Abstract
Internet-connected devices will represent an increasing proportion of the load served by electric power systems. As these devices could conceivably be hijacked and controlled remotely by a malicious actor, they could represent a new threat vector against the dynamic security of a power system. Such attack strategies have not been considered in the existing literature on power system cybersecurity. As an initial scoping exercise, the present case study explores whether such devices could be remotely hijacked and then maliciously power-cycled at particular frequencies to deliberately provoke harmful oscillations in an electrical grid. To gauge the broad feasibility of this novel style of attack, dynamic simulations are performed on two representative test power systems, at differing levels of attacker and defender resources. These simulations show that power-cycling just 1% of consumer loads at a system's resonant frequency may sometimes provoke harmful electromechanical oscillations throughout a national grid. This novel simulation exercise, therefore, implies that cybersecurity vulnerabilities at the consumer side could jeopardise the physical integrity of a nation's entire electricity supply.
Highlights
IntroductionTo the authors’ best knowledge, this question has not been addressed in the extant research literature
The synchronised cadence of pedestrians’ footsteps can sometimes induce harmful structural oscillations on a bridge [1]: could a malicious actor exploit similar dynamics to attack a power system? To the authors’ best knowledge, this question has not been addressed in the extant research literature
The research questions for the present case study are: is it possible to provoke harmful oscillations in a power grid by remotely switching a set of geographically dispersed loads on-and-off at some specific frequency? What proportion of the total system load would need to be hijacked to make this style of attack feasible? To what extent can system defences, in the form of Power System Stabilisers (PSS), mitigate this type of destabilising attack? (A PSS is fitted to a synchronous generator’s excitation system, and damps oscillations that may develop between the rotor angles of different machines [5])
Summary
To the authors’ best knowledge, this question has not been addressed in the extant research literature. This issue is growing in importance, as an increasing proportion of end-consumer devices integrate IoT functionality [2], which means these electrical devices could potentially be hijacked by a malicious cyberattacker. The present work seeks to scope the broad viability of such an attack, which has not been addressed in the extant literature on power system cybersecurity [4]. The research questions for the present case study are: is it possible to provoke harmful oscillations in a power grid by remotely switching a set of geographically dispersed loads on-and-off at some specific frequency? The research questions for the present case study are: is it possible to provoke harmful oscillations in a power grid by remotely switching a set of geographically dispersed loads on-and-off at some specific frequency? What proportion of the total system load would need to be hijacked to make this style of attack feasible? To what extent can system defences, in the form of Power System Stabilisers (PSS), mitigate this type of destabilising attack? (A PSS is fitted to a synchronous generator’s excitation system, and damps oscillations that may develop between the rotor angles of different machines [5])
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
