BALTIMORE—At USENIX Security Symposium here on Wednesday, Saleh Soltan from Princeton University's Department of Electrical Engineering presented research that showed that if Wi-Fi-based high-wattage appliances become common, they could conceivably be used to manipulate electrical demand over a wide area—potentially causing local blackouts and even cascading failures of regional electrical grids. The research by Soltan, Prateek Mittal, and H. Vincent Poor used models of real-world power grids to simulate the effects of a "MaDIoT" (Manipulation of Demand Internet of Things) attack. It found that even swings in power usage that would be within the normal range of appliances such as air conditioners, ovens, and electric heating systems connected to "smart home" systems would be enough to cause fluctuations in demand that could trigger grid failures.

These kinds of attacks—focused on home-automation hubs and stand-alone connected appliances—have not yet been seen widely. But the increasing adoption of connected appliances (with many home appliances now coming with connectivity by default) and the difficulty of applying security patches to such devices make a Mirai-style botnet of refrigerators increasingly plausible, if not likely.

Soltan and his team looked at three possible categories of potential malicious demand manipulation:

Attacks that result in frequency instability on the grid by suddenly spiking demand. As demand increases, the line frequency of the electrical grid—the oscillation of alternating current over the wire—decreases. A sudden surge in demand could cause a corresponding dramatic drop in frequency, taking generators offline. Using a simulation of the power grid of the Western System Coordinating Council—the grid that serves most of the western United States—a 30-percent increase in demand across the grid could cause all of the generators in the grid to trip and go offline. "For such an attack, an adversary requires access to about 90,000 air conditioners or 18,000 electric water heaters within the targeted geographical area," Soltan, Mittal, and Poor wrote.

As demand increases, the line frequency of the electrical grid—the oscillation of alternating current over the wire—decreases. A sudden surge in demand could cause a corresponding dramatic drop in frequency, taking generators offline. Using a simulation of the power grid of the Western System Coordinating Council—the grid that serves most of the western United States—a 30-percent increase in demand across the grid could cause all of the generators in the grid to trip and go offline. "For such an attack, an adversary requires access to about 90,000 air conditioners or 18,000 electric water heaters within the targeted geographical area," Soltan, Mittal, and Poor wrote. Attacks that cause line failures and result in cascading failures . Soltan, Mittal, and Poor found that an attack focused on unbalancing supply across a grid could cause line failures as power is moved from one part of the grid to another. Using a model of the Polish power grid from the peak of summer in 2008, the researchers found that an increase of only 1 percent in demand would have resulted in a cascading grid failure with 263 line failures—and outages for 86 percent of customers. "Such an attack by the adversary requires access to about 210,000 air conditioners, which is 1.5 percent of the total number of households in Poland," the researchers noted in their paper.

. Soltan, Mittal, and Poor found that an attack focused on unbalancing supply across a grid could cause line failures as power is moved from one part of the grid to another. Using a model of the Polish power grid from the peak of summer in 2008, the researchers found that an increase of only 1 percent in demand would have resulted in a cascading grid failure with 263 line failures—and outages for 86 percent of customers. "Such an attack by the adversary requires access to about 210,000 air conditioners, which is 1.5 percent of the total number of households in Poland," the researchers noted in their paper. Attacks that affect the cost of operation. We've already seen this sort of attack (well, an accidental form of it) in Plattsburgh, New York, when cryptocurrency miners raised power demand so much that it exceeded the allotment the city's utility had under its contract with Quebec Hydro. This forced the utility to buy power on the spot market. Based on their simulations, Soltan, Mittal, and Poor calculated that just a five-percent increase in power demand during peak hours created by an attack could result in an increase of power costs of 20 percent. This type of attack might be driven by financial incentives rather than a desire to cause damage.

In the event of a blackout, a MaDIoT attack could severely impede attempts to bring power back on line. Utilities typically isolate areas of the grid to bring power back during a "black start." They do this because they don't know what demand will be when they throw the switch, and they want to prevent frequency instability while power is restored. An attacker could use the MaDIoT attack to create spikes in demand in each region, throwing off power frequency and causing systems to trip again, extending the blackout. About 100 to 200 "bots" controlling appliances per megawatt of grid capacity could disrupt a grid restart.

All of this is dependent on high-wattage appliances becoming connected and vulnerable. But many of these appliances are now arriving on the market with connectivity built in or are being connected through home-automation hubs like Nest. So, as Soltan said in his presentation, the time to start figuring out how to counter such attacks is now.