Hacked Water Heaters Could Trigger Mass Blackouts Someday

At the Usenix Security conference this week, a group of Princeton University security researchers will present a study that considers a little-examined question in power grid cybersecurity: What if hackers attacked not the supply side of the power grid, but the demand side? From a report: In a series of simulations, the researchers imagined what might happen if hackers controlled a botnet composed of thousands of silently hacked consumer internet of things devices, particularly power-hungry ones like air conditioners, water heaters, and space heaters. Then they ran a series of software simulations to see how many of those devices an attacker would need to simultaneously hijack to disrupt the stability of the power grid. Their answers point to a disturbing, if not quite yet practical scenario: In a power network large enough to serve an area of 38 million people -- a population roughly equal to Canada or California -- the researchers estimate that just a one percent bump in demand might be enough to take down the majority of the grid. That demand increase could be created by a botnet as small as a few tens of thousands of hacked electric water heaters or a couple hundred thousand air conditioners. "Power grids are stable as long as supply is equal to demand," says Saleh Soltan, a researcher in Princeton's Department of Electrical Engineering, who led the study. "If you have a very large botnet of IoT devices, you can really manipulate the demand, changing it abruptly, any time you want."

Remends me of a story.....

[bobbied]

I worked as a professional stage hand in college. It was an interesting job and a lot of fun. Got to meet a lot of interesting people, even a celebrity or two.

One night, when working in a small town in western North Carolina, we didn't have much to do that night so we decided to play. We took every last light fixture we could, wired them up to the dimmers to "play" with them. The idea was to come up with a crazy rock and roll type light show to amuse ourselves and maybe learn some stuff by playing with the control board. It took hours to wire it all up and it was the wee hours of the morning when we where ready.

Of course, we wanted the maximum effect when we turned all this on, so after a brief discussion, we agreed we'd turn every fixture we had wired on, all at once, or a "bump to full" and enjoy the blaze of glory we had created. The electrics op configured the scene on the old analog board by running all the channels to full and punched up the scene onto the main fader to await the queue that we where all ready to witness the spectacle of every light in the place going to full at the same instant.

I'm sitting in the middle of the house with my co-workers and dramatically the house lights dim slowly. We all wait in anticipation of what we all know is coming. Then it happens, every light in the place begins to flash on in a blinding display as the "bump to full" and just as quickly the whole place goes black. We all thought the electrics op had bumped to black for effect, but eventually we hear him yell "What happened?" Looking around we realize that NOTHING is on except for the battery operated exit lights, nothing. The power was out.

Walking out side you could see most of the town and it was also totally black. It stayed out for about half an hour, then popped back up.

My guess is that we tricked the electric provider into shutting down the town by massively increasing the load in the dead of night and tripping protection systems, designed to avoid power surges and the voltage excursions that come with them. We thought about trying it again, but figured that knowingly doing something like that might be frowned on if we kept doing it. Besides, it was 2AM and time to get to bed, even for us stage hands.

Re:Randomization...

[bobbied]

I had a tankless / on-demand water heater. It sucked.

Mine is wonderful, hot water forever, don't have to keep a tank of water hot so my gas bill went down some. The biggest problem I have with mine is the teenaged kids now have no limits in the shower, the hot water never runs out, so they stay in there forever.

But everybody needs to know you don't get a tank-less to save money and NEVER get an electric model, only gas fired. You only get tank-less for the convenience of endless hot water, and you pay extra for that.

Re:Remind me again...

[HornWumpus]

The grid is stabilized by the load having a positive reactance. When voltage drops, most old fashioned devices draw less power. This is a negative feedback that stabilizes the grid, when power is short, everybodies old fashioned devices naturally draw less power..

Switching power supplies are the opposite. When voltage drops they draw more current to maintain their output voltage.

When switching power supplies are more load than AC motors, the grid will have big problem.