A Song of Botnets and Power: Blackout is coming

Presented at DeepSec 2017 „Science First!“, Unknown date/time (Unknown duration).

Power grids are a prime example of large-scale decentralized critical infrastructure pre-dating modern telecommunication by decades. The volatility of grids is often underestimated: to stabilize the nominal frequency power production and consumption have to be continuously kept in balance. As consumers are predominantly uncontrolled, operators have to adapt power plants' output to the demanded power using elaborated models including parameters like weather, season, and time of the day. These models are based on the premise of a large number of small consumers averaging out their energy consumption spikes. However, an adversary in control of a sufficiently large number of computers can break this premise by synchronizing their load patterns and create artificial load spikes, pushing the grid out of its operational limits. Before that, grid security was often understood in a classic IT or CPS sense, i.e., attacking components over their digital interfaces. Our adversary does not have to rely on any current or future smart grid features for a successful attack.

Presenters:

  • Adrian Dabrowski / atrox - SBA Research   as Adrian Dabrowski
    Adrian Dabrowski is a researcher at SBA Research and lecturer at TU Wien and FH Campus. Besides playing CTFs, his main topic is security and privacy in large-scale infrastructures such as the radio-side of mobile phone networks and control-systems behind power grids.

Links:

Similar Presentations: