Slashdot Mirror
Hacked Water Heaters Could Trigger Mass Blackouts Someday (wired.com)
At the Usenix Security conference this week, a group of Princeton University security researchers will present a study that considers a little-examined question in power grid cybersecurity: What if hackers attacked not the supply side of the power grid, but the demand side? From a report: In a series of simulations, the researchers imagined what might happen if hackers controlled a botnet composed of thousands of silently hacked consumer internet of things devices, particularly power-hungry ones like air conditioners, water heaters, and space heaters. Then they ran a series of software simulations to see how many of those devices an attacker would need to simultaneously hijack to disrupt the stability of the power grid. Their answers point to a disturbing, if not quite yet practical scenario: In a power network large enough to serve an area of 38 million people -- a population roughly equal to Canada or California -- the researchers estimate that just a one percent bump in demand might be enough to take down the majority of the grid. That demand increase could be created by a botnet as small as a few tens of thousands of hacked electric water heaters or a couple hundred thousand air conditioners. "Power grids are stable as long as supply is equal to demand," says Saleh Soltan, a researcher in Princeton's Department of Electrical Engineering, who led the study. "If you have a very large botnet of IoT devices, you can really manipulate the demand, changing it abruptly, any time you want."
Rolling blackouts can fix it.
it's -40c in winter and +50c in summer (factoring in wind/humidity).
You know how much demand the electric heaters, hot water heaters, and ACs put on the grid? You're going to need to do a lot better than that.
Introduce a random time error into thermostats for things like HVAC systems -- even if they're all set to turn on at 6pm next Tuesday, some will turn on at 5:58, some will turn on at 6:00, some will turn on at 6:05. This will hopefully give the grid controllers enough time to adapt to a spike in load.
Also, why do water heaters need to be "smart?" I thought they responded to demand -- if there's no hot water flow, the water stays hot in a well-insulated tank, and the heating element doesn't need to run. There's minimal heat loss in an electric heater compared to gas, since the only breaks in the insulating layer are for wires, input, output, and overflow pipes.
Better yet, have all new homes use tankless/"on-demand" heaters.
But...
Then they ran a series of software simulations to see how many of those devices an attacker would need to simultaneously hijack to disrupt the stability of the power grid.
Wouldn't it just be simpler to run the calculation on paper?
I can't personally help much here, all I've bothered to learn is how to calculate an appliance's electricity usage over X amount of days, but anyone with decent knowledge of supply and demand for powerplants should be able to do this fairly trivially I'd think. Correct me if I'm wrong.
Not to mention the power usage likely* varies from one brand of product to the next, let alone one type of item to the next.
*Would need a couple minutes of research at most...
I tend to rant.
Remind me again why our hot water heaters need to be online? Better yet, why don't we have on-demand ones that ..you know, just supply hot water, on demand; no connectivity required.
While I can see the danger presented, let me ask this hot water question related question: Should we be just as concerned with remote execution of code that causes a hot water to overheat and either explode, or catch a house on fire?
Awk! Pieces of eight. Pieces of eight. Pieces of seven... ERROR: General Protection Fault. [Paroty Error.]
Hooking a water heater to the Internet is just begging for trouble, and for what benefit? The risk/reward ratio seems completely out of whack here.
"At the Usenix Security conference this week"
Pardon me, I was looking for the Unisex Security conference.
who has their water heater connected to the internet and why?
I have never seen an Internet-connected water heater, and I have no idea at all why anyone would want such a thing. A bimetallic thermostat and a heater coil need no Internet supervision.
Also, electric water heaters are a vanishingly small proportion of all water heaters out there. The vast majority of them are fuel-oil, propane, and natural gas, because quite frankly, electric water heaters suck.
So, water heaters and air conditioners are controlled by thermostats that constantly switch them on and off all day and night long. Isn't it rather probable that there are already >1% fluctuations in load occurring organically all day long, seemingly without bringing down the grid?
Furthermore, there are certain hours of the day where these devices all come on at once, or very nearly. That is, each morning as everyone gets up and starts getting ready for work/school, most air conditioners and water heaters will all come on at once. This is along with countless stoves, coffee makers, lights... The grid literally goes nominal to near maximum load within a one or two hour window every day. I'm suspecting that it's a 50% or greater spike but, no disaster.
