Risks at the device and grid levels
The researchers describe how attacks on smart inverters can take multiple forms, from threats to individual devices to the entire grid. Attacks on devices can disrupt communications between the device and the utility regulating energy flow or with other devices, but attacks on hardware are also possible.
They identify reconnaissance, replay, DDoS and Man-in-the-Middle as possible attack strategies on communications links between the inverters and devices. Tactics such as physical firmware attacks and hall spoofing, which involves the manipulation of electromagnetic fields around a device, target hardware.
At the microgrid level, the researchers note the possibility of cyberattacks on centralized control architectures and distributed control systems. Many of these attacks are designed to inject false data into the communications stream between the device and the regulator or block commands from the control to the devices.
These can lead to oscillations of power, voltage and frequency, and severely impede the microgrid’s ability to distribute energy.
Part of a global network
The research was carried out as part of the Mitacs-Ericsson GAIA multi-institutional
research initiative that links a network of researchers in Canada, the United States, India and Europe. As one of 25 Concordia graduate students participating in the initiative, Li has been researching further into ethical hacking techniques to identify vulnerabilities in critical infrastructure.
“We use AI technologies in penetration testing of cyber-physical smart grids,” he says. “The goal is to use deep reinforcement learning to find efficient and automatic ways to penetrate smart grids and create a negative physical impact.”
As a leading member of the recently created, federally funded National Cybersecurity Consortium, Yan points out that Concordia is uniquely qualified to lead the fight against this emerging threat.
“This paper will provide us with a good starting point for our many research projects. For the broader research community, this lays out the solutions that exist and where are the gaps that still require one,” he says.
“It can also help the industry review their practices and improve their baseline security.”
Read the cited paper: “Cybersecurity of Smart Inverters in the Smart Grid: A Survey.”