Abstract
Power grids are a prime example of critical infrastructure, and their reliable operation is of utter importance for life and economy in most parts of the world. To stabilize the nominal frequency, power production and consumption have to be continuously kept in balance. As consumers are predominantly uncontrolled, operators have to adapt power plants’ output to the demanded power using elaborated models including parameters like weather, season, and time of the day. These models are based on the premise of a large number of small consumers averaging out their energy consumption spikes. The remaining gap is closed by power plants in stand-by.
In this technical report, based on Dabrowski et al. (Grid shock: coordinated load-changing attacks on power grids. Proceedings of the annual computer security applications conference (ACSAC 2017), 2017), we show how an adversary can violate this assumption by coordinated load attacks. Gaining control over a large number of Internet-connected computers and Internet-of-Things (IoT) devices with a botnet, he can modify their power consumption in a synchronized fashion. Such sudden load changes can then outperform the power grid’s countervailing mechanisms, i.e., primary and secondary reserve, and push the power grid into an unstable state eventually triggering automatic load shedding or tie-line tripping. We further emphasize that this adversary does not have to rely on any current or future smart grid features for a successful attack as the communication infrastructure for synchronized large-scale power modulation is already available – the Internet.
Zusammenfassung
Stromnetze sind ein Paradebeispiel für kritische Infrastrukturen, deren zuverlässiger Betrieb von grundlegender Bedeutung für viele Wirtschaftszweige in den meisten Teilen der Welt ist. Um die Nennfrequenz zu stabilisieren, müssen die Stromerzeugung und der Verbrauch kontinuierlich im Gleichgewicht gehalten werden. Da die Verbraucher überwiegend ,,unkontrolliert“ sind (d. h. ihren Stromverbrauch nicht vorab anmelden müssen), müssen Netzbetreiber den Bedarf mittels Vorhersagemodelle antizipieren und die Differenz über schnell steuerbare Generatoren ergänzen. Diese Modelle basieren auf der Prämisse einer großen Anzahl unabhängiger Kleinverbraucher, so dass sich einzelne Schaltvorgänge im Mittel ausgleichen.
In diesem technischen Bericht zeigen die Autoren, wie ein Gegner diese Annahme durch koordinierte Lastangriffe ausnützen kann. Gewinnt dieser die Kontrolle über eine große Anzahl von Internet-verbundenen Computern und Geräten (z. B. IoT), so kann dieser den Energieverbrauch koordiniert modifizieren. Diese Lastspitzen können die Regelleistung des Stromnetzes übertreffen und dieses in einen instabilen Zustand bringen. Diese synchrone Leistungsmodulation im großen Maßstab funktioniert ganz ohne aktuelle oder zukünftige Smart Grid-Systeme, sondern mit konventionellen Stromnetzen.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Antonakakis, M., April, T., Bailey, M., Bernhard, M., Bursztein, E., Cochran, J., Durumeric, Z., Halderman, J. A., Invernizzi, L., Kallitsis, M., Kumar, D., Lever, C., Ma, Z., Mason, J., Menscher, D., Seaman, C., Sullivan, N., Thomas, K., Zho, Y. (2017): Understanding the Mirai Botnet. In 26th USENIX security symposium (USENIX security 17) (pp. 1093–1110). Vancouver, BC: USENIX Association. https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/antonakakis.
Harrell, B. (2017): Why the Ukraine power grid attacks should raise alarm. http://www.csoonline.com/article/3177209/security/why-the-ukraine-power-grid-attacks-should-raise-alarm.html.
Power consumption of PC components in watts (2017): http://www.buildcomputers.net/power-consumption-of-pc-components.html. Accessed 2017-05-06.
Bureau, P.-M. (2009): Malware trying to avoid some countries. https://www.welivesecurity.com/2009/01/15/malware-trying-to-avoid-some-countries/. Accessed 2017-05-30.
Dabrowski, A., Ullrich, J., Weippl, E. (2017): Grid shock: coordinated load-changing attacks on power grids. In Proceedings of the annual computer security applications conference (ACSAC 2017), New York: ACM.
Danchev, D. (2013): How much does it cost to buy 10,000 U.S.-based malware-infected hosts? https://www.webroot.com/blog/2013/02/28/how-much-does-it-cost-to-buy-10000-u-s-based-malware-infected-hosts/. Accessed 2017-05-30.
European Network of Transmission System Operators for Electricity (2015): Report on blackout in Turkey on 31st March 2015.
Forum Netztechnik (2012): Technische Anforderungen an die automatische Frequenzentlastung. In German.
Porras, P., Saidi, H., Yegneswaran, V. (2009): An analysis of conficker’s logic and rendezvous points. Technical report. SRI International. http://www.csl.sri.com/users/vinod/papers/Conficker/. Accessed 2017-05-30.
Regional Group Continental Europe and Synchronous Area Great Britain (2015): Solar eclipse 2015 – impact analysis.
Rodríguez-Gómez, R. A., Maciá-Fernández, G., García-Teodoro, P. (2013): Survey and taxonomy of botnet research through life-cycle. ACM Comput. Surv., 45(4), 33 pages.
Ulbig, A., Borsche, T. S., Andersson, G. (2014): Impact of low rotational inertia on power system stability and operation. arXiv:1312.6435.
Union for the Co-Ordination of Transmission of Electricity 2007 (2007): Final report: system disturbance on 4 November 2006. https://www.entsoe.eu/fileadmin/user_upload/_library/publications/ce/otherreports/Final-Report-20070130.pdf.
Union for the Coordination of the Transmission of Electricity (UCTE) (2004): Continental Europe operation handbook. European network of transmission system operators for electricity. Appendix 1 – Load-frequency control and performance. https://www.entsoe.eu/fileadmin/user_upload/_library/publications/entsoe/Operation_Handbook/Policy_1_Appendix%20_final.pdf.
Union for the Coordination of the Transmission of Electricity (UCTE) (2004): Continental Europe operation handbook. European network of transmission system operators for electricity. Chapter policy 1 – Load-frequency control and performance. https://www.entsoe.eu/fileadmin/user_upload/_library/publications/entsoe/Operation_Handbook/Policy1_final.pdf.
U.S.-Canada Power System Outage Task Force (2004): Final report on the August 14, 2003 blackout in the United States and Canada: causes and recommendations. https://www.energy.gov/sites/prod/files/oeprod/DocumentsandMedia/BlackoutFinal-Web.pdf.
Verband der Netzbetreiber (VDN) (2007): TransmissionCode 2007 – Netz- und Systemregeln der deutschen Übertragungsnetzbetreiber. https://www.bdew.de/internet.nsf/id/A2A0475F2FAE8F44C12578300047C92F/$file/TransmissionCode2007.pdf (in German).
Xu, Z., Wang, H., Xu, Z., Wang, X. (2014): Power attack: an increasing threat to data centers. In Proceedings of the network and distributed system security symposium 2014. Internet Society.
Zorn, G. (2010): RADIUS attributes for IEEE 802.16 Privacy key management version 1 (PKMv1) protocol support. RFC 5904 (Informational), 15 pages https://doi.org/10.17487/RFC5904.
Acknowledgements
This work was partially sponsored with the CyPhySec project by the Bridge Frühphase program and the COMET K1 program, both by the Austrian Research Promoting Agency (FFG).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Dabrowski, A., Ullrich, J. & Weippl, E.R. Botnets causing blackouts: how coordinated load attacks can destabilize the power grid. Elektrotech. Inftech. 135, 250–255 (2018). https://doi.org/10.1007/s00502-018-0618-3
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00502-018-0618-3