Grid Shock: Coordinated Load-Change Attacks on Power Grids

Electric power grids are among the largest human-made control structures and are considered as critical infrastructure due to their importance for daily life. Operating a power grid, providers have to continuously maintain a balance between supply, i.e., production in power plants, and demand, i.e., power consumption, in order to keep the power grid's nominal frequency of 50 Hz or alternatively 60 Hz. Power consumption is forecast by elaborated models including multiple parameters like weather, season, and time of the day; they are based on the premise of many small consumers averaging out their energy consumption spikes.

In this paper, we develop attacks violating this assumption, investigate their impact on power grid operation and assess their feasibility for today's adversaries. In our scenario, an adversary builds (or rents) a botnet of zombie computers, and modulates their power consumption, e.g., by utilizing CPU, GPU, hard disks, screen brightness, and laser printers, in a coordinated way over the Internet. Outperforming the grid's countervailing mechanisms in time, the grid is pushed into unstable states triggering automated load shedding or tie-line tripping. We show that an adversary does not have to rely on smart grid features to modulate power consumption as an adequate communication infrastructure for striking the (legacy) power grid as currently nearly omnipresent -- the Internet -- while more and more power-consuming devices become connected with the Internet.