It's almost as if the grid builders and managers anticipate sudden fluctuations in load and compensate as needed to avoid the collapse of the grid. See load shedding.
Sorry, but they where able to induce a bad problem when fed into software unpublished software models based on Polands energy grid from 12 years ago. The article infers that power companies cannot tolerate a 1% unpredictability, and that is simply inherently false.
-- I'm the root of all that's evil, but you can call me cookie..
I play a video game called oxygen not included, in the game your little people need to create batteries and generators to power things like your air and water pumps/filters necessary for survival.
I can immediately imagine the batteries draining dry in moments if all the devices were suddenly operating full bore, logic switches and sensors are used in the game to control when things happen to ensure they are not needlessly running. Lack of running devices results in death from asphyxiation or other environmental exposure including starvation.
The real world situation would probably not go down much differently in this case, the hot water tanks , ac units, and home heating units blasting full bore, even a small % of the population would be disastrous. The problem would be the distributed nature, how do you shut down equipment, perhaps millions of equipment's on private property? You would have to cut the power to affected areas temporarily until enough of the units could be brought under control. If this overload and cut was timed during heat waves or other environmental extremes it could cause a cascading situation.
A very effective power grid based attack, it will not kill necessarily but it could cause a rather dense crippling effect and the overhead of launching such an attack is relatively low. If these attacks were performed on a repeated basis the constant yo-yo'ing would be extremely costly until a solution could be found. I know that if just a single fridge inside a grocery store goes off that is roughly 50,000 $ worth of goods lost, losing all freezers from all grocery stores across a large area would cause a food crisis easily.
I worked as a professional stage hand in college. It was an interesting job and a lot of fun. Got to meet a lot of interesting people, even a celebrity or two.
One night, when working in a small town in western North Carolina, we didn't have much to do that night so we decided to play. We took every last light fixture we could, wired them up to the dimmers to "play" with them. The idea was to come up with a crazy rock and roll type light show to amuse ourselves and maybe learn some stuff by playing with the control board. It took hours to wire it all up and it was the wee hours of the morning when we where ready.
Of course, we wanted the maximum effect when we turned all this on, so after a brief discussion, we agreed we'd turn every fixture we had wired on, all at once, or a "bump to full" and enjoy the blaze of glory we had created. The electrics op configured the scene on the old analog board by running all the channels to full and punched up the scene onto the main fader to await the queue that we where all ready to witness the spectacle of every light in the place going to full at the same instant.
I'm sitting in the middle of the house with my co-workers and dramatically the house lights dim slowly. We all wait in anticipation of what we all know is coming. Then it happens, every light in the place begins to flash on in a blinding display as the "bump to full" and just as quickly the whole place goes black. We all thought the electrics op had bumped to black for effect, but eventually we hear him yell "What happened?" Looking around we realize that NOTHING is on except for the battery operated exit lights, nothing. The power was out.
Walking out side you could see most of the town and it was also totally black. It stayed out for about half an hour, then popped back up.
My guess is that we tricked the electric provider into shutting down the town by massively increasing the load in the dead of night and tripping protection systems, designed to avoid power surges and the voltage excursions that come with them. We thought about trying it again, but figured that knowingly doing something like that might be frowned on if we kept doing it. Besides, it was 2AM and time to get to bed, even for us stage hands.
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
Step one is to isolate as much of the power grid as possible by decentralizing power generation and storage. Solar and battery for most even home would drastically reduce the potential fallout for any attack.
Step two is to STOP FUCKING HOOKING SHIT UP TO THE INTERNET. Anything connected to the internet should be considered to be both unreliable and a liability.
Anons need not reply. Questions end with a question mark.
A 1% spike would not be likely to cause problems, but (specific to California) 3% would safely cause curtailment calls. Even for that though, you would need to go 3% below nominal first and then turn everything on at once.
The real vulnerability is in being able to game sub ~5-minute demand before the current systems can comfortably accommodate it. As we get more batteries on the grid, that risk dissipates pretty quickly.
If it could be done with 1% load variation, the markets would have figured out how to game it already.
Washers made to save water but, they do a poor job of getting clothes clean.
Air conditioners built to save electricity but, they do a poor job of keeping the house cool.
Lights made to save electricity but, they don't put out adequate light and have piss poor CRI.
Today's goods may be described as fit for purpose but, what is their purpose? Is a washer supposed to save water or clean clothes?
For those that will claim; why not both? The answer is simply that you can't have it both ways. Saving water compromises how well it cleans. We're not nearly as good as the marketing may have led you to believe.
Yes, yes, yes, yes, and what if the Core is made of cheese?
It must have been something you assimilated. . . .
The primary issue is, eventually, one of these geniuses is going to tie the temp/pressure fail-safes into the "smart" part of the control circuit.
On the bright side, it'll create a pretty strong effect of natural selection against anyone who buys smarthome crap. And the biggest class action lawsuit in history.
be connected to the Internet? Also, there is no way in hell even 10% of water heaters are ever going to connect to the internet. Most are in apartments (since those have the densest populations) and as somebody who lives in an apartment I can tell you they use the cheapest ones you can buy.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
The MSM puts out loads of articles chronicling theoretical, but highly improbable and impractical scary hacker threats to keep the public anxious and afraid, but has colluded with silicon valley tech companies to deplatform Alex Jones.
We just need to install a fourth unnecessary level, using the WaterChain, to encrypt our water heaters and home furnaces from remote hacking. Then we can put all the credentials files on a laptop and lose it in an airport, exposing all of our national water infrastructure.
Cold showers in January are a good thing, right?
(caveat: passive solar water heaters will still work, as will disconnected PV water heaters running off grid)
-- Tigger warning: This post may contain tiggers! --
these are criminals. Do you call bank robbers "hackers," because they "hacked" their way into the vault (with a hacksaw no less!)?
Quantum and hacker are not what you think. Also: literally doesn't mean what you think either.
The solution to this problem lies in the blockchain! I am sure that blockchain technology can be leveraged to provide sound solutions to the problem of externally hacked water heaters. Blockchain technology is robust and secure and will keep hackers out while also creating new ways to generate revenue streams from water heating. Blockchain is the answer.
Blockchain!
Using the city of Los Angeles as an example, minimum load on a very hot day is like 3,000MWs at 4am and peak load is roughly 6,500MWs at 4pm. Even linearly that is an increase of about 300MW per hour which is 10%hour, and the actual increase is much steeper at times, being more like 600MW which is near 20% per hour during peak climb.
Per NERC BAAL standards LA needs to keep it's generation withing +/- ~150 MW of each other. So if they are high in band (over generating) at +150MW, they could drop low in bad to -150MW and not have to do anything (depending on interconnection frequency). That is a 10-5% drop/ride with no requirement to even add or take off generation.
Finally being interconnected is a benefit here more than a curse, the more people generating the more stable the system, the more paths for current to flow the more tolerant the grid is.
TLDR: The grid can easily handle a 1% change, and being interconnected is part of the reason it is able to do that.
References:
LADWP all time peak news: http://www.latimes.com/local/lanow/la-me-ln-power-outage-heat-wave-20170831-story.html
LADWP Min / Max Load: http://ezweb.ladwp.com/Admin/Uploads/Load%20Forecast/2017/10/2017%20Retails%20Sales%20Forecast_Final.pdf
NERC L10: https://www.nerc.com/comm/OC/RS%20Landing%20Page%20DL/Related%20Files/2017%20Frequency%20Bias%20Settings%20and%20L10%20Values.pdf
I can believe that all the utilities in California may be well interconnected, but Canada is 20 times the land area and there is no real nationwide grid. Some provinces have more interconnects than others, but there are probably as many interconnects to US states as there are domestic ones.
You don't need them and shouldn't even want them. Don't buy them in the first place.
Just find the VHF frequency the local power company uses to manage groups of residential off-peak stored electric heating units (not difficult if you have one), and jam that frequency.
The heating units default to "online" when they lose their signal.
This would only work in the winter though, when "online" would be synonymous with drawing power.
and angry ticks could fly out of my nipples!
My thermostat can be connected to WiFi. I haven't done this. I can program it already, and can manually adjust as needed. The "convenience" of changing it remotely has extremely little value to me, and definitely not worth making accessible to hackers.
Well, it's a good thing that you'd have to be a complete fucking moron to buy any of those things which are "internet of things".
