Methods to Attack and Secure the Power Grids and Energy Markets

Thumbnail Image
Shekari, Tohid
Beyah, Raheem A.
Cohen, Morris B.
Associated Organization(s)
Supplementary to
The power grid is a highly complex control system and one of the most impressive engineering feats of the modern era. Nearly every facet of modern society critically relies on the proper operation of the power grid such that long or even short interruptions can impose significant economic and social hardship on society. The current power grid is undergoing a transformation to a Smart Grid, that seeks to monitor and track diagnostic and operational information so as to enable a more efficient and resilient system. This significant transformation, however, has made the grid more susceptible to attacks by cybercriminals, as highlighted by several recent attacks on power grids that have exposed the vulnerabilities in modern power systems. Motivated by this, this thesis aims at analyzing the effect of three classes of emerging cyberattacks on smart grids and a set of possible defense mechanisms to prevent them or at least reduce their damaging consequences in the grid. In the first part of the thesis, we analyze the security of the power grid against the attacks targeting the supervisory control and data acquisition (SCADA) network. We show that the existing techniques require some level of trust from components on SCADA system, rendering them vulnerable to sophisticated attacks that could compromise the entire SCADA system. As a viable solution to this issue, we present a radio frequency-based distributed intrusion detection system (RFDIDS) that remains reliable even when the entire SCADA system is considered untrusted. In the second part of the thesis, we analyze the performance of the existing high-wattage IoT botnet attacks (Manipulation of Demand IoT (MaDIoT)) on power grids and show they are ineffective in most of the cases because of the existence of legacy protection schemes and the randomness of the attacks. We discuss how an attacker can launch more sophisticated attacks in this category which can cause a total collapse of the power system. We illustrate that by computing voltage instability indices, an attacker can find the appropriate time and locations to activate the high-wattage bots, causing (with very high probability) a complete voltage collapse and blackout in the bulk power system; we call these new attacks MaDIoT 2.0. We also propose novel effective defenses against MaDIoT 2.0 attacks by modifying the way classical protection algorithms work in the power networks. In the third part of the thesis, we discuss how an smart attacker with access to high-wattage IoT botnet can indirectly manipulate the energy prices in the electricity markets. We name this attack as Manipulation of Market via IoT (MaMIoT). MaMIoT is the first energy market manipulation cyberattack that leverages high-wattage IoT botnets to slightly change the total demand of the power grid with the aim of affecting the electricity prices in the favor of specific market players. Using real-world data obtained from two major energy markets, we show that MaMIoT can significantly increase the profit of particular market players or financially damage a group of players depending on the motivation of the attacker. We discuss a set of effective countermeasures to reduce the possibility and effect of such attacks.
Date Issued
Resource Type
Resource Subtype
Rights Statement
Rights URI