Slashdot Mirror
Hacked Water Heaters Could Trigger Mass Blackouts Someday (wired.com)
At the Usenix Security conference this week, a group of Princeton University security researchers will present a study that considers a little-examined question in power grid cybersecurity: What if hackers attacked not the supply side of the power grid, but the demand side? From a report: In a series of simulations, the researchers imagined what might happen if hackers controlled a botnet composed of thousands of silently hacked consumer internet of things devices, particularly power-hungry ones like air conditioners, water heaters, and space heaters. Then they ran a series of software simulations to see how many of those devices an attacker would need to simultaneously hijack to disrupt the stability of the power grid. Their answers point to a disturbing, if not quite yet practical scenario: In a power network large enough to serve an area of 38 million people -- a population roughly equal to Canada or California -- the researchers estimate that just a one percent bump in demand might be enough to take down the majority of the grid. That demand increase could be created by a botnet as small as a few tens of thousands of hacked electric water heaters or a couple hundred thousand air conditioners. "Power grids are stable as long as supply is equal to demand," says Saleh Soltan, a researcher in Princeton's Department of Electrical Engineering, who led the study. "If you have a very large botnet of IoT devices, you can really manipulate the demand, changing it abruptly, any time you want."
Rolling blackouts can fix it.
Yo, homie...
-40 is the exact same in f and c.
Yes, i'm serious.
When the only tool you have is a claw hammer every problem starts to look like the back of someone's skull.
There is no need for your hot water heater to be online. Nor for your watch. Or your lightbulbs. Or oven, piano, fireplace, thermostat, fire alarm, bed, doorbell, garage door opener, iron, washer, dryer, or any of the IoT things, really. It's all artifical demand, and hopefully like the artificial demand for 3D televisions that self-extinguished in the face of lackluster consumer reception, the IoT will go away once the market doesn't support it.
Your refrigerator needs more insulation, not to run an operating system.
Put my fist through my alarm clock with its ding-dong death inside my ear. - The Blackjacks.
Sorry, but they where able to induce a bad problem when fed into software unpublished software models based on Polands energy grid from 12 years ago. The article infers that power companies cannot tolerate a 1% unpredictability, and that is simply inherently false.
-- I'm the root of all that's evil, but you can call me cookie..
I worked as a professional stage hand in college. It was an interesting job and a lot of fun. Got to meet a lot of interesting people, even a celebrity or two.
One night, when working in a small town in western North Carolina, we didn't have much to do that night so we decided to play. We took every last light fixture we could, wired them up to the dimmers to "play" with them. The idea was to come up with a crazy rock and roll type light show to amuse ourselves and maybe learn some stuff by playing with the control board. It took hours to wire it all up and it was the wee hours of the morning when we where ready.
Of course, we wanted the maximum effect when we turned all this on, so after a brief discussion, we agreed we'd turn every fixture we had wired on, all at once, or a "bump to full" and enjoy the blaze of glory we had created. The electrics op configured the scene on the old analog board by running all the channels to full and punched up the scene onto the main fader to await the queue that we where all ready to witness the spectacle of every light in the place going to full at the same instant.
I'm sitting in the middle of the house with my co-workers and dramatically the house lights dim slowly. We all wait in anticipation of what we all know is coming. Then it happens, every light in the place begins to flash on in a blinding display as the "bump to full" and just as quickly the whole place goes black. We all thought the electrics op had bumped to black for effect, but eventually we hear him yell "What happened?" Looking around we realize that NOTHING is on except for the battery operated exit lights, nothing. The power was out.
Walking out side you could see most of the town and it was also totally black. It stayed out for about half an hour, then popped back up.
My guess is that we tricked the electric provider into shutting down the town by massively increasing the load in the dead of night and tripping protection systems, designed to avoid power surges and the voltage excursions that come with them. We thought about trying it again, but figured that knowingly doing something like that might be frowned on if we kept doing it. Besides, it was 2AM and time to get to bed, even for us stage hands.
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
Step one is to isolate as much of the power grid as possible by decentralizing power generation and storage. Solar and battery for most even home would drastically reduce the potential fallout for any attack.
Step two is to STOP FUCKING HOOKING SHIT UP TO THE INTERNET. Anything connected to the internet should be considered to be both unreliable and a liability.
Anons need not reply. Questions end with a question mark.
A 1% spike would not be likely to cause problems, but (specific to California) 3% would safely cause curtailment calls. Even for that though, you would need to go 3% below nominal first and then turn everything on at once.
