenging. The distributed attack surface and the remote command and control tactic used by adversaries evade traditional security since the behavior of the infected devices would otherwise seem nominal. As a result, mitigating LAAs requires planning, monitoring, and employing adaptive security schemes that can bolster the resilience of modern energy systems.