Powering Strong Communities

Study Highlights Hacker Vulnerabilities Created by Smart Meters

Smart meters can provide an entry point for hackers to destabilize the electric grid, according to a study by researchers at Oregon State University.

Utilities are increasingly adopting smart meters to gain greater transparency and control over electricity usage for both customers and the utility. Those technologies, including communication systems, distribution automation, local control and protection systems, and advanced metering infrastructure, can “make our aging electricity infrastructure more efficient and more reliable,” Eduardo Cotilla-Sanchez, associate professor of electrical engineering and computer science who led the study, said in a statement.

“The bad news is, the upgrades also introduce new dimensions for attacking the power grid.”

The study, Load Oscillating Attacks of Smart Grids: Vulnerability Analysis by Oregon State University’s College of Engineering, used a grid protection simulator to demonstrate how causing load to vary back and forth in a regular pattern, known as a load oscillation attack, can compromise transmission.

Like household circuit breakers, power grid components can trip and shut off when demand is too high or problematic and, as a result, that load is passed on to other parts of the grid, which may also shut down, creating a possible domino effect that can lead to a blackout, the researchers said.

One type of attack made possible by the new technologies involves hacking into the advanced metering infrastructure and controlling the smart meter switches to cause load oscillations. That type of incident would start with someone probing the grid to discover vulnerabilities and using the information to estimate the grid’s destabilizing oscillation frequency to determine which customer meters to turn on and off at that frequency.

The attacker would then remotely coordinate a large number of smart meters to switch customers on and off at a particular frequency. During the attack, the oscillation attack frequency could be adjusted in real time in order to create more severe consequences than benchmark oscillation attacks, the researchers found. “The proposed attack strategy succeeded in causing a full blackout by oscillating only 8% of the load,” they wrote in the study.

“We juxtaposed our work with related recent grid studies and found that a well-crafted attack can cause grid instability while involving less than 2% of the system’s load,” Cotilla-Sanchez said. The findings, while unsettling, provide a jump-off point for grid operators to develop countermeasures, he added.

In terms of counter measures, Cotilla-Sanchez said grid operators could take lines out of service to island the affected area and avoid the spread of instability to a broader area. A grid operator might also want to change the generation portfolio – for example, curtail wind generation while ramping up hydro generation – to change the system’s dynamic response from what the attacker had planned for and thus lessen the impact of the attack, he said.

Either technique, Cotilla-Sanchez said, would require additional research and development to serve as an effective mechanism of protection, “but understanding the nature of possible attacks I would say is a good start.”