Destabilizing Power Grid and Energy Market by Cyberattacks on Smart Inverters
Xiangyu Hui, Samuel Karumba, Sid Chi-Kin Chau, Mohiuddin Ahmed
TL;DR
The paper examines the plausibility and impacts of wide-scale cyberattacks on smart inverters within high-DPV environments using Australian market data. It combines real-world contingency mechanisms and system inertia modelling to assess grid stability under adversarial actions, finding that significant instability requires careful orchestration and is aided by misalignment between contingency capacity and DPV generation. The analysis reveals that even moderate DPV penetration can be exploited, and attackers could leverage predictive information from open datasets to maximize impact. The work highlights robust defense strategies, such as better aligning contingency with DPV and deploying emergency solar management, to strengthen grid security in DPV-rich settings, and discusses broader implications for other markets adopting co-optimized frequency control.
Abstract
Cyberattacks on smart inverters and distributed PV are becoming an imminent threat, because of the recent well-documented vulnerabilities and attack incidents. Particularly, the long lifespan of inverter devices, users' oblivion of cybersecurity compliance, and the lack of cyber regulatory frameworks exacerbate the prospect of cyberattacks on smart inverters. As a result, this raises a question -- "do cyberattacks on smart inverters, if orchestrated on a large scale, pose a genuine threat of wide-scale instability to the power grid and energy market"? This paper provides a realistic assessment on the plausibility and impacts of wide-scale power instability caused by cyberattacks on smart inverters. We conduct an in-depth study based on the electricity market data of Australia and the knowledge of practical contingency mechanisms. Our key findings reveal: (1) Despite the possibility of disruption to the grid by cyberattacks on smart inverters, the impact is only significant under careful planning and orchestration. (2) While the grid can assure certain power system security to survive inadvertent contingency events, it is insufficient to defend against savvy attackers who can orchestrate attacks in an adversarial manner. Our data analysis of Australia's electricity grid also reveals that a relatively low percentage of distributed PV would be sufficient to launch an impactful concerted attack on the grid. Our study casts insights on robust strategies for defending the grid in the presence of cyberattacks for places with high penetration of distributed PV.