IoT Skimmer: Energy Market Manipulation through High-Wattage IoT Botnets

Presented at Black Hat USA 2020 Virtual, Aug. 5, 2020, 2:30 p.m. (40 minutes).

Despite the many conveniences afforded by Internet of Things (IoT) devices, their rapid and global deployment has increased the attack vector and raised serious security and privacy concerns for enterprise users and customers. Vulnerable IoT devices can be hacked and harnessed into giant botnets that threaten even properly secured networks. In this talk, we will present IoT Skimmer, a hierarchical structure which leverages the potential of high-wattage IoT botnets to slightly manipulate the total demand of the power grid and attack deregulated electricity markets. Our proposed approach is the first energy market manipulation cyberattack and presents two attacker models based on the adversary's motivation and end goal: i) the attacker can cause maximum financial profit/damage to a particular market player (e.g., power plant owner or power utility), and ii) the attacker can cause financial damage to the entire market players.

Attacker one aims to alter the electricity price in the energy market by slightly changing the total power demand of the system and gain monetary profits for particular market players while causing financial loss to the rest. Attacker two, the nation state actor, leverages a nonlinear attack model to cause financial damage to the entire energy market and all its players, which may be weaponized as part of a trade/cold war.

We have defined and analyzed several stealth strategies such that the attacks remain stealthy from both the market operator and end users' perspectives. The performance of the proposed attacks is evaluated with real-world datasets acquired from two of the largest energy markets in the US, New York, and California. The obtained results illustrate the huge economic impact of IoT Skimmer attack on the studied markets. Finally, a set of technical recommendations are proposed to reduce the vulnerability and attack vector, thereby decreasing the potential consequences of the discussed attacks.


Presenters:

  • Tohid Shekari - PhD Candidate, Georgia Institute of Technology
    <span>Tohid Shekari is currently pursuing a PhD degree in ECE and MSc in Cybersecurity with the School of Electrical and Computer Engineering, Georgia Institute of Technology, Atlanta, GA, USA. His current research interests include cyber-physical system security, cybersecurity in power systems, intrusion detection in power substations, power system resilience, and power system operation.</span>
  • Raheem Beyah - Professor, Vice President for Interdisciplinary Research, Georgia Institute of Technology
    Raheem Beyah, a native of Atlanta, GA, serves as Georgia Tech's Vice President for Interdisciplinary Research, Executive Director of the Online Masters of Cybersecurity program (OMS Cybersecurity), and is the Motorola Foundation Professor in School of Electrical and Computer Engineering. He leads the Communications Assurance and Performance Group (CAP) and is affiliated with the Institute for Information Security &amp; Privacy (IISP). Raheem is also Co-Founder and Board Chairman of Fortiphyd Logic, Inc., an industrial security company. He received his Masters and Ph.D. in Electrical and Computer Engineering from Georgia Tech in 1999 and 2003, respectively.&nbsp; His research interests include network security and monitoring, cyber-physical systems security, network traffic characterization and performance, additive manufacturing security, and critical infrastructure security.&nbsp;&nbsp;&nbsp;

Links:

Similar Presentations: