Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Cybersecurity Threats to Power Grid Operations from the Demand-Side Response Ecosystem

Subhash Lakshminarayana, Carsten Maple, Andrew Larkins, Daryl Flack, Christopher Few, Kenny-Awuson David, Anurag. K. Srivastava

TL;DR

The paper addresses cyber threats arising from IoT-enabled ESAs within the demand-side response (DSR) ecosystem and their potential to destabilize power grid operations. It provides a holistic analysis of ESA vulnerabilities, attack vectors, and the resulting physical impacts on grid dynamics, especially under varying inertia and renewable penetration. A layered cyber-physical resilience framework is proposed, encompassing protection, detection, and response/recovery, supported by testbeds like SG-REAL and regulatory context across multiple regions. The work offers actionable recommendations for interoperability standards, security controls, and policy measures to secure DSR as DER penetration grows and ESAs scale up.

Abstract

This article focuses on cyber security threats from IoT-enabled energy smart appliances (ESAs) such as smart heat pumps, electric vehicle chargers, etc., to power grid operations. It presents an in-depth analysis of the demand side threats, including (i) an overview of the vulnerabilities in ESAs and the wider risk from the demand-side response (DSR) ecosystem, (ii) key factors influencing the attack impact on power grid operations, (iii) measures to improve the cyber-physical resilience of power grids, putting them in the context of ongoing efforts from the industry and regulatory bodies worldwide.

Cybersecurity Threats to Power Grid Operations from the Demand-Side Response Ecosystem

TL;DR

The paper addresses cyber threats arising from IoT-enabled ESAs within the demand-side response (DSR) ecosystem and their potential to destabilize power grid operations. It provides a holistic analysis of ESA vulnerabilities, attack vectors, and the resulting physical impacts on grid dynamics, especially under varying inertia and renewable penetration. A layered cyber-physical resilience framework is proposed, encompassing protection, detection, and response/recovery, supported by testbeds like SG-REAL and regulatory context across multiple regions. The work offers actionable recommendations for interoperability standards, security controls, and policy measures to secure DSR as DER penetration grows and ESAs scale up.

Abstract

This article focuses on cyber security threats from IoT-enabled energy smart appliances (ESAs) such as smart heat pumps, electric vehicle chargers, etc., to power grid operations. It presents an in-depth analysis of the demand side threats, including (i) an overview of the vulnerabilities in ESAs and the wider risk from the demand-side response (DSR) ecosystem, (ii) key factors influencing the attack impact on power grid operations, (iii) measures to improve the cyber-physical resilience of power grids, putting them in the context of ongoing efforts from the industry and regulatory bodies worldwide.
Paper Structure (16 sections, 5 figures, 1 table)

This paper contains 16 sections, 5 figures, 1 table.

Table of Contents

  1. Introduction
  2. Threat and Risk Analysis
  3. Key Vulnerabilities in ESAs and their Exploitation to Launch LAAs
  4. Attack Vectors
  5. Attack Impact Analysis
  6. Enhancing Cyber-Physical System Resilience
  7. Protection Measures
  8. Detection Measures
  9. Bulk Power Grid Level
  10. Distribution Grid Level
  11. Respond and Recover
  12. Real-world Testbeds to Simulate LAAs
  13. Ongoing Regulatory Efforts In Energy-IoT Landscape and Our Recommendations
  14. Key Recommendations Based on Our Research
  15. Conclusions and Future Research Directions
  16. ...and 1 more sections

Figures (5)

  • Figure 1: Logical DSR architecture and communications connections. (Figure adapted from British Standards Institution)
  • Figure 2: Illustration of demand-side cyber threats against power grid operations. The figure also shows a monitoring framework at bulk power grid level. PMU - Phasor measurement unit, PDC - Phasor data concentrator.
  • Figure 3: Electric vehicle charging system. ISO-15118 and OCPP refer to the communication protocols used in EV-EVCS and EVCS-central server communication.
  • Figure 5: Overview of IoT test bed at West Virginia University
  • Figure 6: National Grid’s new frequency response services, 1. Dynamic regulation, 2. Dynamic balancing, and 3. Dynamic containment (Source: National Grid ESO)