The dependence of the electrical grid on networked control systems is steadily rising. While utilities are defending their side of the grid effectively through rigorous IT security measures such as physically separated control networks, the increasing number of networked devices on the consumer side such as smart meters or large IoT-connected appliances such as air conditioners are much harder to secure due to their heterogeneity. We consider a crisis scenario in which an attacker compromises a large number of consumer-side devices and modulates their electrical to destabilize the grid and cause an electrical outage.
In this paper propose a broadcast channel based on the modulation of grid frequency through which utility operators can issue commands to devices at the consumer premises both during an attack for mitigation and in its wake to aid recovery. Our proposed grid frequency modulation (GFM) channel is independent of other telecommunication networks. It is resilient towards localized black-outs and it is operational immediately as soon as power is restored. Based on our GFM broadcast channel we propose a “safety reset” system to mitigate an ongoing attack by disabling a device’s network interfaces and restting its control functions. It can also be used in the wake of an attack to aid recovery by shutting down non-essential loads to reduce strain on the grid. To validate our proposed design, we conducted simulations based on measured grid frequency behavior. Based on these simulations, we performed an experimental validation on simulated grid voltage waveforms using a smart meter equipped with a prototype safety reset system based on an inexpensive commodity microcontroller.