The real vulnerability is in being able to game sub ~5-minute demand before the current systems can comfortably accommodate it. As we get more batteries on the grid, that risk dissipates pretty quickly.
If it could be done with 1% load variation, the markets would have figured out how to game it already.
It was probably under-specced for the amount of hot water you were using.
Take a shower in the US. Say you use 2.5gal/min ~= 10L/min ~= 166cc/sec. Specific heat of water is about 4 J/cc*degree C. So you need about 664 J/s per degree C available, or 664 watts.
Say your water temp is 5C in winter. You need to raise this to 40C for a hot shower. That's a delta-T of 35C. 664W * 35C = 23240W. That's about 96 amps at 240 volts -- unless your heater is on a 100A circuit, it's not strong enough for you to shower. This being said, this is relatively easy to build into new housing,
I had a tankless / on-demand water heater. It sucked.
Mine is wonderful, hot water forever, don't have to keep a tank of water hot so my gas bill went down some. The biggest problem I have with mine is the teenaged kids now have no limits in the shower, the hot water never runs out, so they stay in there forever.
But everybody needs to know you don't get a tank-less to save money and NEVER get an electric model, only gas fired. You only get tank-less for the convenience of endless hot water, and you pay extra for that.
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
I'd only recommend gas fired tank-less heaters. Electric ones are unreliable and usually undersized as you point out.
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
We just need to install a fourth unnecessary level, using the WaterChain, to encrypt our water heaters and home furnaces from remote hacking. Then we can put all the credentials files on a laptop and lose it in an airport, exposing all of our national water infrastructure.
Cold showers in January are a good thing, right?
(caveat: passive solar water heaters will still work, as will disconnected PV water heaters running off grid)
-- Tigger warning: This post may contain tiggers! --
The grid is stabilized by the load having a positive reactance. When voltage drops, most old fashioned devices draw less power. This is a negative feedback that stabilizes the grid, when power is short, everybodies old fashioned devices naturally draw less power..
Switching power supplies are the opposite. When voltage drops they draw more current to maintain their output voltage.
When switching power supplies are more load than AC motors, the grid will have big problem.
John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
> Nor for your watch
I personally don't wear a watch so I have no bias either way, but I could see some people wanting this internet connectivity in a watch in case they don't have their phone.
For the rest, yup. Why the fuck would you want half of your (unsecured) house connected to the internet where any Tom, Dick, or Harry can hack it???
IoT is just a disaster waiting to happen. Can we rename that stupid Internet of Things to be what it really is?
IoT = In-waiting of Tragedy
I guess the masses need to have their home hacked before they learn. :-/
The biggest problem I have with mine is the teenaged kids now have no limits in the shower
There are multiple electronic and mechanical timer-based devices that can be installed for enforcing limits
on shower time... isn't technology great?
Canada
The grid is that pattern on waffles that holds extra maple syrup.
Have gnu, will travel.
True. Conveniences are not needs. It doesn't mean that it's not nice to have.
A smart home has been a dream since before the Jetsons.
I have done a lot towards rewiring my house to connect it online. It's nice to be able to turn on one of my fan lights instead of all 3 in the morning. It's nice to be able to get notified when someone approaches my house or to see a video of the person at my door.
It's nice when I go on vacation to be able to create a code to let some inside my house on the fly because the person who said they were going to feed my dogs got sick.
Electric cars plugged in to high-current outlets waiting to charge off-peak, which also have remote controls to run the heater from the mains to pre-heat the car, would be another very high-demand load, though hopefully harder to exploit.
I'd only recommend gas fired tank-less heaters. Electric ones are unreliable and usually undersized as you point out.
I've had some great electric heaters (in the UK, they get made for UK conditions), the downside are the electricity bills. Electric heaters that are reliable and spec'd for purpose are power hogs.
I'm still of the opinion that electric is not the way to go in tank-less water heaters. Yes, they exist and many people use them and yes they are "power hogs" but no more so than an electric tank heater. My objection to them is that they are likely to be undersized because they can draw nearly 100 Amps and most modern residential service panels are about 250 Amps total. The temptation is to go smaller and not have to install a larger service panel (which involves considerable expense and inconvenience) and may not be easily available. But my main objection to electric tank-less water heaters is reliability. They are very sensitive to any air pockets that happen to sneak though them and subject to self destruction of the heater elements when this happens. I know of a number of times where this has happened among my friends.
Your mileage may vary and your specific unit may be more reliable. But based on my experience, I only recommend gas fired tank-less heaters unless you are doing a "point of use" install, which are very small units.
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101