Lights out: BlackIoT botnet can bring down energy grid

The reality of botnets being formed from “smart” technology, including household appliances, has forced cybersecurity researchers to constantly imagine scenarios not possible a decade ago. It is this premise that Princeton University researchers Saleh Soltan, Prateek Mittal, and H. Vincent Poor used to formulate research presented at the Usenix Security Symposium. The research was compiled in a paper entitled BlackIoT: IoT Botnet of High Wattage Devices Can Disrupt the Power Grid, and as the name suggests, it explains how everyday devices like smart refrigerators and air conditioners can be leveraged against power grids. The attack, which is carried out by the theoretical BlackIoT botnet, assumes that the attacker has access to devices totaling in the hundreds of thousands in one localized area. At the moment this makes such an attack unlikely to happen anytime soon, but nevertheless, the advances in smart devices mean this attack is going to possible someday.

There are multiple scenarios that cause varying degrees of damage to the power grid that is visualized by researchers:

  1. Significant frequency drop/rise: A scenario in which the botnet disrupts the “persistent balance between the supply and demand” that a power grid relies on. If the infected devices are turned on at the correct time, it can force a possible blackout due to the system frequency dropping too quickly for the primary controllers to react. The paper states “this consequently may result in the activation of the generators’ protective relays and loss of generators, and finally a blackout.”
  2. Disrupting a post-blackout restart: The attacker can stop the grid from restarting post-blackout by “suddenly increasing the demand using the IoT botnet,” which forces the partitioned grid to overload with high-levels of frequency.
  3. Line failures and cascades: Since grid operators cannot control the power flows from the generators to loads, the attacker significantly increasing the loads (via manipulating the infected devices) will result in overloading lines. The more stealthy version of this attack is creating cascades by “redistributing the loads in the system by increasing the demand in a few locations and decreasing the demand in others in order to keep the total demand constant.”
  4. Failures in the tie-lines: “An adversary can observe the actual power flows on the tie-lines through ISOs’ websites, and target the one that is carrying power flow near its capacity.” Once the target is identified, the attacker only needs to turn on the devices at the importing end (while turning off the devices at the exporting end) and the tie-lines should fail once their protective relay is triggered.
  5. Increasing the operating cost: The attacker is generally understood to be a terrorist or nation-state in these examples. As the paper from the Princeton researchers show, however, the BlackIoT botnet can also benefit more “legal” entities like corporations. The benefit can be achieved by “slowly increasing the demand (for example, switching on a few devices at a time) at a particular time of the day and in a certain location.” Capitalism at its finest.

The entire paper is a goldmine of insight into a very likely future should smart devices continue to become the new normal in every part of our lives. This writer recommends reading it in its entirety as this article simply cannot cover all of the brilliant research conducted within it. The takeaway here is that, while smart devices may be making our lives “easier,” we will eventually pay the price for it without seriously overhauling our security infrastructure when something like the BlackIoT botnet becomes a reality.

Featured image: Shutterstock

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top