IoT Threats to the Smart Grid

Abstract

Internet of Things (IoT) technologies have experienced an unprecedented growth over the last decade due to their wide applicability and low overall costs. These same factors have also allowed IoT deployments to transition into industrial environments which are expected to meet high reliability requirements. These technological-base shifts have raised operational (safety) concerns among researchers, which have been further fueled by high-profile cyber incidents that have exposed vulnerabilities in field devices. Although, multiple IoT cyber security issues are being actively researched, a compelling issue is to identify threats associated with cross-domain devices. A cross-domain vulnerability is any such vulnerability that can cause other non-IT system to experience unintended consequences. Recent research has shown that physical systems, like the electrical grid might be exposed to abnormal conditions if a large set of load-controllable IoT devices are compromised [5]. Although risk reduction methodologies for bulk power components have been proposed these are focused towards SCADA-based systems which are owned, maintained, and operated by the utility under controlled environments. Whereas, IoT devices are owned by customers, spread across a wide service area, without supervised security policies. In this work, a detailed analysis of such threats is performed on large-scale IoT deployments that could allow attackers to control a large amount of aggregated power. Based on our research, future-growth of large-load controllers and smart inverters could pose threats to grid operations due to their rapid load changing capabilities, these changes could exceed steady-state or transient design limits leading to unintended consequences. Therefore utilities need to methodologically analyzing these risks. This paper proposes such a methodology, which includes risk modeling and mitigation strategies.