OSU researchers: smart meters can be hacked for power grid sabotage
With power grids being increasingly targeted by domestic extremists in the U.S., researchers at Oregon State University are warning that a basic utility device can be corrupted.
Digital devices called “smart meters” are commonly used by utility companies. They can measure customers’ electricity data or remotely shut off power to those with unpaid bills.
But Eduardo Cotilla-Sanchez, an associate professor of electrical engineering and computer science at OSU, told KLCC that hackers can use smart meters to cause variations in demand, for what’s known as a “load oscillation attack.”
“If some bad actor essentially were able to coordinate hijacking some residential or commercial meters, they could actually propagate this cyberattack into causing some physical instabilities on the grid.”
An OSU release detailed how the study was conducted, which also involved OSU College of Engineering associate professor Jinsub Kim. Researchers used a model known as a time-domain grid protection simulator to demonstrate how causing load to vary back and forth in a regular pattern – the load oscillation attack – can compromise transmission.
“New technologies have been introduced to make our aging electricity infrastructure more efficient and more reliable,” Cotilla-Sanchez said. “At the distribution level, upgrades have included communication systems, distribution automation, local control and protection systems, and advanced metering infrastructure.
“The bad news is, the upgrades also introduce new dimensions for attacking the power grid.”
One type of attacks enabled by the new technologies involves hacking into the advanced metering infrastructure (AMI) and controlling the smart meter switches to cause load oscillations.
“Imagine calling everyone you know and saying, ‘OK, at 6 p.m. we are all going to turn the lights on,” Cotilla-Sanchez said. “Even if you got a couple thousand people to do that, it would be unlikely to cause much instability because the grid is able to absorb fairly big changes in supply and demand – for example solar panels at the end of the day do not produce electricity and we are able to anticipate and compensate for that.
“But if a person were to remotely coordinate a large number of smart meters to switch customers on and off at a particular frequency, that would be a problem.”
That type of incident would start with someone performing reconnaissance by “poking” a couple of locations in a grid and using the information gained to estimate the grid’s destabilizing oscillation frequency, he said. After determining which customer meters to turn on and off at that frequency – less than 1 Hertz or cycle per second – the attacker would be ready to launch an assault.
And comparatively speaking, an attack doesn’t need to involve that many meters.
“We juxtaposed our work with related recent grid studies and found that a well-crafted attack can cause grid instability while involving less than 2% of the system’s load,” Cotilla-Sanchez said.
Cotilla-Sanchez led the project with graduate student Falah Alanazi. He said this research is to help utilities and security officials prepare against such attacks. The research has been published in the journal, IEEE Access.