Despite the many conveniences afforded by Internet of Things (IoT) devices, their rapid and global deployment has increased the attack vector and raised serious security and privacy concerns for enterprise users and customers. Vulnerable IoT devices can be hacked and harnessed into giant botnets that threaten even properly secured networks. In this talk, we will present IoT Skimmer, a hierarchical structure which leverages the potential of high-wattage IoT botnets to slightly manipulate the total demand of the power grid and attack deregulated electricity markets. Our proposed approach is the first energy market manipulation cyberattack and presents two attacker models based on the adversary's motivation and end goal: i) the attacker can cause maximum financial profit/damage to a particular market player (e.g., power plant owner or power utility), and ii) the attacker can cause financial damage to the entire market players.
Attacker one aims to alter the electricity price in the energy market by slightly changing the total power demand of the system and gain monetary profits for particular market players while causing financial loss to the rest. Attacker two, the nation state actor, leverages a nonlinear attack model to cause financial damage to the entire energy market and all its players, which may be weaponized as part of a trade/cold war.
We have defined and analyzed several stealth strategies such that the attacks remain stealthy from both the market operator and end users' perspectives. The performance of the proposed attacks is evaluated with real-world datasets acquired from two of the largest energy markets in the US, New York, and California. The obtained results illustrate the huge economic impact of IoT Skimmer attack on the studied markets. Finally, a set of technical recommendations are proposed to reduce the vulnerability and attack vector, thereby decreasing the potential consequences of the discussed attacks.