Link to the Paper: https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-soltan.pdf
Summary:
This paper focused on the theoretical attack where an IOT bot net took over an entire system of high wattage smart devices. This seems very implausible due to the lack of a common framework for these types of devices, but the paper points out that by simply messing just a little bit with power demand, it can create major issues for the power grid as a whole.
What I liked:
The study focused not on ways the grid good be disrupted but the costs could be increased for an actor
These types of attacks are almost impossible to detect because of how distributed they are
Good cost analysis. IE simulations show 5% more energy costs 20% more
Good historical examples of times where this type of attack could have occurred ie historical black outs.
A realistic modeling of how many devices the attacker would need in order to carry out a successful attack
What I didn't like:
I think they need a specific term for this type of attack especially as we start fleshing into different types of IOT attacks
Specific instances of the grid attacks happen on days where we have a peak ie Poland in 2008. What other devices are not being used to increase the energy usage?
There is a lack of discussion on things like how solar energy or green energy may help mitigate these issues in the grid
Didn't talk about how new things such as Tesla's batter might be able to mitigate these types of attacks at least until we get more power generation in
I don't think its plausible to compromise this many devices especially when there might not be a common framework connecting these devices.
Points for Discussion:
Why are things like ovens have a wifi connection? Is there such a thing as over connection in IOT
Would it be better for an adversary to take out the grid or to just increase the cost if they were able to economically benefit?
What would the recovery time be for this type of attack?
What key services would be taken out by this attack that do not have backup systems? What would the transition time be?
Costs for retrofitting the grid to prevent against these attacks.
New Ideas:
What steps need to be taken for dynamic power demand, more batteries?
What area's have the IOT device density and wattage to take down the grid?
Are there protocols at the home hub level that could detect this type of attack and prevent them from happening?
What mitigation techniques can be used in order to keep the frequency up? Are there technologies that allow for a great width of frequencies?
It'd be really cool to make a mini grid and test this out, at least for a small scale model