Abstract:The growing adoption of Internet-of-Things (IoT)-enabled energy smart appliances (ESAs) at the consumer end, such as smart heat pumps, electric vehicle chargers, etc., is seen as key to enabling demand-side response (DSR) services. However, these smart appliances are often poorly engineered from a security point of view and present a new threat to power grid operations. They may become convenient entry points for malicious parties to gain access to the system and disrupt important grid operations by abruptly changing the demand. Unlike utility-side and SCADA assets, ESAs are not monitored continuously due to their large numbers and the lack of extensive monitoring infrastructure at consumer sites. This article presents an in-depth analysis of the demand side threats to power grid operations including (i) an overview of the vulnerabilities in ESAs and the wider risk from the DSR ecosystem and (ii) key factors influencing the attack impact on power grid operations. Finally, it presents measures to improve the cyber-physical resilience of power grids, putting them in the context of ongoing efforts from the industry and regulatory bodies worldwide.

What problem does this paper attempt to address?

The problem that this paper attempts to solve is the impact of security threats in demand - side response (DSR) services of Internet of Things (IoT) - enabled energy - smart devices (ESAs, such as smart heat pumps, electric vehicle chargers, etc.) on the operation of power systems. With the wide adoption of these smart devices on the consumer side, they may become new entry points for malicious attackers, disrupting the power supply - and - demand balance of the power system by suddenly changing the load settings of a large number of devices, which may lead to serious power system failures. Specifically: 1. **Security issues in demand - side response**: Although smart devices can achieve demand - side response through remote control and help the power grid better manage the power load, these devices usually lack sufficient security design and are easily exploited by hackers. 2. **Risks of large - scale demand changes**: If a large number of smart devices are controlled simultaneously, it may lead to a sudden increase or decrease in power demand, thus disrupting the stable operation of the power system. For example, malicious attackers can coordinate and control a large number of smart devices to change the demand for several megawatts or even more power in a short time, which will have a serious impact on the frequency and voltage stability of the power system. 3. **Insufficient supervision and protection measures**: Unlike the SCADA systems within power companies, smart devices on the consumer side are more vulnerable to attacks due to their large numbers and lack of continuous monitoring infrastructure. In addition, the current security standards and supervision measures for such devices are not yet perfect and need to be strengthened urgently. To address these problems, this paper conducts in - depth analysis and proposes measures to improve the network security and physical resilience of the power system. These include but are not limited to: - Evaluating the security vulnerabilities existing in smart devices and their potential impact on the power system; - Analyzing different types of attack vectors and how they affect the operation of the power system; - Proposing specific methods and technical means to detect and mitigate such attacks; - Exploring action suggestions that policymakers and power operators should take to enhance the overall security of the power system. In conclusion, this research aims to reveal and solve the new security challenges brought by the demand - side response services introduced by Internet of Things technology and ensure the stable and reliable operation of the power system.

Demand-Side Threats to Power Grid Operations from IoT-Enabled Edge

CCPA: Coordinated Cyber-Physical Attacks and Countermeasures in Smart Grid.

Cybersecurity Analysis of Data-Driven Power System Stability Assessment

Towards Secured Smart Grid 2.0: Exploring Security Threats, Protection Models, and Challenges

Analysis of IoT-Based Load Altering Attacks Against Power Grids Using the Theory of Second-Order Dynamical Systems

Cybersecurity Deployment in Smart Grids: Critical Review, Applications, Protection, and Challenges

Cyber security of a power grid: State-of-the-art

Benefits and Cyber-Vulnerability of Demand Response System in Real-Time Grid Operations

Survey of Load-Altering Attacks Against Power Grids: Attack Impact, Detection and Mitigation

Threat Landscape for Smart Grid Systems

Smart Grid Cyber-Physical Situational Awareness of Complex Operational Technology Attacks: A Review

A Double-Benefit Moving Target Defense Against Cyber–Physical Attacks in Smart Grid

Threat analysis and adversarial model for Smart Grids

Constrained-Differential-Evolution-Based Stealthy Sparse Cyber-Attack and Countermeasure in an AC Smart Grid

Cyber-security on smart grid: Threats and potential solutions

A Survey on Cyber-Physical Security of Active Distribution Networks in Smart Grids

Distributed Energy Resources Cybersecurity Outlook: Vulnerabilities, Attacks, Impacts, and Mitigations

A Comprehensive Review on Cyber-Attacks in Power Systems: Impact Analysis, Detection, and Cyber Security

Avoiding the internet of insecure industrial things

Cyber-attack TTP analysis for EPES systems

Home Energy Management Systems: Operation and Resilience of Heuristics against Cyberattacks