Fuck all of this connected shit, why would I want any of it? It will be shit quality, with shit security, produced by complete morons and assholes more worried about shipping a trendy product than a good product.
There is no "internet of things", only bullshit marketing hype and insecure products. Utter garbage sold to idiots who need to have a constant stream of shiny things.
Why the fuck I'd want to own any of this garbage is beyond me. People who want to control their world with their goddamned phones need lives, and deserve to be hacked.
Cold showers
Every plug-in hybrid and electric car has a time-based delayed-charging feature. This is so they can charge when electric rates are low. Everyone that I know sets their car to start charging at the same time, right when the rates change.
All this has, I don't know, been known for 5-10 years, maybe longer?
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Electric cars plugged in to high-current outlets waiting to charge off-peak, which also have remote controls to run the heater from the mains to pre-heat the car, would be another very high-demand load, though hopefully harder to exploit.
tl;dr: hackers taking over millions of anything is bad.
Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
The cost of electricity in most places people live in the USA will vary between -$0.02 and $7.00 per KWh. Some places even more. The utility really hates it when they have to pay $7/KWh and you should too because the price will be passed on to you eventually. So it would be nice if you shut off your electric water heater or your pool pump or turned up your thermostat when this happens. Most of your meters run a protocol called ZigBee Smart Energy. It's a low power, low bandwidth protocol. It contains commands to ask devices to cut back on power consumption (Demand Response Load Control (DRLC)) and it also has commands to tell devices the price of electricity. DRLC commands should always have a randomization factor so that even if every device received the command at the same time they would all react to it slowly over a period of time. Similarly, if the price jumps, smart devices should randomly adjust their behaviour to reduce their demand sometime before or after the price change.
Disclosure: I'm a contributor to the Smart Energy standard.
Seriously...who uses electric hot water heaters and space heaters. And why the hell would those devices have any form of internet access anyway?
If hackers do use that technique to take down a power grid, they're doing the world a favor because any society that brainlessly stupid doesn't deserve electricity.
When "smart" isn't. I'm happy I still have all "dumb" appliances because at least some schmuck reaching in through the internet and taking control of them is something I don't have to worry about. Paying hundreds or thousands of dollars to be able to adjust my thermostat from bed, instead of getting up, walking downstairs and pressing a button on its face, (or moving a lever) is not a SMART trade-off. I don't need my refrigerator to order groceries for me. I don't want my water-heater talking to my toaster; the two have NOTHING to discuss. The possibility of a conspiracy between my electric razor and the hedge-trimmer is something I don't even want to think about.
Sometimes what seems like a step forwards is just someone figuring a creative way to get you to buy some shit you didn't need with money you didn't have. The only thing I want, in terms of advancement in this area, is to have my own local source of power, from, i.e., solar panels and storage of the same, so it doesn't matter when a bunch of morons let script-kiddies or whatever, crash the entire electrical grid.
I don't trust most of my countrymen to sit the right way on a toilet seat. These days, I'm convinced they could even fuck that up.
Our reign has gone on long enough. Indeed. Summon the meteors.
Many utilities have arrangements with customers to disconnect high-power loads when requested. This even extends to residential customers, where it's usually applied to air conditioners and electric air or water heaters.
They're commanded over the power line, not the public Internet, but it's easy to generate a load spike with them. Just force them off for a few hours to ensure the thermostats are all on, then re-enable them all at once.
There's a simple workaround, fortunately: if the individual load switches have a small amount of randomization (e.g. "wait a number of half-cycles seconds equal to the last four digits of your serial number before turning on"), that would eliminate this attack,
(The serial-number-based randomization only works if the only command possible is a global one, which I suspect applies to existing powerline signals.. If you can give individual commands, the randomization needs to be unpredictable to an attacker.)
While I understand the security related downfalls of IOT, there actually are some potential benefits to having a fleet of water heaters connected to the internet. In the UK, there is a government trial/pilot program in place testing smart water tanks for storing excess grid energy. https://youtu.be/z1Z4JCoPAGc
How an intern hacked the powergrid (SHA2017)
Usenix is an anagram for Unisex. Says it all.
Why on earth would you put your air conditioner or water heater on the internet anyway?
If you can't sort out how turn it off when you're leaving the house, and wait a few minutes for the water to heat up and air to cool down when you get home, then you should be living in a cave.