Hackers could take control of smart meters to destabilise power transmission grids by creating overwhelming oscillations in energy demand. This is the warning of researchers from the Oregon State University, who explored the impacts of such an attack using a model known as time-domain grid protection simulator. By understanding how smart meters could be manipulated to attack a power network, the team said, grid operators can begin to develop countermeasures.
The study was conducted by electrical engineer and computer scientist Professor Eduardo Cotilla-Sanchez and his colleagues.
Prof. Cotilla-Sanchez said: “New technologies have been introduced to make our ageing electricity infrastructure more efficient and more reliable.
“At the distribution level, upgrades have included communication systems, distribution automation, local control and protection systems, and advanced metering infrastructure.
“The bad news is, the upgrades also introduce new dimensions for attacking the power grid.”
One such new avenue of attack involves hacking into the advanced metering infrastructure and manipulating smart meter switches to cause load oscillations.
Prof. Cotilla-Sanchez explains how this works: “Imagine calling everyone you know and saying ‘OK, at 6pm we are all going to turn the lights on.
“Even if you got a couple thousand people to do that, it would be unlikely to cause much instability because the grid is able to absorb fairly big changes in supply and demand.
“For example, solar panels at the end of the day [when the Sun goes down] do not produce electricity and we are able to anticipate and compensate for that.
“But if a person were to remotely coordinate a large number of smart metres to switch customers on and off at a particular frequency, that would be a problem.”
READ MORE: Smart meter fury: Brits giving false readings to lower costs
Smart meters could be abused in a similar fashion, the team explains, because — alongside collecting information on household electricity use — they can also be used to remotely shut off customers’ power.
While the electricity company intended this feature for use in the case of unpaid bills, a hacker with access to the advanced metering infrastructure could turn metres on and off to make the grid load vary back and forth in a regular pattern to compromise transmission.
Just like the circuit breaker in your home, power grid components are designed to “trip” and shut off if the grid load becomes too high, or dangerous for some other reason.
When this happens, the load is passed on to other parts of the grid, which in turn can shut down. In this way, an attack via smart meters could set off a domino effect, leading to a blackout.
Such an attack on a power network would likely start, the team explained, with the hacker “poking” a couple of locations on the grid to determine its destabilising oscillation frequency.
Once they had worked out which customer metres to turn on and off at that frequency, the hacker would be ready to begin their assault.
The researchers have said that — relatively speaking — such would not need to involve that many smart meters.
Prof. Cotilla-Sanchez said: “We juxtaposed our work with related recent grid studies, and found that a well-crafted attack can cause grid instability while involving less than 2 percent of the system’s load.”
Prof. Cotilla-Sanchez explained: “For example, if they detect this type of oscillation of the load side, they could take lines A and B out of service, intentionally islanding the affected area and thus avoiding propagation of the instability to broader areas of the grid.
“Another solution, which could be complementary, might be to change the generation portfolio enough — for example, curtail some wind generation while ramping up some hydro generation — so that the overall dynamic response is different to what the attach was designed towards.”
This approach, he explained, would reduce the impact of the attack, potentially making it small enough to not “tip the system”.
Both of these potential counter-measures will require additional research and development before they could be employed to stop a real-world attack.
However, Prof. Cotilla-Sanchez concluded, “understanding the nature of possible attacks, I would say, is a good start.”
The full findings of the study were published in the journal IEEE Access.